CN106657429A - Equipment identifier generating method and device - Google Patents

Equipment identifier generating method and device Download PDF

Info

Publication number
CN106657429A
CN106657429A CN201610939614.5A CN201610939614A CN106657429A CN 106657429 A CN106657429 A CN 106657429A CN 201610939614 A CN201610939614 A CN 201610939614A CN 106657429 A CN106657429 A CN 106657429A
Authority
CN
China
Prior art keywords
device identifier
client
identification
service end
device identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610939614.5A
Other languages
Chinese (zh)
Inventor
罗晋韬
张欢引
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Meizu Technology Co Ltd
Original Assignee
Meizu Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Meizu Technology Co Ltd filed Critical Meizu Technology Co Ltd
Priority to CN201610939614.5A priority Critical patent/CN106657429A/en
Publication of CN106657429A publication Critical patent/CN106657429A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • H04L61/301Name conversion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses an equipment identifier generating method which is applied to a server. The equipment identifier generating method comprises the steps of acquiring equipment identification reported by a client; converting the equipment identification into an irreversible first equipment identifier through a preset algorithm; and sending the first equipment identifier to the client so as to enable the client to store the first equipment identifier into a storage region which cannot be updated. The embodiment of the invention further provides an equipment identifier generating device which is used for performing management on equipment identifiers of the client through the server, so that the safety and the reliability of data of the client are increased, and the possibility of user or equipment sensitive information leakage is greatly reduced.

