CN105516948B

CN105516948B - A kind of apparatus control method and device

Info

Publication number: CN105516948B
Application number: CN201410505941.0A
Authority: CN
Inventors: 黄晓生
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2014-09-26
Filing date: 2014-09-26
Publication date: 2019-05-10
Anticipated expiration: 2034-09-26
Also published as: CN105516948A

Abstract

The embodiment of the invention discloses a kind of apparatus control method and devices, wherein the described method includes: first server, which receives the equipment that client is sent, controls request, the equipment control request includes needing the device identification for the user equipment given for change；The first server controls request according to the equipment and generates the control command for being used to indicate the user equipment progress equipment and giving operation for change；The first server sends the control command that signature processing is carried out by the first private key corresponding with the device identification to the user equipment, so that the user equipment carries out signature verification to the control command by the first preset public key, and the control command is executed when being proved to be successful；The first server receives the implementing result that the user equipment executes the control command, and returns to the implementing result to the client.Using the present invention, the control to equipment can be effectively realized in device losses, to assist the equipment for giving loss for change.

Description

A kind of apparatus control method and device

Technical field

The present invention relates to field of communication technology more particularly to a kind of apparatus control methods and device.

Background technique

With the fast development of Internet technology, the function of may be implemented on the intelligent terminals such as mobile phone is more and more, such as User can be browsed webpage, receiving and dispatching mail, online shopping by mobile phone or pass through mobile phone wallet, Mobile banking's correspondent bank card Deng mobile phone has become a part indispensable in for people's lives.Meanwhile user by mobile phone use different function when, hand Also it is stored with more and more private datas in machine, if mobile phone is lost, may cause very huge economic loss, therefore in mobile phone Mobile phone, which is given for change, when loss becomes key.

Current mobile phone retrieving system need to authenticate the legitimacy of current user identities when carrying out mobile phone and giving for change, carry out body When part certification, only being authenticated by account number cipher, as long as account number cipher passes through, then it is assumed that the user identity is legal, so as to Relevant remote-control function is executed to mobile phone, is such as remotely located, teledata erasing etc..However, should by account bind into The mode of row legitimate user's authentication is easy failure, for example, carry out account exit, the behaviour such as account replacement or mobile phone upgrade After work, then it will lead to original binding relationship failure, as long as the people for taking mobile phone exits account or using new account It logs in, and completes to bind with the relationship of the new account in server, mobile phone retrieving system then assert that the user is the legal of mobile phone Owner, so that original machine master can not again control the mobile phone.

Summary of the invention

The technical problem to be solved by the embodiment of the invention is that providing a kind of apparatus control method and device, can set The control to equipment is effectively realized when standby loss.

In a first aspect, the embodiment of the invention provides a kind of apparatus control methods, comprising:

First server receives the equipment that client is sent and controls request, and the equipment control request includes needing to give for change The device identification of user equipment；

The first server is used to indicate the user equipment progress equipment according to equipment control request generation and looks for Return the control command of operation；

The first server sends to the user equipment and carries out by the first private key corresponding with the device identification The control command of signature processing, so that the user equipment signs the control command by the first preset public key Name verifying, and executes the control command when being proved to be successful, and first public key is stored in the user equipment data forever The secure storage areas that Kubo is deposited；

The first server receives the implementing result that the user equipment executes the control command, and to the client End returns to the implementing result.

With reference to first aspect, in the first possible implementation, the equipment control request further includes passing through storage The second private key in external storage equipment requests corresponding request packet to carry out the number that signature is handled equipment control Word signature；The user equipment progress equipment is used to indicate according to equipment control request generation in the first server to look for It returns before the control command of operation, the method also includes:

Equipment control request is sent to second server by the first server, so that the second server is looked into The second public key corresponding with the device identification is looked for, and signature verification is carried out to the digital signature by second public key；

If receiving the message that is proved to be successful that the second server responds the equipment control request return, described first Server, which executes to be controlled to request to generate according to the equipment, is used to indicate the control that the user equipment progress equipment gives operation for change The step of order.

With reference to first aspect or the first possible implementation of first aspect, second of possible realization side In formula, the user equipment progress equipment is used to indicate according to equipment control request generation in the first server and is given for change After the control command of operation and the first server will be sent to the use by the control command of signature processing Before the equipment of family, the method also includes:

The control command is sent to second server by the first server so that the second server search with Corresponding first private key of the device identification, and signature processing is carried out to the control command by first private key；

Receive the control command by signature processing that the second server returns.

With reference to first aspect, in the third possible implementation, client is received in the first server to send Equipment control request before, the method also includes:

First server receives the facility registration request of the facility information for the carrying user equipment that user equipment is sent, The facility information includes the corresponding push token of the user equipment, device identification and is stored by the user equipment First public key requests corresponding request packet to carry out the digital signature that signature is handled the facility registration；

When the verification result of the digital signature is to be proved to be successful, the first server store the push token and The device identification；

The first server sends to the user equipment and carries out by the first private key corresponding with the device identification The control command of signature processing, comprising:

The control command and the push token that handle by signature are sent to message and pushed away by the first server Gateway is sent, so that the message pushes gateway and will be sent to by the control command of signature processing according to the push token The user equipment.

The third possible implementation with reference to first aspect, in the fourth possible implementation, described After one server receives the facility registration request of the facility information for the carrying user equipment that the user equipment is sent, institute State method further include:

Facility registration request is sent to second server by the first server, so that the second server is logical The first private key corresponding with the device identification for crossing storage carries out signature verification to the digital signature；

The first server receives the verification result for the signature verification that the second server returns.

Second aspect, the embodiment of the invention also provides another apparatus control methods, are applied in user equipment, described User equipment is provided with device identification and public key in advance, and the device identification and public key are stored in the user equipment data forever The secure storage areas that Kubo is deposited, which comprises

The user equipment receives the control command that server is sent, the control command by preconfigured private key into The processing of row signature；

The user equipment obtains the public key from the secure storage areas of local terminal, and is ordered by the public key the control It enables and carries out signature verification；

If signature verification success, the user equipment executes the control command, and will execute the control command Implementing result returns to the server.

In conjunction with second aspect, in the first possible implementation, receive what server was sent in the user equipment Before control command, the method also includes:

User equipment sends token request to message push gateway, so that message push gateway is asked according to the token It asks and distributes push token for the user equipment, the push token is to be used to indicate message push gateway to carry out message push Addressing identification；

The push token issued, the user equipment are requested if receiving the message push gateway and responding the token The facility registration request for carrying the facility information of the user equipment is sent to server, the facility information includes the push Token, the device identification and corresponding request packet is requested to carry out signature processing the facility registration by the public key Digital signature, so that the server is when by preconfigured private key to digital signature authentication success, described in storage Push token and the device identification.

