CN106657429A - Equipment identifier generating method and device - Google Patents
Equipment identifier generating method and device Download PDFInfo
- Publication number
- CN106657429A CN106657429A CN201610939614.5A CN201610939614A CN106657429A CN 106657429 A CN106657429 A CN 106657429A CN 201610939614 A CN201610939614 A CN 201610939614A CN 106657429 A CN106657429 A CN 106657429A
- Authority
- CN
- China
- Prior art keywords
- device identifier
- client
- identification
- service end
- device identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/30—Managing network names, e.g. use of aliases or nicknames
- H04L61/301—Name conversion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses an equipment identifier generating method which is applied to a server. The equipment identifier generating method comprises the steps of acquiring equipment identification reported by a client; converting the equipment identification into an irreversible first equipment identifier through a preset algorithm; and sending the first equipment identifier to the client so as to enable the client to store the first equipment identifier into a storage region which cannot be updated. The embodiment of the invention further provides an equipment identifier generating device which is used for performing management on equipment identifiers of the client through the server, so that the safety and the reliability of data of the client are increased, and the possibility of user or equipment sensitive information leakage is greatly reduced.
Description
Technical field
The present invention relates to networking technology area, more particularly to a kind of device identifier generation method and device.
Background technology
With the rapid popularization of mobile device, incident safety issue becomes increasingly conspicuous, especially in mobile device
Data acquisition and data handling procedure in the safety problem brought.At present, based on the application of mobile device, service and be
System, contains more sensitive information, such as user identity card number, phone, address, credit card number in its data, once occur
Divulge a secret, unnecessary loss and harm will be caused.The leakage of sensitive information in order to prevent mobile device data, it is ensured that data are pacified
Entirely, data desensitization process can be carried out to the sensitive information in data in data acquisition and data handling procedure, i.e., to data
In sensitive information the deformation of data is carried out by desensitization rule, realize the reliably protecting of privacy-sensitive data.
In the data acquisition and data handling procedure of existing equipment, in order that service end is capable of identify that and can use client
The data of end transmission, are usually identified the data using corresponding device identifier.If however, the device identifier is not
Desensitization process is carried out, there will be a certain degree of insecurity, especially for field of mobile equipment, if taking client identification
The mode of process, may allow third party to carry out cracking for processing mode, and cause the leakage of user or equipment sensitive information.Such as
In the statistical method of data, if (International Mobile Equipment Identity, the world is moved using IMEI
Dynamic EIC equipment identification code) or MAC (MediaAccess Control, media access control) addresses as client device identification
Symbol, then because IMEI or MAC are related to the sensitive permission of equipment, once be cracked easily cause letting out for user or equipment sensitive information
Dew.
Therefore, how data are carried out with desensitization process, the sensitive identification symbol in data is removed, to generate safe setting
Standby identifier is those skilled in the art problem demanding prompt solution come the security for improving client data.
The content of the invention
A kind of device identifier generation method and device are embodiments provided, can be by service end to client
The device identifier at end is managed, and increases the security reliability of client data, and greatly reduces user or equipment sensitivity
The possibility of information leakage.
In view of this, first aspect present invention provides a kind of device identifier generation method, is applied to service end, can wrap
Include:
Obtain the device identification that client sends;
Device identification is converted into into irreversible first device identifier by preset algorithm;
First device identifier is sent to client, so that client stores the first device identifier to can not be more
New storage region.
With reference to the embodiment of the present invention in a first aspect, the first embodiment of the first aspect in the embodiment of the present invention
In, the first device identifier is being sent to before client, the method also includes:
The second device identifier is verified according to the first device identifier, the second device identifier is by client
Report is obtained;
If authentication failed, the step of the first device identifier being sent to client is triggered.
With reference to the embodiment of the present invention in a first aspect, second embodiment of the first aspect in the embodiment of the present invention
In, before device identification to be converted into irreversible first device identifier by preset algorithm, the method also includes:
Inverse operation is carried out to the second device identifier according to preset algorithm, and device identification is carried out according to inverse operation result
Checking, the second device identifier is to be reported to obtain by client;
If authentication failed, trigger and device identification is converted into into irreversible first device identifier by preset algorithm
Step.
With reference to the embodiment of the present invention in a first aspect, the first embodiment or of the first aspect of the embodiment of the present invention
Two kinds of embodiments, in the third embodiment of the first aspect of the embodiment of the present invention, preset algorithm is MD5 algorithms.
With reference to the embodiment of the present invention in a first aspect, the first embodiment of the first aspect of the embodiment of the present invention is to
Any one in three kinds of embodiments, in the 4th kind of embodiment party's mode of the first aspect of the embodiment of the present invention, equipment mark
Knowledge includes at least one of:
International mobile equipment identification number IMEI, MAC address, equipment Serial Number.
Second aspect present invention provides a kind of device identifier generation method, is applied to client, it may include:
Gather discernible device identification;
Device identification is sent to service end so that service end device identification is changed into by preset algorithm it is irreversible
The first device identifier;
The first device identifier that service end sends is received, and the first device identifier is stored to non-renewable memory block
Domain.
With reference to the second aspect of the embodiment of the present invention, in the first embodiment of the second aspect of the embodiment of the present invention
In, before discernible device identification is gathered, the method also includes:
Judge that non-renewable storage region whether there is the second device identifier;
If it is not, then triggering collection discernible device identification the step of.
With reference to the first embodiment of the second aspect of the embodiment of the present invention, in the second aspect of the embodiment of the present invention
In second embodiment, after judging non-renewable storage region with the presence or absence of the second device identifier, the method is also wrapped
Include:
If judging there is the second device identifier in non-renewable storage region, according to preset rules to the second device identification
Symbol is verified;
If authentication failed, the step of triggering collection discernible device identification.
