WO2021115381A1 - Method for terminal to access monitoring platform, and electronic device, platform and storage medium - Google Patents

Method for terminal to access monitoring platform, and electronic device, platform and storage medium Download PDF

Info

Publication number
WO2021115381A1
WO2021115381A1 PCT/CN2020/135292 CN2020135292W WO2021115381A1 WO 2021115381 A1 WO2021115381 A1 WO 2021115381A1 CN 2020135292 W CN2020135292 W CN 2020135292W WO 2021115381 A1 WO2021115381 A1 WO 2021115381A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
monitoring platform
digital signature
verification code
attribute information
Prior art date
Application number
PCT/CN2020/135292
Other languages
French (fr)
Chinese (zh)
Inventor
李伟华
夷嬿霖
郑海平
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2021115381A1 publication Critical patent/WO2021115381A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the embodiments of the present application relate to the field of communications, and in particular to a method, electronic equipment, platform, and storage medium for a terminal to access a monitoring platform.
  • Mobile video surveillance is the integration of mobile network and video surveillance. With the improvement of mobile bandwidth, mobile terminal processing capabilities and camera resolution, mobile video surveillance has ushered in a broad space for development. The development trend of mobile video surveillance has gradually changed from operating vehicles, public security mobile law enforcement, logistics management, industry security inspections, etc. The professional market is gradually transitioning to a civilian market dominated by homes, shops, and small offices.
  • Video surveillance images are collected and encoded by mobile capture devices, and processed by network optimization algorithms for fidelity.
  • the mobile signals are transmitted in the air using network technologies such as WiFi and 4G, and are oriented to mobile terminals such as mobile phones, PADs, and laptops. , To realize the function of people to monitor remote real-time dynamic pictures anytime and anywhere, providing a simpler, more convenient and more timely monitoring solution for enterprises and families.
  • the purpose of the embodiments of this application is to provide a method, electronic equipment, platform, and storage medium for a terminal to access the monitoring platform, which can improve the security of the terminal’s access to the monitoring platform, thereby improving the user’s ability to access the terminal to the monitoring platform. Sense of security.
  • the embodiments of the present application provide a method for a terminal to access a monitoring platform, which is applied to a terminal, and the method includes: according to the attribute information of the terminal and logging in to the monitoring platform from the monitoring platform
  • the received dynamic verification code generates a first digital signature; an access request containing the first digital signature is sent to the monitoring platform for the monitoring platform to use the attribute information bound to the terminal’s login account and download
  • the sent dynamic verification code authenticates the first digital signature; receives a response message issued by the monitoring platform after the authentication is passed, and accesses the monitoring platform.
  • the embodiment of the present application also provides a method for a terminal to access a monitoring platform, which is applied to a monitoring platform.
  • the method includes: generating a dynamic verification code during the process of logging in to the monitoring platform by the terminal and sending it to the terminal to For the terminal to generate a first digital signature based on the terminal’s attribute information and the dynamic verification code; receive an access request containing the first digital signature sent by the terminal; bind based on the terminal’s login account And the issued dynamic verification code to authenticate the first digital signature; after the authentication is passed, a response message is issued to the terminal for the terminal to receive the response message Access the monitoring platform.
  • the embodiment of the present application also provides an electronic device.
  • the electronic device is a terminal, and includes: at least one processor; and a memory communicatively connected with the at least one processor; wherein the memory stores the The instructions executed by the at least one processor are executed by the at least one processor, so that the at least one processor can execute the foregoing terminal access monitoring platform method.
  • the embodiment of the present application also provides a platform.
  • the platform is a monitoring platform and includes: at least one processor; and a memory communicatively connected with the at least one processor; The instructions executed by the at least one processor are executed by the at least one processor, so that the at least one processor can execute the foregoing terminal access monitoring platform method.
  • the embodiment of the present application also provides a computer-readable storage medium that stores a computer program, and the computer program is executed by a processor to implement the above-mentioned terminal access monitoring platform method.
  • Fig. 1 is a flowchart of a method for a terminal to access a monitoring platform according to the first embodiment of the present application
  • FIG. 2 is a flowchart of a method of binding a login account of a terminal and attribute information of the terminal according to the first embodiment of the present application;
  • Fig. 3 is a flowchart of a method for terminal access to a monitoring platform according to a second embodiment of the present application
  • Fig. 4 is a flowchart of a method for terminal access to a monitoring platform according to a third embodiment of the present application.
  • FIG. 5 is a flowchart of a method for a terminal to access a monitoring platform according to a fourth embodiment of the present application
  • Fig. 6 is a flowchart of a method for terminal access to a monitoring platform according to a fifth embodiment of the present application.
  • FIG. 7 is a flowchart of a method for binding a login account of a terminal and attribute information of the terminal according to a fifth embodiment of the present application.
  • FIG. 8 is a flowchart of a method for a terminal to access a monitoring platform according to a sixth embodiment of the present application.
  • FIG. 9 is a flowchart of a method for a terminal to access a monitoring platform according to a seventh embodiment of the present application.
  • FIG. 10 is a flowchart of a method for a terminal to access a monitoring platform according to an eighth embodiment of the present application.
  • FIG. 11 is a structural diagram of an electronic device according to a ninth embodiment of the present application.
  • Fig. 12 is a structural diagram of a platform according to a tenth embodiment of the present application.
  • the bandwidth problem and real-time problem of the development bottleneck of mobile video surveillance have been basically solved.
  • the inventor of this application found that: when the mobile terminal is used as a collection terminal, if the access security is relatively poor, the collection terminal may be replaced by other fake terminals, resulting in invalid or unavailable collected video; when the mobile terminal is used as a monitoring terminal
  • the device is connected to the device, if the access security is relatively poor, other fake terminals are connected to the platform, resulting in illegal browsing and downloading of surveillance videos, resulting in privacy leakage and other issues. Therefore, if the security problem of mobile video surveillance is further solved, it will promote the rapid development of mobile video surveillance, and mobile video surveillance will usher in a broad space for development.
  • the first embodiment of the present application relates to a method for a terminal to access a monitoring platform, which is applied to a terminal.
  • the method includes: generating a first digital signature based on the terminal’s attribute information and the dynamic verification code received from the monitoring platform during the login to the monitoring platform ; Send an access request containing the first digital signature to the monitoring platform for the monitoring platform to authenticate the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code; receive the monitoring platform in the authentication The response message issued after the right is passed is connected to the monitoring platform.
  • FIG. 1 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 1, and includes:
  • Step 101 Generate a first digital signature according to the attribute information of the terminal and the dynamic verification code received from the monitoring platform during the process of logging in to the monitoring platform.
  • the terminal has the functions of receiving a verification code, acquiring attribute information of the terminal, and generating a digital signature including the terminal attribute information and the verification code.
  • the terminal’s attribute information refers to the terminal’s International Mobile Equipment Identity (IMEI), the terminal’s SIM card’s International Mobile Subscriber Identification Number (IMSI, International Mobile Subscriber Identification Number), or calling the terminal system (such as Android, iOS, etc.) )
  • the interface generates a unique identifier.
  • the terminal is a terminal for collecting video, that is, a VSS (Video Surveillance System) terminal.
  • VSS terminal can be divided into a fixed VSS terminal or a mobile VSS terminal.
  • the VSS terminal in this example refers to a mobile VSS terminal with a camera, such as a smart phone, a tablet computer, etc.
  • the mobile VSS terminal includes hardware for running software and running APP software, namely mobile equipment + APP software; APP software is software that can be identified by the monitoring platform, so that the terminal can upload the collected content to the monitoring platform through the APP software.
  • the terminal is a terminal used to monitor video, that is, a VSS client, such as a smart phone, a tablet computer, etc.
  • the VSS client includes hardware running software and APP software running in the device, that is, mobile device + APP software; APP software is software that can be identified by the monitoring platform, so that the terminal can browse the video content of the monitoring platform through the APP software.
  • the monitoring platform is a distributed architecture consisting of a central node and several edge nodes. It is worth noting that the VSS platform in this embodiment has the functions of generating verification codes and verifying digital signatures containing terminal attribute information and verification codes.
  • the platform includes mobile monitoring interface machines, namely MSP interface machines, central management server CMS and signaling management. Server RGM, SMS interface machine.
  • the dynamic verification code in this embodiment may be a short message verification code.
  • This embodiment and the following embodiments all take the short message verification code as an example for description, but it is not limited thereto. Therefore, the user manually enters the login account to trigger the APP software to send a login request to the monitoring platform, where the initial login is the terminal's phone number and user name and other information; after receiving the login request, the MSP interface machine of the monitoring platform sends the login request to Monitor the CMS and RGM of the monitoring platform, and forward the verification code returned by the CMS and RGM of the monitoring platform to the SMS interface machine of the monitoring platform.
  • the SMS interface machine sends the dynamic verification code to the SMS system of the terminal.
  • the dynamic verification code is input into the APP software, and after the user clicks the access button of the APP software interface, the APP software generates the first digital signature according to the terminal attribute information and the dynamic verification code. It is worth noting that the dynamic verification code received by the terminal from the monitoring platform is different each time.
  • the channel through which the monitoring platform issues the verification code to the terminal and the channel through which the request or response message exchanges between the terminal and the monitoring platform can be the same channel or different channels.
  • the first digital signature is generated based on the terminal’s attribute information and the dynamic verification code received from the monitoring platform during the login process through the preset channel; the preset channel is different from the one between the terminal and the monitoring platform.
  • the channel for request or response message interaction is not limited to the terminal and the channel through which the request or response message exchanges between the terminal and the monitoring platform.
  • the short message verification code is sent to the short message center of operators such as mobile/telecom through the short message interface machine, and the operator sends the short message system of the terminal through the short message service, and the access request or response message between the terminal and the monitoring platform is not It needs to go through the operator’s short message center and directly interact with the channel connected by the MSP interface machine and APP software; that is, the channel through which the monitoring platform sends the verification code to the terminal is different from the channel for the access request between the terminal and the monitoring platform aisle. By setting different channels, the risk of the dynamic verification code being stolen is reduced, thereby further improving the security of terminal access to the monitoring platform.
  • the verification code is obtained by hashing the random salt value generated by the time stamp information by the monitoring platform.
  • the monitoring platform generates a random salt value according to the time stamp information or a certain part of it as a seed random number, and then hashes the generated random salt value to generate a verification code.
  • This method of generating a verification code improves the security of the verification code, thereby further improving the security of the terminal accessing the monitoring platform.
  • Step 102 Send an access request containing the first digital signature to the monitoring platform for the monitoring platform to authenticate the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code.
  • the APP software sends an access request containing the first digital signature to the monitoring platform, and the monitoring platform uses the attribute information bound to the login account of the terminal and the issued dynamic verification
  • the code authenticates the first digital signature.
  • the first digital signature can be plaintext information, or it can be encrypted.
  • the first digital signature is plaintext
  • the specific process of authentication is: parsing the first signature to obtain the terminal's attribute information and the dynamic verification code received from the monitoring platform during the login to the monitoring platform; if the terminal's attribute information and the terminal If the attribute information bound to the login account is consistent and the received dynamic verification code is consistent with the issued dynamic verification code, the authentication is passed.
  • Figure 2 the specific flow chart of the binding method of the login account of the terminal and the attribute information of the terminal is shown in Figure 2, including:
  • Step 1021 Send a registration request to the monitoring platform for the monitoring platform to issue a dynamic verification code after receiving the registration request.
  • the APP software sends a registration request to the monitoring platform, and the short message interface machine sends the dynamic verification code to the terminal's short message system, and the dynamic verification code is manually operated by the user. Enter the APP software.
  • the channel for the monitoring platform to issue the verification code to the terminal and the channel for the registration request between the terminal and the monitoring platform are different channels.
  • Step 1022 Receive a dynamic verification code from the monitoring platform.
  • Step 1023 Generate a first digital signature according to the attribute information and the received dynamic verification code.
  • Step 1024 Send the first digital signature and the login account of the terminal to the monitoring platform, so that the monitoring platform can parse the attribute information from the first digital signature, and bind the login account of the terminal with the attribute information of the terminal.
  • the received dynamic verification code is encrypted based on a preset irreversible encryption algorithm to obtain an encryption key, and the encryption key is used to reversibly encrypt the first digital signature to obtain the encrypted first digital signature.
  • the monitoring platform encrypts the issued dynamic verification code based on the same irreversible encryption algorithm to obtain the decryption key, and uses the decryption key to decrypt the encrypted first digital signature with the inverse algorithm of the reversible encryption algorithm to obtain the first digital signature. Restore it to readable plaintext information, so that the terminal's attribute information can be obtained, the login account and the terminal's attribute information are bound, and the bound information of the two is stored locally.
  • the first digital signature may not be encrypted, that is, the first digital signature is plaintext information, and the monitoring platform may directly obtain the attribute information according to the first digital signature.
  • the first digital signature sent by the terminal to the monitoring platform is generated by the attribute information and the dynamic verification code, which can ensure the authenticity and reliability of the attribute information obtained by the monitoring platform from the first digital signature. Improved the authenticity and reliability of the process of binding the login account and attribute information.
  • Step 103 Receive a response message issued by the monitoring platform after the authentication is passed, and access the monitoring platform.
  • the terminal when the terminal receives the issued response message, it can immediately access the monitoring platform, or can access the monitoring platform when the preset time is met, which is not specifically limited in this embodiment. It is worth noting that the response message can carry video information, such as resolution and frame rate.
  • receiving the response message issued by the monitoring platform after the authentication is passed, and accessing the monitoring platform is specifically: receiving the response message containing the second digital signature issued by the monitoring platform after the authentication is passed, and according to the terminal
  • the attribute information of the terminal and the received dynamic verification code authenticate the second digital signature, and access the monitoring platform after the authentication is passed; wherein the second digital signature is the attribute information bound to the terminal’s login account and the issued dynamic The verification code is generated.
  • the terminal also has the function of verifying a digital signature containing terminal attribute information and a verification code.
  • the second digital signature is plain text information.
  • the terminal can obtain the attribute information bound to the login account of the terminal and the issued dynamic verification code according to the second digital signature. If the attribute information bound to the login account of the terminal is consistent with the attribute information of the terminal, If the issued dynamic verification code is consistent with the received dynamic verification code, the authentication is passed.
  • the second digital signature is generated by the monitoring platform based on the irreversible encryption algorithm on the attribute information bound to the terminal's login account and the issued dynamic verification code plaintext information, and the terminal authenticates the second digital signature. It is: based on the same irreversible encryption algorithm to encrypt the plain text formed by combining the terminal attribute information and the received dynamic verification code to generate an authentication password, and to determine whether the authentication password matches the second digital signature, when the authentication password matches The authentication passes when the first digital signature matches.
  • the monitoring platform encrypts the plaintext information formed by combining the attribute information bound to the terminal's login account and the issued dynamic verification code based on the irreversible encryption algorithm, and after generating the second digital signature, it is also based on the irreversible encryption algorithm Encrypt the received dynamic verification code to obtain an encryption key, use the encryption key to encrypt the second digital signature to obtain the encrypted second digital signature; and send a response message containing the encrypted second digital signature to the terminal.
  • the authentication process of the terminal on the second digital signature is: encrypt the received dynamic verification code based on the same irreversible encryption algorithm to obtain a decryption key, and use the decryption key to decrypt the encrypted second digital signature to obtain the first 2.
  • Digital signature based on the same irreversible encryption algorithm to encrypt the plain text formed by the combination of the terminal's attribute information and the received dynamic verification code to generate an authentication password, and to determine whether the authentication password matches the second digital signature, when authenticating The authentication passes when the password matches the first digital signature.
  • the first digital signature includes the terminal's attribute information and the dynamic verification code; the terminal's attribute information is the immutable digital part, and the dynamic verification code is the real-time changing digital part; that is, it is used in the terminal and monitoring platform access
  • the first digital signature to authenticate the identity includes both an immutable digital part and a real-time changing digital part, which can improve the reliability of identity authentication, thereby enhancing the security of terminal access to the monitoring platform.
  • the first digital signature is generated based on the terminal’s attribute information and the dynamic verification code received from the monitoring platform through the preset channel during the login process of the monitoring platform; wherein, the preset channel is different from the request or the request between the terminal and the monitoring platform. Response message interaction channel; by setting different channels, the risk of dynamic verification code being stolen is reduced, thereby further improving the security of terminal access to the monitoring platform.
  • the terminal since the response message contains the second digital signature, the terminal does not access the monitoring platform when receiving the response message, and only accesses the monitoring platform after the terminal passes the authentication of the second digital signature. , That is, the terminal has also undergone an authentication process, which can further improve the reliability of identity authentication, thereby further improving the security of the terminal access to the monitoring platform.
  • the second embodiment of the present application relates to a method for a terminal to access a monitoring platform.