The third aspect, the embodiment of the invention also provides a kind of plant control units, are set in first server, packet It includes:

First receiving module, for receiving the equipment control request of client transmission, the equipment control request includes needing The device identification of the user equipment to be given for change；

Generation module, the equipment control request generation for being received according to first receiving module are used to indicate described User equipment carries out the control command that equipment gives operation for change；

First sending module, for the user equipment send by the first private key corresponding with the device identification into The control command of row signature processing, so that the user equipment carries out the control command by the first preset public key Signature verification, and the control command is executed when being proved to be successful, first public key is stored in data in the user equipment The secure storage areas of persistence；

Processing module, executes the implementing result of the control command for receiving the user equipment, and to the client End returns to the implementing result.

In conjunction with the third aspect, in the first possible implementation, the equipment control request further includes passing through storage The second private key in external storage equipment requests corresponding request packet to carry out the number that signature is handled equipment control Word signature；Described device further include:

Second sending module, for equipment control request to be sent to second server, so that the second service Device searches the second public key corresponding with the device identification, and carries out signature to the digital signature by second public key and test Card；

Notification module, for being proved to be successful receive that the second server responds that equipment control request returns When message, the generation module is notified to be used to indicate the user equipment progress equipment according to equipment control request generation and look for Return the control command of operation.

In conjunction with the possible implementation of the first of the third aspect or the third aspect, second of possible realization side In formula, described device further include:

Third sending module, the control command for generating the generation module are sent to second server, so that institute It states second server and searches the first private key corresponding with the device identification, and by first private key to the control command Carry out signature processing；

Second receiving module, the control command by signature processing returned for receiving the second server.

In conjunction with the third aspect, in the third possible implementation, described device further include:

Third receiving module, the equipment note of the facility information of the carrying user equipment for receiving user equipment transmission Volume request, the facility information include the corresponding push token of the user equipment, device identification and are set by the user First public key of standby storage requests corresponding request packet to carry out the digital signature that signature is handled the facility registration；

Information storage module is to store the push when being proved to be successful and enable for the verification result in the digital signature Board and the device identification；

First sending module is specifically used for:

The control command and the push token that handle by signature are sent to message push gateway, so that described Message, which pushes gateway, will be sent to the user equipment by the control command of signature processing according to the push token.

In conjunction with the third possible implementation of the third aspect, in the fourth possible implementation, described device Further include:

4th sending module, for facility registration request to be sent to second server, so that the second service Device carries out signature verification to the digital signature by the first private key corresponding with the device identification of storage；

Third receiving module, for receiving the verification result for the signature verification that the second server returns.

Fourth aspect, the embodiment of the invention also provides another plant control units, are set in user equipment, described User equipment is provided with device identification and public key in advance, and the safety that the device identification and public key are stored in data persistence is deposited Storage area, comprising:

Order receiver module, for receiving the control command of server transmission, the control command passes through preconfigured Private key carries out signature processing；

Module is obtained, for obtaining the public key from the secure storage areas of local terminal, and by the public key to the order The control command that receiving module receives carries out signature verification；

Execution module, for executing the control command, and the control command will be executed in signature verification success Implementing result returns to the server.

In conjunction with fourth aspect, in the first possible implementation, described device further include:

First request sending module, for sending token request to message push gateway, so that the message pushes gateway It is that the user equipment distributes push token according to token request, the push token is to be used to indicate message to push gateway Carry out the addressing identification of message push；

Second request sending module, for being pushed away receive that message push gateway responds that the token request issues When sending token, the facility registration request for carrying the facility information of the user equipment, the facility information packet are sent to server It includes the push token, the device identification and requests corresponding request packet to carry out the facility registration by the public key The digital signature of signature processing, so that the server is successful to the digital signature authentication by preconfigured private key When, store the push token and the device identification.

The embodiment of the present invention can generate corresponding control command in the equipment control request for receiving client transmission, and The control command for carrying out signature processing by private key corresponding with the user equipment given for change is needed is sent to the user equipment, with So that the user equipment is carried out signature verification to the control command by being stored in the public key of secure storage areas, and is being proved to be successful Control command described in Shi Zhihang, so as to effectively realize the control to equipment in device losses.

Detailed description of the invention

In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.

Fig. 1 is a kind of flow diagram of apparatus control method provided in an embodiment of the present invention；

Fig. 2 is the flow diagram of another apparatus control method provided in an embodiment of the present invention；

Fig. 3 is a kind of interaction schematic diagram of method for configuring facility information provided in an embodiment of the present invention；

Fig. 4 is a kind of interaction schematic diagram of the register method of user equipment provided in an embodiment of the present invention；

Fig. 5 is a kind of interaction schematic diagram of apparatus control method provided in an embodiment of the present invention；

Fig. 6 is a kind of structural schematic diagram of plant control unit provided in an embodiment of the present invention；

Fig. 7 is the structural schematic diagram of another plant control unit provided in an embodiment of the present invention；

Fig. 8 is the structural schematic diagram of another plant control unit provided in an embodiment of the present invention；

Fig. 9 is a kind of structural schematic diagram of server provided in an embodiment of the present invention；

Figure 10 is a kind of structural schematic diagram of user equipment provided in an embodiment of the present invention.

Specific embodiment

Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.

It referring to Figure 1, is a kind of flow diagram of apparatus control method provided in an embodiment of the present invention, the present invention is implemented Example the method specifically can be used to indicate user equipment carry out equipment give operation for change first server in realize, specifically , the embodiment of the present invention the described method includes:

S101: first server receives the equipment that client is sent and controls request, and the equipment control request includes needing The device identification for the user equipment given for change.

Specifically, the equipment control request may include the Location Request for the user equipment such as mobile phone given for change to needs, wipe Except request, screen locking request or alert requests etc..

S102: the first server is used to indicate the user equipment according to equipment control request generation and is set The standby control command for giving operation for change.

In specific embodiment, the equipment control request further includes the second private key by being stored in external storage equipment Corresponding request packet is requested to carry out the digital signature that signature is handled equipment control, specifically, the external storage is set Standby can be specially excellent shield U-KEY.The equipment, which gives operation for change, can be long range positioning, remote wipe, screen locking or be alerted, phase Ying Di, the control command correspondence can be positioning command, erasing order, screen locking order or warning order, the embodiment of the present invention It is not construed as limiting.

