CN106992857B - Machine-swiping verification method and device - Google Patents
Machine-swiping verification method and device Download PDFInfo
- Publication number
- CN106992857B CN106992857B CN201710201315.6A CN201710201315A CN106992857B CN 106992857 B CN106992857 B CN 106992857B CN 201710201315 A CN201710201315 A CN 201710201315A CN 106992857 B CN106992857 B CN 106992857B
- Authority
- CN
- China
- Prior art keywords
- flashing
- password
- mobile terminal
- verification
- identification information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
The invention provides a method and a device for verifying a machine brushing. The flashing verification method for the mobile terminal comprises the following steps: receiving identity identification information sent by the safety equipment; generating a verification password according to the identity information; and acquiring a flashing password sent by the safety equipment, judging whether the flashing password is consistent with the verification password, and if so, allowing the flashing to continue. Therefore, only when the security equipment has the password consistent with the verification password, the flashing process is allowed, the safety of flashing can be effectively ensured, the random flashing behavior of illegal personnel on the mobile terminal is avoided, and the safety guarantee is provided for searching the mobile terminal.
Description
Technical Field
The invention relates to the field of electronic technology, in particular to a method and a device for verifying a machine brushing function.
Background
With the development of intelligent mobile terminals and the high-speed growth of mobile internet, mobile terminals are widely used and become an indispensable part of life of people.
At present, a user loses a mobile terminal and the mobile terminal is stolen, and an existing housekeeper system in the mobile terminal has a retrieving function, for example, the lost mobile terminal can send position information to a preset third-party terminal, or a lost mobile terminal automatically sends a short message to the preset third-party terminal when a card is replaced, so that a new card number and position information can be obtained. By the method, the lost mobile phone terminal can be found out. However, if the mobile terminal is refreshed, and other systems and versions which do not support the function are installed, the corresponding positioning and retrieving functions cannot be realized.
At present, when a user needs to refresh the mobile phone (reinstall the system), the user can hand the mobile terminal to a technician with a refresh service. When the class of personnel refreshes the mobile terminal, the personnel can directly refresh the mobile terminal equipment after obtaining the refresh package. Therefore, when an illegal person resets the mobile terminal in a flashing manner, the functions of retrieving, positioning and the like immediately fail, and the mobile terminal cannot be safely guaranteed.
Disclosure of Invention
The invention mainly aims to provide a machine-refreshing verification method and a machine-refreshing verification device, and aims to solve the problem that a mobile terminal in the prior art is easy to perform machine refreshing at will.
In order to achieve the purpose, the invention adopts the following technical scheme:
according to an aspect of the present invention, there is provided a method for flash verification, for a mobile terminal, including:
receiving identity identification information sent by the safety equipment;
generating a verification password according to the identity information;
and acquiring a flashing password sent by the safety equipment, judging whether the flashing password is consistent with the verification password, and if so, allowing the flashing to continue.
Optionally, after generating the verification password according to the identity information, the method includes:
and after encrypting the verification password, sending the encrypted data to the safety equipment.
Optionally, after sending the encrypted data to the secure device, the method further includes:
setting a timing time;
and judging whether the flashing password is acquired within the timing time, and if the flashing password is not acquired, terminating the flashing process.
Optionally, the obtaining of the password of flashing a computer sent by the security device specifically includes:
acquiring data obtained by the security device decrypting and encrypting the encrypted data according to a preset encryption and decryption algorithm;
and decrypting the data, wherein the decrypted data is the flashing password.
According to an aspect of the present invention, there is provided a swipe authentication method for a security device, including:
sending identity identification information to the mobile terminal;
receiving encrypted data sent by the mobile terminal; the encrypted data is data obtained by generating a verification password by the mobile terminal according to the identity identification information through a preset algorithm and encrypting the verification password;
and after the encrypted data is decrypted and encrypted, the processed data is sent to the mobile terminal.
According to an aspect of the present invention, there is provided a swipe verification apparatus for a mobile terminal, including:
the receiving unit is used for receiving the identity identification information sent by the safety equipment;
the generating unit is used for generating a verification password by a preset algorithm according to the identity information;
and the verification unit is used for acquiring the flashing password sent by the safety equipment, judging whether the flashing password is consistent with the flashing password or not, and if so, allowing the flashing to continue.