Description

A kind of device identifier generation method and device
Technical field
The present invention relates to networking technology area, more particularly to a kind of device identifier generation method and device.
Background technology
With the rapid popularization of mobile device, incident safety issue becomes increasingly conspicuous, especially in mobile device Data acquisition and data handling procedure in the safety problem brought.At present, based on the application of mobile device, service and be System, contains more sensitive information, such as user identity card number, phone, address, credit card number in its data, once occur Divulge a secret, unnecessary loss and harm will be caused.The leakage of sensitive information in order to prevent mobile device data, it is ensured that data are pacified Entirely, data desensitization process can be carried out to the sensitive information in data in data acquisition and data handling procedure, i.e., to data In sensitive information the deformation of data is carried out by desensitization rule, realize the reliably protecting of privacy-sensitive data.
In the data acquisition and data handling procedure of existing equipment, in order that service end is capable of identify that and can use client The data of end transmission, are usually identified the data using corresponding device identifier.If however, the device identifier is not Desensitization process is carried out, there will be a certain degree of insecurity, especially for field of mobile equipment, if taking client identification The mode of process, may allow third party to carry out cracking for processing mode, and cause the leakage of user or equipment sensitive information.Such as In the statistical method of data, if (International Mobile Equipment Identity, the world is moved using IMEI Dynamic EIC equipment identification code) or MAC (MediaAccess Control, media access control) addresses as client device identification Symbol, then because IMEI or MAC are related to the sensitive permission of equipment, once be cracked easily cause letting out for user or equipment sensitive information Dew.
Therefore, how data are carried out with desensitization process, the sensitive identification symbol in data is removed, to generate safe setting Standby identifier is those skilled in the art problem demanding prompt solution come the security for improving client data.
The content of the invention
A kind of device identifier generation method and device are embodiments provided, can be by service end to client The device identifier at end is managed, and increases the security reliability of client data, and greatly reduces user or equipment sensitivity The possibility of information leakage.
In view of this, first aspect present invention provides a kind of device identifier generation method, is applied to service end, can wrap Include:
Obtain the device identification that client sends;
Device identification is converted into into irreversible first device identifier by preset algorithm;
First device identifier is sent to client, so that client stores the first device identifier to can not be more New storage region.
With reference to the embodiment of the present invention in a first aspect, the first embodiment of the first aspect in the embodiment of the present invention In, the first device identifier is being sent to before client, the method also includes:
The second device identifier is verified according to the first device identifier, the second device identifier is by client Report is obtained;
If authentication failed, the step of the first device identifier being sent to client is triggered.
With reference to the embodiment of the present invention in a first aspect, second embodiment of the first aspect in the embodiment of the present invention In, before device identification to be converted into irreversible first device identifier by preset algorithm, the method also includes:
Inverse operation is carried out to the second device identifier according to preset algorithm, and device identification is carried out according to inverse operation result Checking, the second device identifier is to be reported to obtain by client;
If authentication failed, trigger and device identification is converted into into irreversible first device identifier by preset algorithm Step.
With reference to the embodiment of the present invention in a first aspect, the first embodiment or of the first aspect of the embodiment of the present invention Two kinds of embodiments, in the third embodiment of the first aspect of the embodiment of the present invention, preset algorithm is MD5 algorithms.
With reference to the embodiment of the present invention in a first aspect, the first embodiment of the first aspect of the embodiment of the present invention is to Any one in three kinds of embodiments, in the 4th kind of embodiment party's mode of the first aspect of the embodiment of the present invention, equipment mark Knowledge includes at least one of:
International mobile equipment identification number IMEI, MAC address, equipment Serial Number.
Second aspect present invention provides a kind of device identifier generation method, is applied to client, it may include:
Gather discernible device identification;
Device identification is sent to service end so that service end device identification is changed into by preset algorithm it is irreversible The first device identifier;
The first device identifier that service end sends is received, and the first device identifier is stored to non-renewable memory block Domain.
With reference to the second aspect of the embodiment of the present invention, in the first embodiment of the second aspect of the embodiment of the present invention In, before discernible device identification is gathered, the method also includes:
Judge that non-renewable storage region whether there is the second device identifier;
If it is not, then triggering collection discernible device identification the step of.
With reference to the first embodiment of the second aspect of the embodiment of the present invention, in the second aspect of the embodiment of the present invention In second embodiment, after judging non-renewable storage region with the presence or absence of the second device identifier, the method is also wrapped Include:
If judging there is the second device identifier in non-renewable storage region, according to preset rules to the second device identification Symbol is verified;
If authentication failed, the step of triggering collection discernible device identification.
With reference to the embodiment of the present invention in a first aspect, the first embodiment or of the first aspect of the embodiment of the present invention Two kinds of embodiments, in the third embodiment of the first aspect of the embodiment of the present invention, preset algorithm is MD5 algorithms.
With reference to the second aspect of the embodiment of the present invention, the first embodiment of the second aspect of the embodiment of the present invention to Any one in three kinds of embodiments, in the 4th kind of embodiment of the first aspect of the embodiment of the present invention, device identification Including at least one of:
International mobile equipment identification number IMEI, MAC address, equipment Serial Number.
Third aspect present invention provides a kind of device identifier generating means, is applied to service end, it may include:
Acquisition module, for obtaining the device identification of client transmission;
Modular converter, for device identification to be converted into into irreversible first device identifier by preset algorithm;
Sending module, for the first device identifier to be sent to client, so that client is by the first device identification Symbol is stored to non-renewable storage region.
With reference to the third aspect of the embodiment of the present invention, in the first embodiment of the third aspect of the embodiment of the present invention In, device also includes:
First authentication module, for being verified to the second device identifier according to the first device identifier, the second equipment Identifier is to be reported to obtain by client;
First trigger module, sends the first device identifier to visitor for when failing the authentication, then triggering sending module Family end.
With reference to the third aspect of the embodiment of the present invention, in second embodiment of the third aspect of the embodiment of the present invention In, device also includes:
Inverse operation module, for inverse operation, the second device identifier to be carried out to the second device identifier according to preset algorithm It is to be reported to obtain by client;
Second authentication module, for being verified to inverse operation result according to device identification;
Second trigger module, is turned device identification by preset algorithm for when failing the authentication, then triggering modular converter Change irreversible first device identifier into.
With reference to the third aspect of the embodiment of the present invention, the first embodiment of the third aspect of the embodiment of the present invention or Two kinds of embodiments, in the third embodiment of the third aspect of the embodiment of the present invention, preset algorithm is MD5 algorithms.
With reference to the third aspect of the embodiment of the present invention, the first embodiment of the third aspect of the embodiment of the present invention to Any one in three kinds of embodiments, in the 4th kind of embodiment of the third aspect of the embodiment of the present invention, device identification Including at least one of:
International mobile equipment identification number IMEI, MAC address, equipment Serial Number.
Fourth aspect present invention provides a kind of device identifier generating means, is applied to client, it may include:
Acquisition module, for gathering discernible device identification;
Sending module, for device identification to be sent to service end, so that service end imputes device identification by pre- Method changes into irreversible first device identifier;
Receiver module, for receiving the first device identifier of service end transmission;
Memory module, for the first device identifier to be stored to non-renewable storage region.
With reference to the fourth aspect of the embodiment of the present invention, in the first embodiment of the fourth aspect of the embodiment of the present invention In, device also includes:
Judge module, for judging that non-renewable storage region whether there is the second device identifier;
First trigger module, for when there is no the second device identifier, then the collection of triggering collection module to be discernible Device identification.
With reference to the first embodiment of the fourth aspect of the embodiment of the present invention, in the fourth aspect of the embodiment of the present invention In second embodiment, device also includes:
Authentication module, for when judging that non-renewable storage region has the second device identifier, then according to default rule Then the second device identifier is verified;
Second trigger module, for when failing the authentication, then triggering collection module to gather discernible device identification.
With reference to the fourth aspect of the embodiment of the present invention, the first embodiment of the fourth aspect of the embodiment of the present invention or Two kinds of embodiments, in the third embodiment of the fourth aspect of the embodiment of the present invention, preset algorithm is MD5 algorithms.