With reference to the embodiment of the present invention in a first aspect, the first embodiment or of the first aspect of the embodiment of the present invention
Two kinds of embodiments, in the third embodiment of the first aspect of the embodiment of the present invention, preset algorithm is MD5 algorithms.
With reference to the second aspect of the embodiment of the present invention, the first embodiment of the second aspect of the embodiment of the present invention to
Any one in three kinds of embodiments, in the 4th kind of embodiment of the first aspect of the embodiment of the present invention, device identification
Including at least one of:
International mobile equipment identification number IMEI, MAC address, equipment Serial Number.
Third aspect present invention provides a kind of device identifier generating means, is applied to service end, it may include:
Acquisition module, for obtaining the device identification of client transmission;
Modular converter, for device identification to be converted into into irreversible first device identifier by preset algorithm;
Sending module, for the first device identifier to be sent to client, so that client is by the first device identification
Symbol is stored to non-renewable storage region.
With reference to the third aspect of the embodiment of the present invention, in the first embodiment of the third aspect of the embodiment of the present invention
In, device also includes:
First authentication module, for being verified to the second device identifier according to the first device identifier, the second equipment
Identifier is to be reported to obtain by client;
First trigger module, sends the first device identifier to visitor for when failing the authentication, then triggering sending module
Family end.
With reference to the third aspect of the embodiment of the present invention, in second embodiment of the third aspect of the embodiment of the present invention
In, device also includes:
Inverse operation module, for inverse operation, the second device identifier to be carried out to the second device identifier according to preset algorithm
It is to be reported to obtain by client;
Second authentication module, for being verified to inverse operation result according to device identification;
Second trigger module, is turned device identification by preset algorithm for when failing the authentication, then triggering modular converter
Change irreversible first device identifier into.
With reference to the third aspect of the embodiment of the present invention, the first embodiment of the third aspect of the embodiment of the present invention or
Two kinds of embodiments, in the third embodiment of the third aspect of the embodiment of the present invention, preset algorithm is MD5 algorithms.
With reference to the third aspect of the embodiment of the present invention, the first embodiment of the third aspect of the embodiment of the present invention to
Any one in three kinds of embodiments, in the 4th kind of embodiment of the third aspect of the embodiment of the present invention, device identification
Including at least one of:
International mobile equipment identification number IMEI, MAC address, equipment Serial Number.
Fourth aspect present invention provides a kind of device identifier generating means, is applied to client, it may include:
Acquisition module, for gathering discernible device identification;
Sending module, for device identification to be sent to service end, so that service end imputes device identification by pre-
Method changes into irreversible first device identifier;
Receiver module, for receiving the first device identifier of service end transmission;
Memory module, for the first device identifier to be stored to non-renewable storage region.
With reference to the fourth aspect of the embodiment of the present invention, in the first embodiment of the fourth aspect of the embodiment of the present invention
In, device also includes:
Judge module, for judging that non-renewable storage region whether there is the second device identifier;
First trigger module, for when there is no the second device identifier, then the collection of triggering collection module to be discernible
Device identification.
With reference to the first embodiment of the fourth aspect of the embodiment of the present invention, in the fourth aspect of the embodiment of the present invention
In second embodiment, device also includes:
Authentication module, for when judging that non-renewable storage region has the second device identifier, then according to default rule
Then the second device identifier is verified;
Second trigger module, for when failing the authentication, then triggering collection module to gather discernible device identification.
With reference to the fourth aspect of the embodiment of the present invention, the first embodiment of the fourth aspect of the embodiment of the present invention or
Two kinds of embodiments, in the third embodiment of the fourth aspect of the embodiment of the present invention, preset algorithm is MD5 algorithms.
With reference to the fourth aspect of the embodiment of the present invention, the first embodiment of the fourth aspect of the embodiment of the present invention to
Any one in three kinds of embodiments, in the 4th kind of embodiment of the fourth aspect of the embodiment of the present invention, device identification
Including at least one of:
International mobile equipment identification number IMEI, MAC address, equipment Serial Number.
As can be seen from the above technical solutions, the embodiment of the present invention has advantages below:
In the present embodiment, service end can pass through preset algorithm by equipment after the device identification that client sends is received
Mark is converted into irreversible first device identifier, it is possible to send to client so that client can be by the first equipment
Identifier is stored to non-renewable storage region.Compared to the data system that tradition makees device identifier using the device identification of collection
Meter method, the present invention after device identification is converted into into irreversible first device identifier by service end, i.e. desensitization process,
The sensitive identification of client is effectively eliminated, and in the case of leaking data, due to the irreversibility of the first device identifier,
Also the privacy-sensitive information of user or equipment can still be protected.
Description of the drawings
Fig. 1 is device identifier generation method one embodiment schematic diagram in the embodiment of the present invention;
Fig. 2 is another embodiment schematic diagram of device identifier generation method in the embodiment of the present invention;
Fig. 3 is another embodiment schematic diagram of device identifier generation method in the embodiment of the present invention;
Fig. 4 is another embodiment schematic diagram of device identifier generation method in the embodiment of the present invention;
Fig. 5 is another embodiment schematic diagram of device identifier generation method in the embodiment of the present invention;
Fig. 6 is device identifier generating means one embodiment schematic diagram in the embodiment of the present invention;
Fig. 7 is another embodiment schematic diagram of device identifier generating means in the embodiment of the present invention;
Fig. 8 is another embodiment schematic diagram of device identifier generating means in the embodiment of the present invention;
Fig. 9 is another embodiment schematic diagram of device identifier generating means in the embodiment of the present invention;
Figure 10 is another embodiment schematic diagram of device identifier generating means in the embodiment of the present invention.
Specific embodiment
A kind of device identifier generation method and device are embodiments provided, can be by service end to client
The device identifier at end is managed, and increases the security reliability of client data, and greatly reduces user or equipment sensitivity
The possibility of information leakage.