  • This embodiment is substantially the same as the first embodiment, but the difference lies in that the plaintext information formed by combining the attribute information of the terminal and the received dynamic verification code is irreversibly encrypted to generate the first digital signature.
  • FIG. 3 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 3, including:
  • Steps 202 and 203 are similar to steps 102 and 103 respectively, and will not be repeated here.
  • Step 201 Encrypt the plaintext information formed by combining the attribute information of the terminal and the received dynamic verification code based on a preset first irreversible encryption algorithm, and generate a first digital signature.
  • irreversible encryption cannot obtain attribute information and dynamic verification codes through reverse analysis.
  • the plain text information formed by combining the terminal attribute information and the received dynamic verification code is IMEI or/and IMSI and the dynamic verification code are spliced together to obtain the plain text information, for example: the IMEI or/and IMSI and the dynamic verification code can be XORed
  • IMEI or/and IMSI the IMEI or/and IMSI
  • the dynamic verification code can be XORed
  • the authentication process of the monitoring platform the monitoring platform encrypts the plain text formed by combining the attribute information bound to the terminal's login account and the issued dynamic verification code based on the same first irreversible encryption to generate an authentication password, and Determine whether the authentication password matches the first digital signature; wherein, when the authentication password matches the first digital signature, it means that the authentication is passed.
  • the terminal uses encryption technology to enhance the confidentiality of attribute information and dynamic verification codes, and irreversible encryption cannot obtain attribute information and dynamic verification codes through reverse analysis.
  • the monitoring platform is authenticated, it is only based on the same attribute information and dynamic verification.
  • the same first digital signature can be decrypted only after the same irreversible encryption algorithm is encrypted to obtain the same first digital signature, which is beneficial to further improve the authenticity of the authentication result of the first digital signature, thereby further improving the security of terminal access to the monitoring platform.
  • the third embodiment of the present application relates to a method for a terminal to access a monitoring platform.
  • This embodiment is roughly the same as the second embodiment, but the difference is: the terminal irreversibly encrypts the dynamic verification code to obtain the encryption key, and then uses the encryption key to encrypt the first digital signature to obtain the encrypted first digital signature .
  • FIG. 4 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 4, including:
  • Steps 301 and 304 are similar to steps 201 and 203 respectively, and will not be repeated here.
  • Step 302 Encrypt the received dynamic verification code based on a preset second irreversible encryption algorithm to obtain an encryption key, and use the encryption key to encrypt the first digital signature to obtain an encrypted first digital signature.
  • Step 303 Send an access request including the encrypted first digital signature to the monitoring platform.
  • the APP software encrypts the received dynamic verification code based on the preset second irreversible encryption algorithm to obtain the encryption key, and then uses the encryption key to perform the reversible digital signature on the first digital signature.
  • the encryption algorithm performs reversible encryption to obtain the encrypted first digital signature, for example: the reversible encryption algorithm is AES256; and the access request containing the encrypted first digital signature is sent to the monitoring platform.
  • the second irreversible encryption algorithm may be the same as the first irreversible encryption algorithm.
  • the authentication process of the monitoring platform is as follows: the monitoring platform encrypts the issued dynamic verification code based on the preset second irreversible encryption algorithm to obtain the decryption key, and uses the decryption key to reversibly encrypt the encrypted first digital signature
  • the inverse algorithm decrypts the algorithm to obtain the first digital signature.
  • the attribute information bound to the terminal's login account and the issued dynamic verification code are combined to encrypt the plain text to generate an authentication password. And judge whether the authentication password matches the first digital signature; wherein, when the authentication password matches the first digital signature, it means that the authentication is passed.
  • the terminal irreversibly encrypts the dynamic verification code to obtain an encryption key, and then uses the encryption key to encrypt the first digital signature to obtain the encrypted first digital signature. This is beneficial to further improve the authenticity of the authentication result of the first digital signature, thereby further improving the security of the terminal's access to the monitoring platform.
  • the fourth embodiment of the present application relates to a method for a terminal to access a monitoring platform.
  • This embodiment is roughly the same as the first embodiment, except that the terminal performs functional configuration on the monitoring platform.
  • FIG. 5 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 5 and includes:
  • Steps 401-403 are similar to steps 101-103, respectively, and will not be repeated here.
  • Step 404 Send a function configuration request containing the first digital signature to the monitoring platform for the monitoring platform to authenticate the first digital signature according to the attribute information bound to the login account and the issued dynamic verification code, and after the authentication is passed Then configure the functions for the terminal.
  • the channel through which the monitoring platform issues the verification code to the terminal and the channel through which the functional configuration request between the terminal and the monitoring platform is requested are different channels.
  • the terminal encrypts the plaintext information formed by combining the attribute information of the terminal and the received dynamic verification code based on the irreversible encryption algorithm for the first digital signature to generate the first digital signature.
  • the first digital signature may not be encrypted, that is, the first digital signature is plaintext information.
  • the first digital signature is based on the irreversible encryption algorithm by the terminal to encrypt the plaintext information formed by the combination of the terminal's attribute information and the received dynamic verification code to generate the first digital signature; and then based on the preset second irreversible
  • the encryption algorithm encrypts the received dynamic verification code to obtain an encryption key, and uses the encryption key to encrypt the first digital signature to obtain the encrypted first digital signature.
  • the monitoring platform sends the functional configuration request to the VSS terminal, and the request of the monitoring platform is approved by the VSS terminal, and according to The attribute information bound to the login account and the issued dynamic verification code authenticate the first digital signature, and configure functions for the terminal after the authentication is passed.
  • step 404 can be performed in any step after step 401 and before step 403.
  • the first digital signature in the function configuration request is generated by the attribute information and the dynamic verification code, which ensures that the result of the monitoring platform’s authentication of the first digital signature is authentic and reliable, thereby improving the security of the function permission configuration process Sex.
  • the fifth embodiment of the present application relates to a method for a terminal to access a monitoring platform, which is applied to the monitoring platform.
  • the method includes: generating a dynamic verification code during the process of logging in to the monitoring platform of the terminal and sending it to the terminal for the terminal according to the attributes of the terminal Information and the dynamic verification code to generate the first digital signature; receiving the access request containing the first digital signature sent by the terminal; authenticating the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code ; Send a response message to the terminal after the authentication is passed, so that the terminal can access the monitoring platform after receiving the response message.
  • FIG. 6 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 6, including:
  • a dynamic verification code is generated during the process of the terminal logging into the monitoring platform and issued to the terminal, so that the terminal can generate a first digital signature according to the terminal's attribute information and the dynamic verification code.
  • the MSP interface machine of the monitoring platform sends a login message to the CMS and RGM of the monitoring platform, and forwards the verification code returned by the CMS and RGM of the monitoring platform to the SMS interface machine of the monitoring platform ,
  • the SMS interface machine will issue the verification code to the APP software of the terminal.
  • the dynamic verification code is generated during the terminal login to the monitoring platform, and the dynamic verification code is issued to the terminal through the preset channel; the preset channel is different from the request between the terminal and the monitoring platform Or the channel of response message interaction.
  • Step 502 Receive an access request containing the first digital signature sent by the terminal.
  • Step 503 Authenticate the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code.
  • the first digital signature sent by the terminal is encrypted or not, that is, the first digital signature may be plaintext information or encrypted; the authentication method of the monitoring platform is also different.
  • the first digital signature in this embodiment is plaintext information, and the specific process of authentication is: parsing the first signature to obtain the terminal's attribute information and the dynamic verification code received from the monitoring platform during the login to the monitoring platform; If the attribute information bound to the login account of the terminal is consistent and the received dynamic verification code is consistent with the issued dynamic verification code, the authentication is passed.
  • Step 5031 After receiving the registration request sent by the terminal, a dynamic verification code is issued for the terminal to generate a first digital signature according to the attribute information and the received dynamic verification code.
  • Step 5032 Receive the first digital signature and login account sent by the terminal.
  • Step 5033 Analyze the attribute information from the first digital signature, and bind the login account of the terminal with the attribute information of the terminal.
  • the first digital signature is obtained through encryption
  • the monitoring platform encrypts the issued dynamic verification code based on the same irreversible encryption algorithm to obtain the decryption key, and uses the decryption key to perform the encrypted first digital signature
  • the inverse algorithm of the reversible encryption algorithm decrypts the first digital signature and restores it to readable plaintext information, so that the terminal's attribute information can be obtained, the login account and the terminal's attribute information are bound, and the information bound between the two Stored locally.
  • the first digital signature may not be encrypted, and the monitoring platform can directly obtain the attribute information according to the first digital signature.
  • Step 504 After the authentication is passed, a response message is sent to the terminal, so that the terminal can access the monitoring platform after receiving the response message.
  • the response message issued by the monitoring platform only informs the terminal that it can access the monitoring platform; when the terminal receives the issued response message, it immediately accesses the monitoring platform, or when the preset time is met.
  • Platform this embodiment does not make specific limitations.
  • a response message is issued to the terminal after the authentication is passed, so that the terminal can access the monitoring platform after receiving the response message, specifically: after the authentication is passed, the attribute information bound to the login account of the terminal and The issued dynamic verification code generates the second digital signature; a response message containing the second digital signature is issued to the terminal so that the terminal can authenticate the second digital signature according to the terminal’s attribute information and the received dynamic verification code, and then After passing the authentication, it is connected to the monitoring platform.
  • the second digital signature can be plaintext information, or it can be generated by encrypting the attribute information bound to the login account of the terminal and the issued dynamic verification code plaintext information based on an irreversible encryption algorithm; it can also generate a second digital signature.
  • the monitoring platform encrypts the received dynamic verification code based on an irreversible encryption algorithm to obtain an encryption key, and uses the encryption key to encrypt the first digital signature to obtain an encrypted second digital signature.
  • the first digital signature used to authenticate the identity during the access of the terminal and the monitoring platform includes both an immutable digital part and a real-time changing digital part, which can improve the reliability of identity authentication, thereby improving the terminal access to the monitoring platform Security.
  • the dynamic verification code is issued to the terminal through a preset channel; wherein the preset channel is different from the channel through which the request or the response message is exchanged between the terminal and the monitoring platform; Different channels reduce the risk of dynamic verification codes being stolen, thereby further improving the security of terminal access to the monitoring platform.
  • the sixth embodiment of the present application relates to a method for a terminal to access a monitoring platform.
  • This embodiment is roughly the same as the fifth embodiment, but the difference is that the plaintext information formed by the combination of the attribute information and the received dynamic verification code is encrypted. After the monitoring platform receives the access request, it must be decrypted before the authentication can be performed. right.
  • FIG. 8 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 8, and includes:
  • Steps 601, 602, and 604 are similar to steps 501, 502, and 504, respectively, and will not be repeated here.
  • Step 603 Based on the preset first irreversible encryption algorithm, the plain text formed by combining the attribute information of the terminal's login account and the issued dynamic verification code is encrypted to generate an authentication password, and the authentication password is determined to be the same as the first Whether the digital signature matches; where, when the authentication password matches the first digital signature, it means that the authentication is passed.
  • the monitoring platform needs to pass the same encryption algorithm and obtain the authentication password matching the first digital signature before the authentication is passed, which is beneficial to further improve the authenticity and reliability of the authentication result of the first digital signature, thereby further improving the authenticity and reliability of the authentication result of the first digital signature. Improve the security of terminal access to the monitoring platform.
  • the seventh embodiment of the present application relates to a method for a terminal to access a monitoring platform.
  • This embodiment is roughly the same as the sixth embodiment, except that the terminal irreversibly encrypts the dynamic verification code to obtain the encryption key, and then uses the encryption key to encrypt the first digital signature to obtain the encrypted first digital signature .
  • FIG. 9 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 9 and includes:
  • Steps 701, 702, 704, and 705 are similar to steps 601, 602, 603, and 604, respectively, and will not be repeated here.
  • Step 703 Encrypt the issued dynamic verification code based on the preset second irreversible encryption algorithm to obtain a decryption key, and use the decryption key to decrypt the encrypted first digital signature to obtain the first digital signature.
  • the first digital signature included in the access request is encrypted by the terminal.
  • the monitoring platform needs to decrypt twice to obtain the first digital signature, and then pass the authentication through the same encryption algorithm and obtain the authentication password matching the first digital signature, which is beneficial to further improve the first digital signature.
  • the authenticity and reliability of the digital signature authentication result, thereby further improving the security of the terminal's access to the monitoring platform.
  • the eighth implementation manner of the present application relates to a method for a terminal to access a monitoring platform.
  • This embodiment is roughly the same as the fifth embodiment. The difference is: the method includes: receiving a function configuration request containing the first digital signature sent by the terminal; A digital signature is used for authentication, and functions are configured for the terminal after the authentication is passed.
  • FIG. 10 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in FIG. 10 and includes:
  • Steps 801-804 are similar to steps 501-504, respectively, and will not be repeated here.
  • Step 805 Receive a function configuration request including the first digital signature sent by the terminal.
  • step 806 the first digital signature is authenticated according to the attribute information bound to the login account and the issued dynamic verification code, and functions are configured for the terminal after the authentication is passed.
  • step 805 and step 806 can be performed in any step after step 801 and before step 804.
  • the first digital signature in the function configuration request is generated by the attribute information and the dynamic verification code, which ensures that the result of the monitoring platform’s authentication of the first digital signature is authentic and reliable, thereby improving the security of the function permission configuration process Sex.
  • the ninth implementation manner of the present application relates to an electronic device. As shown in FIG. 11, it includes at least one processor 902; and a memory 901 communicatively connected with the at least one processor; The instructions executed by 902 are executed by the at least one processor 902, so that the at least one processor 902 can execute the foregoing implementation of the cell search method.
  • the memory 901 and the processor 902 are connected in a bus manner.
  • the bus may include any number of interconnected buses and bridges.
  • the bus connects one or more processors 902 and various circuits of the memory 901 together.
  • the bus can also connect various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are all well-known in the art, and therefore, no further description will be given herein.
  • the bus interface provides an interface between the bus and the transceiver.
  • the transceiver may be one element or multiple elements, such as multiple receivers and transmitters, providing a unit for communicating with various other devices on the transmission medium.
  • the data processed by the processor 902 is transmitted on the wireless medium through the antenna, and further, the antenna also receives the data and transmits the data to the processor 902.
  • the processor 902 is responsible for managing the bus and general processing, and can also provide various functions, including timing, peripheral interfaces, voltage regulation, power management, and other control functions.
  • the memory 901 may be used to store data used by the processor 902 when performing operations.
  • the tenth implementation manner of the present application relates to a platform. As shown in FIG. 12, it includes at least one processor 1002; and, a memory 1001 communicatively connected with the at least one processor; wherein, the memory 1001 stores data that can be used by at least one processor 1002.
  • the executed instructions are executed by the at least one processor 1002, so that the at least one processor 1002 can execute the foregoing implementation of the cell search method.
  • the memory 1001 and the processor 1002 are connected in a bus manner, and the bus may include any number of interconnected buses and bridges, and the bus connects one or more various circuits of the processor 1002 and the memory 1001 together.
  • the bus can also connect various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are all well-known in the art, and therefore, no further description will be given herein.
  • the bus interface provides an interface between the bus and the transceiver.
  • the transceiver may be one element or multiple elements, such as multiple receivers and transmitters, providing a unit for communicating with various other devices on the transmission medium.
  • the data processed by the processor 1002 is transmitted on the wireless medium through the antenna, and further, the antenna also receives the data and transmits the data to the processor 1002.
  • the processor 1002 is responsible for managing the bus and general processing, and can also provide various functions, including timing, peripheral interfaces, voltage regulation, power management, and other control functions.
  • the memory 1001 may be used to store data used by the processor 1002 when performing operations.
  • the eleventh embodiment of the present application relates to a computer-readable storage medium storing a computer program.
  • the computer program is executed by the processor, the above method embodiment is realized.
  • the program is stored in a storage medium and includes several instructions to enable a device ( It may be a single-chip microcomputer, a chip, etc.) or a processor (processor) that executes all or part of the steps of the methods described in the embodiments of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disks or optical disks and other media that can store program codes. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiments of the present application relate to the field of communications. Disclosed are a method for a terminal to access a monitoring platform, and an electronic device, a platform and a storage medium. In the present application, the method comprises: generating a first digital signature according to attribute information of a terminal and a dynamic verification code received from a monitoring platform during the process of logging in to the monitoring platform; sending an access request including the first digital signature to the monitoring platform, such that the monitoring platform authenticates the first digital signature according to the attribute information bound to a login account of the terminal and the issued dynamic verification code; and receiving a response message issued by the monitoring platform after the authentication is passed, and accessing the monitoring platform.

