WO2018033016A1 - Method and system for authorizing conversion of terminal state - Google Patents

Method and system for authorizing conversion of terminal state Download PDF

Info

Publication number
WO2018033016A1
WO2018033016A1 PCT/CN2017/096834 CN2017096834W WO2018033016A1 WO 2018033016 A1 WO2018033016 A1 WO 2018033016A1 CN 2017096834 W CN2017096834 W CN 2017096834W WO 2018033016 A1 WO2018033016 A1 WO 2018033016A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
state
authentication
server
data
Prior art date
Application number
PCT/CN2017/096834
Other languages
French (fr)
Chinese (zh)
Inventor
陈菲菲
孟陆强
Original Assignee
福建联迪商用设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 福建联迪商用设备有限公司 filed Critical 福建联迪商用设备有限公司
Publication of WO2018033016A1 publication Critical patent/WO2018033016A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method and system for authorizing the transition of a terminal state.
  • the terminal needs to introduce a digital signature scheme, which is preset in the terminal.
  • the root public key certificate can be downloaded to the terminal only by the program signed with the private key corresponding to the work public key certificate of the root public key certificate.
  • the program downloaded to the terminal must be signed, which is greatly inconvenient for application developer debugging.
  • the terminal has a debugging state, and the application can be downloaded to the terminal without signing.
  • the inventor provides a method for authorizing the conversion of the state of the terminal, and the technical solution is as follows:
  • a method for authorizing a transition of a terminal state wherein the server obtains an authentication account, and the server determines whether the authentication account has a conversion authority; if yes, the server obtains terminal information and data to be authenticated from the terminal; The authentication data is encrypted by using the authentication private key to generate authentication data, and the server sends the authentication data to the terminal; the terminal authenticates the authentication data, and if the authentication passes, the terminal status is converted.
  • the terminal state includes a usage state and a debug state, and the terminal does not save the application and the key in the usage state and the debug state; the terminal switches from the usage state to the debug state, and the terminal clears the key of the terminal in the usage state.
  • the terminal switches from the debug state to the use state, and the terminal clears the application and the key of the terminal in the debug state.
  • the terminal pops up the prompt that the terminal is in the debug state.
  • the prompt includes: displaying, by the terminal, a watermark or popping up an alert box every preset time interval.
  • the terminal information is a terminal serial number
  • the to-be-certified data is a combination of a terminal motherboard serial number and a random number.
  • the beneficial effects of the present invention are: when the program developer wants to debug the terminal or some applications, the program developer can log in with the authorized account, and directly realize the conversion between the use state and the debug state of the terminal. Simple and convenient, it greatly helps the application developer to debug, and the account needs to be converted before the server is authenticated. It is ensured that the operation of the terminal state transition is a legal action approved by the server, and after the program developer has finished debugging, the terminal can be returned to the use state in time, and the security of the terminal is also ensured.
  • the inventor also provides a system for authorizing the conversion of the state of the terminal, and the technical solution is as follows:
  • a system for authorizing a terminal status conversion characterized in that an account authentication module is used for a server to obtain an authentication account, and the server determines whether the authentication account has a conversion authority, and if so, the server obtains terminal information and waits from the terminal.
  • the authentication data is used by the server to encrypt the data to be authenticated by using the authentication private key to generate authentication data, the server sends the authentication data to the terminal, and the state conversion module is configured to perform the authentication data on the terminal. Authentication, if the authentication is passed, the terminal status is converted.
  • the state transition module is further configured to: the terminal state includes a usage state and a debug state, the terminal does not save the application and the key in the usage state and the debug state; and the terminal switches from the usage state to the debugging The terminal clears the key of the terminal in the use state; the terminal switches from the debug state to the use state, and the terminal clears the application and the key of the terminal in the debug state.
  • the terminal pops up the prompt that the terminal is in the debug state.
  • the prompt includes: displaying, by the terminal, a watermark or popping up an alert box every preset time interval.
  • the terminal information is a terminal serial number
  • the to-be-certified data is a combination of a terminal motherboard serial number and a random number.
  • the beneficial effects of the present invention are: when the program developer wants to debug the terminal or some applications, the program developer can log in with the authorized account, and directly realize the conversion between the use state and the debug state of the terminal. Simple and convenient, it greatly helps the application developer to debug, and the account needs to be converted before the server is authenticated. It is ensured that the operation of the terminal state transition is a legal action approved by the server, and after the program developer has finished debugging, the terminal can be returned to the use state in time, and the security of the terminal is also ensured.
  • FIG. 1 is a flowchart of a method for authorizing conversion of a terminal state according to the present invention
  • FIG. 2 is a block diagram of a system for authorizing a state transition of a terminal according to the present invention.
  • a state transition tool is used to change the state of the terminal.
  • the state transition tool includes: a server interaction module and a terminal interaction module, where the terminal interaction module is used on the terminal, and is mainly used to obtain information from the terminal. And sending information to the terminal, wherein the server interaction module is on the server, and is mainly used to obtain information from the server and send information to the server.
  • Step S101 Log in using the account password; first, the terminal device and the server are to be networked. Secondly, in this embodiment, a specific APP is installed on the terminal device. In the APP login interface, the application developer needs to input the account password to log in to the system; Password login system, the server will make permission judgment on the account password to ensure the legality of the account.
  • the specific URL can also be directly input through the browser, and the application developer is required to input the account password to log in to the system;
  • the server stores all valid account passwords, as well as the permissions corresponding to those accounts.
  • step S102 the server determines whether the account has the authority to switch the terminal state.
  • the specific steps are as follows: the application developer inputs the account password, and the server obtains the account password input by the application developer, and determines whether the account password is stored in the server. If it is stored in the server, the application developer successfully logs in to the system, and the server further obtains the authority of the account to determine whether the account has permission to switch the terminal status. The authority to authenticate the account and password through the server ensures the legality of subsequent state transitions.
  • the server obtains the terminal information and the data to be authenticated from the terminal; if the server determines that the account has the right to switch the terminal status, the terminal interaction module acquires the terminal information and the to-be-authenticated from the terminal.
  • Data the terminal information refers to a terminal serial number
  • the data to be authenticated is a serial number of the motherboard and a random number, wherein the serial number of the motherboard of each terminal is unique.
  • the random number is a random number of 16 bytes. In other embodiments, the random number can be other The number of letters or characters can be used.
  • the server interaction module sends the data to the server. The uniqueness of the data to be authenticated is ensured by using a combination of the motherboard serial number and the random number having the uniquely identified terminal.
  • step S104 the server authenticates the terminal information and generates authentication data.
  • the server determines the legality of the terminal information, and after determining that it is legal, the server uses the authentication private key to authenticate.
  • the data is encrypted, the authentication data is generated, and the authentication data is sent to the server interaction module.
  • the server judges the terminal information, it not only judges its legitimacy, but also according to The terminal information encrypts the authentication data using a private key corresponding to the terminal.
  • the public key used by each terminal is the same for convenience and versatility, so the server only needs to judge the legitimacy of the terminal information, and the server uses the universal private key. Encrypt the authentication data.