With reference to the fourth aspect of the embodiment of the present invention, the first embodiment of the fourth aspect of the embodiment of the present invention to Any one in three kinds of embodiments, in the 4th kind of embodiment of the fourth aspect of the embodiment of the present invention, device identification Including at least one of:
International mobile equipment identification number IMEI, MAC address, equipment Serial Number.
As can be seen from the above technical solutions, the embodiment of the present invention has advantages below:
In the present embodiment, service end can pass through preset algorithm by equipment after the device identification that client sends is received Mark is converted into irreversible first device identifier, it is possible to send to client so that client can be by the first equipment Identifier is stored to non-renewable storage region.Compared to the data system that tradition makees device identifier using the device identification of collection Meter method, the present invention after device identification is converted into into irreversible first device identifier by service end, i.e. desensitization process, The sensitive identification of client is effectively eliminated, and in the case of leaking data, due to the irreversibility of the first device identifier, Also the privacy-sensitive information of user or equipment can still be protected.
Description of the drawings
Fig. 1 is device identifier generation method one embodiment schematic diagram in the embodiment of the present invention;
Fig. 2 is another embodiment schematic diagram of device identifier generation method in the embodiment of the present invention;
Fig. 3 is another embodiment schematic diagram of device identifier generation method in the embodiment of the present invention;
Fig. 4 is another embodiment schematic diagram of device identifier generation method in the embodiment of the present invention;
Fig. 5 is another embodiment schematic diagram of device identifier generation method in the embodiment of the present invention;
Fig. 6 is device identifier generating means one embodiment schematic diagram in the embodiment of the present invention;
Fig. 7 is another embodiment schematic diagram of device identifier generating means in the embodiment of the present invention;
Fig. 8 is another embodiment schematic diagram of device identifier generating means in the embodiment of the present invention;
Fig. 9 is another embodiment schematic diagram of device identifier generating means in the embodiment of the present invention;
Figure 10 is another embodiment schematic diagram of device identifier generating means in the embodiment of the present invention.
Specific embodiment
A kind of device identifier generation method and device are embodiments provided, can be by service end to client The device identifier at end is managed, and increases the security reliability of client data, and greatly reduces user or equipment sensitivity The possibility of information leakage.
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention Accompanying drawing, is clearly and completely described to the technical scheme in the embodiment of the present invention, it is clear that described embodiment is only The embodiment of a part of the invention, rather than the embodiment of whole.Based on the embodiment in the present invention, ordinary skill people The every other embodiment that member is obtained under the premise of creative work is not made, should all belong to the model of present invention protection Enclose.
Term " first ", " second ", " the 3rd " in description and claims of this specification and above-mentioned accompanying drawing, " Four " etc. (if present) is the object for distinguishing similar, without for describing specific order or precedence.Should manage The data that solution is so used can be exchanged in the appropriate case, so that the embodiments described herein can be with except illustrating here Or the order beyond the content of description is implemented.Additionally, term " comprising " and " having " and their any deformation, it is intended that Covering is non-exclusive to be included, and for example, containing process, method, system, product or the equipment of series of steps or unit need not limit In those steps or unit for clearly listing, but may include clearly not list or for these processes, method, product Other intrinsic steps of product or equipment or unit.
For ease of understanding, below the idiographic flow in the embodiment of the present invention is described from service end side, is referred to Fig. 1, device identifier generation method one embodiment includes in the embodiment of the present invention:
101st, the device identification that client is reported is obtained;
Specifically, when client and service end are interacted, in order to prevent the leakage of client sensitive information, it is right to realize The reliably protecting of privacy of user data, is managed accordingly using device identification of the service end to client, quick to reduce The possibility of sense information leakage, the sensitive information can include but is not limited to personally identifiable information, personal account information and lead to News information etc..Before the present embodiment is performed, client can be previously-completed the acquisition process of equipment of itself mark, it is possible to will The device identification is sent to service end, and service end is received after the device identification, can be when needing to use corresponding device identification Obtained.
It is understood that the device identification in the present embodiment is being sent to service end, service end can store this and set Standby mark, with can to the corresponding device identification of same client Reusability, such that it is able to reduce the live load of client, Simultaneously the corresponding client of corresponding device identification can also be determined, specifically not limited herein.
In the present embodiment, device identification includes at least one of:International mobile equipment identification number IMEI, media interviews control MAC Address processed, equipment Serial Number.
It should be noted that content of the device identification in the present embodiment except described above, in actual applications, may be used also To be other, such as advertisement and identifier IFDA can be reported according to practical OS's collection by client and obtained, and specifically not limited herein It is fixed.
102nd, device identification is converted into into irreversible first device identifier by preset algorithm;
In the present embodiment, service end is obtained after corresponding device identification, can be turned the device identification by preset algorithm Change irreversible first device identifier into so that being related to the device identification of client sensitive permission can effectively be desensitized Process.
In actual applications, the preset algorithm in the present embodiment can be MD5 algorithms, specifically, the first device identifier Can be changed as follows:After using MD5 algorithms device identification is changed, 32 MD5 can be carried out N number of tearing open Point, N is the integer more than zero, then N number of field that fractionation is obtained can be counted accordingly using cyclic check CRC code Calculate, such as CRC is carried out to field 1 and be calculated A, CRC is carried out to field 2 and is calculated B, CRC code is carried out to field 3 and is calculated C, by that analogy, CRC is carried out to field N and is calculated X (X is represented that N carries out the symbol obtained after CRC code calculating, the symbol May include character etc.) after, result of calculation can be spliced into such as 1A2B3CNX, and can be carried out according to splicing result CRC code is calculated Y, then 1A2B3CNX can be carried out into corresponding displacement according to Y, you can obtain the first device identifier.
It is understood that in the present embodiment the conversion method of the first device identifier except the algorithm of described above, In practical application, device identification can also be changed using other algorithms, it is possible to by transformation result directly as first Device identifier, can also carry out corresponding filling to transformation result and obtain the first device identifier, specifically using spcial character Do not limit herein.
103rd, the first device identifier is sent to client, so that client stores the first device identifier to not Renewable storage region.
In the present embodiment, device identification is converted into irreversible first device identifier by service end by preset algorithm Afterwards, the first device identifier can be sent to client, so that client stores the first device identifier to can not be more New storage region, client can also accordingly be made by extracting first device identifier in non-renewable storage region With.
In the present embodiment, the first device identifier is issued by service end, to allow client to obtain the first device identifier Mode, effectively eliminate the sensitive identification of client, and in the case of leaking data, due to the first device identifier not Invertibity, also can still protect the privacy-sensitive information of user or equipment.Meanwhile, the transduction pathway of the first device identifier with And in the corresponding storage method of client, prevent rogue program to usurp the malice of the first device identifier to a certain extent Change, the first device identifier is effectively reduced by massive duplication or the probability changed in a large number, so as to ensure that the first equipment mark Know the uniqueness of symbol, and the first device identification and client are corresponded, be conducive to service end effectively with corresponding client Carry out information exchange.
It should be noted that in actual applications, if client has the second device identifier, second set using this Service end can be reported to during standby identifier, then the second device identifier that service end can be reported to client is tested Demonstrate,prove, but verification mode can separately below be illustrated with difference:
Fig. 2 is referred to, another embodiment of device identifier generation method includes in the embodiment of the present invention:
Step 201 in the present embodiment is identical to step 102 with the step 101 in embodiment illustrated in fig. 1 to step 202, Here is omitted.
203rd, the second device identifier is verified according to the first device identifier, if authentication failed, execution step If the 204, being proved to be successful, execution step 205.
In the present embodiment, when client and service end are interacted, if the non-renewable storage region of client is present Second device identifier, then client using second device identifier and can report to service end, service end is being obtained After second device identifier, the second device identifier can be verified.