Description

终端接入监控平台的方法、电子设备、平台及存储介质Method for terminal access to monitoring platform, electronic equipment, platform and storage medium
相关申请的交叉引用Cross-references to related applications
本申请基于申请号为201911272818.8、申请日为2019年12月12日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此以引入方式并入本申请。This application is based on a Chinese patent application with an application number of 201911272818.8 and an application date of December 12, 2019, and claims the priority of the Chinese patent application. The entire content of the Chinese patent application is hereby incorporated into this application by way of introduction.
技术领域Technical field
本申请实施例涉及通信领域,特别涉及一种终端接入监控平台的方法、电子设备、平台及存储介质。The embodiments of the present application relate to the field of communications, and in particular to a method, electronic equipment, platform, and storage medium for a terminal to access a monitoring platform.
背景技术Background technique
移动视频监控,顾名思义即是移动网络与视频监控的融合。随着移动带宽、移动终端处理能力及摄像机分辨率的提升,移动视频监控迎来了广阔发展空间,移动视频监控的发展趋势逐步从以往的营运车辆、公安移动执法、物流管理、行业安全检查等专业市场,逐步向以家庭、商铺、小型办公室为主的民用市场过渡。Mobile video surveillance, as the name implies, is the integration of mobile network and video surveillance. With the improvement of mobile bandwidth, mobile terminal processing capabilities and camera resolution, mobile video surveillance has ushered in a broad space for development. The development trend of mobile video surveillance has gradually changed from operating vehicles, public security mobile law enforcement, logistics management, industry security inspections, etc. The professional market is gradually transitioning to a civilian market dominated by homes, shops, and small offices.
视频监控图像通过移动采集设备将图像信息进行采集编码,经过网传优化算法进行保真处理,利用WiFi、4G等网络技术进行移动信号的空中传输,面向手机、PAD、笔记本电脑等多种移动终端,实现人们随时随地监看远程实时动态画面的功能,为企业与家庭提供了更简单、更便利、更及时的监控解决方案。Video surveillance images are collected and encoded by mobile capture devices, and processed by network optimization algorithms for fidelity. The mobile signals are transmitted in the air using network technologies such as WiFi and 4G, and are oriented to mobile terminals such as mobile phones, PADs, and laptops. , To realize the function of people to monitor remote real-time dynamic pictures anytime and anywhere, providing a simpler, more convenient and more timely monitoring solution for enterprises and families.
发明内容Summary of the invention
本申请实施方式的目的在于提供一种终端接入监控平台的方法、电子设备、平台及存储介质,可以提升终端接入监控平台的安全性,从而可以提升用户在将终端接入监控平台时的安全感。The purpose of the embodiments of this application is to provide a method, electronic equipment, platform, and storage medium for a terminal to access the monitoring platform, which can improve the security of the terminal’s access to the monitoring platform, thereby improving the user’s ability to access the terminal to the monitoring platform. Sense of security.
为解决上述技术问题,本申请的实施方式提供了一种终端接入监控平台的方法,应用于终端,方法包括:根据所述终端的属性信息和登录所述监控平台过程中从所述监控平台接收的动态验证码,生成第一数字签名;向所述监控平台发送包含所述第一数字签名的接入请求,以供所述监控平台根据所述终端的登录账号绑定的属性信息以及下发的所述动态验证码对所述第一数字签名进行鉴权;接收所述监控平台在鉴权通过后下发的应答消息,接入所述监控 平台。In order to solve the above technical problems, the embodiments of the present application provide a method for a terminal to access a monitoring platform, which is applied to a terminal, and the method includes: according to the attribute information of the terminal and logging in to the monitoring platform from the monitoring platform The received dynamic verification code generates a first digital signature; an access request containing the first digital signature is sent to the monitoring platform for the monitoring platform to use the attribute information bound to the terminal’s login account and download The sent dynamic verification code authenticates the first digital signature; receives a response message issued by the monitoring platform after the authentication is passed, and accesses the monitoring platform.
本申请的实施方式还提供了一种终端接入监控平台的方法,应用于监控平台,方法包括:在所述终端登录所述监控平台过程中生成动态验证码并下发给所述终端,以供所述终端根据所述终端的属性信息和所述动态验证码生成第一数字签名;接收所述终端发送的包含所述第一数字签名的接入请求;根据所述终端的登录账号绑定的属性信息以及下发的所述动态验证码对所述第一数字签名进行鉴权;在鉴权通过后向所述终端下发应答消息,以供所述终端在接收到所述应答消息后接入所述监控平台。The embodiment of the present application also provides a method for a terminal to access a monitoring platform, which is applied to a monitoring platform. The method includes: generating a dynamic verification code during the process of logging in to the monitoring platform by the terminal and sending it to the terminal to For the terminal to generate a first digital signature based on the terminal’s attribute information and the dynamic verification code; receive an access request containing the first digital signature sent by the terminal; bind based on the terminal’s login account And the issued dynamic verification code to authenticate the first digital signature; after the authentication is passed, a response message is issued to the terminal for the terminal to receive the response message Access the monitoring platform.
本申请的实施方式还提供了一种电子设备,所述电子设备为终端,包括:至少一个处理器;以及,与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行上述终端接入监控平台方法。The embodiment of the present application also provides an electronic device. The electronic device is a terminal, and includes: at least one processor; and a memory communicatively connected with the at least one processor; wherein the memory stores the The instructions executed by the at least one processor are executed by the at least one processor, so that the at least one processor can execute the foregoing terminal access monitoring platform method.
本申请的实施方式还提供了一种平台,所述平台为监控平台,包括:至少一个处理器;以及,与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行上述终端接入监控平台方法。The embodiment of the present application also provides a platform. The platform is a monitoring platform and includes: at least one processor; and a memory communicatively connected with the at least one processor; The instructions executed by the at least one processor are executed by the at least one processor, so that the at least one processor can execute the foregoing terminal access monitoring platform method.
本申请的实施方式还提供了一种计算机可读存储介质,存储有计算机程序,所述计算机程序被处理器执行时实现上述终端接入监控平台方法。The embodiment of the present application also provides a computer-readable storage medium that stores a computer program, and the computer program is executed by a processor to implement the above-mentioned terminal access monitoring platform method.
附图说明Description of the drawings
一个或多个实施例通过与之对应的附图中的图片进行示例性说明,这些示例性说明并不构成对实施例的限定,附图中具有相同参考数字标号的元件表示为类似的元件,除非有特别申明,附图中的图不构成比例限制。One or more embodiments are exemplified by the pictures in the corresponding drawings. These exemplified descriptions do not constitute a limitation on the embodiments. The elements with the same reference numerals in the drawings are denoted as similar elements. Unless otherwise stated, the figures in the attached drawings do not constitute a scale limitation.
图1是根据本申请第一实施方式的终端接入监控平台方法的流程图;Fig. 1 is a flowchart of a method for a terminal to access a monitoring platform according to the first embodiment of the present application;
图2是根据本申请第一实施方式的终端的登录账号与终端的属性信息绑定方式的流程图;FIG. 2 is a flowchart of a method of binding a login account of a terminal and attribute information of the terminal according to the first embodiment of the present application;
图3是根据本申请第二实施方式的终端接入监控平台方法的流程图;Fig. 3 is a flowchart of a method for terminal access to a monitoring platform according to a second embodiment of the present application;
图4是根据本申请第三实施方式的终端接入监控平台方法的流程图;Fig. 4 is a flowchart of a method for terminal access to a monitoring platform according to a third embodiment of the present application;
图5是根据本申请第四实施方式的终端接入监控平台方法的流程图;FIG. 5 is a flowchart of a method for a terminal to access a monitoring platform according to a fourth embodiment of the present application;
图6是根据本申请第五实施方式的终端接入监控平台方法的流程图;Fig. 6 is a flowchart of a method for terminal access to a monitoring platform according to a fifth embodiment of the present application;
图7是根据本申请第五实施方式的终端的登录账号与终端的属性信息绑定方式的流程图;FIG. 7 is a flowchart of a method for binding a login account of a terminal and attribute information of the terminal according to a fifth embodiment of the present application;
图8是根据本申请第六实施方式的终端接入监控平台方法的流程图;FIG. 8 is a flowchart of a method for a terminal to access a monitoring platform according to a sixth embodiment of the present application;
图9是根据本申请第七实施方式的终端接入监控平台方法的流程图;FIG. 9 is a flowchart of a method for a terminal to access a monitoring platform according to a seventh embodiment of the present application;
图10是根据本申请第八实施方式的终端接入监控平台方法的流程图;FIG. 10 is a flowchart of a method for a terminal to access a monitoring platform according to an eighth embodiment of the present application;
图11是根据本申请第九实施方式的电子设备的结构图;FIG. 11 is a structural diagram of an electronic device according to a ninth embodiment of the present application;
图12是根据本申请第十实施方式的平台的结构图。Fig. 12 is a structural diagram of a platform according to a tenth embodiment of the present application.
具体实施方式Detailed ways
为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合附图对本申请的各实施方式进行详细的阐述。然而,本领域的普通技术人员可以理解,在本申请各实施方式中,为了使读者更好地理解本申请而提出了许多技术细节。但是,即使没有这些技术细节和基于以下各实施方式的种种变化和修改,也可以实现本申请所要求保护的技术方案。以下各个实施例的划分是为了描述方便,不应对本申请的具体实现方式构成任何限定,各个实施例在不矛盾的前提下可以相互结合相互引用。In order to make the objectives, technical solutions, and advantages of the embodiments of the present application clearer, the various embodiments of the present application will be described in detail below with reference to the accompanying drawings. However, those of ordinary skill in the art can understand that in each embodiment of the present application, many technical details are proposed in order to enable readers to better understand the present application. However, even without these technical details and various changes and modifications based on the following embodiments, the technical solution claimed in this application can be realized. The following divisions of the various embodiments are for convenience of description, and should not constitute any limitation on the specific implementation manners of the present application, and the various embodiments may be combined with each other without contradiction.
目前,随着移动带宽、移动终端处理能力及摄像机分辨率的提升,移动视频监控发展瓶颈的带宽问题和实时性问题已基本解决。然而,本申请的发明人发现:当移动终端作为采集终端时,如果接入安全性比较差,该采集终端可能被假冒的其他终端替换,导致采集的视频无效或者不可用;当移动终端作为监控设备时,如果接入安全性比较差,假冒的其他终端接入到平台,导致监控视频被非法浏览和下载,导致隐私泄露等问题。所以,如果进一步解决移动视频监控的安全性问题,会促进移动视频监控快速发展,移动视频监控会迎来广阔发展空间。At present, with the improvement of mobile bandwidth, mobile terminal processing capacity and camera resolution, the bandwidth problem and real-time problem of the development bottleneck of mobile video surveillance have been basically solved. However, the inventor of this application found that: when the mobile terminal is used as a collection terminal, if the access security is relatively poor, the collection terminal may be replaced by other fake terminals, resulting in invalid or unavailable collected video; when the mobile terminal is used as a monitoring terminal When the device is connected to the device, if the access security is relatively poor, other fake terminals are connected to the platform, resulting in illegal browsing and downloading of surveillance videos, resulting in privacy leakage and other issues. Therefore, if the security problem of mobile video surveillance is further solved, it will promote the rapid development of mobile video surveillance, and mobile video surveillance will usher in a broad space for development.
本申请的第一实施方式涉及一种终端接入监控平台的方法,应用于终端,方法包括:根据终端的属性信息和登录监控平台过程中从监控平台接收的动态验证码,生成第一数字签名;向监控平台发送包含第一数字签名的接入请求,以供监控平台根据终端的登录账号绑定的属性信息以及下发的动态验证码对第一数字签名进行鉴权;接收监控平台在鉴权通过后下发的应答消息,接入监控平台。The first embodiment of the present application relates to a method for a terminal to access a monitoring platform, which is applied to a terminal. The method includes: generating a first digital signature based on the terminal’s attribute information and the dynamic verification code received from the monitoring platform during the login to the monitoring platform ; Send an access request containing the first digital signature to the monitoring platform for the monitoring platform to authenticate the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code; receive the monitoring platform in the authentication The response message issued after the right is passed is connected to the monitoring platform.
本实施方式中的终端接入监控平台方法的流程图如图1所示,包括:The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 1, and includes:
步骤101,根据终端的属性信息和登录监控平台过程中从监控平台接收的动态验证码,生成第一数字签名。Step 101: Generate a first digital signature according to the attribute information of the terminal and the dynamic verification code received from the monitoring platform during the process of logging in to the monitoring platform.
具体地说,终端具备接收验证码、获取终端的属性信息、以及生成包含终端属性信息和验证码的数字签名的功能。终端的属性信息是指终端的国际移动设备识别码(IMEI, International Mobile Equipment Identity)、终端SIM卡的国际移动用户识别码(IMSI,International Mobile Subscriber Identification Number)或者调用终端系统(如安卓、iOS等)接口生成唯一标识。Specifically, the terminal has the functions of receiving a verification code, acquiring attribute information of the terminal, and generating a digital signature including the terminal attribute information and the verification code. The terminal’s attribute information refers to the terminal’s International Mobile Equipment Identity (IMEI), the terminal’s SIM card’s International Mobile Subscriber Identification Number (IMSI, International Mobile Subscriber Identification Number), or calling the terminal system (such as Android, iOS, etc.) ) The interface generates a unique identifier.
本实施方式中,终端为用于采集视频的终端,即VSS(Video Surveillance System)终端。VSS终端可分固定VSS终端或移动VSS终端,本例子中的VSS终端是指具备摄像头的移动VSS终端,例如:智能手机、平板电脑等。移动VSS终端包括运行软件的硬件和运行的APP软件,即移动设备+APP软件;APP软件为可以被监控平台识别的软件,使终端可以通过APP软件将采集的内容上传给监控平台。In this embodiment, the terminal is a terminal for collecting video, that is, a VSS (Video Surveillance System) terminal. The VSS terminal can be divided into a fixed VSS terminal or a mobile VSS terminal. The VSS terminal in this example refers to a mobile VSS terminal with a camera, such as a smart phone, a tablet computer, etc. The mobile VSS terminal includes hardware for running software and running APP software, namely mobile equipment + APP software; APP software is software that can be identified by the monitoring platform, so that the terminal can upload the collected content to the monitoring platform through the APP software.
在一个例子中,终端为用于监控视频的终端,即VSS客户端,例如:智能手机、平板电脑等。VSS客户端包括运行软件的硬件和设备中运行的APP软件,即移动设备+APP软件;APP软件为可以被监控平台识别的软件,使终端可以通过APP软件浏览监控平台中的视频内容等。In one example, the terminal is a terminal used to monitor video, that is, a VSS client, such as a smart phone, a tablet computer, etc. The VSS client includes hardware running software and APP software running in the device, that is, mobile device + APP software; APP software is software that can be identified by the monitoring platform, so that the terminal can browse the video content of the monitoring platform through the APP software.
监控平台即VSS平台,是一个分布式的架构,由一个中心节点和若干个边缘节点组成。值得注意的是,本实施方式中的VSS平台具有生成验证码、验证包含终端属性信息和验证码的数字签名的功能,平台包括移动监控接口机即MSP接口机、中心管理服务器CMS和信令管理服务器RGM、短信接口机。The monitoring platform, the VSS platform, is a distributed architecture consisting of a central node and several edge nodes. It is worth noting that the VSS platform in this embodiment has the functions of generating verification codes and verifying digital signatures containing terminal attribute information and verification codes. The platform includes mobile monitoring interface machines, namely MSP interface machines, central management server CMS and signaling management. Server RGM, SMS interface machine.