Optionally, the apparatus further includes an encryption unit, configured to encrypt the verification password with a preset encryption algorithm after generating the verification password with the preset algorithm according to the identity information, and send encrypted data to the security device.
Optionally, the apparatus further includes a timing unit, configured to set a timing time after the encryption unit sends the encrypted data to the security device; and judging whether the flashing password is acquired within the timing time, and if the flashing password is not acquired, terminating the flashing process.
Optionally, the verification unit is configured to:
acquiring data after the security equipment decrypts and encrypts the encrypted data;
and decrypting the data, wherein the decrypted data is the flashing password.
According to an aspect of the present invention, there is provided a brusher authentication apparatus for a security device, comprising:
the sending unit is used for sending the identity identification information to the mobile terminal;
a receiving unit, configured to receive encrypted data sent by the mobile terminal; the encrypted data is data obtained by generating a verification password by the mobile terminal according to the identity identification information through a preset algorithm and encrypting the verification password;
and the processing unit is used for decrypting and encrypting the encrypted data and sending the processed data to the mobile terminal.
According to the flashing verification method and device provided by the invention, when the mobile terminal is flashed, the information of the safety equipment needs to be verified. And judging whether the password is consistent with the verification password generated by the identity identification information or not by acquiring the flashing password of the safety equipment, and if so, allowing flashing. Therefore, only when the flashing personnel has the password which is consistent with the verification password, the flashing process is allowed, the safety of flashing can be effectively ensured, the random flashing behavior of illegal personnel on the mobile terminal is avoided, and the safety guarantee is provided for searching the mobile terminal.
Drawings
Fig. 1 is a schematic diagram of a hardware structure of an optional mobile terminal for implementing various embodiments of the present invention;
FIG. 2 is a diagram of a wireless communication system for the mobile terminal shown in FIG. 1;
FIG. 3 is a flowchart of a first embodiment of a method for flash verification according to the present invention;
FIG. 4 is a flowchart of a second embodiment of a method for flash verification according to the present invention;
FIG. 5 is a flowchart illustrating a method for performing a flash verification according to a third embodiment of the present invention;
FIG. 6 is a flowchart illustrating a method for performing a flash verification according to a fourth embodiment of the present invention;
FIG. 7 is a flowchart illustrating a method for verifying a power-on-device status according to a fifth embodiment of the present invention;
FIG. 8 is a block diagram of a flash verification apparatus according to a sixth embodiment of the present invention;
fig. 9 is a block diagram showing a flash verification apparatus according to a seventh embodiment of the present invention;
fig. 10 is a block diagram of a flash verification apparatus according to an eighth embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
A mobile terminal implementing various embodiments of the present invention will now be described with reference to the accompanying drawings. In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in themselves. Thus, "module" and "component" may be used in a mixture.
The mobile terminal may be implemented in various forms. For example, the terminal described in the present invention may include a mobile terminal such as a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a navigation device, and the like, and a stationary terminal such as a digital TV, a desktop computer, and the like. In the following, it is assumed that the terminal is a mobile terminal. However, it will be understood by those skilled in the art that the configuration according to the embodiment of the present invention can be applied to a fixed type terminal in addition to elements particularly used for moving purposes.
Fig. 1 is a schematic diagram of a hardware structure of an optional mobile terminal for implementing various embodiments of the present invention.
The mobile terminal 100 may include a user input unit 130, an output unit 150, a memory 160, an interface unit 170, a controller 180, and a power supply unit 190, etc. Fig. 1 illustrates a mobile terminal having various components, but it is to be understood that not all illustrated components are required to be implemented. More or fewer components may alternatively be implemented. Elements of the mobile terminal will be described in detail below.
The wireless communication unit 110 typically includes one or more components that allow radio communication between the mobile terminal 100 and a wireless communication system or network. For example, the wireless communication unit may include at least one of the broadcast receiving module 111 and the mobile communication module 112.
The user input unit 130 may generate key input data according to a command input by a user to control various operations of the mobile terminal. The user input unit 130 allows a user to input various types of information, and may include a keyboard, dome sheet, touch pad (e.g., a touch-sensitive member that detects changes in resistance, pressure, capacitance, and the like due to being touched), scroll wheel, joystick, and the like. In particular, when the touch pad is superimposed on the display unit 151 in the form of a layer, a touch screen may be formed.