In actual applications, the second device identifier of client upload can there is a possibility that to be tampered, then be Avoid that the second device identifier is tampered and caused second device identifier is not one-to-one with corresponding client Situation so that service end cannot make a distinction to corresponding client, client, can in message when message is sent to service end To carry device identification and the second device identifier, with to service end reporting equipment mark and the second device identifier, then Service end can be verified to the second device identifier after the second device identifier is obtained, specifically, can pass through to perform step Rapid 201 to step 202 obtains the first device identifier being converted into according to MD5 algorithms by device identification, it is possible to by first Device identifier and the second device identifier are compared and are verified result, if the first device identifier and the second device identification Symbol is inconsistent, is AB according to the first device identifier that MD5 algorithms are converted to device identification for example, and the second equipment mark Know symbol AC, then understand that the second device identifier is tampered, then authentication failed, if the first device identifier and the second device identification Symbol is consistent, is AB according to the first device identifier that MD5 algorithms are converted to device identification for example, and the second device identification Symbol is also AB, then understands that the second device identifier is not tampered with, then means to be proved to be successful.
It is understood that the verification process of the present embodiment can also be carried out offline, i.e., service end is obtaining equipment mark After knowledge and the second device identifier, can be set to second using the first device identifier that device identification is changed every a period of time Standby identifier is verified.
Specifically, in the present embodiment, if the second device identifier authentication failed, then service end can have been converted to simultaneously The first device identifier for checking is issued to client, i.e. execution step 204.
Step 204 in the present embodiment is identical with the step 103 in embodiment illustrated in fig. 1, and here is omitted.
205th, other flow processs are performed.
In the present embodiment, if the second device identifier is proved to be successful, then mean that the second device identifier is not usurped Change, the second device identifier can be used normally, then can not carry out other operations, that is, terminate flow process, but service end According to actual needs corresponding data interaction can be carried out using second device identifier, such as and third party, specifically herein not Limit.
Fig. 3 is referred to, another embodiment of device identifier generation method includes in the embodiment of the present invention:
Step 301 in the present embodiment is identical with the step 101 in embodiment illustrated in fig. 1, and here is omitted.
302nd, inverse operation is carried out to the second device identifier according to preset algorithm, and according to device identification to inverse operation result Verified, if authentication failed, execution step 303, if being proved to be successful, execution step 305;
In the present embodiment, when client and service end are interacted, if the non-renewable storage region of client is present Second device identifier, then client using second device identifier and can report to service end, service end is being obtained After second device identifier, inverse operation can be carried out to the second device identifier according to preset algorithm, it is possible to according to step 201 The device identification of acquisition is verified to inverse operation result.
In actual applications, the second device identifier of client upload can there is a possibility that to be tampered, then be Avoid that the second device identifier is tampered and caused second device identifier is not one-to-one with corresponding client Situation so that service end cannot make a distinction to corresponding client, client, can in message when message is sent to service end To carry device identification and the second device identifier, with to service end reporting equipment mark and the second device identifier, then Service end can be verified to the second device identifier after the second device identifier is obtained, specifically, can imputed by pre- Method, i.e. MD5 algorithms carry out inverse operation to the second device identifier, and inverse operation result and device identification are carried out into corresponding ratio It is right, for example, it is assumed that device identification is AB, if inverse operation is carried out to the second device identifier using MD5 algorithms obtaining relative to setting Standby last the symbol that identifies is C, and substantially in accordance with order from left to right, last symbol of device identification is B, So pass through comparing for C and B, it is known that the second device identifier authentication failed, and now can be without to the second device identifier Proceed the inverse operation of the symbol relative to device identification penultimate, and if using MD5 algorithms to the second device identification Symbol carries out inverse operation and obtains relative to device identification last symbol being B, then relative to setting in the second device identifier It is standby to identify last validation symbol success, then need to continue with MD5 algorithms the second device identifier is carried out relative to The inverse operation of the symbol of device identification penultimate, if the inverse operation result is A, then understand reciprocal relative to device identification Deputy symbol is also proved to be successful, and means that the second device identifier is proved to be successful.It is understood that the second equipment mark The symbol quantity of the inverse operation number of times and device identification of knowing symbol is adapted, and in verification process, can be set to second according to MD5 algorithms Standby identifier carry out it is corresponding it is counter push away, as long as the validation symbol begun with relative to device identification fails, that is, mean that second sets Standby identification verification fails, but all inverse operation results of only the second device identifier match with device identification, just means The second device identifier to be proved to be successful.
It should be noted that carrying out inverse operation to the second device identifier in actual applications, or first, then obtain Device identification, and inverse operation result is verified according to device identification, can also be carries out inverse fortune to the second device identifier Device identification is obtained while calculation, operation result is verified further according to device identification, specifically do not limited herein.
It is understood that the verification process of the present embodiment can also be carried out offline, i.e., service end is obtaining equipment mark After knowledge and the second device identifier, inverse operation can be carried out to the second device identifier using preset algorithm every a period of time, Device identification is recycled to verify inverse operation result.
Specifically, in the present embodiment, if the second device identifier authentication failed, then service end can turn device identification Change the first device identifier, i.e. execution step 303.
Step 303 in the present embodiment is identical to step 103 with the step 102 in embodiment illustrated in fig. 1 to step 304, Here is omitted.
305th, other flow processs are performed.
In the present embodiment, if the second device identifier is proved to be successful, then mean that the second device identifier is not usurped Change, the second device identifier can be used normally, then can not carry out other operations, that is, terminate flow process, but service end According to actual needs corresponding data interaction can be carried out using second device identifier, such as and third party, specifically herein not Limit.
Above the device identifier generation method in the embodiment of the present invention is described from service end side, below from Client-side is described to the device identifier generation method in the embodiment of the present invention, refers to Fig. 4, the embodiment of the present invention Another embodiment of middle device identifier generation method includes:
401st, discernible device identification is gathered;
In the present embodiment, client comes into operation in first time, or first time enters row information and hands over service end or third party Mutually, or need reacquire device identifier when, discernible device identification can be gathered, with to service end request set accordingly Standby identifier, the device identification to being related to client sensitive permission carries out desensitization process.
In the present embodiment, device identification can include at least one of:International mobile equipment identification number IMEI, media are visited Ask control MAC Address, equipment Serial Number.
It should be noted that content of the device identification in the present embodiment except described above, in actual applications, may be used also To be other, such as advertisement and identifier IFDA can accordingly be gathered, specifically herein not by client according to practical OS's Limit.
402nd, device identification is sent to service end, so that service end is converted into device identification not by preset algorithm The first reversible device identifier;
In the present embodiment, client is gathered after discernible device identification, device identification can be sent to service end, with Allow service end that device identification is converted into into irreversible first device identifier by preset algorithm.
Specifically, device identification is converted into the mistake of the first device identifier according to preset algorithm, i.e. MD5 algorithms for service end Journey, can be based on the content of step 102 explanation in embodiment illustrated in fig. 1, and here is omitted.
403rd, the first device identifier that service end sends is received, and the first device identifier is stored to non-renewable deposits Storage area domain.
In the present embodiment, client to service end is sent after device identification, can receive the first equipment mark that service end is issued Know symbol, it is possible to the first device identifier is stored to non-renewable storage region.
Specifically, client stores the first device identifier to non-renewable storage region, due to non-renewable storage The non-regeneratability in region, such that it is able to the possibility for preventing the first device identifier to be tampered in the storage region, Jin Eryou The security of the first device identifier is used beneficial to raising client.
It is understood that in actual applications, if client has been stored with the second equipment in non-renewable storage region Identifier, then client can be verified and used to second device identifier, refer to Fig. 5, the embodiment of the present invention Another embodiment of middle device identifier generation method includes:
501st, non-renewable storage region is judged with the presence or absence of the second device identifier, if so, then execution step 502, if It is no, then execution step 503;
It is quick in order to prevent when client needs to carry out corresponding information exchange with service end or third party in the present embodiment The leakage of sense information, can accordingly be searched non-renewable storage region, it is possible to whether judge non-renewable region There is the second device identifier, second device identifier was regarded as before current point in time by service end in client The device identification of report is changed and issued and obtained.
502nd, the second device identifier is verified according to preset rules, if authentication failed, execution step 503, if It is proved to be successful, then execution step 506;