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
Accompanying drawing, is clearly and completely described to the technical scheme in the embodiment of the present invention, it is clear that described embodiment is only
The embodiment of a part of the invention, rather than the embodiment of whole.Based on the embodiment in the present invention, ordinary skill people
The every other embodiment that member is obtained under the premise of creative work is not made, should all belong to the model of present invention protection
Enclose.
Term " first ", " second ", " the 3rd " in description and claims of this specification and above-mentioned accompanying drawing, "
Four " etc. (if present) is the object for distinguishing similar, without for describing specific order or precedence.Should manage
The data that solution is so used can be exchanged in the appropriate case, so that the embodiments described herein can be with except illustrating here
Or the order beyond the content of description is implemented.Additionally, term " comprising " and " having " and their any deformation, it is intended that
Covering is non-exclusive to be included, and for example, containing process, method, system, product or the equipment of series of steps or unit need not limit
In those steps or unit for clearly listing, but may include clearly not list or for these processes, method, product
Other intrinsic steps of product or equipment or unit.
For ease of understanding, below the idiographic flow in the embodiment of the present invention is described from service end side, is referred to
Fig. 1, device identifier generation method one embodiment includes in the embodiment of the present invention:
101st, the device identification that client is reported is obtained;
Specifically, when client and service end are interacted, in order to prevent the leakage of client sensitive information, it is right to realize
The reliably protecting of privacy of user data, is managed accordingly using device identification of the service end to client, quick to reduce
The possibility of sense information leakage, the sensitive information can include but is not limited to personally identifiable information, personal account information and lead to
News information etc..Before the present embodiment is performed, client can be previously-completed the acquisition process of equipment of itself mark, it is possible to will
The device identification is sent to service end, and service end is received after the device identification, can be when needing to use corresponding device identification
Obtained.
It is understood that the device identification in the present embodiment is being sent to service end, service end can store this and set
Standby mark, with can to the corresponding device identification of same client Reusability, such that it is able to reduce the live load of client,
Simultaneously the corresponding client of corresponding device identification can also be determined, specifically not limited herein.
In the present embodiment, device identification includes at least one of:International mobile equipment identification number IMEI, media interviews control
MAC Address processed, equipment Serial Number.
It should be noted that content of the device identification in the present embodiment except described above, in actual applications, may be used also
To be other, such as advertisement and identifier IFDA can be reported according to practical OS's collection by client and obtained, and specifically not limited herein
It is fixed.
102nd, device identification is converted into into irreversible first device identifier by preset algorithm;
In the present embodiment, service end is obtained after corresponding device identification, can be turned the device identification by preset algorithm
Change irreversible first device identifier into so that being related to the device identification of client sensitive permission can effectively be desensitized
Process.
In actual applications, the preset algorithm in the present embodiment can be MD5 algorithms, specifically, the first device identifier
Can be changed as follows:After using MD5 algorithms device identification is changed, 32 MD5 can be carried out N number of tearing open
Point, N is the integer more than zero, then N number of field that fractionation is obtained can be counted accordingly using cyclic check CRC code
Calculate, such as CRC is carried out to field 1 and be calculated A, CRC is carried out to field 2 and is calculated B, CRC code is carried out to field 3 and is calculated
C, by that analogy, CRC is carried out to field N and is calculated X (X is represented that N carries out the symbol obtained after CRC code calculating, the symbol
May include character etc.) after, result of calculation can be spliced into such as 1A2B3CNX, and can be carried out according to splicing result
CRC code is calculated Y, then 1A2B3CNX can be carried out into corresponding displacement according to Y, you can obtain the first device identifier.
It is understood that in the present embodiment the conversion method of the first device identifier except the algorithm of described above,
In practical application, device identification can also be changed using other algorithms, it is possible to by transformation result directly as first
Device identifier, can also carry out corresponding filling to transformation result and obtain the first device identifier, specifically using spcial character
Do not limit herein.
103rd, the first device identifier is sent to client, so that client stores the first device identifier to not
Renewable storage region.
In the present embodiment, device identification is converted into irreversible first device identifier by service end by preset algorithm
Afterwards, the first device identifier can be sent to client, so that client stores the first device identifier to can not be more
New storage region, client can also accordingly be made by extracting first device identifier in non-renewable storage region
With.
In the present embodiment, the first device identifier is issued by service end, to allow client to obtain the first device identifier
Mode, effectively eliminate the sensitive identification of client, and in the case of leaking data, due to the first device identifier not
Invertibity, also can still protect the privacy-sensitive information of user or equipment.Meanwhile, the transduction pathway of the first device identifier with
And in the corresponding storage method of client, prevent rogue program to usurp the malice of the first device identifier to a certain extent
Change, the first device identifier is effectively reduced by massive duplication or the probability changed in a large number, so as to ensure that the first equipment mark
Know the uniqueness of symbol, and the first device identification and client are corresponded, be conducive to service end effectively with corresponding client
Carry out information exchange.
It should be noted that in actual applications, if client has the second device identifier, second set using this
Service end can be reported to during standby identifier, then the second device identifier that service end can be reported to client is tested
Demonstrate,prove, but verification mode can separately below be illustrated with difference:
Fig. 2 is referred to, another embodiment of device identifier generation method includes in the embodiment of the present invention:
Step 201 in the present embodiment is identical to step 102 with the step 101 in embodiment illustrated in fig. 1 to step 202,
Here is omitted.
203rd, the second device identifier is verified according to the first device identifier, if authentication failed, execution step
If the 204, being proved to be successful, execution step 205.
In the present embodiment, when client and service end are interacted, if the non-renewable storage region of client is present
Second device identifier, then client using second device identifier and can report to service end, service end is being obtained
After second device identifier, the second device identifier can be verified.