The interface unit 170 serves as an interface through which at least one external device is connected to the mobile terminal 100. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The identification module may store various information for authenticating a user using the mobile terminal 100 and may include a User Identity Module (UIM), a Subscriber Identity Module (SIM), a Universal Subscriber Identity Module (USIM), and the like. In addition, a device having an identification module (hereinafter, referred to as an "identification device") may take the form of a smart card, and thus, the identification device may be connected with the mobile terminal 100 via a port or other connection means. The interface unit 170 may be used to receive input (e.g., data information, power, etc.) from an external device and transmit the received input to one or more elements within the mobile terminal 100 or may be used to transmit data between the mobile terminal and the external device.
In addition, when the mobile terminal 100 is connected with an external cradle, the interface unit 170 may serve as a path through which power is supplied from the cradle to the mobile terminal 100 or may serve as a path through which various command signals input from the cradle are transmitted to the mobile terminal. Various command signals or power input from the cradle may be used as signals for recognizing whether the mobile terminal is accurately mounted on the cradle. The output unit 150 is configured to provide output signals (e.g., audio signals, video signals, alarm signals, vibration signals, etc.) in a visual, audio, and/or tactile manner. The memory 160 may store software programs and the like for processing and controlling operations performed by the controller 180, or may temporarily store data (e.g., a phonebook, messages, still images, videos, and the like) that has been or will be output. Also, the memory 160 may store data regarding various ways of vibration and audio signals output when a touch is applied to the touch screen.
The memory 160 may include at least one type of storage medium including a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. Also, the mobile terminal 100 may cooperate with a network storage device that performs a storage function of the memory 160 through a network connection.
The controller 180 generally controls the overall operation of the mobile terminal. For example, the controller 180 performs control and processing related to voice calls, data communications, video calls, and the like. The controller 180 may perform a pattern recognition process to recognize a handwriting input or a picture drawing input performed on the touch screen as a character or an image.
The power supply unit 190 receives external power or internal power and provides appropriate power required to operate various elements and components under the control of the controller 180.
The various embodiments described herein may be implemented in a computer-readable medium using, for example, computer software, hardware, or any combination thereof. For a hardware implementation, the embodiments described herein may be implemented using at least one of an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), a Digital Signal Processing Device (DSPD), a Programmable Logic Device (PLD), a Field Programmable Gate Array (FPGA), a processor, a controller, a microcontroller, a microprocessor, an electronic unit designed to perform the functions described herein, and in some cases, such embodiments may be implemented in the controller 180. For a software implementation, the implementation such as a process or a function may be implemented with a separate software module that allows performing at least one function or operation. The software codes may be implemented by software applications (or programs) written in any suitable programming language, which may be stored in the memory 160 and executed by the controller 180.
Up to this point, mobile terminals have been described in terms of their functionality. Hereinafter, a slide-type mobile terminal among various types of mobile terminals, such as a folder-type, bar-type, swing-type, slide-type mobile terminal, and the like, will be described as an example for the sake of brevity. Accordingly, the present invention can be applied to any type of mobile terminal, and is not limited to a slide type mobile terminal.
The mobile terminal 100 as shown in fig. 1 may be configured to operate with communication systems such as wired and wireless communication systems and satellite-based communication systems that transmit data via frames or packets.
A communication system in which a mobile terminal according to the present invention is operable will now be described with reference to fig. 2.
Such communication systems may use different air interfaces and/or physical layers. For example, the air interface used by the communication system includes, for example, Frequency Division Multiple Access (FDMA), Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA), and Universal Mobile Telecommunications System (UMTS) (in particular, Long Term Evolution (LTE)), global system for mobile communications (GSM), and the like. By way of non-limiting example, the following description relates to a CDMA communication system, but such teachings are equally applicable to other types of systems.
Referring to fig. 2, the CDMA wireless communication system may include a plurality of mobile terminals 100, a plurality of Base Stations (BSs) 270, Base Station Controllers (BSCs) 275, and a Mobile Switching Center (MSC) 280. The MSC280 is configured to interface with a Public Switched Telephone Network (PSTN) 290. The MSC280 is also configured to interface with a BSC275, which may be coupled to the base station 270 via a backhaul. The backhaul may be constructed according to any of several known interfaces including, for example, E1/T1, ATM, IP, PPP, frame Relay, HDSL, ADSL, or xDSL. It will be understood that a system as shown in fig. 2 may include multiple BSCs 2750.