In the present embodiment, if client judges that non-renewable storage region has the second device identifier, then client Second device identifier can be used, although client is to obtain the second device identifier from non-renewable storage region, Second device identifier still suffers from the possibility being tampered, then in order to improve the security of client-side information interaction, in client Using before second device identifier, client can be verified according to preset rules to the second device identifier at end.
Specifically, obtain because the second device identifier is actually issued by service end according to preset algorithm, then client Hold the algorithmic rule according to service end, it may be determined that the digit of the second device identifier, for example, it is assumed that the second device identifier Normal digit is 32, if but client determines that the second device identifier from non-renewable extracted region out only has 16, So it is considered that authentication failed, if conversely, client determines the second device identifier from non-renewable extracted region out There are 32, then it is considered that being proved to be successful.
It should be noted that the present embodiment only illustrates that client is carried out to the second device identifier with said one example The concrete mode of checking, in actual applications, can also adopt alternate manner, such as based on setting for collecting in following step 503 Standby mark, client can utilize the preliminary conversion that the preset algorithm of such as MD5 algorithms carry out former to device identification, and and Already present second device identifier is contrasted accordingly, for example, it is assumed that the second device identifier is AB, client is to equipment Mark is changed accordingly, but according to order from left to right, client is only calculated relative to the second device identifier First, if result of calculation is A, then client is believed that and is proved to be successful, if result of calculation is C, then it is assumed that authentication failed, Specifically do not limit herein.
It is understood that in the present embodiment, if the second device identifier authentication failed, then client is due to cannot be right Second device identifier is modified, then can gather discernible device identification and send to service end, to ask service end weight Newly issue corresponding device identifier, i.e. execution step 503.
Step 503 in the present embodiment is identical to step 503 with the step 501 in embodiment illustrated in fig. 4 to step 505, Here is omitted.
If it should be noted that on the basis of non-renewable region has the second device identifier, receiving service end The first device identifier for issuing, then the second device identifier will be abandoned, and the first device identifier then can be in client Hold and used when needing next time, and then may insure the uniqueness of device identifier in client, and can be with client one by one Correspondence.
506th, other flow processs are performed.
In the present embodiment, if client is proved to be successful according to preset rules to the second device identifier, it is meant that client Can use the second device identifier, then can not carry out other operations, that is, terminate flow process, but client can be continued executing with Using the subsequent operation of the second device identifier, the second device identifier is such as carried in the message reported to service end, herein Do not limit.
The device identifier generation method in the embodiment of the present invention is described above, below from service end side pair Device identifier generating means in the embodiment of the present invention are described, and refer to Fig. 5, device identifier in the embodiment of the present invention Generating means one embodiment includes:
Acquisition module 601, for obtaining the device identification that client is reported;
Modular converter 602, for device identification to be converted into into irreversible first device identifier by preset algorithm;
Sending module 603, for the first device identifier to be sent to client, so that client is by the first equipment mark Know symbol to store to non-renewable storage region.
In the present embodiment, the device identification that acquisition module 601 is obtained is converted into into irreversible by modular converter 602 One device identifier, sending module 603 can issue the first device identifier to allow client to obtain the first device identifier, this Effectively eliminate the sensitive identification of client, and cause in the case of leaking data, due to the first device identifier can not Inverse property, also can still protect the privacy-sensitive information of user or equipment.Meanwhile, conversion of first device identifier in service end Path and in the corresponding storage method of client, prevents to a certain extent rogue program to set to first from client-side The malice of standby identifier is distorted, and effectively reduces the first device identifier by massive duplication or the probability changed in a large number, so as to The uniqueness of the first device identifier is ensure that, and the first device identification is corresponded with client, is conducive to service end effective Ground carries out information exchange with corresponding client.
Fig. 7 is referred to, another embodiment of device identifier generating means includes in the embodiment of the present invention:
Module 701 in the present embodiment is identical with the module 601 in embodiment illustrated in fig. 6, and module 702 is real with shown in Fig. 6 The module 602 applied in example is identical, and here is omitted.
First authentication module 703, for being verified to the second device identifier according to the first device identifier, second sets Standby identifier is to be reported to obtain by client;
Module 704 in the present embodiment is identical with the module 603 in embodiment illustrated in fig. 6, and here is omitted.
First trigger module 705, for when failing the authentication, then trigger sending module by the first device identifier send to Client.
Fig. 8 is referred to, another embodiment of device identifier generating means includes in the embodiment of the present invention:
Module 801 in the present embodiment is identical with the module 601 in embodiment illustrated in fig. 6, and here is omitted.
Inverse operation module 802, for inverse operation, the second device identification to be carried out to the second device identifier according to preset algorithm Symbol is to be reported to obtain by client;
Second authentication module 803, for being verified to inverse operation result according to device identification;
Module 804 in the present embodiment is identical with the module 602 in embodiment illustrated in fig. 6, and module 805 is real with shown in Fig. 6 The module 603 applied in example is identical, and here is omitted.
Second trigger module 806, preset algorithm is passed through for when failing the authentication, then triggering modular converter by device identification It is converted into irreversible first device identifier.
Above the device identifier generating means in the embodiment of the present invention are described from service end side, below from Client-side is described to the device identifier generating means in the embodiment of the present invention, refers to Fig. 9, the embodiment of the present invention Another embodiment of middle device identifier generating means includes:
Acquisition module 901, for gathering discernible device identification;
Sending module 902, for device identification to be sent to service end, so that device identification is passed through default by service end Algorithm changes into irreversible first device identifier;
Receiver module 903, for receiving the first device identifier of service end transmission;
Memory module 904, for storing the first device identifier to the non-renewable storage region of client.
Figure 10 is referred to, another embodiment of device identifier generating means includes in the embodiment of the present invention:
Judge module 1001, for judging that non-renewable storage region whether there is the second device identifier;
Module 1002 in the present embodiment is identical with the module 901 in embodiment illustrated in fig. 9, and here is omitted.
First trigger module 1003, for when there is no the second device identifier, then triggering collection module collection can be known Other device identification.
Authentication module 1004, for when judging that non-renewable storage region has the second device identifier, then according to pre- If rule is verified to the second device identifier;
Second trigger module 1005, for when failing the authentication, then triggering collection module to gather discernible device identification;
Module 1006 in the present embodiment is identical with the module 902 in embodiment illustrated in fig. 9, shown in module 1007 and Fig. 9 Module 903 in embodiment is identical, and module 1008 is identical with the module 904 in embodiment illustrated in fig. 9, and here is omitted.
Those skilled in the art can be understood that, for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, will not be described here.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with Realize by another way.For example, device embodiment described above is only schematic, for example, the unit Divide, only a kind of division of logic function can have other dividing mode, such as multiple units or component when actually realizing Can with reference to or be desirably integrated into another system, or some features can be ignored, or not perform.It is another, it is shown or The coupling each other for discussing or direct-coupling or communication connection can be the indirect couplings by some interfaces, device or unit Close or communicate to connect, can be electrical, mechanical or other forms.
The unit as separating component explanation can be or may not be it is physically separate, it is aobvious as unit The part for showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can according to the actual needs be selected to realize the mesh of this embodiment scheme 's.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, it is also possible to It is that unit is individually physically present, it is also possible to which two or more units are integrated in a unit.Above-mentioned integrated list Unit both can be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used When, during a computer read/write memory medium can be stored in.Based on such understanding, technical scheme is substantially The part for contributing to prior art in other words or all or part of the technical scheme can be in the form of software products Embody, the computer software product is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the invention Portion or part steps.And aforesaid storage medium includes:USB flash disk, portable hard drive, read-only storage (ROM, Read-Only Memory), random access memory (RAM, RandomAccess Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.
The above, above example only to illustrate technical scheme, rather than a limitation;Although with reference to front State embodiment to be described in detail the present invention, it will be understood by those within the art that:It still can be to front State the technical scheme described in each embodiment to modify, or equivalent is carried out to which part technical characteristic;And these Modification is replaced, and does not make the spirit and scope of the essence disengaging various embodiments of the present invention technical scheme of appropriate technical solution.