Further, before executing step S102, the equipment can be controlled request and is sent to by the first server Second server so that the second server searches the second public key corresponding with the device identification, and passes through described second Public key carries out signature verification to the digital signature.The equipment control request return is responded when receiving the second server When being proved to be successful message, the i.e. executable step S102 of the first server.

S103: the first server is sent to the user equipment passes through the first private key corresponding with the device identification Carry out signature processing the control command so that the user equipment by the first preset public key to the control command into Row signature verification, and the control command is executed when being proved to be successful.

Further, after executing the step S102, and before the execution step S103, the first service Device can be by being sent to second server for the control command of generation, so that the second server is searched and the device identification Corresponding first private key, and signature processing is carried out to the control command by first private key；The first server receives The control command by signature processing that the second server returns.

It should be noted that the second server can be specially certificate server such as AUTH server, the second service The device identification and its corresponding key pair of user equipment are stored in device (including above-mentioned the first private key and the second public key).

Specifically, being provided with independent secure storage areas in the user equipment, in the secure storage areas, the data of storage exist The user equipment will not be lost after restoring the operation such as factory or brush machine.The secure storage areas of the data persistence is stored with Public key (the first public key) corresponding with the user equipment and device identification.

S104: the first server receives the implementing result that the user equipment executes the control command, and to institute It states client and returns to the implementing result.

In specific embodiment, the equipment for the user equipment for needing to give for change that client is sent is received in first server Before control request, which need to also be registered in the first server.It is used specifically, first server can receive The facility registration request of the facility information for the carrying user equipment that family equipment is sent, the facility information includes the user The corresponding push token of equipment, device identification and the facility registration is asked by the first public key that the user equipment stores Corresponding request packet is asked to carry out the digital signature that signature is handled；It is to be proved to be successful in the verification result of the digital signature When, which can store the push token and the device identification, and facility information is put in storage.

Specifically, receiving the equipment letter for the carrying user equipment that the user equipment is sent in the first server After the facility registration request of breath, the first server can request the facility registration to be sent to second server, so that The second server carries out signature to the digital signature by the first private key corresponding with the device identification stored and tests Card；The first server receives the verification result for the signature verification that the second server returns.If the first service Device, which receives, is proved to be successful message, then stores the push token and the device identification.

The first server sends to the user equipment and carries out by the first private key corresponding with the device identification When the control command handled of signing, can the control command by signature processing and the push token be sent to and be disappeared Breath push gateway PushGW, so that PushGW will be sent to according to the push token by the control command of signature processing The user equipment.

Corresponding control life can be generated in the equipment control request for receiving client transmission by implementing the embodiment of the present invention It enables, and the control command for carrying out signature processing by private key corresponding with the user equipment given for change is needed is sent to the user and is set It is standby, so that the user equipment carries out signature verification to the control command by being stored in the public key of secure storage areas, and testing The control command is executed when demonstrate,proving successfully, so as to effectively realize the control to equipment in device losses.

Fig. 2 is referred to, is the flow diagram of another apparatus control method provided in an embodiment of the present invention, the present invention is real The method for applying example can specifically be realized in the user equipmenies such as mobile phone, tablet computer, specifically, the embodiment of the present invention is described Method includes:

S201: user equipment receives the control command that server is sent, and the control command passes through preconfigured private key Carry out signature processing.

In specific embodiment, which can will be by the control command and corresponding with the user equipment of signature processing Push token is sent to message push gateway PushGW.PushGW orders the control by signature processing according to the push token Order is pushed to relevant user equipment, so that user equipment receives the control command.Specifically, the server can be referring in particular to The associated description of first server in Fig. 1 corresponding embodiment, the preconfigured private key can refer in above-described embodiment The associated description of one private key.The control command can be specially that positioning command, erasing order, screen locking order or warning are ordered, The embodiment of the present invention is not construed as limiting.

S202: the user equipment obtains public key from the secure storage areas of local terminal, and by the public key to the control Order carries out signature verification.

It should be noted that be provided with device identification and public key in the user equipment in advance, the device identification and public key It is stored in the secure storage areas of data persistence in the user equipment.The public key can refer to the first public affairs in above-described embodiment The associated description of key.

S203: if signature verification success, the user equipment execute the control command, and the control life will be executed The implementing result of order returns to the server.

Further, user equipment also needs to be registered to server before receiving the control command that server is sent. Specifically, user equipment can send token request by pushing gateway to message, so that the message pushes gateway according to Token request is that the user equipment distributes push token, and the push token is to be used to indicate message push gateway to carry out message (server need to carry the push token when pushing gateway PUSH message by message to the addressing identification of push, and message pushes net Close and control command be pushed to by corresponding user equipment according to the push token), user equipment receives the message and pushes gateway It responds the token and requests the push token issued.

After receiving message push gateway and responding the push token that the token request issues, the user equipment can The facility registration request for carrying the facility information of the user equipment is sent to server, the facility information includes the push Token, the device identification and by the public key (i.e. the first public key) to the facility registration request corresponding request packet into Row signature processing digital signature so that the server by preconfigured private key (i.e. the first private key) to the number When signature verification success, the push token and the device identification are stored.Specifically, the server (i.e. first server) exists After the facility registration request for receiving user equipment transmission, second server can be requested to carry out signature verification to the digital signature Processing, and the verification result of second server return is received, when the verification result is to be proved to be successful message, server Store the push token of the user equipment and the facility information of device identification.

Implementing user equipment of the embodiment of the present invention can be in the control command for receiving the carrying digital signature that server issues When, the key pair of secure storage areas control command of the data persistence by being stored in local terminal carries out signature verification, and The control command is executed when being proved to be successful, to have effectively achieved the control to the user equipment of loss.

Fig. 3 is referred to, is a kind of interaction schematic diagram of method for configuring facility information provided in an embodiment of the present invention, specifically , the embodiment of the present invention the described method includes:

S301: production equipment computer is to server application key pair.

Specifically, the production equipment computer is on production line for carrying out the workbench of equipment factory prepackage, and and user Equipment is cooperated, complete equipment factory before data initialization, program installation etc., including for user equipment obtain key pair and Simultaneously user equipment is written in device identification.The server can be second server, and authentication authorization and accounting server such as AUTH server is (referred to as AUTH it), and specifically can refer to the associated description of Fig. 1 second server into Fig. 2 corresponding embodiment.