Each BS270 may serve one or more sectors (or regions), each sector covered by a multi-directional antenna or an antenna pointing in a particular direction being radially distant from the BS 270. Alternatively, each partition may be covered by two or more antennas for diversity reception. Each BS270 may be configured to support multiple frequency allocations, with each frequency allocation having a particular frequency spectrum (e.g., 1.25MHz,5MHz, etc.).
The intersection of partitions with frequency allocations may be referred to as a CDMA channel. The BS270 may also be referred to as a Base Transceiver Subsystem (BTS) or other equivalent terminology. In such a case, the term "base station" may be used to generically refer to a single BSC275 and at least one BS 270. The base stations may also be referred to as "cells". Alternatively, each sector of a particular BS270 may be referred to as a plurality of cell sites.
As shown in fig. 2, a Broadcast Transmitter (BT)295 transmits a broadcast signal to the mobile terminal 100 operating within the system. A broadcast receiving module 111 as shown in fig. 1 is provided at the mobile terminal 100 to receive a broadcast signal transmitted by the BT 295. In fig. 2, several Global Positioning System (GPS) satellites 300 are shown. The satellite 300 assists in locating at least one of the plurality of mobile terminals 100.
In fig. 2, a plurality of satellites 300 are depicted, but it is understood that useful positioning information may be obtained with any number of satellites. The GPS module 115 as shown in fig. 1 is generally configured to cooperate with satellites 300 to obtain desired positioning information. Other techniques that can track the location of the mobile terminal may be used instead of or in addition to GPS tracking techniques. In addition, at least one GPS satellite 300 may selectively or additionally process satellite DMB transmission.
As a typical operation of the wireless communication system, the BS270 receives reverse link signals from various mobile terminals 100. The mobile terminal 100 is generally engaged in conversations, messaging, and other types of communications. Each reverse link signal received by a particular base station 270 is processed within the particular BS 270. The obtained data is forwarded to the associated BSC 275. The BSC provides call resource allocation and mobility management functions including coordination of soft handoff procedures between BSs 270. The BSCs 275 also route the received data to the MSC280, which provides additional routing services for interfacing with the PSTN 290. Similarly, the PSTN290 interfaces with the MSC280, the MSC interfaces with the BSCs 275, and the BSCs 275 accordingly control the BS270 to transmit forward link signals to the mobile terminal 100.
Based on the hardware structure of the mobile terminal, the mobile terminal and the method of the invention are provided with various embodiments.
First embodiment
The invention provides a flashing verification method for a mobile terminal, which comprises the following steps as shown in figure 3:
step 301, receiving identity information sent by a security device.
The security device may be a mobile device such as a usb disk with preset flashing information, or may also be a computer terminal with preset flashing information, which is not limited in this respect. The following description will be given in conjunction with specific embodiments, which will not be repeated herein.
Optionally, the identification information includes a hardware serial number and/or an account name of the user. Optionally, the hardware serial number is a unique serial number of the mobile terminal. The account name is the account name required by the mobile terminal manufacturer to provide service for the user.
Optionally, after receiving the identification information sent by the security device, the method further includes:
verifying whether the identity identification information is correct;
and when the identity identification information is correct, allowing the flashing process, otherwise, terminating the flashing process.
Therefore, the condition that illegal personnel randomly refreshes the phone can be effectively prevented by authenticating the identity identification information sent by the safety equipment.
Step 302, generating a verification password according to the identity information.
When the verification password is generated according to the identity identification information, the identity identification information is converted into the verification password according to a preset algorithm. The preset algorithm here is a mapping algorithm, which transforms data input of arbitrary length into output of fixed length. Such as a hash algorithm. And generating a unique verification password by mapping the hardware serial number and/or the information of the account name of the user.
Therefore, the verification password is generated through the preset algorithm, the uniqueness of the verification password is ensured, and meanwhile, the situation that the verification password cannot be authenticated due to random change is effectively avoided.
Step 303, obtaining a flashing password sent by the security device, judging whether the verification password is consistent with the flashing password, and if so, allowing the flashing process to continue; otherwise, terminating the flashing process.
The flush password may be transmitted together with the flush request or may be transmitted separately. The flashing password may be set by the user in the security device and then transmitted, or may be generated by the security device according to information transmitted by the mobile terminal and then transmitted, which will be described in detail with reference to specific embodiments later.