In actual applications, the second device identifier of client upload can there is a possibility that to be tampered, then be
Avoid that the second device identifier is tampered and caused second device identifier is not one-to-one with corresponding client
Situation so that service end cannot make a distinction to corresponding client, client, can in message when message is sent to service end
To carry device identification and the second device identifier, with to service end reporting equipment mark and the second device identifier, then
Service end can be verified to the second device identifier after the second device identifier is obtained, specifically, can pass through to perform step
Rapid 201 to step 202 obtains the first device identifier being converted into according to MD5 algorithms by device identification, it is possible to by first
Device identifier and the second device identifier are compared and are verified result, if the first device identifier and the second device identification
Symbol is inconsistent, is AB according to the first device identifier that MD5 algorithms are converted to device identification for example, and the second equipment mark
Know symbol AC, then understand that the second device identifier is tampered, then authentication failed, if the first device identifier and the second device identification
Symbol is consistent, is AB according to the first device identifier that MD5 algorithms are converted to device identification for example, and the second device identification
Symbol is also AB, then understands that the second device identifier is not tampered with, then means to be proved to be successful.
It is understood that the verification process of the present embodiment can also be carried out offline, i.e., service end is obtaining equipment mark
After knowledge and the second device identifier, can be set to second using the first device identifier that device identification is changed every a period of time
Standby identifier is verified.
Specifically, in the present embodiment, if the second device identifier authentication failed, then service end can have been converted to simultaneously
The first device identifier for checking is issued to client, i.e. execution step 204.
Step 204 in the present embodiment is identical with the step 103 in embodiment illustrated in fig. 1, and here is omitted.
205th, other flow processs are performed.
In the present embodiment, if the second device identifier is proved to be successful, then mean that the second device identifier is not usurped
Change, the second device identifier can be used normally, then can not carry out other operations, that is, terminate flow process, but service end
According to actual needs corresponding data interaction can be carried out using second device identifier, such as and third party, specifically herein not
Limit.
Fig. 3 is referred to, another embodiment of device identifier generation method includes in the embodiment of the present invention:
Step 301 in the present embodiment is identical with the step 101 in embodiment illustrated in fig. 1, and here is omitted.
302nd, inverse operation is carried out to the second device identifier according to preset algorithm, and according to device identification to inverse operation result
Verified, if authentication failed, execution step 303, if being proved to be successful, execution step 305;
In the present embodiment, when client and service end are interacted, if the non-renewable storage region of client is present
Second device identifier, then client using second device identifier and can report to service end, service end is being obtained
After second device identifier, inverse operation can be carried out to the second device identifier according to preset algorithm, it is possible to according to step 201
The device identification of acquisition is verified to inverse operation result.
In actual applications, the second device identifier of client upload can there is a possibility that to be tampered, then be
Avoid that the second device identifier is tampered and caused second device identifier is not one-to-one with corresponding client
Situation so that service end cannot make a distinction to corresponding client, client, can in message when message is sent to service end
To carry device identification and the second device identifier, with to service end reporting equipment mark and the second device identifier, then
Service end can be verified to the second device identifier after the second device identifier is obtained, specifically, can imputed by pre-
Method, i.e. MD5 algorithms carry out inverse operation to the second device identifier, and inverse operation result and device identification are carried out into corresponding ratio
It is right, for example, it is assumed that device identification is AB, if inverse operation is carried out to the second device identifier using MD5 algorithms obtaining relative to setting
Standby last the symbol that identifies is C, and substantially in accordance with order from left to right, last symbol of device identification is B,
So pass through comparing for C and B, it is known that the second device identifier authentication failed, and now can be without to the second device identifier
Proceed the inverse operation of the symbol relative to device identification penultimate, and if using MD5 algorithms to the second device identification
Symbol carries out inverse operation and obtains relative to device identification last symbol being B, then relative to setting in the second device identifier
It is standby to identify last validation symbol success, then need to continue with MD5 algorithms the second device identifier is carried out relative to
The inverse operation of the symbol of device identification penultimate, if the inverse operation result is A, then understand reciprocal relative to device identification
Deputy symbol is also proved to be successful, and means that the second device identifier is proved to be successful.It is understood that the second equipment mark
The symbol quantity of the inverse operation number of times and device identification of knowing symbol is adapted, and in verification process, can be set to second according to MD5 algorithms
Standby identifier carry out it is corresponding it is counter push away, as long as the validation symbol begun with relative to device identification fails, that is, mean that second sets
Standby identification verification fails, but all inverse operation results of only the second device identifier match with device identification, just means
The second device identifier to be proved to be successful.
It should be noted that carrying out inverse operation to the second device identifier in actual applications, or first, then obtain
Device identification, and inverse operation result is verified according to device identification, can also be carries out inverse fortune to the second device identifier
Device identification is obtained while calculation, operation result is verified further according to device identification, specifically do not limited herein.
It is understood that the verification process of the present embodiment can also be carried out offline, i.e., service end is obtaining equipment mark
After knowledge and the second device identifier, inverse operation can be carried out to the second device identifier using preset algorithm every a period of time,
Device identification is recycled to verify inverse operation result.
Specifically, in the present embodiment, if the second device identifier authentication failed, then service end can turn device identification
Change the first device identifier, i.e. execution step 303.
Step 303 in the present embodiment is identical to step 103 with the step 102 in embodiment illustrated in fig. 1 to step 304,
Here is omitted.
305th, other flow processs are performed.
In the present embodiment, if the second device identifier is proved to be successful, then mean that the second device identifier is not usurped
Change, the second device identifier can be used normally, then can not carry out other operations, that is, terminate flow process, but service end
According to actual needs corresponding data interaction can be carried out using second device identifier, such as and third party, specifically herein not
Limit.