Claims (12)

1. a kind of device identifier generation method, is applied to service end, it is characterised in that include:
Obtain the device identification that client is reported;
The device identification is converted into into irreversible first device identifier by preset algorithm;
First device identifier is sent to the client, so that the client is by first device identifier Store to non-renewable storage region.
2. device identifier generation method according to claim 1, it is characterised in that described by the first equipment mark Know symbol to send to before the client, methods described also includes:
The second device identifier is verified according to first device identifier, second device identifier is by described Client is reported and obtained;
If the authentication failed, trigger described the step of first device identifier is sent to the client.
3. device identifier generation method according to claim 1, it is characterised in that by the device identification by pre- Imputation method is converted into before irreversible first device identifier, and methods described also includes:
Inverse operation is carried out to the second device identifier according to the preset algorithm, and according to the device identification to inverse operation result Verified, second device identifier is to be reported to obtain by the client;
If the authentication failed, trigger described the device identification is converted into into irreversible first equipment by preset algorithm The step of identifier.
4. device identifier generation method according to any one of claim 1 to 3, it is characterised in that the pre- imputation Method is MD5 algorithms.
5. device identifier generation method according to any one of claim 1 to 3, it is characterised in that the equipment mark Knowledge includes at least one of:
International mobile equipment identification number IMEI, MAC address, equipment Serial Number.
6. a kind of device identifier generation method, is applied to client, it is characterised in that include:
Gather discernible device identification;
The device identification is sent to service end, so that the service end converts the device identification by preset algorithm Into irreversible first device identifier;
Receive first device identifier that the service end sends, and first device identifier is stored to can not be more New storage region.
7. device identifier generation method according to claim 6, it is characterised in that gathering discernible device identification Before, methods described also includes:
Judge that the non-renewable storage region whether there is the second device identifier;
If it is not, the step of then triggering the collection discernible device identification.
8. device identifier generation method according to claim 7, it is characterised in that judge described non-renewable described With the presence or absence of after the second device identifier, methods described also includes storage region:
If judging there is the second device identifier in the non-renewable storage region, according to preset rules to second equipment Identifier is verified;
If the authentication failed, trigger it is described collection discernible device identification the step of.
9. the device identifier generation method according to any one of claim 6 to 8, it is characterised in that the preset algorithm For MD5 algorithms.
10. the device identifier generation method according to any one of claim 6 to 8, it is characterised in that the equipment mark Knowledge includes at least one of:
International mobile equipment identification number IMEI, MAC address, equipment Serial Number.
A kind of 11. devices of the device identifier generation method realized as described in any one of claim 1 to 5, are applied to service End, it is characterised in that described device includes:
Acquisition module, for obtaining the device identification that client is reported;
Modular converter, for the device identification to be converted into into irreversible first device identifier by preset algorithm;
Sending module, for first device identifier to be sent to the client, so that the client will be described First device identifier is stored to non-renewable storage region.
A kind of 12. devices of the device identifier generation method realized as described in any one of claim 6 to 10, are applied to client End, it is characterised in that described device includes:
Acquisition module, for gathering discernible device identification;
Sending module, for the device identification to be sent to service end, so that the service end leads to the device identification Cross preset algorithm and change into irreversible first device identifier;
Receiver module, for receiving first device identifier that the service end sends;
Memory module, for first device identifier to be stored to non-renewable storage region.
CN201610939614.5A 2016-10-24 2016-10-24 Equipment identifier generating method and device Pending CN106657429A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610939614.5A CN106657429A (en) 2016-10-24 2016-10-24 Equipment identifier generating method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610939614.5A CN106657429A (en) 2016-10-24 2016-10-24 Equipment identifier generating method and device