As can be seen from the above, in this embodiment, when the mobile terminal is booted, the information of the security device needs to be verified. Specifically, whether the password is consistent with the verification password generated by the identity identification information or not is judged by obtaining the flashing password of the security device, and if so, flashing is allowed. Therefore, by the method, only when the flashing personnel has the password consistent with the verification password, the flashing process is allowed, the safety of flashing is effectively ensured, the random flashing behavior of the mobile terminal by illegal personnel is avoided, and the safety guarantee is provided for searching the mobile terminal.
Second embodiment
The embodiment of the invention also provides a machine-flushing verification method, which is used for a mobile terminal based on the embodiment, and as shown in fig. 4, the method comprises the following steps:
step 401, receiving identity information sent by a security device.
The security device may be a mobile device such as a usb disk with preset flashing information, or a computer terminal with preset flashing information. Optionally, after receiving the identity information sent by the security device, verifying whether the identity information is correct; and when the identity identification information is correct, allowing the flashing process, otherwise, terminating the flashing process.
Step 402, generating a verification password according to the identity information.
The preset algorithm is a mapping algorithm, and data input with any length is converted into output with fixed length. And generating a unique verification password by mapping the hardware serial number and/or the information of the account name of the user.
And step 403, after the verification password is encrypted, sending the encrypted data to the security device.
The mobile terminal is preset with an encryption and decryption algorithm. The preset encryption algorithm may be an asymmetric encryption algorithm or a symmetric encryption algorithm. Optionally, an asymmetric encryption algorithm is adopted, the preset public key is used for encrypting the verification password, and the encrypted data is sent to the security device.
Optionally, after sending the encrypted data to the secure device, the method further includes:
setting a timing time;
judging whether a flashing password of the safety equipment is acquired within the timing time:
if the time is not received within the timing time, the flashing process is terminated; if the timing is received within the time period, the subsequent flow is performed.
Step 404, obtaining a flashing password sent by the security device, and judging whether the verification password is consistent with the flashing password, if so, allowing the flashing process to continue; otherwise, terminating the flashing process.
The method specifically includes the steps of obtaining a flashing password sent by the security device:
and acquiring data obtained by the security equipment through decrypting the encrypted data and encrypting the encrypted data according to a preset encryption and decryption algorithm, and decrypting the data, wherein the decrypted data is the flashing password.
Here, the encryption and decryption algorithms matching those in the mobile terminal are also stored in advance in the secure device. After receiving the encrypted data sent by the mobile terminal, the security device firstly decrypts the encrypted data by using the private key according to a decoding algorithm, encrypts the decrypted data by using the private key according to an encryption algorithm, and sends the encrypted data to the mobile terminal. And after receiving the data sent by the security device, the mobile terminal decrypts the data by using the public key according to a preset decryption algorithm, wherein the decrypted data is the flashing password.
The private key in the security device and the public key in the mobile terminal are both generated according to the identity information of the mobile terminal, so that the uniqueness of the private key and the public key is ensured.
As can be seen from the above, the flush password is not sent to the mobile terminal by the security device together with the flush request, but the security device feeds back information according to the encrypted password sent by the mobile terminal. In the embodiment, the encryption and decryption algorithm is set in the mobile terminal and the security device, and the public key and the private key are configured to encrypt and decrypt the verification password; only when the algorithms at both ends match, the correct verification information can be obtained. Therefore, the embodiment can effectively ensure the transmission safety of the password and effectively avoid the condition of illegally obtaining the verification password for flashing.
Third embodiment
The embodiment of the invention also provides a machine-flushing verification method, which is used in the safety equipment, and as shown in fig. 5, the method specifically comprises the following steps:
step 501, sending identity identification information to a mobile terminal;
step 502, receiving encrypted data sent by a mobile terminal; the encrypted data is generated into a verification password by the mobile terminal according to the identity identification information through a preset algorithm, and the data encrypted through the preset encryption algorithm is obtained.
The mobile terminal encrypts the verification password by using the public key according to a preset encryption algorithm and then sends the verification password to the safety equipment.
Step 503, after the encrypted data is decrypted and encrypted, the data is sent to the mobile terminal.
Here, the security device and the mobile terminal store a matching encryption and decryption algorithm in advance. After receiving the encrypted data sent by the mobile terminal, the security device firstly decrypts the encrypted data by using the private key according to a decoding algorithm, encrypts the decrypted data by using the private key according to an encryption algorithm, and sends the encrypted data to the mobile terminal.