S302: server generates key pair (including public key and private key) and corresponding device identification.

S303: server " return " key" pair and device identification.

In specific embodiment, AUTH can pass through after the application request for receiving production equipment computer application key pair RSA public key encryption algorithm, the key pair (including public key and private key) of generation 2048 and corresponding device identification, that is, device id, and The key pair and device id are returned into production equipment computer, which stores the key pair and device id simultaneously.It is set in user Standby when being registered or executing equipment and give operation for change, which is the unique identification of the user equipment.

S304: production equipment computer indicates user equipment more new key.

S305: whether the identity of user equipment authentication production equipment computer is legal, and in authentication success, write-in is public Key and device identification.

In specific embodiment, production equipment computer, can after receiving the public key, private key and device identification of AUTH return Equipment code is called, public key is written in corresponding user equipment by request.Specifically, production equipment computer can call key more New interface, application update the corresponding public key of user equipment, which needs to verify the legal of the identity of production equipment computer Property.If authentication fails, key updating process terminates；If authentication success, the secure storage in the user equipment Write device ID and public key (being used as the first public key) in area.Wherein, the conjunction of the identity of user equipment authentication production equipment computer Similarly to the prior art, details are not described herein for method.

S306: key updating data are back to production equipment computer by user equipment.

S307: production equipment computer judges whether the key updating of user equipment succeeds, if so, by device identification and private U-KEY is written in key.

After write device ID and public key, user equipment re-reads the public key and device id of write-in, and generates choose at random Fight word challenge, is encrypted using public key to challenge and device id, and will include challenge and encrypted cipher text Key updating data back to production equipment computer.Production equipment computer is by private key decryption ciphertext, and by the number after decryption Be compared according to the challenge of plaintext, device id, if comparison result is consistent, show the key updating of user equipment at Function；If inconsistent, show to update failure, need to update again.After determining that user equipment key updating succeeds, then it can incite somebody to action In device id and private key write-in external storage equipment such as U-KEY, the private key stored in the U-KEY is used as the second private key.

Fig. 4 is referred to, is a kind of interaction schematic diagram of the register method of user equipment provided in an embodiment of the present invention, specifically , the embodiment of the present invention the described method includes:

S401: user device applies PushToken.

S402:PushGW returns to PushToken.

In specific embodiment, user equipment need in advance be used to indicate user equipment carry out equipment give for change operation first clothes Business device is registered.Before user equipment sends registration request to the first server, the Shen gateway PushGW can be pushed to message Please push token PushToken, the addressing identification which pushes as message, so that first server is to PushGW When requesting PUSH message, message can be pushed to corresponding user equipment according to the PushToken.

S403: user equipment initiates registration request, and the registration request includes device id, PushToken and number label Name.

Specifically, if application PushToken failure, register flow path terminate；If applying successfully, user equipment is to first Server sends the facility registration request for carrying the facility information of the user equipment, the facility information include the PushToken, Device identification, that is, device id and the public key by storing in user equipment (i.e. the first public key) are to facility registration request pair The request packet answered carries out the digital signature etc. that signature is handled.Specifically, can be by preset Encryption Algorithm to the request Packet is encrypted, and is obtained abstract, then encrypted to abstract with the public key stored in user equipment, is obtained digital signature.Wherein, The Encryption Algorithm can be secure hash algorithm SHA256 or Message Digest 5 MD5 etc., and the embodiment of the present invention is not construed as limiting.

S404: first server request carries out signature verification.

S405: second server carries out signature verification by obtaining private key corresponding with device id.

S406: second server returns to verification result.

First server, can be to the second server requests verification digital signature after receiving facility registration request Legitimacy.Specifically, first server (can be added device id, abstract by preset Encryption Algorithm to the request packet Close obtained abstract) and digital signature be sent to second server, which finds out private corresponding with the device id Key (i.e. the first private key), and signature verification is carried out to the digital signature by private key.The digital signature is decrypted by private key, it will It decrypts the character string obtained to compare with the abstract, if the two matches, can be shown that the signature verification to the digital signature Success；If mismatching, authentication failed can be shown that, signature verification result is returned to first server by second server.

S407: if being proved to be successful, the device id and PushToken is written in first server.

S408: first server returns to registering result.

If second server return signature verification result be proved to be successful, first server be written the device id and PushToken stores the facility information of the user equipment, and notifying user equipment succeeds in registration.

Fig. 5 is referred to, is a kind of interaction schematic diagram of apparatus control method provided in an embodiment of the present invention, specifically, this Inventive embodiments the described method includes:

S501: user logs in client, is inserted into U-KEY.

In specific embodiment, user can log in client, that is, open corresponding interface portal, which, which is associated with, sets The standby operation pages given for change.

S502: sending device control request, the request include device id and digital signature.

User is after logging in client and being inserted into external storage equipment such as U-KEY, it may be determined that the equipment carried out is needed to look for Return operation, client, which is sent, to be given the corresponding equipment of operation for change with the equipment and control request, which includes device id and number (digital signature is to request corresponding request packet to encrypt equipment control by preset Encryption Algorithm to signature, is obtained Abstract, then the digital signature that abstract is encrypted with the private key (the second private key) in U-KEY).Specifically, the equipment Control request may include the Location Request for the user equipment such as mobile phone given for change to needs, erasing request, screen locking request or alert Accuse request etc..

S503: signature verification.

S504: public key verifications signature corresponding with the device id is found out.

S505: verification result is returned.

First server can be requested to second server to this after receiving the equipment control request of client transmission Digital signature carries out signature verification.Specifically, device id, abstract (can be passed through preset Encryption Algorithm pair by first server The abstract that the request packet is encrypted) and digital signature be sent to second server, the second server find out with should The corresponding public key of device id (the second public key), and signature verification is carried out to the digital signature by the public key.Pass through public key solution The character string that decryption obtains is compared with the abstract, if the two matches, be can be shown that the number by the close digital signature The signature verification success of signature；If mismatching, authentication failed can be shown that, signature verification result is returned to the by second server One server.

S506: if being proved to be successful, request is controlled according to the equipment and generates control command.

If the signature verification result that first server receives second server return is authentication failed, terminate the equipment Give operation for change；If the signature verification result returned is to be proved to be successful, first server can control request according to the equipment and generate It is used to indicate the user equipment and carries out the control command that equipment gives operation for change.Specifically, it can be long-range that the equipment, which gives operation for change, Positioning, remote wipe, screen locking are alerted, correspondingly, the control command correspondence can for positioning command, erasing order, Screen locking order or warning order, the embodiment of the present invention are not construed as limiting.