  • step S105 the server sends the generated authentication data to the terminal, and the terminal interaction module sends the authentication data to the terminal.
  • Step S106 The terminal authenticates the authentication data.
  • the authentication on the side refers to the terminal obtaining the plaintext by decrypting the received authentication data, and comparing the plaintext with the data to be authenticated by the terminal. If the same, the server passes the same.
  • the authentication of the terminal is approved by the terminal, and the account recognized by the server can be converted to the state of the terminal.
  • the specific authentication step is as follows: the terminal decrypts the authentication data by using the public key, because the server uses the private key corresponding to the terminal to encrypt the authentication data, so the terminal can decrypt successfully, and after decryption succeeds, determine whether the decrypted data is successful. It is the data to be authenticated of the terminal. If yes, the authentication is passed.
  • step S107 the terminal can be switched to the state; the terminal interaction module sends the state to be converted to the terminal, and the terminal switches to the corresponding state. Send through the terminal interaction module
  • the state of the change is given to the terminal, the whole process is transparent to the application developer, and the conversion process is automatically completed, which greatly improves the state transition speed and facilitates the application developer.
  • the application and the key on the device are all cleared; similarly, the terminal is dense from the use state to the debug state. The keys will also be cleared completely.
  • the terminal transitions from the usage state to the debug state, security is ensured in order to prevent the user from entering a personal PIN on it.
  • the interface of the debug state is obviously different from the state of use.
  • a warning box or a watermark pops up every few seconds to prompt the user that the terminal is in the debug state, so that the user does not input the personal PIN on the terminal.
  • a scheme for authorizing a system for converting a terminal state is as follows:
  • the system includes 20: a server 201 and a terminal 202, the server 201 includes an account authentication module 2010 and an information encryption module 2011, and the terminal 202 includes a state conversion module 2020, wherein
  • the application developer uses the account password to log in to the system, and logs in to the system through the account password.
  • the server will determine the account password and ensure the account. legality.
  • the specific URL can also be directly input through the browser, and the application developer is required to input the account password to log in to the system;
  • the server stores all legal account passwords, and also includes the rights corresponding to the accounts.
  • the application developer inputs the account password, and the server obtains the account password input by the application developer, and determines whether the account password is stored in the server.
  • the application developer successfully logs in to the system, and the server further obtains the authority of the account to determine whether the account has permission to switch the terminal status.
  • the subsequent authentication is ensured by the server's authority authentication of the account password.
  • the legality of the conversion If yes, the terminal interaction module obtains the terminal information and the data to be authenticated from the terminal, where the terminal information refers to the terminal serial number, and the data to be authenticated is the serial number of the motherboard and the random number, wherein the serial number of the motherboard of each terminal is unique.
  • the random number is a 16-byte random number. In other embodiments, the random number may be a letter or a character of other digits.
  • the server interaction module sends the data to the server.
  • the uniqueness of the data to be authenticated is ensured by using a combination of the motherboard serial number and the random number having the uniquely identified terminal.
  • the server authenticates the terminal information and generates authentication data. After the server obtains the terminal information, it determines the legality of the terminal information, and determines that it is legal. The server then uses the authentication private key to encrypt the authentication data. The data is authenticated and the authentication data is sent to the server interaction module. By using the private key to encrypt the authentication data, it is ensured that the generated authentication data is not intercepted by other illegal persons in the process of data transmission, and it is impersonated as a legitimate server to deceive the terminal and cause security problems.
  • the server judges the terminal information, it not only judges its legitimacy, but also according to The terminal information encrypts the authentication data using a private key corresponding to the terminal.
  • the public key used by each terminal is the same for convenience and versatility, so the server only needs to judge the legitimacy of the terminal information, and the server uses the universal private key. Encrypt the authentication data.
  • the server sends the generated authentication data to the terminal; the terminal interaction module sends the authentication data to the terminal.
  • the terminal it is used by the terminal to authenticate the authentication data.
  • the authentication on the side refers to the terminal decrypting the received authentication data to obtain the plaintext. If the plaintext is the same as the data to be authenticated, the server passes the terminal.
  • the authentication of the terminal is approved by the terminal, and the account recognized by the server can be converted to the state of the terminal.
  • the specific certification is as follows: the terminal uses public key pair authentication The data is decrypted, because the server uses the private key corresponding to the terminal to encrypt the authentication data, so the terminal can decrypt successfully. After the decryption succeeds, it is determined whether the decrypted data is the data to be authenticated of the terminal, and if so, Then the certification is passed.
  • the terminal can be switched to the terminal; the terminal interaction module sends the state to be converted to the terminal, and the terminal switches to the corresponding state.
  • the whole process is transparent to the application developer, and the conversion process is automatically completed, which greatly improves the state conversion speed and facilitates the application developer.
  • the application and the key on the device are all cleared; similarly, the terminal is dense from the use state to the debug state. The keys will also be cleared completely.
  • the terminal transitions from the usage state to the debug state, security is ensured in order to prevent the user from entering a personal PIN on it.
  • the interface of the debug state is obviously different from the state of use.
  • a warning box or a watermark pops up every few seconds to prompt the user that the terminal is in the debug state, so that the user does not input the personal PIN on the terminal.
  • the computer device includes but is not limited to: a personal computer, a server, a general purpose computer, a special purpose computer, a network device, an embedded device, a programmable device, a smart mobile terminal, a smart home device, a wearable smart device, a vehicle smart device, and the like;
  • the storage medium includes, but is not limited to, a RAM, a ROM, a magnetic disk, a magnetic tape, an optical disk, a flash memory, a USB flash drive, a mobile hard disk, a memory card, a memory stick, a network server storage, a network cloud storage, and the like.
  • the computer program instructions can also be stored in a computer device readable memory that can direct the computer device to operate in a particular manner, such that instructions stored in the computer device readable memory produce an article of manufacture comprising the instruction device, the instruction device being implemented in the process Figure One or more processes and/or block diagrams of the functions specified in a block or blocks.
  • These computer program instructions can also be loaded onto a computer device such that a series of operational steps are performed on the computer device to produce computer-implemented processing, such that instructions executed on the computer device are provided for implementing one or more processes in the flowchart And/or block diagram of the steps of a function specified in a box or blocks.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to the technical field of communications. Provided are a method and system for authorizing conversion of a terminal state. The method for authorizing conversion of a terminal state mainly comprises: a server obtains an authentication account, and determines whether the authentication account has a conversion authority; if yes, the server obtains terminal information and to-be-authenticated data from a terminal; the server encrypts, by using an authentication private key, the to-be-authenticated data so as to generate authentication data, and sends the authentication data to the terminal; and the terminal authenticates the authentication data, and converts a terminal state if the authentication is successful. An application developer can log in by using an authorized account and directly converts a terminal between a using state and a debugging state; the method and the system are simple and convenient, and greatly help the application developer in debugging.