Above the device identifier generation method in the embodiment of the present invention is described from service end side, below from
Client-side is described to the device identifier generation method in the embodiment of the present invention, refers to Fig. 4, the embodiment of the present invention
Another embodiment of middle device identifier generation method includes:
401st, discernible device identification is gathered;
In the present embodiment, client comes into operation in first time, or first time enters row information and hands over service end or third party
Mutually, or need reacquire device identifier when, discernible device identification can be gathered, with to service end request set accordingly
Standby identifier, the device identification to being related to client sensitive permission carries out desensitization process.
In the present embodiment, device identification can include at least one of:International mobile equipment identification number IMEI, media are visited
Ask control MAC Address, equipment Serial Number.
It should be noted that content of the device identification in the present embodiment except described above, in actual applications, may be used also
To be other, such as advertisement and identifier IFDA can accordingly be gathered, specifically herein not by client according to practical OS's
Limit.
402nd, device identification is sent to service end, so that service end is converted into device identification not by preset algorithm
The first reversible device identifier;
In the present embodiment, client is gathered after discernible device identification, device identification can be sent to service end, with
Allow service end that device identification is converted into into irreversible first device identifier by preset algorithm.
Specifically, device identification is converted into the mistake of the first device identifier according to preset algorithm, i.e. MD5 algorithms for service end
Journey, can be based on the content of step 102 explanation in embodiment illustrated in fig. 1, and here is omitted.
403rd, the first device identifier that service end sends is received, and the first device identifier is stored to non-renewable deposits
Storage area domain.
In the present embodiment, client to service end is sent after device identification, can receive the first equipment mark that service end is issued
Know symbol, it is possible to the first device identifier is stored to non-renewable storage region.
Specifically, client stores the first device identifier to non-renewable storage region, due to non-renewable storage
The non-regeneratability in region, such that it is able to the possibility for preventing the first device identifier to be tampered in the storage region, Jin Eryou
The security of the first device identifier is used beneficial to raising client.
It is understood that in actual applications, if client has been stored with the second equipment in non-renewable storage region
Identifier, then client can be verified and used to second device identifier, refer to Fig. 5, the embodiment of the present invention
Another embodiment of middle device identifier generation method includes:
501st, non-renewable storage region is judged with the presence or absence of the second device identifier, if so, then execution step 502, if
It is no, then execution step 503;
It is quick in order to prevent when client needs to carry out corresponding information exchange with service end or third party in the present embodiment
The leakage of sense information, can accordingly be searched non-renewable storage region, it is possible to whether judge non-renewable region
There is the second device identifier, second device identifier was regarded as before current point in time by service end in client
The device identification of report is changed and issued and obtained.
502nd, the second device identifier is verified according to preset rules, if authentication failed, execution step 503, if
It is proved to be successful, then execution step 506;
In the present embodiment, if client judges that non-renewable storage region has the second device identifier, then client
Second device identifier can be used, although client is to obtain the second device identifier from non-renewable storage region,
Second device identifier still suffers from the possibility being tampered, then in order to improve the security of client-side information interaction, in client
Using before second device identifier, client can be verified according to preset rules to the second device identifier at end.
Specifically, obtain because the second device identifier is actually issued by service end according to preset algorithm, then client
Hold the algorithmic rule according to service end, it may be determined that the digit of the second device identifier, for example, it is assumed that the second device identifier
Normal digit is 32, if but client determines that the second device identifier from non-renewable extracted region out only has 16,
So it is considered that authentication failed, if conversely, client determines the second device identifier from non-renewable extracted region out
There are 32, then it is considered that being proved to be successful.
It should be noted that the present embodiment only illustrates that client is carried out to the second device identifier with said one example
The concrete mode of checking, in actual applications, can also adopt alternate manner, such as based on setting for collecting in following step 503
Standby mark, client can utilize the preliminary conversion that the preset algorithm of such as MD5 algorithms carry out former to device identification, and and
Already present second device identifier is contrasted accordingly, for example, it is assumed that the second device identifier is AB, client is to equipment
Mark is changed accordingly, but according to order from left to right, client is only calculated relative to the second device identifier
First, if result of calculation is A, then client is believed that and is proved to be successful, if result of calculation is C, then it is assumed that authentication failed,
Specifically do not limit herein.
It is understood that in the present embodiment, if the second device identifier authentication failed, then client is due to cannot be right
Second device identifier is modified, then can gather discernible device identification and send to service end, to ask service end weight
Newly issue corresponding device identifier, i.e. execution step 503.
Step 503 in the present embodiment is identical to step 503 with the step 501 in embodiment illustrated in fig. 4 to step 505,
Here is omitted.
If it should be noted that on the basis of non-renewable region has the second device identifier, receiving service end
The first device identifier for issuing, then the second device identifier will be abandoned, and the first device identifier then can be in client
Hold and used when needing next time, and then may insure the uniqueness of device identifier in client, and can be with client one by one
Correspondence.
506th, other flow processs are performed.
In the present embodiment, if client is proved to be successful according to preset rules to the second device identifier, it is meant that client
Can use the second device identifier, then can not carry out other operations, that is, terminate flow process, but client can be continued executing with
Using the subsequent operation of the second device identifier, the second device identifier is such as carried in the message reported to service end, herein
Do not limit.
The device identifier generation method in the embodiment of the present invention is described above, below from service end side pair
Device identifier generating means in the embodiment of the present invention are described, and refer to Fig. 5, device identifier in the embodiment of the present invention
Generating means one embodiment includes:
Acquisition module 601, for obtaining the device identification that client is reported;
Modular converter 602, for device identification to be converted into into irreversible first device identifier by preset algorithm;
Sending module 603, for the first device identifier to be sent to client, so that client is by the first equipment mark
Know symbol to store to non-renewable storage region.