S507: request signs to the control command.

S508: finding out private key corresponding with the device id, signs to control command.

S509: signature result is returned.

In specific embodiment, device id and control command can be sent to second server by first server, with request pair The control command carries out signature processing.Specifically, the second server can find out private key corresponding with the device id, (first is private Key), to carry out signature processing to the control command by the private key, and the will be returned to by the control command of signature processing One server.

S510: control command is issued by PushGW.

S511: signature verification is carried out to control command, and executes the control command when being proved to be successful.

S512: implementing result is returned.

First server, can be by the warp after the control command by signature processing for receiving second server return The control command and PushToken for crossing signature processing are sent to message push gateway PushGW, the PushGW for this by signing The control command of name processing is pushed on user equipment corresponding with the PushToken.

The user equipment, need to be by the public key (the first public key) that secure storage areas stores to this after receiving control command Control command carries out signature verification, and the control command is executed when being proved to be successful, for example the control command is positioning command Shi Zeke carries out positioning operation, which can start GPS and be positioned, and the implementing result for executing the positioning operation is returned It is back to first server, by first server to the client push implementing result.

Implement the number that client of the embodiment of the present invention can will be carried through the key encryption being stored in external storage equipment The equipment control request of word signature is sent to server, generates corresponding control command when to digital signature authentication success, And the control command for carrying out signature processing by private key corresponding with the user equipment given for change is needed is sent to the user equipment, After the user equipment receives the control command, signed by being stored in control command described in the key pair of secure storage areas Name verifying, and the control command is executed when being proved to be successful, so as to effectively realize the control to equipment in device losses System.

Fig. 6 is referred to, is a kind of structural schematic diagram of plant control unit provided in an embodiment of the present invention, the present invention is implemented The described device of example can be specifically set in first server, specifically, the described device of the embodiment of the present invention includes: first to connect Receive module 11, generation module 12, the first sending module 13 and processing module 14.Wherein,

First receiving module 11, for receiving the equipment control request of client transmission, the equipment control request Device identification including the user equipment for needing to give for change.

Specifically, the equipment control request may include the Location Request for the user equipment such as mobile phone given for change to needs, wipe Except request, screen locking request or alert requests etc..The device identification is to be pre-configured with to obtain, and uniquely determine a use Family equipment, the user equipment which as needs to give for change.

The generation module 12, the equipment control request for being received according to first receiving module 11, which generates, to be used for Indicate that the user equipment carries out the control command that equipment gives operation for change.

After the first receiving module 11 receives the equipment control request of client transmission, generation module 12 can be according to this Equipment control request generates the control command to the corresponding user equipment of the device identification.Specifically, the equipment give operation for change can It for long range positioning, remote wipe, screen locking or alerts etc., correspondingly, which can be positioning command, wiping Except order, screen locking order or warning order etc., the embodiment of the present invention is not construed as limiting.

First sending module 13 passes through corresponding with the device identification first for sending to the user equipment Private key carries out the control command of signature processing, so that the user equipment orders the control by the first preset public key It enables and carries out signature verification, and execute the control command when being proved to be successful, first public key is stored in the user equipment The secure storage areas of middle data persistence.

It should be noted that independent secure storage areas is provided in user equipment, in the number of secure storage areas storage It will not be lost after restoring the operation such as factory or brush machine according in the user equipment.The secure storage areas is stored with to be set with the user Standby corresponding public key (the first public key) and device identification.

The processing module 14, executes the implementing result of the control command for receiving the user equipment, and to institute It states client and returns to the implementing result.

Specifically, such as the control command be positioning command, then the implementing result be the successful execution positioning command when pair The location information of the user equipment, or positioning failure information when failure is executed, processing module 14 receives this to user equipment Location information or positioning failure information, and the location information or positioning failure information are returned into client.

Fig. 7 is referred to, is the structural schematic diagram of another plant control unit provided in an embodiment of the present invention, the present invention is real The described device for applying example includes the first receiving module 11, generation module 12, the first sending module of above-mentioned plant control unit 13 and processing module 14, it is repeated no more in this.Further, in embodiments of the present invention, the equipment control request is also wrapped Including the second private key by being stored in external storage equipment requests corresponding request packet to carry out at signature equipment control Manage obtained digital signature, described device further include:

Second sending module 15, for equipment control request to be sent to second server, so that second clothes Business device searches the second public key corresponding with the device identification, and is signed by second public key to the digital signature Verifying.

In specific embodiment, the equipment control request that the first receiving module 11 receives includes device identification and number label Name, the digital signature are to request corresponding request packet to encrypt equipment control by preset Encryption Algorithm, obtain and pluck It wants, then the digital signature that abstract is encrypted by the private key (the second private key) in external storage equipment such as U-KEY.The One receiving module 11 can be taken by the second sending module 15 to second after receiving the equipment control request of client transmission Device request be engaged in digital signature progress signature verification.Specifically, the second sending module 15 can be (i.e. logical by device identification, abstract Cross the abstract that preset Encryption Algorithm encrypts the request packet) and digital signature be sent to second server so that The second server finds out public key (the second public key) corresponding with the device id, and by second public key to the digital signature Carry out signature verification.I.e. by the second public key decryptions digital signature, the character string that decryption obtains is compared with the abstract, If the two matches, the signature verification success to the digital signature can be shown that；If mismatching, authentication failed can be shown that.It should Second server returns to signature verification result.Wherein, which can calculate for secure hash algorithm SHA256 or eap-message digest Method MD5 etc., the embodiment of the present invention is not construed as limiting.

Notification module 16, for receive the second server respond verifying that equipment control request returns at When function message, the generation module 12 is notified to be used to indicate the user equipment according to equipment control request generation and set The standby control command for giving operation for change.

It is to be proved to be successful message when receiving the signature verification result that the second server returns, that is, can be shown that the equipment control System request is legal, then notification module 16 can notify generation module 12 that can control request generation according to the equipment and be used to indicate the use Family equipment carries out the control command that equipment gives operation for change.

Further, in embodiments of the present invention, described device may also include that

Third sending module 17, the control command for generating the generation module 12 are sent to second server, with The second server is set to search the first private key corresponding with the device identification, and by first private key to the control Order carries out signature processing；

Second receiving module 18, the control command by signature processing returned for receiving the second server.