本实施方式中的动态验证码可以为短信验证码,本实施方式及以下各实施例均以短信验证码为例进行说明,然并不以此为限。所以,用户通过人工输入登录账号触发APP软件向监控平台发送登录请求,其中,初始登录为终端的电话号码和用户名等信息;监控平台的MSP接口机接收到登录请求后,将登录请求发给监控平台的CMS和RGM,并转发由监控平台的CMS和RGM返回的验证码给监控平台的短信接口机,由短信接口机将动态验证码下发给终端的短信系统,由用户通过人工操作将动态验证码输入APP软件,并在用户点击APP软件界面的接入的按钮后APP软件根据终端的属性信息和动态验证码生成第一数字签名。值得注意的是,终端每次从监控平台接收的动态验证码均不相同。The dynamic verification code in this embodiment may be a short message verification code. This embodiment and the following embodiments all take the short message verification code as an example for description, but it is not limited thereto. Therefore, the user manually enters the login account to trigger the APP software to send a login request to the monitoring platform, where the initial login is the terminal's phone number and user name and other information; after receiving the login request, the MSP interface machine of the monitoring platform sends the login request to Monitor the CMS and RGM of the monitoring platform, and forward the verification code returned by the CMS and RGM of the monitoring platform to the SMS interface machine of the monitoring platform. The SMS interface machine sends the dynamic verification code to the SMS system of the terminal. The dynamic verification code is input into the APP software, and after the user clicks the access button of the APP software interface, the APP software generates the first digital signature according to the terminal attribute information and the dynamic verification code. It is worth noting that the dynamic verification code received by the terminal from the monitoring platform is different each time.
需要说明的是,监控平台下发验证码至终端的通道与终端与监控平台之间的请求或应答消息交互的通道可以为同一通道,也可以为不同的通道。本实施方式中,根据终端的属性信息和登录监控平台过程中,通过预设通道从监控平台接收的动态验证码,生成第一数字签名;其中,预设通道不同于终端与监控平台之间的请求或应答消息交互的通道。即通过短信接口机将短信验证码发送给移动/电信等运营商短消息中心,由运营商通过短信业务下发给终端的短信系统,而终端与监控平台之间的接入请求或应答消息不需要经过运营商短消息中心,直接由MSP接口机和APP软件连接的通道进行消息交互;即监控平台下发验证码至终端的通 道与终端与监控平台之间的接入请求的通道为不同的通道。通过设置不同的通道,降低了动态验证码被窃取的风险,从而进一步提升了终端接入监控平台的安全性。It should be noted that the channel through which the monitoring platform issues the verification code to the terminal and the channel through which the request or response message exchanges between the terminal and the monitoring platform can be the same channel or different channels. In this embodiment, the first digital signature is generated based on the terminal’s attribute information and the dynamic verification code received from the monitoring platform during the login process through the preset channel; the preset channel is different from the one between the terminal and the monitoring platform. The channel for request or response message interaction. That is, the short message verification code is sent to the short message center of operators such as mobile/telecom through the short message interface machine, and the operator sends the short message system of the terminal through the short message service, and the access request or response message between the terminal and the monitoring platform is not It needs to go through the operator’s short message center and directly interact with the channel connected by the MSP interface machine and APP software; that is, the channel through which the monitoring platform sends the verification code to the terminal is different from the channel for the access request between the terminal and the monitoring platform aisle. By setting different channels, the risk of the dynamic verification code being stolen is reduced, thereby further improving the security of terminal access to the monitoring platform.
在一个例子中,验证码由监控平台对根据时间戳信息生成的随机盐值进行散列计算得到。监控平台根据时间戳信息或者其中的某一部分作为种子随机数产生随机盐值,再对产生的随机盐值进行散列计算生成验证码。In one example, the verification code is obtained by hashing the random salt value generated by the time stamp information by the monitoring platform. The monitoring platform generates a random salt value according to the time stamp information or a certain part of it as a seed random number, and then hashes the generated random salt value to generate a verification code.
这种生成验证码的方法,提升了验证码的安全性,从而进一步提升了终端接入监控平台的安全性。This method of generating a verification code improves the security of the verification code, thereby further improving the security of the terminal accessing the monitoring platform.
步骤102,向监控平台发送包含第一数字签名的接入请求,以供监控平台根据终端的登录账号绑定的属性信息以及下发的动态验证码对第一数字签名进行鉴权。Step 102: Send an access request containing the first digital signature to the monitoring platform for the monitoring platform to authenticate the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code.
具体地说,由用户点击APP软件界面的接入按钮后APP软件向监控平台发送包含第一数字签名的接入请求,由监控平台根据终端的登录账号绑定的属性信息以及下发的动态验证码对第一数字签名进行鉴权。第一数字签名可为明文信息,也可以是进行加密的。本实施方式中第一数字签名为明文,则鉴权的具体过程为:解析第一签名得到终端的属性信息以及登录监控平台过程中从监控平台接收的动态验证码;若终端的属性信息与终端的登录账号绑定的属性信息一致以及接收的动态验证码和下发的动态验证码一致,则鉴权通过。Specifically, after the user clicks the access button on the APP software interface, the APP software sends an access request containing the first digital signature to the monitoring platform, and the monitoring platform uses the attribute information bound to the login account of the terminal and the issued dynamic verification The code authenticates the first digital signature. The first digital signature can be plaintext information, or it can be encrypted. In this embodiment, the first digital signature is plaintext, and the specific process of authentication is: parsing the first signature to obtain the terminal's attribute information and the dynamic verification code received from the monitoring platform during the login to the monitoring platform; if the terminal's attribute information and the terminal If the attribute information bound to the login account is consistent and the received dynamic verification code is consistent with the issued dynamic verification code, the authentication is passed.
其中,终端的登录账号与终端的属性信息绑定方式的具体流程图如图2所示,包括:Among them, the specific flow chart of the binding method of the login account of the terminal and the attribute information of the terminal is shown in Figure 2, including:
步骤1021,向监控平台发送注册请求,以供监控平台在接收到注册请求后下发动态验证码。Step 1021: Send a registration request to the monitoring platform for the monitoring platform to issue a dynamic verification code after receiving the registration request.
具体地说,由用户点击APP软件界面的注册按钮后,APP软件向监控平台发送注册请求,并由短信接口机将动态验证码下发到终端的短信系统,由用户通过人工操作将动态验证码输入APP软件。本实施方式中,监控平台下发验证码至终端的通道与终端与监控平台之间的注册请求的通道为不同的通道。Specifically, after the user clicks the registration button on the APP software interface, the APP software sends a registration request to the monitoring platform, and the short message interface machine sends the dynamic verification code to the terminal's short message system, and the dynamic verification code is manually operated by the user. Enter the APP software. In this embodiment, the channel for the monitoring platform to issue the verification code to the terminal and the channel for the registration request between the terminal and the monitoring platform are different channels.
步骤1022,从监控平台接收动态验证码。Step 1022: Receive a dynamic verification code from the monitoring platform.
步骤1023,根据属性信息和接收的动态验证码生成第一数字签名。Step 1023: Generate a first digital signature according to the attribute information and the received dynamic verification code.
步骤1024,将第一数字签名和终端的登录账号发送至监控平台,以供监控平台从第一数字签名中解析出属性信息,并将终端的登录账号与终端的属性信息绑定。Step 1024: Send the first digital signature and the login account of the terminal to the monitoring platform, so that the monitoring platform can parse the attribute information from the first digital signature, and bind the login account of the terminal with the attribute information of the terminal.
在一个例子中,基于预设的不可逆加密算法对接收的动态验证码进行加密得到加密密钥,利用加密密钥对第一数字签名进行可逆加密,得到加密后的第一数字签名。监控平台基于同样的不可逆加密算法对下发的动态验证码进行加密得到解密密钥,并利用解密密钥对被加密过的第一数字签名进行可逆加密算法的逆算法解密得到第一数字签名,将其恢复成可读的明文信息,从而可以得到终端的属性信息,将登录账号和终端的属性信息绑定,并将两者绑定 的信息存储在本地。另外,第一数字签名也可以不经过加密,即第一数字签名为明文信息,监控平台可以直接根据第一数字签名得到属性信息。In an example, the received dynamic verification code is encrypted based on a preset irreversible encryption algorithm to obtain an encryption key, and the encryption key is used to reversibly encrypt the first digital signature to obtain the encrypted first digital signature. The monitoring platform encrypts the issued dynamic verification code based on the same irreversible encryption algorithm to obtain the decryption key, and uses the decryption key to decrypt the encrypted first digital signature with the inverse algorithm of the reversible encryption algorithm to obtain the first digital signature. Restore it to readable plaintext information, so that the terminal's attribute information can be obtained, the login account and the terminal's attribute information are bound, and the bound information of the two is stored locally. In addition, the first digital signature may not be encrypted, that is, the first digital signature is plaintext information, and the monitoring platform may directly obtain the attribute information according to the first digital signature.
需要说明的是,如果更换终端或更换移动终端的SIM卡,需要重新进行终端的登录账号与终端的属性信息的绑定。It should be noted that if the terminal is replaced or the SIM card of the mobile terminal is replaced, it is necessary to re-bind the terminal's login account with the terminal's attribute information.
登录账号与属性信息进行绑定时,终端发送给监控平台的第一数字签名由属性信息和动态验证码生成,这样可以保证监控平台从第一数字签名中解析得到的属性信息的真实可靠,从而提升了登录账号与属性信息进行绑定过程的真实可靠性。When the login account is bound to the attribute information, the first digital signature sent by the terminal to the monitoring platform is generated by the attribute information and the dynamic verification code, which can ensure the authenticity and reliability of the attribute information obtained by the monitoring platform from the first digital signature. Improved the authenticity and reliability of the process of binding the login account and attribute information.
步骤103,接收监控平台在鉴权通过后下发的应答消息,接入监控平台。Step 103: Receive a response message issued by the monitoring platform after the authentication is passed, and access the monitoring platform.
具体地说,终端在接收到下发的应答消息时,可以立即接入监控平台,也可以在满足预设的时间时接入监控平台,本实施方式不做具体限定。值得注意的是,应答消息中可以携带视频信息,如:分辨率、帧率等。Specifically, when the terminal receives the issued response message, it can immediately access the monitoring platform, or can access the monitoring platform when the preset time is met, which is not specifically limited in this embodiment. It is worth noting that the response message can carry video information, such as resolution and frame rate.
在一个例子中,接收监控平台在鉴权通过后下发的应答消息,接入监控平台,具体为:接收监控平台在鉴权通过后下发的包含第二数字签名的应答消息,并根据终端的属性信息和接收的动态验证码对第二数字签名进行鉴权,并在鉴权通过后接入监控平台;其中,第二数字签名由终端的登录账号绑定的属性信息以及下发的动态验证码生成。此时,终端还具备验证包含终端属性信息和验证码的数字签名的功能。第二数字签名为明文信息,终端可以根据第二数字签名得到终端的登录账号绑定的属性信息以及下发的动态验证码,若终端的登录账号绑定的属性信息与终端的属性信息一致,下发的动态验证码与接收的动态验证码一致,则鉴权通过。In one example, receiving the response message issued by the monitoring platform after the authentication is passed, and accessing the monitoring platform is specifically: receiving the response message containing the second digital signature issued by the monitoring platform after the authentication is passed, and according to the terminal The attribute information of the terminal and the received dynamic verification code authenticate the second digital signature, and access the monitoring platform after the authentication is passed; wherein the second digital signature is the attribute information bound to the terminal’s login account and the issued dynamic The verification code is generated. At this time, the terminal also has the function of verifying a digital signature containing terminal attribute information and a verification code. The second digital signature is plain text information. The terminal can obtain the attribute information bound to the login account of the terminal and the issued dynamic verification code according to the second digital signature. If the attribute information bound to the login account of the terminal is consistent with the attribute information of the terminal, If the issued dynamic verification code is consistent with the received dynamic verification code, the authentication is passed.
在一个例子中,第二数字签名由监控平台基于不可逆加密算法对终端的登录账号绑定的属性信息和下发的动态验证码明文信息进行加密生成,则终端对第二数字签名的鉴权过程为:基于相同的不可逆加密算法对终端的属性信息以及接收的动态验证码二者结合形成的明文进行加密生成鉴权密码,并判断鉴权密码与第二数字签名是否匹配,当鉴权密码与第一数字签名匹配时鉴权通过。In an example, the second digital signature is generated by the monitoring platform based on the irreversible encryption algorithm on the attribute information bound to the terminal's login account and the issued dynamic verification code plaintext information, and the terminal authenticates the second digital signature. It is: based on the same irreversible encryption algorithm to encrypt the plain text formed by combining the terminal attribute information and the received dynamic verification code to generate an authentication password, and to determine whether the authentication password matches the second digital signature, when the authentication password matches The authentication passes when the first digital signature matches.
在一个例子中,监控平台基于不可逆加密算法对终端的登录账号绑定的属性信息和下发的动态验证码二者结合形成的明文信息进行加密,生成第二数字签名之后,还基于不可逆加密算法对接收的动态验证码进行加密得到加密密钥,利用加密密钥对第二数字签名进行加密,得到加密后的第二数字签名;并向终端发送包含加密后的第二数字签名的应答消息。则终端对第二数字签名的鉴权过程为:基于相同的不可逆加密算法对接收的动态验证码进行加密得到解密密钥,并利用解密密钥对被加密过的第二数字签名进行解密得到第二数字签名,基于相同的不可逆加密算法对终端的属性信息以及接收的动态验证码二者结合形成的明文进行加 密生成鉴权密码,并判断鉴权密码与第二数字签名是否匹配,当鉴权密码与第一数字签名匹配时鉴权通过。In one example, the monitoring platform encrypts the plaintext information formed by combining the attribute information bound to the terminal's login account and the issued dynamic verification code based on the irreversible encryption algorithm, and after generating the second digital signature, it is also based on the irreversible encryption algorithm Encrypt the received dynamic verification code to obtain an encryption key, use the encryption key to encrypt the second digital signature to obtain the encrypted second digital signature; and send a response message containing the encrypted second digital signature to the terminal. The authentication process of the terminal on the second digital signature is: encrypt the received dynamic verification code based on the same irreversible encryption algorithm to obtain a decryption key, and use the decryption key to decrypt the encrypted second digital signature to obtain the first 2. Digital signature, based on the same irreversible encryption algorithm to encrypt the plain text formed by the combination of the terminal's attribute information and the received dynamic verification code to generate an authentication password, and to determine whether the authentication password matches the second digital signature, when authenticating The authentication passes when the password matches the first digital signature.
本实施方式中,第一数字签名包含终端的属性信息以及动态验证码;其中终端的属性信息为不可变数字部分,动态验证码为实时变化数字部分;即,在终端与监控平台接入中用来进行认证身份的第一数字签名同时包含不可变数字部分和实时变化数字部分,可以提高身份认证的可靠性,从而提升终端接入监控平台的安全性。进一步的,根据终端的属性信息和登录监控平台过程中,通过预设通道从监控平台接收的动态验证码,生成第一数字签名;其中,预设通道不同于终端与监控平台之间的请求或应答消息交互的通道;通过设置不同的通道,降低了动态验证码被窃取的风险,从而进一步提升了终端接入监控平台的安全性。In this embodiment, the first digital signature includes the terminal's attribute information and the dynamic verification code; the terminal's attribute information is the immutable digital part, and the dynamic verification code is the real-time changing digital part; that is, it is used in the terminal and monitoring platform access The first digital signature to authenticate the identity includes both an immutable digital part and a real-time changing digital part, which can improve the reliability of identity authentication, thereby enhancing the security of terminal access to the monitoring platform. Further, the first digital signature is generated based on the terminal’s attribute information and the dynamic verification code received from the monitoring platform through the preset channel during the login process of the monitoring platform; wherein, the preset channel is different from the request or the request between the terminal and the monitoring platform. Response message interaction channel; by setting different channels, the risk of dynamic verification code being stolen is reduced, thereby further improving the security of terminal access to the monitoring platform.
此外,在一些实施例中,由于应答消息中包含第二数字签名,所以终端在接收到应答消息时并不会接入监控平台,只有终端对第二数字签名鉴权通过后才接入监控平台,即终端也进行了鉴权过程,可以进一步提高身份认证的可靠性,从而进一步提升终端接入监控平台的安全性。In addition, in some embodiments, since the response message contains the second digital signature, the terminal does not access the monitoring platform when receiving the response message, and only accesses the monitoring platform after the terminal passes the authentication of the second digital signature. , That is, the terminal has also undergone an authentication process, which can further improve the reliability of identity authentication, thereby further improving the security of the terminal access to the monitoring platform.
本申请的第二实施方式涉及一种终端接入监控平台的方法。本实施方式与第一实施方式大致相同,不同之处在于:对终端的属性信息和接收的动态验证码二者结合形成的明文信息进行了不可逆加密,生成第一数字签名。The second embodiment of the present application relates to a method for a terminal to access a monitoring platform. This embodiment is substantially the same as the first embodiment, but the difference lies in that the plaintext information formed by combining the attribute information of the terminal and the received dynamic verification code is irreversibly encrypted to generate the first digital signature.