In the present embodiment, the device identification that acquisition module 601 is obtained is converted into into irreversible by modular converter 602
One device identifier, sending module 603 can issue the first device identifier to allow client to obtain the first device identifier, this
Effectively eliminate the sensitive identification of client, and cause in the case of leaking data, due to the first device identifier can not
Inverse property, also can still protect the privacy-sensitive information of user or equipment.Meanwhile, conversion of first device identifier in service end
Path and in the corresponding storage method of client, prevents to a certain extent rogue program to set to first from client-side
The malice of standby identifier is distorted, and effectively reduces the first device identifier by massive duplication or the probability changed in a large number, so as to
The uniqueness of the first device identifier is ensure that, and the first device identification is corresponded with client, is conducive to service end effective
Ground carries out information exchange with corresponding client.
Fig. 7 is referred to, another embodiment of device identifier generating means includes in the embodiment of the present invention:
Module 701 in the present embodiment is identical with the module 601 in embodiment illustrated in fig. 6, and module 702 is real with shown in Fig. 6
The module 602 applied in example is identical, and here is omitted.
First authentication module 703, for being verified to the second device identifier according to the first device identifier, second sets
Standby identifier is to be reported to obtain by client;
Module 704 in the present embodiment is identical with the module 603 in embodiment illustrated in fig. 6, and here is omitted.
First trigger module 705, for when failing the authentication, then trigger sending module by the first device identifier send to
Client.
Fig. 8 is referred to, another embodiment of device identifier generating means includes in the embodiment of the present invention:
Module 801 in the present embodiment is identical with the module 601 in embodiment illustrated in fig. 6, and here is omitted.
Inverse operation module 802, for inverse operation, the second device identification to be carried out to the second device identifier according to preset algorithm
Symbol is to be reported to obtain by client;
Second authentication module 803, for being verified to inverse operation result according to device identification;
Module 804 in the present embodiment is identical with the module 602 in embodiment illustrated in fig. 6, and module 805 is real with shown in Fig. 6
The module 603 applied in example is identical, and here is omitted.
Second trigger module 806, preset algorithm is passed through for when failing the authentication, then triggering modular converter by device identification
It is converted into irreversible first device identifier.
Above the device identifier generating means in the embodiment of the present invention are described from service end side, below from
Client-side is described to the device identifier generating means in the embodiment of the present invention, refers to Fig. 9, the embodiment of the present invention
Another embodiment of middle device identifier generating means includes:
Acquisition module 901, for gathering discernible device identification;
Sending module 902, for device identification to be sent to service end, so that device identification is passed through default by service end
Algorithm changes into irreversible first device identifier;
Receiver module 903, for receiving the first device identifier of service end transmission;
Memory module 904, for storing the first device identifier to the non-renewable storage region of client.
Figure 10 is referred to, another embodiment of device identifier generating means includes in the embodiment of the present invention:
Judge module 1001, for judging that non-renewable storage region whether there is the second device identifier;
Module 1002 in the present embodiment is identical with the module 901 in embodiment illustrated in fig. 9, and here is omitted.
First trigger module 1003, for when there is no the second device identifier, then triggering collection module collection can be known
Other device identification.
Authentication module 1004, for when judging that non-renewable storage region has the second device identifier, then according to pre-
If rule is verified to the second device identifier;
Second trigger module 1005, for when failing the authentication, then triggering collection module to gather discernible device identification;
Module 1006 in the present embodiment is identical with the module 902 in embodiment illustrated in fig. 9, shown in module 1007 and Fig. 9
Module 903 in embodiment is identical, and module 1008 is identical with the module 904 in embodiment illustrated in fig. 9, and here is omitted.
Those skilled in the art can be understood that, for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, will not be described here.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with
Realize by another way.For example, device embodiment described above is only schematic, for example, the unit
Divide, only a kind of division of logic function can have other dividing mode, such as multiple units or component when actually realizing
Can with reference to or be desirably integrated into another system, or some features can be ignored, or not perform.It is another, it is shown or
The coupling each other for discussing or direct-coupling or communication connection can be the indirect couplings by some interfaces, device or unit
Close or communicate to connect, can be electrical, mechanical or other forms.
The unit as separating component explanation can be or may not be it is physically separate, it is aobvious as unit
The part for showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can according to the actual needs be selected to realize the mesh of this embodiment scheme
's.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, it is also possible to
It is that unit is individually physically present, it is also possible to which two or more units are integrated in a unit.Above-mentioned integrated list
Unit both can be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used
When, during a computer read/write memory medium can be stored in.Based on such understanding, technical scheme is substantially
The part for contributing to prior art in other words or all or part of the technical scheme can be in the form of software products
Embody, the computer software product is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the invention
Portion or part steps.And aforesaid storage medium includes:USB flash disk, portable hard drive, read-only storage (ROM, Read-Only
Memory), random access memory (RAM, RandomAccess Memory), magnetic disc or CD etc. are various can store journey
The medium of sequence code.
The above, above example only to illustrate technical scheme, rather than a limitation;Although with reference to front
State embodiment to be described in detail the present invention, it will be understood by those within the art that:It still can be to front
State the technical scheme described in each embodiment to modify, or equivalent is carried out to which part technical characteristic;And these
Modification is replaced, and does not make the spirit and scope of the essence disengaging various embodiments of the present invention technical scheme of appropriate technical solution.
Claims (12)
1. a kind of device identifier generation method, is applied to service end, it is characterised in that include:
Obtain the device identification that client is reported;
The device identification is converted into into irreversible first device identifier by preset algorithm;
First device identifier is sent to the client, so that the client is by first device identifier
Store to non-renewable storage region.
2. device identifier generation method according to claim 1, it is characterised in that described by the first equipment mark
Know symbol to send to before the client, methods described also includes:
The second device identifier is verified according to first device identifier, second device identifier is by described
Client is reported and obtained;
If the authentication failed, trigger described the step of first device identifier is sent to the client.