It, can be by third sending module 17 by equipment mark after generation module 12 generates control command in specific embodiment Know and the control command is sent to second server, signature processing is carried out to the control command with request.Specifically, second clothes Business device can find out private key (the first private key) corresponding with the device identification, to be signed by the private key to the control command Name processing, and first server will be returned to by the control command of signature processing.Second receiving module 18 receives described second The control command by signature processing that server returns.

Third receiving module 19, the equipment of the facility information of the carrying user equipment for receiving user equipment transmission Registration request, the facility information include the corresponding push token of the user equipment, device identification and by the user First public key of equipment storage requests corresponding request packet to carry out the digital signature that signature is handled the facility registration；

Information storage module 20 is when being proved to be successful, to store the push for the verification result in the digital signature Token and the device identification；

First sending module 13 can be specifically used for:

Optionally, in embodiments of the present invention, described device can also further comprise:

4th sending module 21, for facility registration request to be sent to second server, so that second clothes Business device carries out signature verification to the digital signature by the first private key corresponding with the device identification of storage；

Third receiving module 22, for receiving the verification result for the signature verification that the second server returns.

In specific embodiment, user equipment need in advance be used to indicate user equipment carry out equipment give for change operation first clothes Business device is registered.Third receiving module 19 is receiving the carrying push token PushToken of user equipment transmission, equipment mark Know and the public key by storing in user equipment (i.e. the first public key) requests corresponding request packet to carry out the facility registration When the facility registration request of the facility informations such as the digital signature that signature is handled, it can be taken by the 4th sending module 21 to second The legitimacy for the device requests verification digital signature of being engaged in.Specifically, the facility registration can be requested to send by the 4th sending module 21 To second server, which finds out private key (i.e. the first private key) corresponding with the device identification, passes through private key pair The digital signature carries out signature verification, and returns to signature verification result.Third receiving module 22 receives what second server returned Verification result, and when verification result is to be proved to be successful, the PushToken and the equipment mark are stored by information storage module 20 Know.

Further, the second receiving module 18 is in the control command by signature processing for receiving second server return Later, the control command of process signature processing and PushToken can be sent to PushGW by the first sending module 13, So that the control command of process signature processing is pushed on user equipment corresponding with the PushToken by the PushGW.

The number for being carried through the key encryption being stored in external storage equipment can received by implementing the embodiment of the present invention The equipment control of word signature requests and when to digital signature authentication success, generates the user equipment progress that instruction needs to give for change Equipment gives the control command of operation for change, and the control command for carrying out signature processing by the corresponding private key of the user equipment is sent to The user equipment is tested so that the user equipment carries out signature to the control command by being stored in the public key of secure storage areas Card, and the control command is executed when being proved to be successful, so as to effectively realize the control to equipment in device losses.

Fig. 8 is referred to, is the structural schematic diagram of another plant control unit provided in an embodiment of the present invention, the present invention is real The described device for applying example can be specifically set in the user equipmenies such as mobile phone, tablet computer, specifically, the embodiment of the present invention is described Device includes: Order receiver module 31, obtains module 32 and execution module 33.Wherein,

The Order receiver module 31, for receiving the control command of server transmission, the control command passes through preparatory The private key of configuration carries out signature processing.

Specifically, the server can referring in particular to the associated description of Fig. 1 first server into Fig. 7 corresponding embodiment, The preconfigured private key can refer to the associated description of the first private key in above-described embodiment.The control command can be specially to position Order, erasing order, screen locking order or warning order, the embodiment of the present invention are not construed as limiting.

The acquisition module 32, for obtaining public key from the secure storage areas of local terminal, and by the public key to the life The control command for enabling receiving module 31 receive carries out signature verification.

It should be noted that be provided with device identification and public key in the user equipment in advance, the device identification and public key It is stored in the secure storage areas of data persistence in the user equipment.The public key can refer to Fig. 1 into Fig. 7 corresponding embodiment The associated description of first public key.

The execution module 33, for executing the control command, and the control will be executed in signature verification success The implementing result of order returns to the server.

In specific embodiment, for Order receiver module 31 after receiving control command, obtaining module 32 need to be by depositing safely The public key (the first public key) of storage area storage carries out signature verification to the control command, and passes through execution module 33 when being proved to be successful The control command, such as the control command are executed can then to carry out positioning operation when positioning command, starting GPS is positioned, And be back to the implementing result for executing the positioning operation server (first server), this is fixed for successful execution for the implementing result To the location information of the user equipment when order of the bit, or execute positioning failure information when failure, with by first server to The client push location information or positioning failure information.

First request sending module 34, for sending token request to message push gateway, so that the message pushes net Closing according to token request is that the user equipment distributes push token, and the push token is to be used to indicate message to push net Put the addressing identification of row message push into；

Second request sending module 35, for responding what the token request issued receiving message push gateway When push token, the facility registration request for carrying the facility information of the user equipment, the facility information are sent to server Including the push token, the device identification and by the public key to the facility registration request corresponding request packet into The digital signature of row signature processing, so that the server is successful to the digital signature authentication by preconfigured private key When, store the push token and the device identification.

In specific embodiment, user equipment need in advance be used to indicate user equipment carry out equipment give for change operation first clothes Business device is registered.It, can be by the first request sending module 34 to message before sending registration request to the first server Push gateway PushGW application push token PushToken, the addressing identification which pushes as message, so that the When one server requests PUSH message to PushGW, message can be pushed to corresponding user equipment according to the PushToken.

Specifically, if application PushToken failure, register flow path terminate；If applying successfully, the second request can be passed through Sending module 35 sends the facility registration request for carrying the facility information of the user equipment, the facility information to first server Including the PushToken, device identification and pass through user equipment secure storage areas in the public key that stores (i.e. first is public Key) request corresponding request packet to carry out the digital signature etc. that signature is handled the facility registration.First server exists It, can be to the legitimacy of the second server requests verification digital signature, the second server after receiving facility registration request Private key (i.e. the first private key) corresponding with the device identification is found out, and signature verification is carried out to the digital signature by private key. Signature verification result is returned to first server by second server.If verification result is to be proved to be successful message, first clothes Business device can store the facility informations such as the PushToken and device identification.