本实施方式中的终端接入监控平台方法的流程图如图3所示,包括:The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 3, including:
步骤202、203分别与步骤102、103类似,在此不再赘述。 Steps 202 and 203 are similar to steps 102 and 103 respectively, and will not be repeated here.
步骤201,基于预设的第一不可逆加密算法对终端的属性信息和接收的动态验证码二者结合形成的明文信息进行加密,生成第一数字签名。Step 201: Encrypt the plaintext information formed by combining the attribute information of the terminal and the received dynamic verification code based on a preset first irreversible encryption algorithm, and generate a first digital signature.
具体地说,不可逆加密不能通过逆向解析得到属性信息和动态验证码,监控平台鉴权时,只有基于相同的属性信息和动态验证码、且经过同样的不可逆加密算法加密得到相同的第一数字签名才鉴权通过。终端的属性信息和接收的动态验证码二者结合形成的明文信息为IMEI或/和IMSI与动态验证码进行拼接得到明文信息,例如:可通过IMEI或/和IMSI与动态验证码进行异或运算得到明文信息;再利用不可逆加密算法对明文信息进行加密,例如:不可逆加密算法为SHA256。此时,监控平台的鉴权过程:监控平台基于相同的第一不可逆加密对终端的登录账号绑定的属性信息以及下发的动态验证码二者结合形成的明文进行加密生成鉴权密码,并判断鉴权密码与第一数字签名是否匹配;其中,当鉴权密码与第一数字签名匹配时表示鉴权通过。Specifically, irreversible encryption cannot obtain attribute information and dynamic verification codes through reverse analysis. When monitoring platform authentication, only the same first digital signature can be obtained based on the same attribute information and dynamic verification code and encrypted by the same irreversible encryption algorithm. Authentication passed. The plain text information formed by combining the terminal attribute information and the received dynamic verification code is IMEI or/and IMSI and the dynamic verification code are spliced together to obtain the plain text information, for example: the IMEI or/and IMSI and the dynamic verification code can be XORed Obtain the plaintext information; then use the irreversible encryption algorithm to encrypt the plaintext information, for example: the irreversible encryption algorithm is SHA256. At this time, the authentication process of the monitoring platform: the monitoring platform encrypts the plain text formed by combining the attribute information bound to the terminal's login account and the issued dynamic verification code based on the same first irreversible encryption to generate an authentication password, and Determine whether the authentication password matches the first digital signature; wherein, when the authentication password matches the first digital signature, it means that the authentication is passed.
本实施方式中,终端采用加密技术增强了属性信息和动态验证码的保密性,而且不可逆加密不能通过逆向解析得到属性信息和动态验证码,监控平台鉴权时,只有基于相同的属性 信息和动态验证码、且经过同样的不可逆加密算法加密得到相同的第一数字签名才能解密,有利于进一步提升对第一数字签名鉴权结果的真实可靠性,从而进一步提升终端接入监控平台的安全性。In this embodiment, the terminal uses encryption technology to enhance the confidentiality of attribute information and dynamic verification codes, and irreversible encryption cannot obtain attribute information and dynamic verification codes through reverse analysis. When the monitoring platform is authenticated, it is only based on the same attribute information and dynamic verification. The same first digital signature can be decrypted only after the same irreversible encryption algorithm is encrypted to obtain the same first digital signature, which is beneficial to further improve the authenticity of the authentication result of the first digital signature, thereby further improving the security of terminal access to the monitoring platform.
本申请的第三实施方式涉及一种终端接入监控平台的方法。本实施方式与第二实施方式大致相同,不同之处在于:终端对动态验证码进行了不可逆加密得到加密密钥,再利用加密密钥对第一数字签名进行加密得到加密后的第一数字签名。The third embodiment of the present application relates to a method for a terminal to access a monitoring platform. This embodiment is roughly the same as the second embodiment, but the difference is: the terminal irreversibly encrypts the dynamic verification code to obtain the encryption key, and then uses the encryption key to encrypt the first digital signature to obtain the encrypted first digital signature .
本实施方式中的终端接入监控平台方法的流程图如图4所示,包括:The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 4, including:
步骤301、304分别与步骤201、203类似,在此不再赘述。 Steps 301 and 304 are similar to steps 201 and 203 respectively, and will not be repeated here.
步骤302,基于预设的第二不可逆加密算法对接收的动态验证码进行加密得到加密密钥,利用加密密钥对第一数字签名进行加密,得到加密后的第一数字签名。Step 302: Encrypt the received dynamic verification code based on a preset second irreversible encryption algorithm to obtain an encryption key, and use the encryption key to encrypt the first digital signature to obtain an encrypted first digital signature.
步骤303,向监控平台发送包含加密后的第一数字签名的接入请求。Step 303: Send an access request including the encrypted first digital signature to the monitoring platform.
具体地说,用户点击APP软件界面的接入按钮后,APP软件基于预设的第二不可逆加密算法对接收的动态验证码进行加密得到加密密钥,利用加密密钥对第一数字签名按照可逆加密算法进行可逆加密,得到加密后的第一数字签名,例如:可逆加密算法为AES256;并将包含加密后的第一数字签名的接入请求发送给监控平台。值得注意的是,第二不可逆加密算法可以与第一不可逆加密算法相同。监控平台鉴权的过程为:监控平台基于预设的第二不可逆加密算法对下发的动态验证码进行加密得到解密密钥,并利用解密密钥对被加密过的第一数字签名进行可逆加密算法的逆算法解密得到第一数字签名,基于预设的第一不可逆加密算法对终端的登录账号绑定的属性信息以及下发的动态验证码二者结合形成的明文进行加密生成鉴权密码,并判断鉴权密码与第一数字签名是否匹配;其中,当鉴权密码与第一数字签名匹配时表示鉴权通过。Specifically, after the user clicks the access button on the APP software interface, the APP software encrypts the received dynamic verification code based on the preset second irreversible encryption algorithm to obtain the encryption key, and then uses the encryption key to perform the reversible digital signature on the first digital signature. The encryption algorithm performs reversible encryption to obtain the encrypted first digital signature, for example: the reversible encryption algorithm is AES256; and the access request containing the encrypted first digital signature is sent to the monitoring platform. It is worth noting that the second irreversible encryption algorithm may be the same as the first irreversible encryption algorithm. The authentication process of the monitoring platform is as follows: the monitoring platform encrypts the issued dynamic verification code based on the preset second irreversible encryption algorithm to obtain the decryption key, and uses the decryption key to reversibly encrypt the encrypted first digital signature The inverse algorithm decrypts the algorithm to obtain the first digital signature. Based on the preset first irreversible encryption algorithm, the attribute information bound to the terminal's login account and the issued dynamic verification code are combined to encrypt the plain text to generate an authentication password. And judge whether the authentication password matches the first digital signature; wherein, when the authentication password matches the first digital signature, it means that the authentication is passed.
本实施方式中,终端对动态验证码进行了不可逆加密得到加密密钥,再利用加密密钥对第一数字签名进行加密得到加密后的第一数字签名。这样有利于进一步提升对第一数字签名鉴权结果的真实可靠性,从而进一步提升终端接入监控平台的安全性。In this embodiment, the terminal irreversibly encrypts the dynamic verification code to obtain an encryption key, and then uses the encryption key to encrypt the first digital signature to obtain the encrypted first digital signature. This is beneficial to further improve the authenticity of the authentication result of the first digital signature, thereby further improving the security of the terminal's access to the monitoring platform.
本申请第四实施方式涉及一种终端接入监控平台的方法。本实施方式与第一实施方式大致相同,不同之处在于:终端在监控平台进行功能配置。The fourth embodiment of the present application relates to a method for a terminal to access a monitoring platform. This embodiment is roughly the same as the first embodiment, except that the terminal performs functional configuration on the monitoring platform.
本实施方式中的终端接入监控平台方法的流程图如图5所示,包括:The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 5 and includes:
步骤401-403分别与步骤101-103类似,在此不再赘述。Steps 401-403 are similar to steps 101-103, respectively, and will not be repeated here.
步骤404,向监控平台发送包含第一数字签名的功能配置请求,以供监控平台根据登录账号绑定的属性信息以及下发的动态验证码对第一数字签名进行鉴权,并在鉴权通过后为终端配置功能。Step 404: Send a function configuration request containing the first digital signature to the monitoring platform for the monitoring platform to authenticate the first digital signature according to the attribute information bound to the login account and the issued dynamic verification code, and after the authentication is passed Then configure the functions for the terminal.
本实施方式中,监控平台下发验证码至终端的通道与终端与监控平台之间的功能配置请求的通道为不同的通道。In this embodiment, the channel through which the monitoring platform issues the verification code to the terminal and the channel through which the functional configuration request between the terminal and the monitoring platform is requested are different channels.
在一个例子中,第一数字签名由终端基于不可逆加密算法对终端的属性信息和接收的动态验证码二者结合形成的明文信息进行加密,生成第一数字签名。另外,第一数字签名也可以不进行加密,即第一数字签名为明文信息。In an example, the terminal encrypts the plaintext information formed by combining the attribute information of the terminal and the received dynamic verification code based on the irreversible encryption algorithm for the first digital signature to generate the first digital signature. In addition, the first digital signature may not be encrypted, that is, the first digital signature is plaintext information.
在一个例子中,第一数字签名由终端基于不可逆加密算法对终端的属性信息和接收的动态验证码二者结合形成的明文信息进行加密,生成第一数字签名;再基于预设的第二不可逆加密算法对接收的动态验证码进行加密得到加密密钥,利用加密密钥对第一数字签名进行加密,得到加密后的第一数字签名。In an example, the first digital signature is based on the irreversible encryption algorithm by the terminal to encrypt the plaintext information formed by the combination of the terminal's attribute information and the received dynamic verification code to generate the first digital signature; and then based on the preset second irreversible The encryption algorithm encrypts the received dynamic verification code to obtain an encryption key, and uses the encryption key to encrypt the first digital signature to obtain the encrypted first digital signature.
需要说明的是,在终端为VSS客户端时,若VSS客户终端的功能配置请求需要VSS终端的同意,则监控平台将功能配置请求发送给VSS终端,监控平台的请求得到VSS终端同意,并且根据登录账号绑定的属性信息以及下发的动态验证码对第一数字签名进行鉴权,并在鉴权通过后为终端配置功能。It should be noted that when the terminal is a VSS client, if the functional configuration request of the VSS client terminal requires the consent of the VSS terminal, the monitoring platform sends the functional configuration request to the VSS terminal, and the request of the monitoring platform is approved by the VSS terminal, and according to The attribute information bound to the login account and the issued dynamic verification code authenticate the first digital signature, and configure functions for the terminal after the authentication is passed.
需要说明的是,步骤404可以在步骤401之后、步骤403之前的任何一个步骤进行。It should be noted that step 404 can be performed in any step after step 401 and before step 403.
本实施方式中,功能配置请求中的第一数字签名由属性信息和动态验证码生成,这样保证监控平台对第一数字签名进行鉴权的结果的真实可靠,从而提升了功能权限配置过程的安全性。In this embodiment, the first digital signature in the function configuration request is generated by the attribute information and the dynamic verification code, which ensures that the result of the monitoring platform’s authentication of the first digital signature is authentic and reliable, thereby improving the security of the function permission configuration process Sex.
本申请的第五实施方式涉及一种终端接入监控平台的方法,应用于监控平台,方法包括:在终端登录监控平台过程中生成动态验证码并下发给终端,以供终端根据终端的属性信息和动态验证码生成第一数字签名;接收终端发送的包含第一数字签名的接入请求;根据终端的登录账号绑定的属性信息以及下发的动态验证码对第一数字签名进行鉴权;在鉴权通过后向终端下发应答消息,以供终端在接收到应答消息后接入监控平台。The fifth embodiment of the present application relates to a method for a terminal to access a monitoring platform, which is applied to the monitoring platform. The method includes: generating a dynamic verification code during the process of logging in to the monitoring platform of the terminal and sending it to the terminal for the terminal according to the attributes of the terminal Information and the dynamic verification code to generate the first digital signature; receiving the access request containing the first digital signature sent by the terminal; authenticating the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code ; Send a response message to the terminal after the authentication is passed, so that the terminal can access the monitoring platform after receiving the response message.
本实施方式中的终端接入监控平台方法的流程图如图6所示,包括:The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 6, including:
步骤501,在终端登录监控平台过程中生成动态验证码并下发给终端,以供终端根据终端的属性信息和动态验证码生成第一数字签名。In step 501, a dynamic verification code is generated during the process of the terminal logging into the monitoring platform and issued to the terminal, so that the terminal can generate a first digital signature according to the terminal's attribute information and the dynamic verification code.
具体地说,在终端登录监控平台过程中,监控平台的MSP接口机将登录消息发给监控平台的CMS和RGM,并转发由监控平台的CMS和RGM返回的验证码给监控平台的短信接口机,由短信接口机将验证码下发给终端的APP软件。需要说明的是,本实施方式中,在终端登录监控平台过程中生成动态验证码,通过预设通道将动态验证码下发给终端;其中,预设通道不同于终端与监控平台之间的请求或应答消息交互的通道。Specifically, in the process of terminal logging on to the monitoring platform, the MSP interface machine of the monitoring platform sends a login message to the CMS and RGM of the monitoring platform, and forwards the verification code returned by the CMS and RGM of the monitoring platform to the SMS interface machine of the monitoring platform , The SMS interface machine will issue the verification code to the APP software of the terminal. It should be noted that, in this embodiment, the dynamic verification code is generated during the terminal login to the monitoring platform, and the dynamic verification code is issued to the terminal through the preset channel; the preset channel is different from the request between the terminal and the monitoring platform Or the channel of response message interaction.
步骤502,接收终端发送的包含第一数字签名的接入请求。Step 502: Receive an access request containing the first digital signature sent by the terminal.
步骤503,根据终端的登录账号绑定的属性信息以及下发的动态验证码对第一数字签名进行鉴权。Step 503: Authenticate the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code.
具体地说,针对终端发送的第一数字签名的加密与否,即第一数字签名可以为明文信息,也可以是经过加密的;监控平台的鉴权方式也不相同。本实施方式中的第一数字签名为明文信息,鉴权的具体过程为:解析第一签名得到终端的属性信息以及登录监控平台过程中从监控平台接收的动态验证码;若终端的属性信息与终端的登录账号绑定的属性信息一致以及接收的动态验证码和下发的动态验证码一致,则鉴权通过。Specifically, whether the first digital signature sent by the terminal is encrypted or not, that is, the first digital signature may be plaintext information or encrypted; the authentication method of the monitoring platform is also different. The first digital signature in this embodiment is plaintext information, and the specific process of authentication is: parsing the first signature to obtain the terminal's attribute information and the dynamic verification code received from the monitoring platform during the login to the monitoring platform; If the attribute information bound to the login account of the terminal is consistent and the received dynamic verification code is consistent with the issued dynamic verification code, the authentication is passed.
需要说明的是,终端的登录账号和终端的属性信息绑定的相关信息存储于监控平台的本地。终端的登录账号与终端的属性信息绑定方式的具体流程图如图7所示,包括:It should be noted that the relevant information bound to the login account of the terminal and the attribute information of the terminal is stored locally on the monitoring platform. The specific flow chart of the binding method of the login account of the terminal and the attribute information of the terminal is shown in Figure 7, including:
步骤5031,在接收到终端发送的注册请求后下发动态验证码,以供终端根据属性信息和接收的动态验证码生成第一数字签名。Step 5031: After receiving the registration request sent by the terminal, a dynamic verification code is issued for the terminal to generate a first digital signature according to the attribute information and the received dynamic verification code.
步骤5032,接收终端发送的第一数字签名和登录账号。Step 5032: Receive the first digital signature and login account sent by the terminal.
步骤5033,从第一数字签名中解析出属性信息,并将终端的登录账号与终端的属性信息绑定。Step 5033: Analyze the attribute information from the first digital signature, and bind the login account of the terminal with the attribute information of the terminal.
在一个例子中,第一数字签名经过加密得到,监控平台基于同样的不可逆加密算法对下发的动态验证码进行加密得到解密密钥,并利用解密密钥对被加密过的第一数字签名进行可逆加密算法的逆算法解密得到第一数字签名,将其恢复成可读的明文信息,从而可以得到终端的属性信息,将登录账号和终端的属性信息绑定,并将两者绑定的信息存储在本地。另外,第一数字签名也可以不经过加密,则监控平台可直接根据第一数字签名得到属性信息。In one example, the first digital signature is obtained through encryption, the monitoring platform encrypts the issued dynamic verification code based on the same irreversible encryption algorithm to obtain the decryption key, and uses the decryption key to perform the encrypted first digital signature The inverse algorithm of the reversible encryption algorithm decrypts the first digital signature and restores it to readable plaintext information, so that the terminal's attribute information can be obtained, the login account and the terminal's attribute information are bound, and the information bound between the two Stored locally. In addition, the first digital signature may not be encrypted, and the monitoring platform can directly obtain the attribute information according to the first digital signature.