It can be seen that in this embodiment, the security of the information is ensured by encapsulating the identity information of the mobile terminal and the required encryption algorithm into the security device. When the machine is refreshed, the machine refreshing can be allowed only after the information in the safety equipment is verified through the mobile terminal, so that the condition of illegal machine refreshing can be effectively avoided, and meanwhile, the safety of information and the safety of data transmission are effectively ensured.
Fourth embodiment
The technical content of the present invention will be described in detail with reference to a specific embodiment.
The current machine swiping modes are generally divided into a line swiping mode and a card swiping mode: wherein the content of the first and second substances,
the line brush is connected with a computer through a data line to conduct machine brushing and is generally suitable for official machine brushing bags.
The card swiping refers to that the swiping package is put into a memory card in advance, and then the system is swiped in through recovery of a third party. Recovery: the method is an engineering interface of the flash, and installing Recovery is equivalent to installing an operating system interface for the system. And the system can be selected to be installed, the data can be emptied, the system can be backed up, the system can be restored and the like on the recovery interface. However, in any flash mode, the bootloader must be started to complete flash, a security check mechanism for flash is implemented in the bootloader, and the flash process will be terminated if the security check is not passed.
In another embodiment of the present invention, the security device is a security shield. The public key and the private key of the mobile terminal are generated in advance according to the hardware serial number of the mobile terminal. The hardware serial number, the public key, the private key and the encryption and decryption algorithm of the terminal are packaged in the security shield, and a legal terminal user has the security shield and a password (the password is set when the terminal is purchased) entering the security shield. The Bootloader sets a public key, a private key and an encryption and decryption algorithm when leaving a factory, and can also integrate a terminal public key and private key generation system to automatically generate the public key and the private key.
As shown in fig. 6, the method for verifying a machine-flashing provided in the embodiment of the present invention specifically includes the following steps:
when a user needs to swipe the flash, the security shield can be inserted into a USB port (line swipe) of a computer or a USB port (card swipe) of a terminal.
Step 601, the security shield initiates a swiping request to the Bootloader, a terminal security serial number is attached to the request, and if the Bootloader verifies that the terminal hardware serial number is incorrect, the card swiping process is terminated;
step 602, after checking that the serial number of the terminal is correct, the Boot loader generates a verification password D1 according to a preset algorithm, encrypts the verification password into D2 by using a public key, sends D2 to a security shield, and sets a timer T;
step 603, the security shield receives the D2, decrypts the D2 by using a private key to obtain a flash password D3, encrypts the D3 by using the private key to obtain D4, and sends the D4 to the Bootloader;
step 604, if T is overtime, terminating the flashing process; and if the timeout does not exist, the Bootloader receives the D4, decrypts the D4 by using the public key to obtain D5, checks whether the D5 is D1, continues the flash if the D5 is D1, and terminates the flash process if the D5 is not D1.
Based on the above, in this embodiment, the identity information required by the mobile terminal is pre-encapsulated in a security shield manner, when initiating the flashing request, the mobile terminal may generate a verification password according to the identity information, and the security shield obtains the flashing password through the verification password according to a local pre-encryption and decryption mechanism; if the security shield is matched with the mobile terminal, the flashing password and the verification password acquired by the mobile terminal are the same in an encryption and decryption mode. Therefore, the mobile terminal is allowed to be refreshed only when the security end is matched with the mobile terminal through the refreshing information required by the security shield encapsulation, and the situation that the mobile terminal is refreshed randomly can be effectively avoided.
Fifth embodiment
Based on the above, a machine-flushing verification method provided by an embodiment of the invention is provided. In this embodiment, Bootloader integrates a password generation system. The password generation system generates the verification password according to the account number of the user and the hardware serial number of the mobile terminal. As shown in fig. 7, the method specifically includes the following steps:
step 701, when a machine is refreshed, a machine refreshing interface prompts to input a hardware serial number, an account number and a machine refreshing password;
step 702, generating a verification password by the Bootloader according to the hardware serial number and the account number of the terminal; acquiring an input flashing password, and checking whether the verification password is the same as the flashing password or not; if the two are the same, judging that the two are legal, and continuing to flush the machine; otherwise, the machine is terminated if the machine is illegal.