Publications (1)

Publication Number Publication Date
CN106657429A true CN106657429A (en) 2017-05-10

Family

ID=58821187

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610939614.5A Pending CN106657429A (en) 2016-10-24 2016-10-24 Equipment identifier generating method and device

Country Status (1)

Country Link
CN (1) CN106657429A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107070654A (en) * 2017-05-12 2017-08-18 北京小米移动软件有限公司 information collecting method and device
CN107172092A (en) * 2017-07-03 2017-09-15 上海精数信息科技有限公司 Facility information guard method and device
CN108156273A (en) * 2017-12-14 2018-06-12 北京奇艺世纪科技有限公司 A kind of anonymous ID generation methods, device and electronic equipment
CN109492378A (en) * 2018-11-26 2019-03-19 平安科技(深圳)有限公司 A kind of auth method based on EIC equipment identification code, server and medium
WO2019085350A1 (en) * 2017-10-30 2019-05-09 平安科技(深圳)有限公司 Method and device for generating identifier, computer device, and storage medium
CN110599278A (en) * 2018-06-12 2019-12-20 百度在线网络技术(北京)有限公司 Method, apparatus, and computer storage medium for aggregating device identifiers
CN112000853A (en) * 2020-07-31 2020-11-27 天翼电子商务有限公司 Method, medium, client and server for generating/feeding back unique identifier of equipment
CN112231678A (en) * 2020-09-02 2021-01-15 网神信息技术(北京)股份有限公司 Storage device permission processing method and device, electronic device and storage medium
CN112307517A (en) * 2020-03-23 2021-02-02 尼尔森网联媒介数据服务有限公司 Identification code processing method and device, storage medium and electronic equipment
CN112311751A (en) * 2020-03-23 2021-02-02 尼尔森网联媒介数据服务有限公司 Method and device for verifying terminal, storage medium and electronic equipment
CN112541137A (en) * 2020-12-10 2021-03-23 清华大学 Identifier generation method and device, electronic equipment and storage medium
CN113965415A (en) * 2020-08-13 2022-01-21 支付宝(杭州)信息技术有限公司 Risk identification method and device and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020156870A1 (en) * 2000-11-08 2002-10-24 Equate Systems, Inc. Method and apparatus for dynamically directing an application to a pre-defined target multimedia resource
CN101399666A (en) * 2007-09-28 2009-04-01 中国银联股份有限公司 Safety control method and system for digital certificate of file
CN101778381A (en) * 2009-12-31 2010-07-14 卓望数码技术(深圳)有限公司 Digital certificate generation method, user key acquisition method, mobile terminal and device
CN102045343A (en) * 2010-10-29 2011-05-04 深圳市爱贝信息技术有限公司 DC (Digital Certificate) based communication encrypting safety method, server and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020156870A1 (en) * 2000-11-08 2002-10-24 Equate Systems, Inc. Method and apparatus for dynamically directing an application to a pre-defined target multimedia resource
CN101399666A (en) * 2007-09-28 2009-04-01 中国银联股份有限公司 Safety control method and system for digital certificate of file
CN101778381A (en) * 2009-12-31 2010-07-14 卓望数码技术(深圳)有限公司 Digital certificate generation method, user key acquisition method, mobile terminal and device
CN102045343A (en) * 2010-10-29 2011-05-04 深圳市爱贝信息技术有限公司 DC (Digital Certificate) based communication encrypting safety method, server and system