需要说明的是,如果更换终端或更换移动终端的SIM卡,需要重新进行终端的登录账号与终端的属性信息的绑定。It should be noted that if the terminal is replaced or the SIM card of the mobile terminal is replaced, it is necessary to re-bind the terminal's login account with the terminal's attribute information.
步骤504,在鉴权通过后向终端下发应答消息,以供终端在接收到应答消息后接入监控平台。Step 504: After the authentication is passed, a response message is sent to the terminal, so that the terminal can access the monitoring platform after receiving the response message.
具体地说,监控平台下发的应答消息,只是通知终端可以接入监控平台;终端在接收到下发的应答消息时,立即接入监控平台,也可以在满足预设的时间时接入监控平台,本实施方式不做具体限定。Specifically, the response message issued by the monitoring platform only informs the terminal that it can access the monitoring platform; when the terminal receives the issued response message, it immediately accesses the monitoring platform, or when the preset time is met. Platform, this embodiment does not make specific limitations.
在一个例子中,在鉴权通过后向终端下发应答消息,以供终端在接收到应答消息后接入监控平台,具体为:在鉴权通过后根据终端的登录账号绑定的属性信息以及下发的动态验证码生成第二数字签名;向终端下发包含第二数字签名的应答消息,以供终端根据终端的属性信息和接收的动态验证码对第二数字签名进行鉴权,并在鉴权通过后接入监控平台。需要说明的是,第二数字签名可以为明文信息,也可以为基于不可逆加密算法对终端的登录账号绑 定的属性信息和下发的动态验证码明文信息进行加密生成的;也可以生成第二数字签名之后,监控平台基于不可逆加密算法对接收的动态验证码进行加密得到加密密钥,利用加密密钥对第一数字签名进行加密,得到加密后的第二数字签名。In an example, a response message is issued to the terminal after the authentication is passed, so that the terminal can access the monitoring platform after receiving the response message, specifically: after the authentication is passed, the attribute information bound to the login account of the terminal and The issued dynamic verification code generates the second digital signature; a response message containing the second digital signature is issued to the terminal so that the terminal can authenticate the second digital signature according to the terminal’s attribute information and the received dynamic verification code, and then After passing the authentication, it is connected to the monitoring platform. It should be noted that the second digital signature can be plaintext information, or it can be generated by encrypting the attribute information bound to the login account of the terminal and the issued dynamic verification code plaintext information based on an irreversible encryption algorithm; it can also generate a second digital signature. After the digital signature, the monitoring platform encrypts the received dynamic verification code based on an irreversible encryption algorithm to obtain an encryption key, and uses the encryption key to encrypt the first digital signature to obtain an encrypted second digital signature.
本实施方式中,在终端与监控平台接入中用来进行认证身份的第一数字签名同时包含不可变数字部分和实时变化数字部分,可以提高身份认证的可靠性,从而提升终端接入监控平台的安全性。进一步的,通过预设通道将动态验证码下发给终端;其中,所述预设通道不同于所述终端与所述监控平台之间的所述请求或所述应答消息交互的通道;通过设置不同的通道,降低了动态验证码被窃取的风险,从而进一步提升了终端接入监控平台的安全性。In this embodiment, the first digital signature used to authenticate the identity during the access of the terminal and the monitoring platform includes both an immutable digital part and a real-time changing digital part, which can improve the reliability of identity authentication, thereby improving the terminal access to the monitoring platform Security. Further, the dynamic verification code is issued to the terminal through a preset channel; wherein the preset channel is different from the channel through which the request or the response message is exchanged between the terminal and the monitoring platform; Different channels reduce the risk of dynamic verification codes being stolen, thereby further improving the security of terminal access to the monitoring platform.
本申请的第六实施方式涉及一种终端接入监控平台的方法。本实施方式与第五实施方式大致相同,不同之处在于:对属性信息和接收的动态验证码二者结合形成的明文信息进行了加密,监控平台接收到接入请求后,要解密才能进行鉴权。The sixth embodiment of the present application relates to a method for a terminal to access a monitoring platform. This embodiment is roughly the same as the fifth embodiment, but the difference is that the plaintext information formed by the combination of the attribute information and the received dynamic verification code is encrypted. After the monitoring platform receives the access request, it must be decrypted before the authentication can be performed. right.
本实施方式中的终端接入监控平台方法的流程图如图8所示,包括:The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 8, and includes:
步骤601、602和604分别与步骤501、502和504类似,在此不再赘述。 Steps 601, 602, and 604 are similar to steps 501, 502, and 504, respectively, and will not be repeated here.
步骤603,基于预设的第一不可逆加密算法对终端的登录账号绑定的属性信息以及下发的动态验证码二者结合形成的明文进行加密生成鉴权密码,并判断鉴权密码与第一数字签名是否匹配;其中,当鉴权密码与第一数字签名匹配时表示鉴权通过。Step 603: Based on the preset first irreversible encryption algorithm, the plain text formed by combining the attribute information of the terminal's login account and the issued dynamic verification code is encrypted to generate an authentication password, and the authentication password is determined to be the same as the first Whether the digital signature matches; where, when the authentication password matches the first digital signature, it means that the authentication is passed.
本实施方式中,监控平台需要通过相同的加密算法且得到与第一数字签名匹配的鉴权密码才鉴权通过,这样有利于进一步提升对第一数字签名鉴权结果的真实可靠性,从而进一步提升终端接入监控平台的安全性。In this embodiment, the monitoring platform needs to pass the same encryption algorithm and obtain the authentication password matching the first digital signature before the authentication is passed, which is beneficial to further improve the authenticity and reliability of the authentication result of the first digital signature, thereby further improving the authenticity and reliability of the authentication result of the first digital signature. Improve the security of terminal access to the monitoring platform.
本申请的第七实施方式涉及一种终端接入监控平台的方法。本实施方式与第六实施方式大致相同,不同之处在于:终端对动态验证码进行了不可逆加密得到加密密钥,再利用加密密钥对第一数字签名进行加密得到加密后的第一数字签名。The seventh embodiment of the present application relates to a method for a terminal to access a monitoring platform. This embodiment is roughly the same as the sixth embodiment, except that the terminal irreversibly encrypts the dynamic verification code to obtain the encryption key, and then uses the encryption key to encrypt the first digital signature to obtain the encrypted first digital signature .
本实施方式中的终端接入监控平台方法的流程图如图9所示,包括:The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 9 and includes:
步骤701、702、704和705分别与步骤601、602、603和604类似,在此不再赘述。 Steps 701, 702, 704, and 705 are similar to steps 601, 602, 603, and 604, respectively, and will not be repeated here.
步骤703,基于预设的第二不可逆加密算法对下发的动态验证码进行加密得到解密密钥,并利用解密密钥对被加密过的第一数字签名进行解密得到第一数字签名。Step 703: Encrypt the issued dynamic verification code based on the preset second irreversible encryption algorithm to obtain a decryption key, and use the decryption key to decrypt the encrypted first digital signature to obtain the first digital signature.
具体地说,接入请求中包含的第一数字签名被终端进行了加密。本实施方式中,监控平台要先进行两次解密得到第一数字签名,再通过相同的加密算法且得到与第一数字签名匹配的鉴权密码才鉴权通过,这样有利于进一步提升对第一数字签名鉴权结果的真实可靠性,从而进一步提升终端接入监控平台的安全性。Specifically, the first digital signature included in the access request is encrypted by the terminal. In this embodiment, the monitoring platform needs to decrypt twice to obtain the first digital signature, and then pass the authentication through the same encryption algorithm and obtain the authentication password matching the first digital signature, which is beneficial to further improve the first digital signature. The authenticity and reliability of the digital signature authentication result, thereby further improving the security of the terminal's access to the monitoring platform.
本申请的第八实施方式涉及一种终端接入监控平台的方法。本实施方式与第五实施方式 大致相同,不同之处在于:方法包括:接收终端发送的包含第一数字签名的功能配置请求;根据登录账号绑定的属性信息以及下发的动态验证码对第一数字签名进行鉴权,并在鉴权通过后为终端配置功能。The eighth implementation manner of the present application relates to a method for a terminal to access a monitoring platform. This embodiment is roughly the same as the fifth embodiment. The difference is: the method includes: receiving a function configuration request containing the first digital signature sent by the terminal; A digital signature is used for authentication, and functions are configured for the terminal after the authentication is passed.
本实施方式中的终端接入监控平台方法的流程图如图10所示,包括:The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in FIG. 10 and includes:
步骤801-804分别与步骤501-504类似,在此不再赘述。Steps 801-804 are similar to steps 501-504, respectively, and will not be repeated here.
步骤805,接收终端发送的包含第一数字签名的功能配置请求。Step 805: Receive a function configuration request including the first digital signature sent by the terminal.
步骤806,根据登录账号绑定的属性信息以及下发的动态验证码对第一数字签名进行鉴权,并在鉴权通过后为终端配置功能。In step 806, the first digital signature is authenticated according to the attribute information bound to the login account and the issued dynamic verification code, and functions are configured for the terminal after the authentication is passed.
需要说明的是,步骤805和步骤806可以在步骤801之后、804之前的任何一个步骤进行。It should be noted that step 805 and step 806 can be performed in any step after step 801 and before step 804.
本实施方式中,功能配置请求中的第一数字签名由属性信息和动态验证码生成,这样保证监控平台对第一数字签名进行鉴权的结果的真实可靠,从而提升了功能权限配置过程的安全性。In this embodiment, the first digital signature in the function configuration request is generated by the attribute information and the dynamic verification code, which ensures that the result of the monitoring platform’s authentication of the first digital signature is authentic and reliable, thereby improving the security of the function permission configuration process Sex.
上面各种方法的步骤划分,只是为了描述清楚,实现时可以合并为一个步骤或者对某些步骤进行拆分,分解为多个步骤,只要包括相同的逻辑关系,都在本专利的保护范围内;对算法中或者流程中添加无关紧要的修改或者引入无关紧要的设计,但不改变其算法和流程的核心设计都在该专利的保护范围内。The division of the steps of the various methods above is just for clarity of description. When implemented, it can be combined into one step or some steps can be split and decomposed into multiple steps. As long as they include the same logical relationship, they are all within the scope of protection of this patent. ; Adding insignificant modifications to the algorithm or process or introducing insignificant design, but not changing the core design of the algorithm and process are within the scope of protection of the patent.
本申请第九实施方式涉及一种电子设备,如图11所示,包括至少一个处理器902;以及,与至少一个处理器通信连接的存储器901;其中,存储器901存储有可被至少一个处理器902执行的指令,指令被至少一个处理器902执行,以使至少一个处理器902能够执行上述小区搜索方法的实施方式。The ninth implementation manner of the present application relates to an electronic device. As shown in FIG. 11, it includes at least one processor 902; and a memory 901 communicatively connected with the at least one processor; The instructions executed by 902 are executed by the at least one processor 902, so that the at least one processor 902 can execute the foregoing implementation of the cell search method.
其中,存储器901和处理器902采用总线方式连接,总线可以包括任意数量的互联的总线和桥,总线将一个或多个处理器902和存储器901的各种电路连接在一起。总线还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路连接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。总线接口在总线和收发机之间提供接口。收发机可以是一个元件,也可以是多个元件,比如多个接收器和发送器,提供用于在传输介质上与各种其他装置通信的单元。经处理器902处理的数据通过天线在无线介质上进行传输,进一步,天线还接收数据并将数据传送给处理器902。The memory 901 and the processor 902 are connected in a bus manner. The bus may include any number of interconnected buses and bridges. The bus connects one or more processors 902 and various circuits of the memory 901 together. The bus can also connect various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are all well-known in the art, and therefore, no further description will be given herein. The bus interface provides an interface between the bus and the transceiver. The transceiver may be one element or multiple elements, such as multiple receivers and transmitters, providing a unit for communicating with various other devices on the transmission medium. The data processed by the processor 902 is transmitted on the wireless medium through the antenna, and further, the antenna also receives the data and transmits the data to the processor 902.
处理器902负责管理总线和通常的处理,还可以提供各种功能,包括定时,外围接口,电压调节、电源管理以及其他控制功能。而存储器901可以被用于存储处理器902在执行操作时所使用的数据。The processor 902 is responsible for managing the bus and general processing, and can also provide various functions, including timing, peripheral interfaces, voltage regulation, power management, and other control functions. The memory 901 may be used to store data used by the processor 902 when performing operations.
本申请第十实施方式涉及一种平台,如图12所示,包括至少一个处理器1002;以及,与至少一个处理器通信连接的存储器1001;其中,存储器1001存储有可被至少一个处理器1002执行的指令,指令被至少一个处理器1002执行,以使至少一个处理器1002能够执行上述小区搜索方法的实施方式。The tenth implementation manner of the present application relates to a platform. As shown in FIG. 12, it includes at least one processor 1002; and, a memory 1001 communicatively connected with the at least one processor; wherein, the memory 1001 stores data that can be used by at least one processor 1002. The executed instructions are executed by the at least one processor 1002, so that the at least one processor 1002 can execute the foregoing implementation of the cell search method.
其中,存储器1001和处理器1002采用总线方式连接,总线可以包括任意数量的互联的总线和桥,总线将一个或多个处理器1002和存储器1001的各种电路连接在一起。总线还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路连接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。总线接口在总线和收发机之间提供接口。收发机可以是一个元件,也可以是多个元件,比如多个接收器和发送器,提供用于在传输介质上与各种其他装置通信的单元。经处理器1002处理的数据通过天线在无线介质上进行传输,进一步,天线还接收数据并将数据传送给处理器1002。Wherein, the memory 1001 and the processor 1002 are connected in a bus manner, and the bus may include any number of interconnected buses and bridges, and the bus connects one or more various circuits of the processor 1002 and the memory 1001 together. The bus can also connect various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are all well-known in the art, and therefore, no further description will be given herein. The bus interface provides an interface between the bus and the transceiver. The transceiver may be one element or multiple elements, such as multiple receivers and transmitters, providing a unit for communicating with various other devices on the transmission medium. The data processed by the processor 1002 is transmitted on the wireless medium through the antenna, and further, the antenna also receives the data and transmits the data to the processor 1002.
处理器1002负责管理总线和通常的处理,还可以提供各种功能,包括定时,外围接口,电压调节、电源管理以及其他控制功能。而存储器1001可以被用于存储处理器1002在执行操作时所使用的数据。The processor 1002 is responsible for managing the bus and general processing, and can also provide various functions, including timing, peripheral interfaces, voltage regulation, power management, and other control functions. The memory 1001 may be used to store data used by the processor 1002 when performing operations.
本申请第十一实施方式涉及一种计算机可读存储介质,存储有计算机程序。计算机程序被处理器执行时实现上述方法实施例。The eleventh embodiment of the present application relates to a computer-readable storage medium storing a computer program. When the computer program is executed by the processor, the above method embodiment is realized.
即,本领域技术人员可以理解,实现上述实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序存储在一个存储介质中,包括若干指令用以使得一个设备(可以是单片机,芯片等)或处理器(processor)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。That is, those skilled in the art can understand that all or part of the steps in the method of the foregoing embodiments can be implemented by instructing relevant hardware through a program. The program is stored in a storage medium and includes several instructions to enable a device ( It may be a single-chip microcomputer, a chip, etc.) or a processor (processor) that executes all or part of the steps of the methods described in the embodiments of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disks or optical disks and other media that can store program codes. .
本领域的普通技术人员可以理解,上述各实施方式是实现本申请的具体实施例,而在实际应用中,可以在形式上和细节上对其作各种改变,而不偏离本申请的精神和范围。Those of ordinary skill in the art can understand that the above-mentioned embodiments are specific examples for realizing the present application, and in actual applications, various changes can be made in form and details without departing from the spirit and spirit of the present application. range.