Description

一种授权对终端状态进行转换的方法和系统Method and system for authorizing conversion of terminal status 技术领域Technical field
本发明涉及通信技术领域,特别涉及一种授权对终端状态进行转换的方法和系统。The present invention relates to the field of communications technologies, and in particular, to a method and system for authorizing the transition of a terminal state.
背景技术Background technique
随着现在金融行业的互联网化,金融支付领域对支付安全性的要求越来越高,在现有技术中,为保证终端设备上的程序合法性,终端需要引入数字签名方案,在终端预置根公钥证书,只有使用根公钥证书下属的工作公钥证书对应的私钥签名的程序才能下载到终端。With the Internetization of the financial industry, the requirements for payment security in the financial payment field are getting higher and higher. In the prior art, in order to ensure the legitimacy of the program on the terminal device, the terminal needs to introduce a digital signature scheme, which is preset in the terminal. The root public key certificate can be downloaded to the terminal only by the program signed with the private key corresponding to the work public key certificate of the root public key certificate.
终端在正常使用状态下,下载到终端的程序都要进行签名,对应用程序开发人员调试造成极大不便。为了方便应用开发人员调试,终端有一个调试状态,应用程序不需要签名就可以下载到终端。When the terminal is in normal use, the program downloaded to the terminal must be signed, which is greatly inconvenient for application developer debugging. In order to facilitate application developer debugging, the terminal has a debugging state, and the application can be downloaded to the terminal without signing.
发明内容Summary of the invention
为此,需要提供一种授权对终端状态进行转换的方法,用于解决终端调试态与使用态的切换,可通过授权的账号对终端状态进行修改。To this end, it is necessary to provide a method for authorizing the transition of the terminal state, which is used to solve the switchover between the debug state and the use state of the terminal, and the terminal state can be modified by the authorized account.
为实现上述目的,发明人提供了一种授权对终端状态进行转换的方法,技术方案具体如下:In order to achieve the above object, the inventor provides a method for authorizing the conversion of the state of the terminal, and the technical solution is as follows:
一种授权对终端状态进行转换的方法,其特征在于,服务端获取认证账号,服务端判断所述认证账号是否有转换权限;若有,服务端从终端获取终端信息和待认证数据;服务端使用认证私钥对所述待认证数据进行加密生成认证数据,服务端发送所述认证数据给终端;终端对所述认证数据进行认证,若认证通过,对终端状态进行转换。 A method for authorizing a transition of a terminal state, wherein the server obtains an authentication account, and the server determines whether the authentication account has a conversion authority; if yes, the server obtains terminal information and data to be authenticated from the terminal; The authentication data is encrypted by using the authentication private key to generate authentication data, and the server sends the authentication data to the terminal; the terminal authenticates the authentication data, and if the authentication passes, the terminal status is converted.
进一步的,所述终端状态包括使用态和调试态,终端不保存使用态和调试态下的应用程序和密钥;终端从使用态切换到调试态,终端清除所述使用态下终端的密钥;终端从调试态切换到使用态,终端清除所述调试态下终端的应用程序和密钥。Further, the terminal state includes a usage state and a debug state, and the terminal does not save the application and the key in the usage state and the debug state; the terminal switches from the usage state to the debug state, and the terminal clears the key of the terminal in the usage state. The terminal switches from the debug state to the use state, and the terminal clears the application and the key of the terminal in the debug state.
进一步的,终端判断在调试态时,终端弹出终端处于调试态的提示。Further, when the terminal determines that the terminal is in the debug state, the terminal pops up the prompt that the terminal is in the debug state.
进一步的,所述提示包括:终端显示水印或者每间隔预设的时间弹出警告框。Further, the prompt includes: displaying, by the terminal, a watermark or popping up an alert box every preset time interval.
进一步的,所述终端信息是终端序列号,所述待认证数据是终端主板序列号与随机数的组合。Further, the terminal information is a terminal serial number, and the to-be-certified data is a combination of a terminal motherboard serial number and a random number.
本发明的有益效果是:当程序开发人员想要对终端或者是对某些应用程序进行调试时,程序开发人员可以使用有权限的账号登录,直接实现终端在使用态与调试态间互相转换,简单方便,极大地帮助了应用程序开发人员的调试,并且账号是先需要获得服务端认证通过后,才进行转换状态。确保对终端状态转换的操作是经过服务端认可的合法行为,并且程序开发人员调试完后,也可及时把终端调回到使用态,也确保了终端的安全。The beneficial effects of the present invention are: when the program developer wants to debug the terminal or some applications, the program developer can log in with the authorized account, and directly realize the conversion between the use state and the debug state of the terminal. Simple and convenient, it greatly helps the application developer to debug, and the account needs to be converted before the server is authenticated. It is ensured that the operation of the terminal state transition is a legal action approved by the server, and after the program developer has finished debugging, the terminal can be returned to the use state in time, and the security of the terminal is also ensured.
为实现上述目的,本发明人还提供了一种授权对终端状态进行转换系统,技术方案具体如下:In order to achieve the above object, the inventor also provides a system for authorizing the conversion of the state of the terminal, and the technical solution is as follows:
一种授权对终端状态进行转换系统,其特征在于,账号认证模块,用于服务端获取认证账号,服务端判断所述认证账号是否有转换权限,若有,服务端从终端获取终端信息和待认证数据;信息加密模块,用于服务端使用认证私钥对所述待认证数据进行加密生成认证数据,服务端发送所述认证数据给终端;状态转换模块,用于终端对所述认证数据进行认证,若认证通过,对终端状态进行转换。A system for authorizing a terminal status conversion, characterized in that an account authentication module is used for a server to obtain an authentication account, and the server determines whether the authentication account has a conversion authority, and if so, the server obtains terminal information and waits from the terminal. The authentication data is used by the server to encrypt the data to be authenticated by using the authentication private key to generate authentication data, the server sends the authentication data to the terminal, and the state conversion module is configured to perform the authentication data on the terminal. Authentication, if the authentication is passed, the terminal status is converted.
进一步的,状态转换模块,还用于:所述终端状态包括使用态和调试态,终端不保存使用态和调试态下的应用程序和密钥;终端从使用态切换到调试 态,终端清除所述使用态下终端的密钥;终端从调试态切换到使用态,终端清除所述调试态下终端的应用程序和密钥。Further, the state transition module is further configured to: the terminal state includes a usage state and a debug state, the terminal does not save the application and the key in the usage state and the debug state; and the terminal switches from the usage state to the debugging The terminal clears the key of the terminal in the use state; the terminal switches from the debug state to the use state, and the terminal clears the application and the key of the terminal in the debug state.
进一步的,终端判断在调试态时,终端弹出终端处于调试态的提示。Further, when the terminal determines that the terminal is in the debug state, the terminal pops up the prompt that the terminal is in the debug state.
进一步的,所述提示包括:终端显示水印或者每间隔预设的时间弹出警告框。Further, the prompt includes: displaying, by the terminal, a watermark or popping up an alert box every preset time interval.
进一步的,所述终端信息是终端序列号,所述待认证数据是终端主板序列号与随机数的组合。Further, the terminal information is a terminal serial number, and the to-be-certified data is a combination of a terminal motherboard serial number and a random number.
本发明的有益效果是:当程序开发人员想要对终端或者是对某些应用程序进行调试时,程序开发人员可以使用有权限的账号登录,直接实现终端在使用态与调试态间互相转换,简单方便,极大地帮助了应用程序开发人员的调试,并且账号是先需要获得服务端认证通过后,才进行转换状态。确保对终端状态转换的操作是经过服务端认可的合法行为,并且程序开发人员调试完后,也可及时把终端调回到使用态,也确保了终端的安全。The beneficial effects of the present invention are: when the program developer wants to debug the terminal or some applications, the program developer can log in with the authorized account, and directly realize the conversion between the use state and the debug state of the terminal. Simple and convenient, it greatly helps the application developer to debug, and the account needs to be converted before the server is authenticated. It is ensured that the operation of the terminal state transition is a legal action approved by the server, and after the program developer has finished debugging, the terminal can be returned to the use state in time, and the security of the terminal is also ensured.