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107070654A (en) * 2017-05-12 2017-08-18 北京小米移动软件有限公司 information collecting method and device
CN107172092A (en) * 2017-07-03 2017-09-15 上海精数信息科技有限公司 Facility information guard method and device
CN107172092B (en) * 2017-07-03 2019-12-27 上海精数信息科技有限公司 Equipment information protection method and device
WO2019085350A1 (en) * 2017-10-30 2019-05-09 平安科技(深圳)有限公司 Method and device for generating identifier, computer device, and storage medium
CN108156273A (en) * 2017-12-14 2018-06-12 北京奇艺世纪科技有限公司 A kind of anonymous ID generation methods, device and electronic equipment
CN110599278A (en) * 2018-06-12 2019-12-20 百度在线网络技术(北京)有限公司 Method, apparatus, and computer storage medium for aggregating device identifiers
CN110599278B (en) * 2018-06-12 2022-07-22 百度在线网络技术(北京)有限公司 Method, apparatus, and computer storage medium for aggregating device identifiers
CN109492378A (en) * 2018-11-26 2019-03-19 平安科技(深圳)有限公司 A kind of auth method based on EIC equipment identification code, server and medium
CN112307517A (en) * 2020-03-23 2021-02-02 尼尔森网联媒介数据服务有限公司 Identification code processing method and device, storage medium and electronic equipment
CN112311751A (en) * 2020-03-23 2021-02-02 尼尔森网联媒介数据服务有限公司 Method and device for verifying terminal, storage medium and electronic equipment
CN112000853A (en) * 2020-07-31 2020-11-27 天翼电子商务有限公司 Method, medium, client and server for generating/feeding back unique identifier of equipment
CN112000853B (en) * 2020-07-31 2024-05-24 天翼电子商务有限公司 Method for generating/feeding back unique identifier of equipment, medium, client and server
CN113965415A (en) * 2020-08-13 2022-01-21 支付宝(杭州)信息技术有限公司 Risk identification method and device and electronic equipment
CN112231678A (en) * 2020-09-02 2021-01-15 网神信息技术(北京)股份有限公司 Storage device permission processing method and device, electronic device and storage medium
CN112541137A (en) * 2020-12-10 2021-03-23 清华大学 Identifier generation method and device, electronic equipment and storage medium
CN112541137B (en) * 2020-12-10 2023-05-30 清华大学 Identifier generation method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN106657429A (en) Equipment identifier generating method and device
CN103607385B (en) Method and apparatus for security detection based on browser
CN108989346B (en) Third-party valid identity escrow agile authentication access method based on account hiding
CN107566381A (en) Equipment safety control method, apparatus and system
CN107148019B (en) It is a kind of for connecting the method and apparatus of wireless access point
CN104348614B (en) The method, apparatus and server of identity legitimacy verifying
CN103384242B (en) Intrusion detection method based on Nginx proxy server and system
CN106850209A (en) A kind of identity identifying method and device
CN100574237C (en) Act on behalf of cut-in method, control network devices and act on behalf of connecting system
US10581849B2 (en) Data packet transmission method, data packet authentication method, and server thereof
CN103313429A (en) Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot
CN105119901A (en) Method and system for detecting phishing hotspot
CN102271133A (en) Authentication method, device and system
CN112512046B (en) Safety detection method for short message verification code authentication process of Android application program
CN109729000B (en) Instant messaging method and device
WO2016110150A1 (en) Method and device for controlling access capability of illegal manufacturer onu in gpon system
CN105610872B (en) Internet-of-things terminal encryption method and internet-of-things terminal encryption device
CN103369529A (en) Identity authentication method, access point (AP) and access controller (AC)
CN108600234A (en) A kind of auth method, device and mobile terminal
CN107251520A (en) Method for the polymerization authentication protocol in M2M communication
CN106878280A (en) The method and apparatus of user authentication, the method and apparatus for obtaining user number information
CN114338510A (en) Data forwarding method and system with separated control and forwarding
US9756044B2 (en) Establishment of communication connection between mobile device and secure element
CN105141642B (en) A kind of method and device preventing illegal user's behavior
CN106454826A (en) Method and apparatus of AP to access AC

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170510

RJ01 Rejection of invention patent application after publication