In the embodiment, when the computer is connected through the data line, the information required by the flashing is prompted to be input through the flashing interface of the computer, the Bootloader of the mobile terminal verifies the information required by the flashing according to the preset algorithm, and the flashing can be continuously carried out after the verification is passed. Therefore, in the embodiment, the implementation is simple, the Boot loader of the mobile terminal generates a unique verification password according to the hardware serial number and the account number, and the verification password is compared with the input flashing password, so that the flashing verification can be realized.
Sixth embodiment
The invention provides a flash verification device, which is used for a mobile terminal and comprises the following components as shown in figure 8:
the receiving unit 81 is configured to receive the identification information sent by the security device.
The security device may be a mobile device such as a usb disk with preset flashing information, or a computer terminal with preset flashing information. Optionally, the identification information includes a hardware serial number and/or an account name of the user; the hardware serial number is the unique serial number of the mobile terminal. The account name is the account name required by the mobile terminal manufacturer to provide service for the user.
Optionally, the receiving unit 81 is further configured to:
after receiving the identity identification information sent by the safety equipment, verifying whether the identity identification information is correct or not;
and when the identity identification information is correct, allowing the flashing process, otherwise, terminating the flashing process.
It can be seen that the receiving unit 81 authenticates the identification information sent by the security device, so that the situation that an illegal person performs random flashing can be effectively prevented.
And the generating unit 82 is used for generating the verification password according to the identity information.
When the verification password is generated according to the identification information, the generating unit 82 converts the identification information into the verification password according to a preset algorithm. The preset algorithm here is a mapping algorithm, which transforms data input of arbitrary length into output of fixed length. Such as a hash algorithm. And generating a unique verification password by mapping the hardware serial number and/or the information of the account name of the user.
It can be seen that the generating unit 82 generates the verification password through a preset algorithm, so as to ensure the uniqueness of the verification password and effectively avoid the situation that the verification password is changed randomly and cannot be authenticated.
The verification unit 83 is configured to obtain a flashing password sent by the security device, determine whether the verification password is consistent with the flashing password, and allow the flashing process to continue if the verification password is consistent with the flashing password; otherwise, terminating the flashing process.
Based on the above, in the flashing verification apparatus in this embodiment, it is determined whether the flashing password of the security device is consistent with the verification password generated by the identification information by obtaining the flashing password of the security device, and if so, the flashing is allowed. Therefore, through the flashing verification device, only when the flashing personnel has the password consistent with the verification password, the flashing process is allowed, the safety of flashing is effectively guaranteed, the random flashing behavior of the mobile terminal by illegal personnel is avoided, and the safety guarantee is provided for searching the mobile terminal.
Seventh embodiment
An embodiment of the present invention further provides a device for verifying a machine-flushing, which is used for a mobile terminal based on the foregoing embodiment, and as shown in fig. 9, the device includes the following components:
the receiving unit 81 is configured to receive the identification information sent by the security device.
The security device may be a mobile device such as a usb disk with preset flashing information, or a computer terminal with preset flashing information. Optionally, after receiving the identity information sent by the security device, verifying whether the identity information is correct; and when the identity identification information is correct, allowing the flashing process, otherwise, terminating the flashing process.
Where the identification information includes a hardware serial number and/or an account name of the user.
And the generating unit 82 is used for generating the verification password according to the identity information.
The generating unit 82 generates the verification password according to the identification information, and needs to generate the verification password according to a preset algorithm. The preset algorithm here is a mapping algorithm, which transforms data input of arbitrary length into output of fixed length.
And the encryption unit 84 is configured to encrypt the verification password and send the encrypted data to the security device.
The mobile terminal is preset with an encryption and decryption algorithm. The preset encryption algorithm may be an asymmetric encryption algorithm or a symmetric encryption algorithm. Optionally, an asymmetric encryption algorithm is adopted, the preset public key is used for encrypting the verification password, and the encrypted data is sent to the security device.
Optionally, the machine-refreshing verification apparatus further includes a timing unit, configured to:
setting a timing time after sending the encrypted data to the security device;
judging whether a flashing password of the safety equipment is acquired within the timing time:
if the time is not received within the timing time, the flashing process is terminated; if the timing is received within the time period, the subsequent flow is performed.
The verification unit 83 is configured to obtain a flashing password sent by the security device, determine whether the verification password is consistent with the flashing password, and allow the flashing process to continue if the verification password is consistent with the flashing password; otherwise, terminating the flashing process.