附图说明DRAWINGS
图1为本发明一种授权对终端状态进行转换的方法的流程图;1 is a flowchart of a method for authorizing conversion of a terminal state according to the present invention;
图2为本发明一种授权对终端状态进行转换系统的模块图。2 is a block diagram of a system for authorizing a state transition of a terminal according to the present invention.
附图标记说明:Description of the reference signs:
20、系统,20, system,
201、服务端,201, server,
202、终端,202, terminal,
2010、账号认证模块,2010, account authentication module,
2011、信息加密模块,2011, information encryption module,
2020、状态转换模块。 2020, state conversion module.
具体实施方式detailed description
为详细说明技术方案的技术内容、构造特征、所实现目的及效果,以下结合具体实施例并配合附图详予说明。The detailed description of the technical content, structural features, and the objects and effects of the technical solutions will be described in detail below with reference to the specific embodiments and the accompanying drawings.
请参阅图1,本实施例中使用状态转换工具来改变终端的状态,其中状态转换工具包括:服务端交互模块和终端交互模块,其中终端交互模块在终端上,主要是用来从终端获取信息和发送信息给终端,其中服务端交互模块在服务端上,主要是用来从服务端获取信息和发送信息给服务端。Referring to FIG. 1 , in this embodiment, a state transition tool is used to change the state of the terminal. The state transition tool includes: a server interaction module and a terminal interaction module, where the terminal interaction module is used on the terminal, and is mainly used to obtain information from the terminal. And sending information to the terminal, wherein the server interaction module is on the server, and is mainly used to obtain information from the server and send information to the server.
具体步骤如下:Specific steps are as follows:
步骤S101:使用账号密码登录;首先终端设备与服务端要联网,其次本实施例中是在终端设备上安装有特定的APP,在APP登录界面,需要应用开发人员输入账号密码登录系统;通过账号密码登录系统,服务端会对账号密码做权限判断,确保了账户的合法性。Step S101: Log in using the account password; first, the terminal device and the server are to be networked. Secondly, in this embodiment, a specific APP is installed on the terminal device. In the APP login interface, the application developer needs to input the account password to log in to the system; Password login system, the server will make permission judgment on the account password to ensure the legality of the account.
在其他实施例中,也可以通过浏览器直接输入特定的网址,同样也是需要应用开发人员输入账号密码登录系统;In other embodiments, the specific URL can also be directly input through the browser, and the application developer is required to input the account password to log in to the system;
其中服务端存储有所有合法的账号密码,也包括这些账号所对应的权限。The server stores all valid account passwords, as well as the permissions corresponding to those accounts.
因此在步骤S102:服务端判断该账号是否有权限转换终端状态,具体步骤如下:应用开发人员输入账号密码,服务端获取应用开发人员输入的账号密码,判断该账号密码是否存储在服务端中,如果存储在服务端中,应用开发人员成功登陆系统,同时服务端也会进一步去获取该账号的权限,判断该账号是否有权限转换终端状态。通过服务端对账号密码的权限认证,确保了后续状态转换的合法性。Therefore, in step S102, the server determines whether the account has the authority to switch the terminal state. The specific steps are as follows: the application developer inputs the account password, and the server obtains the account password input by the application developer, and determines whether the account password is stored in the server. If it is stored in the server, the application developer successfully logs in to the system, and the server further obtains the authority of the account to determine whether the account has permission to switch the terminal status. The authority to authenticate the account and password through the server ensures the legality of subsequent state transitions.
如果有权限转换终端状态,则进入步骤S103:服务端从终端获取终端信息和待认证数据;如果服务端判断该账号拥有转换终端状态的权限,则终端交互模块会从终端获取终端信息和待认证数据,所述终端信息是指终端序列号,待认证数据是主板序列号和随机数,其中每个终端的主板序列号是唯一的,在本实施例中随机数为16字节随机数,在其他实施例中,随机数可以为其他 位数的字母或者字符都可以。服务端交互模块把这些数据发送给服务端。通过使用具有唯一标识终端的主板序列号与随机数的组合,确保了待认证数据的唯一性。If there is a permission to switch the terminal status, proceed to step S103: the server obtains the terminal information and the data to be authenticated from the terminal; if the server determines that the account has the right to switch the terminal status, the terminal interaction module acquires the terminal information and the to-be-authenticated from the terminal. Data, the terminal information refers to a terminal serial number, and the data to be authenticated is a serial number of the motherboard and a random number, wherein the serial number of the motherboard of each terminal is unique. In this embodiment, the random number is a random number of 16 bytes. In other embodiments, the random number can be other The number of letters or characters can be used. The server interaction module sends the data to the server. The uniqueness of the data to be authenticated is ensured by using a combination of the motherboard serial number and the random number having the uniquely identified terminal.
在步骤S104中,服务端对终端信息进行认证,并生成认证数据;服务端获取到终端信息后,判断该终端信息的合法性,判断其是合法的以后,服务端再使用认证私钥对待认证数据进行加密,生成认证数据,并把认证数据发送给服务端交互模块。通过使用私钥对待认证数据进行加密,确保了生成的认证数据在数据传输的过程中不会被其它非法者截取,去冒充真正合法的服务端,对终端进行欺骗,引发安全性问题。In step S104, the server authenticates the terminal information and generates authentication data. After the terminal obtains the terminal information, the server determines the legality of the terminal information, and after determining that it is legal, the server uses the authentication private key to authenticate. The data is encrypted, the authentication data is generated, and the authentication data is sent to the server interaction module. By using the private key to encrypt the authentication data, it is ensured that the generated authentication data is not intercepted by other illegal persons in the process of data transmission, and it is impersonated as a legitimate server to deceive the terminal and cause security problems.
在本实施例中,出于安全性要求较高的考虑,因为每个终端使用的公钥都是不一样的,因此在服务端判断终端信息的时候,不仅仅判断其合法性,同时也根据该终端信息,使用与该终端对应的私钥对待认证数据进行加密。In this embodiment, because the security requirements are relatively high, because the public key used by each terminal is different, when the server judges the terminal information, it not only judges its legitimacy, but also according to The terminal information encrypts the authentication data using a private key corresponding to the terminal.
而在一些其他的实施例中,出于方便性和通用性的考虑,每个终端使用的公钥是一样的,因此服务端只需判断终端信息的合法性,并且服务端用通用的私钥对待认证数据进行加密。In some other embodiments, the public key used by each terminal is the same for convenience and versatility, so the server only needs to judge the legitimacy of the terminal information, and the server uses the universal private key. Encrypt the authentication data.
在步骤S105中:服务端将生成的认证数据发送给终端;终端交互模块将认证数据发送给终端。In step S105, the server sends the generated authentication data to the terminal, and the terminal interaction module sends the authentication data to the terminal.