3. device identifier generation method according to claim 1, it is characterised in that by the device identification by pre-
Imputation method is converted into before irreversible first device identifier, and methods described also includes:
Inverse operation is carried out to the second device identifier according to the preset algorithm, and according to the device identification to inverse operation result
Verified, second device identifier is to be reported to obtain by the client;
If the authentication failed, trigger described the device identification is converted into into irreversible first equipment by preset algorithm
The step of identifier.
4. device identifier generation method according to any one of claim 1 to 3, it is characterised in that the pre- imputation
Method is MD5 algorithms.
5. device identifier generation method according to any one of claim 1 to 3, it is characterised in that the equipment mark
Knowledge includes at least one of:
International mobile equipment identification number IMEI, MAC address, equipment Serial Number.
6. a kind of device identifier generation method, is applied to client, it is characterised in that include:
Gather discernible device identification;
The device identification is sent to service end, so that the service end converts the device identification by preset algorithm
Into irreversible first device identifier;
Receive first device identifier that the service end sends, and first device identifier is stored to can not be more
New storage region.
7. device identifier generation method according to claim 6, it is characterised in that gathering discernible device identification
Before, methods described also includes:
Judge that the non-renewable storage region whether there is the second device identifier;
If it is not, the step of then triggering the collection discernible device identification.
8. device identifier generation method according to claim 7, it is characterised in that judge described non-renewable described
With the presence or absence of after the second device identifier, methods described also includes storage region:
If judging there is the second device identifier in the non-renewable storage region, according to preset rules to second equipment
Identifier is verified;
If the authentication failed, trigger it is described collection discernible device identification the step of.
9. the device identifier generation method according to any one of claim 6 to 8, it is characterised in that the preset algorithm
For MD5 algorithms.
10. the device identifier generation method according to any one of claim 6 to 8, it is characterised in that the equipment mark
Knowledge includes at least one of:
International mobile equipment identification number IMEI, MAC address, equipment Serial Number.
A kind of 11. devices of the device identifier generation method realized as described in any one of claim 1 to 5, are applied to service
End, it is characterised in that described device includes:
Acquisition module, for obtaining the device identification that client is reported;
Modular converter, for the device identification to be converted into into irreversible first device identifier by preset algorithm;
Sending module, for first device identifier to be sent to the client, so that the client will be described
First device identifier is stored to non-renewable storage region.
A kind of 12. devices of the device identifier generation method realized as described in any one of claim 6 to 10, are applied to client
End, it is characterised in that described device includes:
Acquisition module, for gathering discernible device identification;
Sending module, for the device identification to be sent to service end, so that the service end leads to the device identification
Cross preset algorithm and change into irreversible first device identifier;
Receiver module, for receiving first device identifier that the service end sends;
Memory module, for first device identifier to be stored to non-renewable storage region.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610939614.5A CN106657429A (en) | 2016-10-24 | 2016-10-24 | Equipment identifier generating method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610939614.5A CN106657429A (en) | 2016-10-24 | 2016-10-24 | Equipment identifier generating method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106657429A true CN106657429A (en) | 2017-05-10 |
Family
ID=58821187
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610939614.5A Pending CN106657429A (en) | 2016-10-24 | 2016-10-24 | Equipment identifier generating method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106657429A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070654A (en) * | 2017-05-12 | 2017-08-18 | 北京小米移动软件有限公司 | information collecting method and device |
| CN107172092A (en) * | 2017-07-03 | 2017-09-15 | 上海精数信息科技有限公司 | Facility information guard method and device |
| CN108156273A (en) * | 2017-12-14 | 2018-06-12 | 北京奇艺世纪科技有限公司 | A kind of anonymous ID generation methods, device and electronic equipment |
| CN109492378A (en) * | 2018-11-26 | 2019-03-19 | 平安科技(深圳)有限公司 | A kind of auth method based on EIC equipment identification code, server and medium |
| WO2019085350A1 (en) * | 2017-10-30 | 2019-05-09 | 平安科技(深圳)有限公司 | Method and device for generating identifier, computer device, and storage medium |
| CN110599278A (en) * | 2018-06-12 | 2019-12-20 | 百度在线网络技术(北京)有限公司 | Method, apparatus, and computer storage medium for aggregating device identifiers |
| CN112000853A (en) * | 2020-07-31 | 2020-11-27 | 天翼电子商务有限公司 | Method, medium, client and server for generating/feeding back unique identifier of equipment |
| CN112231678A (en) * | 2020-09-02 | 2021-01-15 | 网神信息技术(北京)股份有限公司 | Storage device permission processing method and device, electronic device and storage medium |
| CN112307517A (en) * | 2020-03-23 | 2021-02-02 | 尼尔森网联媒介数据服务有限公司 | Identification code processing method and device, storage medium and electronic equipment |
| CN112311751A (en) * | 2020-03-23 | 2021-02-02 | 尼尔森网联媒介数据服务有限公司 | Method and device for verifying terminal, storage medium and electronic equipment |
| CN112541137A (en) * | 2020-12-10 | 2021-03-23 | 清华大学 | Identifier generation method and device, electronic equipment and storage medium |