Claims (18)

  1. 一种终端接入监控平台的方法,应用于终端,所述方法包括:A method for a terminal to access a monitoring platform, which is applied to a terminal, and the method includes:
    根据所述终端的属性信息和登录所述监控平台过程中从所述监控平台接收的动态验证码,生成第一数字签名;Generating a first digital signature according to the attribute information of the terminal and the dynamic verification code received from the monitoring platform in the process of logging in to the monitoring platform;
    向所述监控平台发送包含所述第一数字签名的接入请求,以供所述监控平台根据所述终端的登录账号绑定的属性信息以及下发的所述动态验证码对所述第一数字签名进行鉴权;Send an access request that includes the first digital signature to the monitoring platform, so that the monitoring platform can perform a check on the first digital signature according to the attribute information bound to the terminal’s login account and the issued dynamic verification code. Digital signature for authentication;
    接收所述监控平台在鉴权通过后下发的应答消息,接入所述监控平台。Receive the response message issued by the monitoring platform after the authentication is passed, and access the monitoring platform.
  2. 根据权利要求1所述的终端接入监控平台的方法,其中,接收所述监控平台在鉴权通过后下发的应答消息,接入所述监控平台,包括:The method for a terminal to access a monitoring platform according to claim 1, wherein receiving a response message issued by the monitoring platform after the authentication is passed and accessing the monitoring platform comprises:
    接收所述监控平台在鉴权通过后下发的包含第二数字签名的应答消息,并根据所述终端的属性信息和接收的所述动态验证码对所述第二数字签名进行鉴权,并在鉴权通过后接入所述监控平台;其中,所述第二数字签名由所述终端的登录账号绑定的属性信息以及下发的所述动态验证码生成。Receive the response message containing the second digital signature issued by the monitoring platform after the authentication is passed, and authenticate the second digital signature according to the attribute information of the terminal and the received dynamic verification code, and Access to the monitoring platform after the authentication is passed; wherein the second digital signature is generated by the attribute information bound to the login account of the terminal and the issued dynamic verification code.
  3. 根据权利要求1或2所述的终端接入监控平台的方法,其中,所述根据所述终端的属性信息和登录所述监控平台过程从所述监控平台接收的动态验证码,生成第一数字签名,包括:The method for a terminal to access a monitoring platform according to claim 1 or 2, wherein the dynamic verification code received from the monitoring platform according to the attribute information of the terminal and the process of logging in to the monitoring platform generates the first number Signature, including:
    基于预设的第一不可逆加密算法对所述终端的属性信息和接收的所述动态验证码二者结合形成的明文信息进行加密,生成所述第一数字签名。Encrypting the plaintext information formed by combining the attribute information of the terminal and the received dynamic verification code based on a preset first irreversible encryption algorithm to generate the first digital signature.
  4. 根据权利要求3所述的终端接入监控平台的方法,其中,在所述基于预设的第一不可逆加密算法对所述终端的属性信息和接收的所述动态验证码二者结合形成的明文信息进行加密,生成所述第一数字签名之后,还包括:The method for terminal access to a monitoring platform according to claim 3, wherein, in the plaintext formed by combining the attribute information of the terminal and the received dynamic verification code based on the preset first irreversible encryption algorithm The information is encrypted, and after the first digital signature is generated, the method further includes:
    基于预设的第二不可逆加密算法对接收的所述动态验证码进行加密得到加密密钥,利用所述加密密钥对所述第一数字签名进行加密,得到加密后的所述第一数字签名;Encrypt the received dynamic verification code based on a preset second irreversible encryption algorithm to obtain an encryption key, and use the encryption key to encrypt the first digital signature to obtain the encrypted first digital signature ;
    所述向所述监控平台发送包含所述第一数字签名的接入请求,包括:向所述监控平台发送包含加密后的所述第一数字签名的接入请求。The sending the access request including the first digital signature to the monitoring platform includes: sending the access request including the encrypted first digital signature to the monitoring platform.
  5. 根据权利要求1或2所述的终端接入监控平台的方法,其中,所述终端的登录账号与所述终端的属性信息绑定方式,包括:The method for a terminal to access a monitoring platform according to claim 1 or 2, wherein the binding manner of the login account of the terminal and the attribute information of the terminal includes:
    向所述监控平台发送注册请求,以供所述监控平台在接收到所述注册请求后下发所述动态验证码;Sending a registration request to the monitoring platform for the monitoring platform to issue the dynamic verification code after receiving the registration request;
    从所述监控平台接收所述动态验证码;Receiving the dynamic verification code from the monitoring platform;
    根据所述属性信息和接收的所述动态验证码生成第一数字签名;Generating a first digital signature according to the attribute information and the received dynamic verification code;
    将所述第一数字签名和所述终端的登录账号发送至所述监控平台,以供所述监控平台从所述第一数字签名中解析出所述属性信息,并将所述终端的登录账号与所述终端的属性信息绑定。The first digital signature and the login account of the terminal are sent to the monitoring platform, so that the monitoring platform can parse the attribute information from the first digital signature, and send the login account of the terminal Binding with the attribute information of the terminal.
  6. 根据权利要求1或2所述的终端接入监控平台的方法,其中,所述根据所述终端的属性信息和登录所述监控平台过程中从所述监控平台接收的动态验证码,生成第一数字签名之后,还包括:The method for a terminal to access a monitoring platform according to claim 1 or 2, wherein the first step is generated according to the attribute information of the terminal and the dynamic verification code received from the monitoring platform in the process of logging in to the monitoring platform. After the digital signature, it also includes:
    向所述监控平台发送包含所述第一数字签名的功能配置请求,以供所述监控平台根据所述登录账号绑定的所述属性信息以及下发的所述动态验证码对所述第一数字签名进行鉴权,并在鉴权通过后为所述终端配置功能。Send a function configuration request including the first digital signature to the monitoring platform, so that the monitoring platform can compare the first digital signature with the attribute information bound to the login account and the issued dynamic verification code. The digital signature is used for authentication, and functions are configured for the terminal after the authentication is passed.
  7. 根据权利要求1或2所述的终端接入监控平台的方法,其中,所述根据所述终端的属性信息和登录所述监控平台过程中从所述监控平台接收的动态验证码,生成第一数字签名,包括:The method for a terminal to access a monitoring platform according to claim 1 or 2, wherein the first step is generated according to the attribute information of the terminal and the dynamic verification code received from the monitoring platform in the process of logging in to the monitoring platform. Digital signature, including:
    根据所述终端的属性信息和登录所述监控平台过程中,通过预设通道从所述监控平台接收的动态验证码,生成第一数字签名;其中,所述预设通道不同于所述终端与所述监控平台之间的所述请求或所述应答消息交互的通道。According to the attribute information of the terminal and the dynamic verification code received from the monitoring platform through a preset channel during the login process of the monitoring platform, a first digital signature is generated; wherein, the preset channel is different from the terminal and The channel through which the request or the response message exchanges between the monitoring platforms.
  8. 根据权利要求1所述的终端接入监控平台的方法,其中,所述验证码由所述监控平台对根据时间戳信息生成的随机盐值进行散列计算得到。The method for a terminal to access a monitoring platform according to claim 1, wherein the verification code is obtained by the monitoring platform by hashing a random salt value generated according to the time stamp information.
  9. 一种终端接入监控平台的方法,应用于监控平台,所述方法包括:A method for a terminal to access a monitoring platform, which is applied to the monitoring platform, and the method includes:
    在所述终端登录所述监控平台过程中生成动态验证码并下发给所述终端,以供所述终端根据所述终端的属性信息和所述动态验证码生成第一数字签名;Generating a dynamic verification code during the process of logging in to the monitoring platform by the terminal and issuing it to the terminal, so that the terminal can generate a first digital signature according to the attribute information of the terminal and the dynamic verification code;
    接收所述终端发送的包含所述第一数字签名的接入请求;Receiving an access request including the first digital signature sent by the terminal;
    根据所述终端的登录账号绑定的属性信息以及下发的所述动态验证码对所述第一数字签名进行鉴权;Authenticate the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code;
    在鉴权通过后向所述终端下发应答消息,以供所述终端在接收到所述应答消息后接入所述监控平台。After passing the authentication, a response message is issued to the terminal, so that the terminal can access the monitoring platform after receiving the response message.
  10. 根据权利要求9所述的终端接入监控平台的方法,其中,所述在鉴权通过后向所述终端下发应答消息,以供所述终端在接收到所述应答消息后接入所述监控平台,包括:The method for a terminal to access a monitoring platform according to claim 9, wherein, after the authentication is passed, a response message is sent to the terminal, so that the terminal can access the terminal after receiving the response message. Monitoring platform, including:
    在鉴权通过后根据所述终端的登录账号绑定的属性信息以及下发的所述动态验证码生成第二数字签名;Generate a second digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code after the authentication is passed;
    向所述终端下发包含所述第二数字签名的应答消息,以供所述终端根据所述终端的属性 信息和接收的所述动态验证码对所述第二数字签名进行鉴权,并在鉴权通过后接入所述监控平台。A response message containing the second digital signature is issued to the terminal, so that the terminal can authenticate the second digital signature according to the terminal's attribute information and the received dynamic verification code, and then Access the monitoring platform after passing the authentication.
  11. 根据权利要求9或10所述的终端接入监控平台的方法,其中,所述根据所述终端的登录账号绑定的属性信息以及下发的所述动态验证码对所述第一数字签名进行鉴权,包括:The method for terminal access to a monitoring platform according to claim 9 or 10, wherein the first digital signature is performed on the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code Authentication, including:
    基于预设的第一不可逆加密算法对所述终端的登录账号绑定的属性信息以及下发的所述动态验证码二者结合形成的明文进行加密生成鉴权密码,并判断所述鉴权密码与所述第一数字签名是否匹配;其中,当所述鉴权密码与所述第一数字签名匹配时表示鉴权通过。Based on the preset first irreversible encryption algorithm, the plain text formed by combining the attribute information of the terminal's login account and the issued dynamic verification code is encrypted to generate an authentication password, and the authentication password is determined Whether it matches with the first digital signature; wherein, when the authentication password matches the first digital signature, it means that the authentication is passed.
  12. 根据权利要求11所述的终端接入监控平台的方法,其中,所述接入请求中包含的所述第一数字签名被所述终端进行了加密;The method for a terminal to access a monitoring platform according to claim 11, wherein the first digital signature included in the access request is encrypted by the terminal;
    在所述根据所述终端的登录账号绑定的属性信息以及下发的所述动态验证码对所述第一数字签名进行鉴权之前,还包括:Before the authenticating the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code, the method further includes:
    基于预设的第二不可逆加密算法对下发的所述动态验证码进行加密得到解密密钥,并利用所述解密密钥对被加密过的所述第一数字签名进行解密得到所述第一数字签名。Encrypt the issued dynamic verification code based on a preset second irreversible encryption algorithm to obtain a decryption key, and use the decryption key to decrypt the encrypted first digital signature to obtain the first digital signature.
  13. 根据权利要求9或10所述的终端接入监控平台的方法,其中,所述终端的登录账号与所述终端的属性信息的绑定方式,包括:The method for a terminal to access a monitoring platform according to claim 9 or 10, wherein the binding manner of the login account of the terminal and the attribute information of the terminal includes:
    在接收到所述终端发送的所述注册请求后下发所述动态验证码,以供所述终端根据所述属性信息和接收的所述动态验证码生成第一数字签名;Issuing the dynamic verification code after receiving the registration request sent by the terminal, so that the terminal can generate a first digital signature according to the attribute information and the received dynamic verification code;
    接收所述终端发送的所述第一数字签名和所述登录账号;Receiving the first digital signature and the login account sent by the terminal;
    从所述第一数字签名中解析出所述属性信息,并将所述终端的登录账号与所述终端的属性信息绑定。The attribute information is parsed from the first digital signature, and the login account of the terminal is bound to the attribute information of the terminal.
  14. 根据权利要求9或10所述的终端接入监控平台的方法,其中,所述在所述终端登录所述监控平台过程中生成动态验证码并下发给所述终端,以供所述终端根据所述终端的属性信息和所述动态验证码生成第一数字签名之后,还包括:The method for a terminal to access a monitoring platform according to claim 9 or 10, wherein the dynamic verification code is generated during the process of the terminal logging into the monitoring platform and issued to the terminal for the terminal to follow After the attribute information of the terminal and the dynamic verification code generate the first digital signature, the method further includes:
    接收所述终端发送的包含所述第一数字签名的功能配置请求;Receiving a function configuration request including the first digital signature sent by the terminal;
    根据所述登录账号绑定的所述属性信息以及下发的所述动态验证码对所述第一数字签名进行鉴权,并在鉴权通过后为所述终端配置功能。The first digital signature is authenticated according to the attribute information bound to the login account and the issued dynamic verification code, and functions are configured for the terminal after the authentication is passed.
  15. 根据权利要求9或10所述的终端接入监控平台的方法,其中,所述在所述终端登录所述监控平台过程中生成动态验证码并下发给所述终端,包括:The method for a terminal to access a monitoring platform according to claim 9 or 10, wherein the generating and issuing a dynamic verification code to the terminal during the process of the terminal logging into the monitoring platform includes:
    在所述终端登录所述监控平台过程中生成动态验证码,通过预设通道将所述动态验证码下发给所述终端;其中,所述预设通道不同于所述终端与所述监控平台之间的所述请求或所述应答消息交互的通道。A dynamic verification code is generated when the terminal logs in to the monitoring platform, and the dynamic verification code is issued to the terminal through a preset channel; wherein the preset channel is different from the terminal and the monitoring platform The request or the response message exchange channel between.
  16. 一种电子设备,其中,所述电子设备为终端,包括:An electronic device, wherein the electronic device is a terminal, and includes:
    至少一个处理器;以及,At least one processor; and,
    与所述至少一个处理器通信连接的存储器;其中,A memory communicatively connected with the at least one processor; wherein,
    所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行如权利要求1至8中任一所述的终端接入监控平台的方法。The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so that the at least one processor can execute any one of claims 1 to 8. Of the terminal access to the monitoring platform.
  17. 一种平台,其中,所述平台为监控平台,包括:A platform, wherein the platform is a monitoring platform, including:
    至少一个处理器;以及,At least one processor; and,
    与所述至少一个处理器通信连接的存储器;其中,A memory communicatively connected with the at least one processor; wherein,
    所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行如权利要求9至15任一所述的终端接入监控平台的方法。The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so that the at least one processor can execute any one of claims 9 to 15 The method for the terminal to access the monitoring platform.
  18. 一种计算机可读存储介质,存储有计算机程序,其中,所述计算机程序被处理器执行时实现权利要求1至8中任一项所述的终端接入监控平台的方法,或实现权利要求9至15中任一项所述的终端接入监控平台的方法。A computer-readable storage medium storing a computer program, wherein when the computer program is executed by a processor, the method for terminal access to a monitoring platform according to any one of claims 1 to 8 is realized, or claim 9 is realized The method for terminal access to the monitoring platform described in any one of to 15.
PCT/CN2020/135292 2019-12-12 2020-12-10 Method for terminal to access monitoring platform, and electronic device, platform and storage medium WO2021115381A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911272818.8A CN112995991A (en) 2019-12-12 2019-12-12 Method for accessing terminal to monitoring platform, electronic equipment, platform and storage medium
CN201911272818.8 2019-12-12