步骤S106:终端对认证数据进行认证;这边的认证是指终端通过对接收到的认证数据进行解密,获取明文,比对明文是否与终端的待认证数据相同,如果相同,则服务端通过了终端的认证,获得了终端的认可,那么获得服务端认可的账号可以对终端的状态进行转换。具体认证步骤如下:终端使用公钥对认证数据进行解密,因为服务端用的是与该终端对应的私钥对待认证数据进行加密,因此终端可解密成功,解密成功后,判断解密后的数据是否是本终端的待认证数据,如果是,则认证通过。Step S106: The terminal authenticates the authentication data. The authentication on the side refers to the terminal obtaining the plaintext by decrypting the received authentication data, and comparing the plaintext with the data to be authenticated by the terminal. If the same, the server passes the same. The authentication of the terminal is approved by the terminal, and the account recognized by the server can be converted to the state of the terminal. The specific authentication step is as follows: the terminal decrypts the authentication data by using the public key, because the server uses the private key corresponding to the terminal to encrypt the authentication data, so the terminal can decrypt successfully, and after decryption succeeds, determine whether the decrypted data is successful. It is the data to be authenticated of the terminal. If yes, the authentication is passed.
认证通过后,在步骤S107中就可以对:终端转换状态;终端交互模块发送要转换的状态给终端,终端转换到对应状态。通过终端交互模块发送要转 换的状态给终端,整个过程对于应用程序开发人员是透明的,并且转换过程自动完成,极大地提高了状态转换速度,也方便了应用程序开发人员。在本实施例中,为了保证安全性,在终端从调试态转入使用态后,设备上的应用程序和密钥会被全部清除;同样地终端从使用态到调试态后,设备上的密钥也会被全部清除。After the authentication is passed, in step S107, the terminal can be switched to the state; the terminal interaction module sends the state to be converted to the terminal, and the terminal switches to the corresponding state. Send through the terminal interaction module The state of the change is given to the terminal, the whole process is transparent to the application developer, and the conversion process is automatically completed, which greatly improves the state transition speed and facilitates the application developer. In this embodiment, in order to ensure security, after the terminal transitions from the debug state to the use state, the application and the key on the device are all cleared; similarly, the terminal is dense from the use state to the debug state. The keys will also be cleared completely.
在某些实施例中,终端从使用态转换到调试态的时候,为了避免用户在这上面输入个人PIN,确保安全性。调试态的界面与使用态有明显区别,调试态下会每隔几秒弹出警告框或水印等方式提示,提示使用者这个终端处于调试态,以免使用者在这种终端上输入个人的PIN。In some embodiments, when the terminal transitions from the usage state to the debug state, security is ensured in order to prevent the user from entering a personal PIN on it. The interface of the debug state is obviously different from the state of use. In the debug state, a warning box or a watermark pops up every few seconds to prompt the user that the terminal is in the debug state, so that the user does not input the personal PIN on the terminal.
请参阅图2,在某些实施例中,本发明一种授权对终端状态进行转换系统的方案如下:Referring to FIG. 2, in some embodiments, a scheme for authorizing a system for converting a terminal state is as follows:
系统包括20:服务端201和终端202,服务端201包括账号认证模块2010和信息加密模块2011,终端202包括状态转换模块2020,其中The system includes 20: a server 201 and a terminal 202, the server 201 includes an account authentication module 2010 and an information encryption module 2011, and the terminal 202 includes a state conversion module 2020, wherein
账号认证模块2010:Account Authentication Module 2010:
用于应用开发人员在终端设备上安装有特定的APP,在APP登录界面,应用开发人员使用账号密码联网登录系统,通过账号密码登录系统,服务端会对账号密码做权限判断,确保了账户的合法性。It is used by the application developer to install a specific APP on the terminal device. In the APP login interface, the application developer uses the account password to log in to the system, and logs in to the system through the account password. The server will determine the account password and ensure the account. legality.
在其他实施例中,也可以通过浏览器直接输入特定的网址,同样也是需要应用开发人员输入账号密码登录系统;In other embodiments, the specific URL can also be directly input through the browser, and the application developer is required to input the account password to log in to the system;
其中服务端存储有所有合法的账号密码,也包括这些账号所对应的权限,应用开发人员输入账号密码,服务端获取应用开发人员输入的账号密码,判断该账号密码是否存储在服务端中,如果存储在服务端中,应用开发人员成功登陆系统,同时服务端也会进一步去获取该账号的权限,判断该账号是否有权限转换终端状态。通过服务端对账号密码的权限认证,确保了后续状态 转换的合法性。若有,则终端交互模块会从终端获取终端信息和待认证数据,所述终端信息是指终端序列号,待认证数据是主板序列号和随机数,其中每个终端的主板序列号是唯一的,在本实施例中随机数为16字节随机数,在其他实施例中,随机数可以为其他位数的字母或者字符都可以。The server stores all legal account passwords, and also includes the rights corresponding to the accounts. The application developer inputs the account password, and the server obtains the account password input by the application developer, and determines whether the account password is stored in the server. Stored in the server, the application developer successfully logs in to the system, and the server further obtains the authority of the account to determine whether the account has permission to switch the terminal status. The subsequent authentication is ensured by the server's authority authentication of the account password. The legality of the conversion. If yes, the terminal interaction module obtains the terminal information and the data to be authenticated from the terminal, where the terminal information refers to the terminal serial number, and the data to be authenticated is the serial number of the motherboard and the random number, wherein the serial number of the motherboard of each terminal is unique. In this embodiment, the random number is a 16-byte random number. In other embodiments, the random number may be a letter or a character of other digits.
服务端交互模块把这些数据发送给服务端。通过使用具有唯一标识终端的主板序列号与随机数的组合,确保了待认证数据的唯一性。The server interaction module sends the data to the server. The uniqueness of the data to be authenticated is ensured by using a combination of the motherboard serial number and the random number having the uniquely identified terminal.
信息加密模块2011:Information Encryption Module 2011:
服务端对终端信息进行认证,并生成认证数据;服务端获取到终端信息后,判断该终端信息的合法性,判断其是合法的以后,服务端再使用认证私钥对待认证数据进行加密,生成认证数据,并把认证数据发送给服务端交互模块。通过使用私钥对待认证数据进行加密,确保了生成的认证数据在数据传输的过程中不会被其它非法者截取,去冒充真正合法的服务端,对终端进行欺骗,引发安全性问题。The server authenticates the terminal information and generates authentication data. After the server obtains the terminal information, it determines the legality of the terminal information, and determines that it is legal. The server then uses the authentication private key to encrypt the authentication data. The data is authenticated and the authentication data is sent to the server interaction module. By using the private key to encrypt the authentication data, it is ensured that the generated authentication data is not intercepted by other illegal persons in the process of data transmission, and it is impersonated as a legitimate server to deceive the terminal and cause security problems.
在本实施例中,出于安全性要求较高的考虑,因为每个终端使用的公钥都是不一样的,因此在服务端判断终端信息的时候,不仅仅判断其合法性,同时也根据该终端信息,使用与该终端对应的私钥对待认证数据进行加密。In this embodiment, because the security requirements are relatively high, because the public key used by each terminal is different, when the server judges the terminal information, it not only judges its legitimacy, but also according to The terminal information encrypts the authentication data using a private key corresponding to the terminal.
而在一些其他的实施例中,出于方便性和通用性的考虑,每个终端使用的公钥是一样的,因此服务端只需判断终端信息的合法性,并且服务端用通用的私钥对待认证数据进行加密。In some other embodiments, the public key used by each terminal is the same for convenience and versatility, so the server only needs to judge the legitimacy of the terminal information, and the server uses the universal private key. Encrypt the authentication data.
服务端将生成的认证数据发送给终端;终端交互模块将认证数据发送给终端。The server sends the generated authentication data to the terminal; the terminal interaction module sends the authentication data to the terminal.
状态转换模块2020:State transition module 2020:
用于终端对认证数据进行认证;这边的认证是指终端通过对接收到的认证数据进行解密,获取明文,比对明文是否与终端的待认证数据相同,如果相同,则服务端通过了终端的认证,获得了终端的认可,那么获得服务端认可的账号可以对终端的状态进行转换。具体认证如下:终端使用公钥对认证 数据进行解密,因为服务端用的是与该终端对应的私钥对待认证数据进行加密,因此终端可解密成功,解密成功后,判断解密后的数据是否是本终端的待认证数据,如果是,则认证通过。认证通过后,就可以对:终端转换状态;终端交互模块发送要转换的状态给终端,终端转换到对应状态。通过终端交互模块发送要转换的状态给终端,整个过程对于应用程序开发人员是透明的,并且转换过程自动完成,极大地提高了状态转换速度,也方便了应用程序开发人员。在本实施例中,为了保证安全性,在终端从调试态转入使用态后,设备上的应用程序和密钥会被全部清除;同样地终端从使用态到调试态后,设备上的密钥也会被全部清除。It is used by the terminal to authenticate the authentication data. The authentication on the side refers to the terminal decrypting the received authentication data to obtain the plaintext. If the plaintext is the same as the data to be authenticated, the server passes the terminal. The authentication of the terminal is approved by the terminal, and the account recognized by the server can be converted to the state of the terminal. The specific certification is as follows: the terminal uses public key pair authentication The data is decrypted, because the server uses the private key corresponding to the terminal to encrypt the authentication data, so the terminal can decrypt successfully. After the decryption succeeds, it is determined whether the decrypted data is the data to be authenticated of the terminal, and if so, Then the certification is passed. After the authentication is passed, the terminal can be switched to the terminal; the terminal interaction module sends the state to be converted to the terminal, and the terminal switches to the corresponding state. Through the terminal interaction module to send the state to be converted to the terminal, the whole process is transparent to the application developer, and the conversion process is automatically completed, which greatly improves the state conversion speed and facilitates the application developer. In this embodiment, in order to ensure security, after the terminal transitions from the debug state to the use state, the application and the key on the device are all cleared; similarly, the terminal is dense from the use state to the debug state. The keys will also be cleared completely.
在某些实施例中,终端从使用态转换到调试态的时候,为了避免用户在这上面输入个人PIN,确保安全性。调试态的界面与使用态有明显区别,调试态下会每隔几秒弹出警告框或水印等方式提示,提示使用者这个终端处于调试态,以免使用者在这种终端上输入个人的PIN。In some embodiments, when the terminal transitions from the usage state to the debug state, security is ensured in order to prevent the user from entering a personal PIN on it. The interface of the debug state is obviously different from the state of use. In the debug state, a warning box or a watermark pops up every few seconds to prompt the user that the terminal is in the debug state, so that the user does not input the personal PIN on the terminal.
需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者终端设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者终端设备所固有的要素。在没有更多限制的情况下,由语句“包括……”或“包含……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者终端设备中还存在另外的要素。此外,在本文中,“大于”、“小于”、“超过”等理解为不包括本数;“以上”、“以下”、“以内”等理解为包括本数。It should be noted that, in this context, relational terms such as first and second are used merely to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply such entities or operations. There is any such actual relationship or order between them. Furthermore, the terms "comprises" or "comprising" or "comprising" or any other variations are intended to encompass a non-exclusive inclusion, such that a process, method, article, or terminal device that includes a plurality of elements includes not only those elements but also Other elements that are included, or include elements inherent to such a process, method, article, or terminal device. An element defined by the phrase "including" or "comprising" does not exclude the presence of additional elements in the process, method, article or terminal device including the element. In addition, in this document, “greater than”, “less than”, “exceeded”, etc. are understood as not including the number; “above”, “below”, “inside”, etc. are understood to include the number.
本领域内的技术人员应明白,上述各实施例可提供为方法、装置、或计算机程序产品。这些实施例可采用完全硬件实施例、完全软件实施例、或结 合软件和硬件方面的实施例的形式。上述各实施例涉及的方法中的全部或部分步骤可以通过程序来指令相关的硬件来完成,所述的程序可以存储于计算机设备可读取的存储介质中,用于执行上述各实施例方法所述的全部或部分步骤。所述计算机设备,包括但不限于:个人计算机、服务器、通用计算机、专用计算机、网络设备、嵌入式设备、可编程设备、智能移动终端、智能家居设备、穿戴式智能设备、车载智能设备等;所述的存储介质,包括但不限于:RAM、ROM、磁碟、磁带、光盘、闪存、U盘、移动硬盘、存储卡、记忆棒、网络服务器存储、网络云存储等。Those skilled in the art will appreciate that the various embodiments described above can be provided as a method, apparatus, or computer program product. These embodiments may employ an entirely hardware embodiment, an entirely software embodiment, or a junction. In the form of an embodiment of the software and hardware aspects. All or part of the steps involved in the foregoing embodiments may be completed by a program instructing related hardware, and the program may be stored in a storage medium readable by a computer device for executing the method embodiments of the foregoing embodiments. All or part of the steps described. The computer device includes but is not limited to: a personal computer, a server, a general purpose computer, a special purpose computer, a network device, an embedded device, a programmable device, a smart mobile terminal, a smart home device, a wearable smart device, a vehicle smart device, and the like; The storage medium includes, but is not limited to, a RAM, a ROM, a magnetic disk, a magnetic tape, an optical disk, a flash memory, a USB flash drive, a mobile hard disk, a memory card, a memory stick, a network server storage, a network cloud storage, and the like.
上述各实施例是参照根据实施例所述的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到计算机设备的处理器以产生一个机器,使得通过计算机设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The above embodiments are described with reference to flowcharts and/or block diagrams of methods, apparatus (systems), and computer program products according to the embodiments. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a computer device to produce a machine such that instructions executed by a processor of the computer device are generated for implementing one or more blocks or processes in a flow or flow diagram and/or block diagram of the flowchart The device for the function specified in the box.
这些计算机程序指令也可存储在能引导计算机设备以特定方式工作的计算机设备可读存储器中,使得存储在该计算机设备可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer device readable memory that can direct the computer device to operate in a particular manner, such that instructions stored in the computer device readable memory produce an article of manufacture comprising the instruction device, the instruction device being implemented in the process Figure One or more processes and/or block diagrams of the functions specified in a block or blocks.
这些计算机程序指令也可装载到计算机设备上,使得在计算机设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer device such that a series of operational steps are performed on the computer device to produce computer-implemented processing, such that instructions executed on the computer device are provided for implementing one or more processes in the flowchart And/or block diagram of the steps of a function specified in a box or blocks.
尽管已经对上述各实施例进行了描述,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例做出另外的变更和修改,所以以上所述仅为本发明的实施例,并非因此限制本发明的专利保护范围,凡是利用本 发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围之内。 Although the above embodiments have been described, those skilled in the art can make other changes and modifications to these embodiments once they have learned the basic inventive concept, so the above is only the implementation of the present invention. For example, it is not intended to limit the scope of patent protection of the present invention. The equivalent structure or equivalent flow of the invention in the specification and the drawings is directly or indirectly applied to other related technical fields, and is included in the scope of the patent protection of the present invention.