Further, Fig. 9 is referred to, is a kind of structural schematic diagram of server provided in an embodiment of the present invention, the present invention The server of embodiment includes: receiver 300, transmitter 400, memory 200 and processor 100, the memory 200 It can be high speed RAM memory, be also possible to non-labile memory (non-volatile memory), for example, at least one A magnetic disk storage.As storing corresponding application program etc. in a kind of memory 200 of computer storage medium.The reception Data connection can be carried out by bus between device 300, transmitter 400, memory 200 and processor 100, can also passed through Other modes data connection.It is illustrated in the present embodiment with bus connection.Specifically, the server of the embodiment of the present invention The server that equipment gives operation for change is carried out to be used to indicate user equipment, specifically can refer to Fig. 1 into Fig. 8 corresponding embodiment first The associated description of server.

Wherein, the processor 100 executes following steps:

It receives the equipment that client is sent and controls request, the equipment control request includes the user equipment for needing to give for change Device identification；

Request, which is controlled, according to the equipment generates the control life for being used to indicate the user equipment progress equipment and giving operation for change It enables；

It sends to the user equipment and is carried out described in signature processing by the first private key corresponding with the device identification Control command so that the user equipment carries out signature verification to the control command by the first preset public key, and is being tested The control command is executed when demonstrate,proving successfully, the safety that first public key is stored in data persistence in the user equipment is deposited Storage area；

The implementing result that the user equipment executes the control command is received, and returns to the execution to the client As a result.

Optionally, the equipment controls the second private key requested further include by being stored in external storage equipment to described Equipment control requests corresponding request packet to carry out the digital signature that signature is handled；The processor 100 is executing described Request is controlled according to the equipment to generate before being used to indicate the control command that the user equipment progress equipment gives operation for change, is also used In execution:

Equipment control request is sent to second server, so that the second server is searched and the equipment mark Know corresponding second public key, and signature verification is carried out to the digital signature by second public key；

It requests what is returned to be proved to be successful message if receiving the second server and responding the equipment control, executes root Request generation, which is controlled, according to the equipment is used to indicate the step of user equipment progress equipment gives the control command of operation for change.

Optionally, the processor 100 requests generation to be used to indicate the use in described controlled according to the equipment of execution After family equipment progress equipment gives the control command of operation for change, and execute the control command that will be handled by signature It is sent to before the user equipment, also execution following steps:

The control command is sent to second server, so that the second server is searched and the device identification pair The first private key answered, and signature processing is carried out to the control command by first private key；

Optionally, the processor 100 also executes before executing the equipment control request for receiving client transmission Following steps:

Receive the facility registration request of the facility information for the carrying user equipment that user equipment is sent, the equipment letter Breath includes the corresponding push token of the user equipment, device identification and the first public key pair stored by the user equipment The facility registration requests corresponding request packet to carry out the digital signature that signature is handled；

When the verification result of the digital signature is to be proved to be successful, the push token and the device identification are stored；

The processor 100 passes through corresponding with the device identification first in described send to the user equipment of execution Private key carries out the control command of signature processing, is specifically used for executing:

Optionally, the processor 100 is executing the carrying user equipment for receiving the user equipment and sending Facility information facility registration request after, also execution following steps:

By the facility registration request be sent to second server so that the second server by storage with it is described Corresponding first private key of device identification carries out signature verification to the digital signature；

Receive the verification result for the signature verification that the second server returns.

Further, referring to Figure 10, it is a kind of structural schematic diagram of user equipment provided in an embodiment of the present invention, this hair The user equipment of bright embodiment includes: receiver 700, transmitter 800, memory 600 and processor 500, the storage Device 600 can be high speed RAM memory, be also possible to non-labile memory (non-volatile memory), such as extremely A few magnetic disk storage.As storing corresponding application program etc. in a kind of memory 600 of computer storage medium.It is described Data connection can be carried out by bus between receiver 700, transmitter 800, memory 600 and processor 500, it can also be with Data connection by other means.It is illustrated in the present embodiment with bus connection.Specifically, the user equipment is pre-configured with There are device identification and public key, the device identification and public key are stored in the secure storage of data persistence in the user equipment Area, the user equipment can refer to the associated description of Fig. 1 user equipment into Fig. 8 corresponding embodiment.

Wherein, the processor 500 executes following steps:

The control command that server is sent is received, the control command carries out signature processing by preconfigured private key；

The public key is obtained from the secure storage areas of local terminal, and signature is carried out to the control command by the public key and is tested Card；

If signature verification success, the control command is executed, and the implementing result for executing the control command is returned To the server.

Optionally, the processor 500 also executes following before executing the control command for receiving server transmission Step:

Token request is sent to message push gateway, so that the message pushes gateway and pushes away according to token request distribution Token is sent, the push token is the addressing identification for being used to indicate message push gateway and carrying out message push；

The push token issued is requested if receiving the message push gateway and responding the token, is sent to server The facility registration of Portable device information is requested, and the facility information includes the push token, the device identification and passes through The public key to the facility registration request corresponding request packet carry out signature processing digital signature so that the server exists When by preconfigured private key to digital signature authentication success, the push token and the device identification are stored.

Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..

The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly It encloses, therefore equivalent changes made in accordance with the claims of the present invention, is still within the scope of the present invention.

Claims

1. a kind of apparatus control method characterized by comprising

First server receives the equipment that client is sent and controls request, and the equipment control request includes the user for needing to give for change The device identification and digital signature of equipment, the digital signature are the second private keys by being stored in external storage equipment to institute Stating equipment control requests corresponding request packet to carry out what signature was handled；

The first server by the equipment control request be sent to second server so that the second server search with Corresponding second public key of the device identification, and signature verification is carried out to the digital signature by second public key；

Request what is returned to be proved to be successful message, the first service if receiving the second server and responding the equipment control Device controls request according to the equipment and generates the control command for being used to indicate the user equipment progress equipment and giving operation for change；

The first server sends to the user equipment and signs by the first private key corresponding with the device identification The control command of processing is tested so that the user equipment carries out signature to the control command by the first preset public key Card, and the control command is executed when being proved to be successful, first public key is stored in data in the user equipment and permanently protects The secure storage areas deposited；

The first server receives the implementing result that the user equipment executes the control command, and returns to the client Return the implementing result.