Publications (1)

Publication Number Publication Date
WO2021115381A1 true WO2021115381A1 (en) 2021-06-17

Family

ID=76329590

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/135292 WO2021115381A1 (en) 2019-12-12 2020-12-10 Method for terminal to access monitoring platform, and electronic device, platform and storage medium

Country Status (2)

Country Link
CN (1) CN112995991A (en)
WO (1) WO2021115381A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102740141A (en) * 2012-05-31 2012-10-17 董爱平 Mobile Internet instant video privacy protecting method and system
CN106130996A (en) * 2016-06-30 2016-11-16 武汉斗鱼网络科技有限公司 A kind of website attack protection checking system and method
CN107465838A (en) * 2017-09-22 2017-12-12 潘荣昌 A kind of indoor security monitors APP systems
US20180247053A1 (en) * 2017-02-24 2018-08-30 Adt Us Holdings, Inc. Automatic password reset using a security system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102740141A (en) * 2012-05-31 2012-10-17 董爱平 Mobile Internet instant video privacy protecting method and system
CN106130996A (en) * 2016-06-30 2016-11-16 武汉斗鱼网络科技有限公司 A kind of website attack protection checking system and method
US20180247053A1 (en) * 2017-02-24 2018-08-30 Adt Us Holdings, Inc. Automatic password reset using a security system
CN107465838A (en) * 2017-09-22 2017-12-12 潘荣昌 A kind of indoor security monitors APP systems

Also Published As

Publication number Publication date
CN112995991A (en) 2021-06-18

Similar Documents

Publication Publication Date Title
CN105050081B (en) Method, device and system for connecting network access device to wireless network access point
US9762567B2 (en) Wireless communication of a user identifier and encrypted time-sensitive data
KR102219756B1 (en) Method for managing the state of connected devices
CN106789841B (en) Service processing method, terminal, server and system
WO2019109809A1 (en) Media data processing method, computer device and storage medium
CN111314274A (en) Vehicle-mounted terminal and center platform bidirectional authentication method and system
US10638422B2 (en) Data asset transfers via energy efficient communications
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN105376059A (en) Method and system for performing application signature based on electronic key
CN112436936A (en) Cloud storage method and system with quantum encryption function
CN112039857B (en) Calling method and device of public basic module
CN212649500U (en) Identity card reading system based on card body information
KR102321405B1 (en) System and method for providing security service using blockchain and biometric information
CN113240836A (en) Bluetooth lock connection method adopting two-dimensional code and related configuration system
US20240039707A1 (en) Mobile authenticator for performing a role in user authentication
KR101745482B1 (en) Communication method and apparatus in smart-home system
WO2021115381A1 (en) Method for terminal to access monitoring platform, and electronic device, platform and storage medium
CN116366289A (en) Safety supervision method and device for remote sensing data of unmanned aerial vehicle
US11516215B2 (en) Secure access to encrypted data of a user terminal
CN115118426A (en) Data processing method, device and equipment of block chain system and storage medium
CN112118210B (en) Authentication key configuration method, device, system and storage medium
KR20130109560A (en) Encryption method of database of mobile communication device
CN113065160A (en) Intelligent court data transmission method and system
CN111711634A (en) Card body information-based identity card reading system and method
CN116015961B (en) Control processing method, security CPE, system and medium of down-hanging terminal equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20900536

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20900536

Country of ref document: EP

Kind code of ref document: A1