Claims (10)

  1. 一种授权对终端状态进行转换的方法,其特征在于,包括步骤:A method for authorizing conversion of a terminal state, characterized by comprising the steps of:
    服务端获取认证账号,服务端判断所述认证账号是否有转换权限;The server obtains the authentication account, and the server determines whether the authentication account has a conversion authority;
    若有,服务端从终端获取终端信息和待认证数据;If yes, the server obtains terminal information and data to be authenticated from the terminal;
    服务端使用认证私钥对所述待认证数据进行加密生成认证数据,服务端发送所述认证数据给终端;The server uses the authentication private key to encrypt the to-be-authenticated data to generate authentication data, and the server sends the authentication data to the terminal.
    终端对所述认证数据进行认证,若认证通过,对终端状态进行转换。The terminal authenticates the authentication data, and if the authentication passes, the terminal status is converted.
  2. 根据权利要求1所述的一种授权对终端状态进行转换的方法,其特征在于,A method for authorizing conversion of a terminal state according to claim 1, wherein
    所述终端状态包括使用态和调试态,终端不保存使用态和调试态下的应用程序和密钥;The terminal status includes a usage state and a debug state, and the terminal does not save the application and the key in the usage state and the debug state;
    终端从使用态切换到调试态,终端清除所述使用态下终端的密钥;The terminal switches from the use state to the debug state, and the terminal clears the key of the terminal in the use state;
    终端从调试态切换到使用态,终端清除所述调试态下终端的应用程序和密钥。The terminal switches from the debug state to the use state, and the terminal clears the application and the key of the terminal in the debug state.
  3. 根据权利要求2所述的一种授权对终端状态进行转换的方法,其特征在于,还包括步骤:The method for authorizing the transition of a terminal state according to claim 2, further comprising the steps of:
    终端判断在调试态时,终端弹出终端处于调试态的提示。When the terminal determines that it is in the debug state, the terminal pops up the prompt that the terminal is in the debug state.
  4. 根据权利要求3所述的一种授权对终端状态进行转换的方法,其特征在于,A method for authorizing conversion of a terminal state according to claim 3, characterized in that
    所述提示包括:终端显示水印或者每间隔预设的时间弹出警告框。The prompt includes: displaying, by the terminal, a watermark or popping up an alert box every preset time interval.
  5. 根据权利要求1所述的一种授权对终端状态进行转换的方法,其特征在于,A method for authorizing conversion of a terminal state according to claim 1, wherein
    所述终端信息是终端序列号,所述待认证数据是终端主板序列号与随机数的组合。The terminal information is a terminal serial number, and the to-be-certified data is a combination of a terminal motherboard serial number and a random number.
  6. 一种授权对终端状态进行转换系统,其特征在于,A system for authorizing a transition of a terminal state, characterized in that
    包括服务端和终端,所述服务端包括账号认证模块和信息加密模块,所述终端包括状态转换模块; The server includes a server and a terminal, and the server includes an account authentication module and an information encryption module, where the terminal includes a state transition module;
    账号认证模块,用于服务端获取认证账号,服务端判断所述认证账号是否有转换权限,若有,服务端从终端获取终端信息和待认证数据;An account authentication module, configured to obtain an authentication account by the server, and the server determines whether the authentication account has a conversion authority, and if yes, the server obtains terminal information and data to be authenticated from the terminal;
    信息加密模块,用于服务端使用认证私钥对所述待认证数据进行加密生成认证数据,服务端发送所述认证数据给终端;An information encryption module, configured to: the server uses the authentication private key to encrypt the data to be authenticated to generate authentication data, and the server sends the authentication data to the terminal;
    状态转换模块,用于终端对所述认证数据进行认证,若认证通过,对终端状态进行转换。The state conversion module is configured to perform authentication on the authentication data by the terminal, and if the authentication passes, convert the state of the terminal.
  7. 根据权利要求6所述的一种授权对终端状态进行转换系统,其特征在于,A system for authorizing a terminal state transition according to claim 6, wherein
    状态转换模块,还用于:State transition module, also used to:
    所述终端状态包括使用态和调试态,终端不保存使用态和调试态下的应用程序和密钥;The terminal status includes a usage state and a debug state, and the terminal does not save the application and the key in the usage state and the debug state;
    终端从使用态切换到调试态,终端清除所述使用态下终端的密钥;The terminal switches from the use state to the debug state, and the terminal clears the key of the terminal in the use state;
    终端从调试态切换到使用态,终端清除所述调试态下终端的应用程序和密钥。The terminal switches from the debug state to the use state, and the terminal clears the application and the key of the terminal in the debug state.
  8. 根据权利要求7所述的一种授权对终端状态进行转换系统,其特征在于,A system for authorizing a terminal state transition according to claim 7, wherein
    终端判断在调试态时,终端弹出终端处于调试态的提示。When the terminal determines that it is in the debug state, the terminal pops up the prompt that the terminal is in the debug state.
  9. 根据权利要求8所述的一种授权对终端状态进行转换系统,其特征在于,A system for authorizing a terminal state transition according to claim 8, wherein
    所述提示包括:终端显示水印或者每间隔预设的时间弹出警告框。The prompt includes: displaying, by the terminal, a watermark or popping up an alert box every preset time interval.
  10. 根据权利要求6所述的一种授权对终端状态进行转换系统,其特征在于,A system for authorizing a terminal state transition according to claim 6, wherein
    所述终端信息是终端序列号,所述待认证数据是终端主板序列号与随机数的组合。 The terminal information is a terminal serial number, and the to-be-certified data is a combination of a terminal motherboard serial number and a random number.
PCT/CN2017/096834 2016-08-18 2017-08-10 Method and system for authorizing conversion of terminal state WO2018033016A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610683354.XA CN106330877B (en) 2016-08-18 2016-08-18 It is a kind of to authorize the method and system converted to the SOT state of termination
CN201610683354.X 2016-08-18