| CN113965415A (en) * | 2020-08-13 | 2022-01-21 | 支付宝(杭州)信息技术有限公司 | Risk identification method and device and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020156870A1 (en) * | 2000-11-08 | 2002-10-24 | Equate Systems, Inc. | Method and apparatus for dynamically directing an application to a pre-defined target multimedia resource |
| CN101399666A (en) * | 2007-09-28 | 2009-04-01 | 中国银联股份有限公司 | Safety control method and system for digital certificate of file |
| CN101778381A (en) * | 2009-12-31 | 2010-07-14 | 卓望数码技术(深圳)有限公司 | Digital certificate generation method, user key acquisition method, mobile terminal and device |
| CN102045343A (en) * | 2010-10-29 | 2011-05-04 | 深圳市爱贝信息技术有限公司 | DC (Digital Certificate) based communication encrypting safety method, server and system |
-
2016
- 2016-10-24 CN CN201610939614.5A patent/CN106657429A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020156870A1 (en) * | 2000-11-08 | 2002-10-24 | Equate Systems, Inc. | Method and apparatus for dynamically directing an application to a pre-defined target multimedia resource |
| CN101399666A (en) * | 2007-09-28 | 2009-04-01 | 中国银联股份有限公司 | Safety control method and system for digital certificate of file |
| CN101778381A (en) * | 2009-12-31 | 2010-07-14 | 卓望数码技术(深圳)有限公司 | Digital certificate generation method, user key acquisition method, mobile terminal and device |
| CN102045343A (en) * | 2010-10-29 | 2011-05-04 | 深圳市爱贝信息技术有限公司 | DC (Digital Certificate) based communication encrypting safety method, server and system |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070654A (en) * | 2017-05-12 | 2017-08-18 | 北京小米移动软件有限公司 | information collecting method and device |
| CN107172092A (en) * | 2017-07-03 | 2017-09-15 | 上海精数信息科技有限公司 | Facility information guard method and device |
| CN107172092B (en) * | 2017-07-03 | 2019-12-27 | 上海精数信息科技有限公司 | Equipment information protection method and device |
| WO2019085350A1 (en) * | 2017-10-30 | 2019-05-09 | 平安科技(深圳)有限公司 | Method and device for generating identifier, computer device, and storage medium |
| CN108156273A (en) * | 2017-12-14 | 2018-06-12 | 北京奇艺世纪科技有限公司 | A kind of anonymous ID generation methods, device and electronic equipment |
| CN110599278A (en) * | 2018-06-12 | 2019-12-20 | 百度在线网络技术(北京)有限公司 | Method, apparatus, and computer storage medium for aggregating device identifiers |
| CN110599278B (en) * | 2018-06-12 | 2022-07-22 | 百度在线网络技术(北京)有限公司 | Method, apparatus, and computer storage medium for aggregating device identifiers |
| CN109492378A (en) * | 2018-11-26 | 2019-03-19 | 平安科技(深圳)有限公司 | A kind of auth method based on EIC equipment identification code, server and medium |
| CN112307517A (en) * | 2020-03-23 | 2021-02-02 | 尼尔森网联媒介数据服务有限公司 | Identification code processing method and device, storage medium and electronic equipment |
| CN112311751A (en) * | 2020-03-23 | 2021-02-02 | 尼尔森网联媒介数据服务有限公司 | Method and device for verifying terminal, storage medium and electronic equipment |
| CN112000853A (en) * | 2020-07-31 | 2020-11-27 | 天翼电子商务有限公司 | Method, medium, client and server for generating/feeding back unique identifier of equipment |
| CN112000853B (en) * | 2020-07-31 | 2024-05-24 | 天翼电子商务有限公司 | Method for generating/feeding back unique identifier of equipment, medium, client and server |
| CN113965415A (en) * | 2020-08-13 | 2022-01-21 | 支付宝(杭州)信息技术有限公司 | Risk identification method and device and electronic equipment |
| CN112231678A (en) * | 2020-09-02 | 2021-01-15 | 网神信息技术(北京)股份有限公司 | Storage device permission processing method and device, electronic device and storage medium |
| CN112541137A (en) * | 2020-12-10 | 2021-03-23 | 清华大学 | Identifier generation method and device, electronic equipment and storage medium |
| CN112541137B (en) * | 2020-12-10 | 2023-05-30 | 清华大学 | Identifier generation method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106657429A (en) | Equipment identifier generating method and device | |
| CN103607385B (en) | Method and apparatus for security detection based on browser | |
| CN108989346B (en) | Third-party valid identity escrow agile authentication access method based on account hiding | |
| CN107566381A (en) | Equipment safety control method, apparatus and system | |
| CN107148019B (en) | It is a kind of for connecting the method and apparatus of wireless access point | |
| CN104348614B (en) | The method, apparatus and server of identity legitimacy verifying | |
| CN103384242B (en) | Intrusion detection method based on Nginx proxy server and system | |
| CN106850209A (en) | A kind of identity identifying method and device | |
| CN100574237C (en) | Act on behalf of cut-in method, control network devices and act on behalf of connecting system | |
| US10581849B2 (en) | Data packet transmission method, data packet authentication method, and server thereof | |
| CN103313429A (en) | Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot | |
| CN105119901A (en) | Method and system for detecting phishing hotspot | |
| CN102271133A (en) | Authentication method, device and system | |
| CN112512046B (en) | Safety detection method for short message verification code authentication process of Android application program | |
| CN109729000B (en) | Instant messaging method and device | |
| WO2016110150A1 (en) | Method and device for controlling access capability of illegal manufacturer onu in gpon system | |
| CN105610872B (en) | Internet-of-things terminal encryption method and internet-of-things terminal encryption device | |
| CN103369529A (en) | Identity authentication method, access point (AP) and access controller (AC) | |
| CN108600234A (en) | A kind of auth method, device and mobile terminal | |
| CN107251520A (en) | Method for the polymerization authentication protocol in M2M communication | |
| CN106878280A (en) | The method and apparatus of user authentication, the method and apparatus for obtaining user number information | |
| CN114338510A (en) | Data forwarding method and system with separated control and forwarding | |
| US9756044B2 (en) | Establishment of communication connection between mobile device and secure element | |
| CN105141642B (en) | A kind of method and device preventing illegal user's behavior | |
| CN106454826A (en) | Method and apparatus of AP to access AC |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170510 |
|
| RJ01 | Rejection of invention patent application after publication |