2. being requested the method according to claim 1, wherein being controlled in the first server according to the equipment Generation is used to indicate the user equipment and carries out that equipment is given for change after the control command of operation and the first server will be through The control command for crossing signature processing is sent to before the user equipment, the method also includes:

The control command is sent to second server by the first server so that the second server search with it is described Corresponding first private key of device identification, and signature processing is carried out to the control command by first private key；

3. the method according to claim 1, wherein receiving the equipment that client is sent in the first server Before control request, the method also includes:

First server receives the facility registration request of the facility information for the carrying user equipment that user equipment is sent, described Facility information include the corresponding push token of the user equipment, device identification and stored by the user equipment first Public key requests corresponding request packet to carry out the digital signature that signature is handled the facility registration；

When the verification result of the digital signature is to be proved to be successful, the first server stores the push token and described Device identification；

The first server sends to the user equipment and signs by the first private key corresponding with the device identification The control command of processing, comprising:

The control command and the push token that handle by signature are sent to message push net by the first server Close so that the message push gateway will be sent to by the control command of signature processing according to the push token it is described User equipment.

4. according to the method described in claim 3, being sent it is characterized in that, receiving the user equipment in the first server The carrying user equipment facility information facility registration request after, the method also includes:

Facility registration request is sent to second server by the first server, so that the second server is by depositing The first private key corresponding with the device identification of storage carries out signature verification to the digital signature；

5. a kind of apparatus control method, which is characterized in that be applied in user equipment, the user equipment is provided with equipment in advance Mark and public key, the device identification and public key are stored in the secure storage areas of data persistence in the user equipment, institute The method of stating includes:

The user equipment receives the control command that server is sent, and the control command is signed by preconfigured private key Name processing, the control command are the servers in the equipment control request for receiving client transmission, by will be described Equipment control request is sent to another server, so that another server searches another public affairs corresponding with the device identification Key to carry out signature verification to digital signature by another public key, and receives another service in the server What device returned, which be proved to be successful, generates after message；Wherein, the equipment control request includes the device identification and the number Signature, and the digital signature is that another private key by being stored in external storage equipment controls request to the equipment and corresponds to Request packet carry out what signature was handled；

The user equipment obtains the public key from the secure storage areas of local terminal, and by the public key to the control command into Row signature verification；

If signature verification success, the user equipment executes the control command, and the execution that will execute the control command As a result the server is returned to.

6. according to the method described in claim 5, it is characterized in that, receiving the control life that server is sent in the user equipment Before order, the method also includes:

User equipment sends token request to message push gateway, so that message push gateway is according to token request The user equipment distributes push token, and the push token is the addressing for being used to indicate message push gateway and carrying out message push Mark；

The push token issued is requested if receiving message push gateway and responding the token, and the user equipment is to clothes Business device sends the facility registration request for carrying the facility information of the user equipment, and the facility information includes that the push enables Board, the device identification and by the public key to the facility registration request corresponding request packet carry out signature processing number Word signature, so that the server is requesting corresponding request packet to be signed the facility registration by preconfigured private key When the digital signature authentication success of name processing, the push token and the device identification are stored.

7. a kind of plant control unit, which is characterized in that be set in first server, comprising:

First receiving module, for receiving the equipment control request of client transmission, the equipment control request includes needing to look for Return user equipment device identification and digital signature, the digital signature be by be stored in external storage equipment second Private key requests corresponding request packet to carry out what signature was handled equipment control；

Second sending module, for equipment control request to be sent to second server, so that the second server is looked into The second public key corresponding with the device identification is looked for, and signature verification is carried out to the digital signature by second public key；

Generation module, for being proved to be successful message receive that the second server responds that equipment control request returns When, the equipment control request generation received according to first receiving module is used to indicate the user equipment progress equipment and looks for Return the control command of operation；

First sending module is signed for sending to the user equipment by the first private key corresponding with the device identification The control command of name processing, so that the user equipment signs to the control command by the first preset public key Verifying, and the control command is executed when being proved to be successful, it is permanent that first public key is stored in data in the user equipment The secure storage areas of preservation；

Processing module executes the implementing result of the control command for receiving the user equipment, and returns to the client Return the implementing result.

8. device according to claim 7, which is characterized in that described device further include:

Third sending module, the control command for generating the generation module are sent to second server, so that described Two servers search the first private key corresponding with the device identification, and are carried out by first private key to the control command Signature processing；

9. device according to claim 7, which is characterized in that described device further include:

The facility registration of third receiving module, the facility information of the carrying user equipment for receiving user equipment transmission is asked It asks, the facility information includes the corresponding push token of the user equipment, device identification and deposited by the user equipment First public key of storage requests corresponding request packet to carry out the digital signature that signature is handled the facility registration；

Information storage module, for the verification result in the digital signature be proved to be successful when, store the push token and The device identification；

First sending module is specifically used for:

The control command and the push token that handle by signature are sent to message push gateway, so that the message Push gateway will be sent to the user equipment by the control command of signature processing according to the push token.

10. device according to claim 9, which is characterized in that described device further include:

4th sending module, for facility registration request to be sent to second server, so that the second server is logical The first private key corresponding with the device identification for crossing storage carries out signature verification to the digital signature；

11. a kind of plant control unit, which is characterized in that be set in user equipment, the user equipment, which is provided in advance, to be set Standby mark and public key, the device identification and public key are stored in the secure storage areas of data persistence, and described device includes:

Order receiver module, for receiving the control command of server transmission, the control command passes through preconfigured private key Signature processing is carried out, the control command is the server in the equipment control request for receiving client transmission, is passed through Equipment control request is sent to another server, so that another server lookup is corresponding with the device identification Another public key to carry out signature verification to digital signature by another public key, and is received in the server described another What one server returned, which be proved to be successful, generates after message；Wherein, the equipment control request includes the device identification and institute State digital signature, and the digital signature is that another private key by being stored in external storage equipment asks equipment control Corresponding request packet is asked to carry out what signature was handled；

Module is obtained, for obtaining the public key from the secure storage areas of local terminal, and the order is received by the public key The control command that module receives carries out signature verification；

Execution module, for executing the control command, and the execution that the control command will be executed in signature verification success As a result the server is returned to.

12. device according to claim 11, which is characterized in that further include:

First request sending module, for message push gateway send token request so that the message push gateway according to The token request is that the user equipment distributes push token, and the push token is to be used to indicate message push gateway to carry out The addressing identification of message push；

Second request sending module, for enabling receiving message push gateway and respond the push that the token request issues When board, the facility registration request for carrying the facility information of the user equipment is sent to server, the facility information includes institute It states push token, the device identification and requests corresponding request packet to be signed the facility registration by the public key The digital signature of processing, so that the server is requesting corresponding request to the facility registration by preconfigured private key When packet carries out the digital signature authentication success of signature processing, the push token and the device identification are stored.