Publications (1)

Publication Number Publication Date
WO2018033016A1 true WO2018033016A1 (en) 2018-02-22

Family

ID=57743156

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/096834 WO2018033016A1 (en) 2016-08-18 2017-08-10 Method and system for authorizing conversion of terminal state

Country Status (2)

Country Link
CN (1) CN106330877B (en)
WO (1) WO2018033016A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330877B (en) * 2016-08-18 2019-07-05 福建联迪商用设备有限公司 It is a kind of to authorize the method and system converted to the SOT state of termination
CN109885374B (en) * 2019-02-28 2022-06-03 北京小米移动软件有限公司 Interface display processing method and device, mobile terminal and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581201A (en) * 2013-11-15 2014-02-12 华为技术有限公司 Authentication and authorization method and device
CN105095970A (en) * 2014-04-25 2015-11-25 阿里巴巴集团控股有限公司 Execution method and system of third-party application
CN105471847A (en) * 2015-11-16 2016-04-06 浙江宇视科技有限公司 User information management method and user information management device
CN106330877A (en) * 2016-08-18 2017-01-11 福建联迪商用设备有限公司 Method and system for authorizing switching of terminal state
CN106713321A (en) * 2016-12-26 2017-05-24 中国银联股份有限公司 Authority management method and device for debugging function of point of sale

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102621949B (en) * 2012-03-09 2014-03-19 电信科学技术研究院 Remote monitoring device and method
CN103856562B (en) * 2014-02-26 2019-04-30 福建星网视易信息系统有限公司 SOT state of termination caching method and device under http agreement
CN105142139B (en) * 2014-05-30 2019-02-12 北京奇虎科技有限公司 The acquisition methods and device of verification information
CN105117665B (en) * 2015-07-16 2017-10-31 福建联迪商用设备有限公司 A kind of end product pattern and the method and system of development mode handoff-security
CN105120066B (en) * 2015-07-16 2017-12-08 福建联迪商用设备有限公司 A kind of end product pattern and the method and system of development mode handoff-security
CN105721426B (en) * 2016-01-05 2019-03-05 向三名 Access authorization methods, server, target terminal equipment and the system of terminal device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581201A (en) * 2013-11-15 2014-02-12 华为技术有限公司 Authentication and authorization method and device
CN105095970A (en) * 2014-04-25 2015-11-25 阿里巴巴集团控股有限公司 Execution method and system of third-party application
CN105471847A (en) * 2015-11-16 2016-04-06 浙江宇视科技有限公司 User information management method and user information management device
CN106330877A (en) * 2016-08-18 2017-01-11 福建联迪商用设备有限公司 Method and system for authorizing switching of terminal state
CN106713321A (en) * 2016-12-26 2017-05-24 中国银联股份有限公司 Authority management method and device for debugging function of point of sale

Also Published As

Publication number Publication date
CN106330877B (en) 2019-07-05
CN106330877A (en) 2017-01-11

Similar Documents

Publication Publication Date Title
US10469469B1 (en) Device-based PIN authentication process to protect encrypted data
US9673975B1 (en) Cryptographic key splitting for offline and online data protection
JP6911122B2 (en) Permission method and system to acquire terminal attack warning message log
WO2019020051A1 (en) Method and apparatus for security authentication
TWI809292B (en) Data encryption and decryption method, device, storage medium and encrypted file
CN107743067B (en) Method, system, terminal and storage medium for issuing digital certificate
CN107733636B (en) Authentication method and authentication system
CN109922027B (en) Credible identity authentication method, terminal and storage medium
WO2016054905A1 (en) Method for processing data
CN110677382A (en) Data security processing method, device, computer system and storage medium
US20120290833A1 (en) Certificate Blobs for Single Sign On
CN111177693B (en) Method, device, equipment and medium for verifying terminal root certificate
WO2014026462A1 (en) Digital rights management method
GB2501069A (en) Authentication using coded images to derive an encrypted passcode
CN106953731B (en) Authentication method and system for terminal administrator
WO2018033017A1 (en) Terminal state conversion method and system for credit granting
WO2018033016A1 (en) Method and system for authorizing conversion of terminal state
CN105873043B (en) Method and system for generating and applying network private key for mobile terminal
JP2017530636A (en) Authentication stick
WO2018040881A1 (en) Method and system for authorizing to clear attack alarm for terminal
CN107070648B (en) Key protection method and PKI system
CN110968878A (en) Information transmission method, system, electronic device and readable medium
CN102710601B (en) Method for security encryption and signing based on identity file
WO2018040883A1 (en) Method and system for securely setting system time of terminal
WO2017107642A1 (en) Text processing method, apparatus and system for secure input method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17840990

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17840990

Country of ref document: EP

Kind code of ref document: A1