The verification unit 83 is specifically configured to:
and acquiring data obtained by the security equipment through decrypting the encrypted data and encrypting the encrypted data according to a preset encryption and decryption algorithm, and decrypting the data, wherein the decrypted data is the flashing password.
Here, the encryption and decryption algorithms matching those in the mobile terminal are also stored in advance in the secure device. After receiving the encrypted data sent by the mobile terminal, the security device firstly decrypts the encrypted data by using the private key according to a decoding algorithm, encrypts the decrypted data by using the private key according to an encryption algorithm, and sends the encrypted data to the mobile terminal.
And after receiving the data sent by the security device, the mobile terminal decrypts the data by using the public key according to a preset decryption algorithm, wherein the decrypted data is the flashing password.
The private key in the security device and the public key in the mobile terminal are both generated according to the identity information of the mobile terminal, so that the uniqueness of the private key and the public key is ensured.
Based on the above, in this embodiment, the encryption and decryption processing is performed on the verification password by setting the encryption and decryption algorithm in the mobile terminal and the security device and configuring the public key and the private key; only when the algorithms at both ends match, the correct verification information can be obtained. Therefore, the embodiment can effectively ensure the transmission safety of the password and effectively avoid the condition of illegally obtaining the verification password for flashing.
Eighth embodiment
An embodiment of the present invention further provides a device for verifying a machine-flushing, which is used in a security device, and as shown in fig. 10, specifically includes:
a sending unit 101, configured to send identity information to a mobile terminal;
a receiving unit 102, configured to receive encrypted data sent by a mobile terminal; the encrypted data is generated into a verification password by the mobile terminal according to the identity identification information through a preset algorithm, and the data encrypted through the preset encryption algorithm is obtained.
The mobile terminal encrypts the verification password by using the public key according to a preset encryption algorithm and then sends the verification password to the safety equipment.
And the processing unit 103 is used for decrypting and encrypting the encrypted data and then sending the data to the mobile terminal.
Here, the security device and the mobile terminal store a matching encryption and decryption algorithm in advance. After receiving the encrypted data sent by the mobile terminal, the security device firstly decrypts the encrypted data by using the private key according to a decoding algorithm, encrypts the decrypted data by using the private key according to an encryption algorithm, and sends the encrypted data to the mobile terminal.
It can be seen that in this embodiment, the security of the information is ensured by encapsulating the identity information of the mobile terminal and the required encryption algorithm into the security device. When the machine is refreshed, the machine refreshing can be allowed only after the information in the safety equipment is verified through the mobile terminal, so that the condition of illegal machine refreshing can be effectively avoided, and meanwhile, the safety of information and the safety of data transmission are effectively ensured.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (6)
1. A machine-flushing verification method is used for a mobile terminal, and is characterized by comprising the following steps:
receiving identity identification information sent by the safety equipment, verifying whether the identity identification information is correct, allowing the flashing process when the identity identification information is correct, and stopping the flashing process if the identity identification information is not correct;
generating a verification password according to the identity information;
after the verification password is encrypted, sending encrypted data to the safety equipment;
obtaining a flashing password sent by the safety equipment, judging whether the flashing password is consistent with the verification password, and if so, allowing the flashing to continue; the obtaining of the password of flashing a telephone number sent by the security device specifically includes:
acquiring data obtained by the security device decrypting and encrypting the encrypted data according to a preset encryption and decryption algorithm;
and decrypting the data, wherein the decrypted data is the flashing password.
2. The flash verification method of claim 1, wherein after sending the encrypted data to the secure device, the method further comprises:
setting a timing time;
and judging whether the flashing password is acquired within the timing time, and if the flashing password is not acquired, terminating the flashing process.
3. A method for verifying a swipe card is used for a security device, and comprises the following steps:
sending identity identification information to a mobile terminal, verifying whether the identity identification information is correct by the mobile terminal, allowing a flashing process when the identity identification information is correct, and stopping the flashing process if the identity identification information is not correct;
receiving encrypted data sent by the mobile terminal; the encrypted data is data obtained by generating a verification password by the mobile terminal according to the identity identification information through a preset algorithm and encrypting the verification password;
decrypting and encrypting the encrypted data, and sending the processed data to the mobile terminal, wherein the mobile terminal decrypts the processed data, and the decrypted data is a flashing password;
and the mobile terminal judges whether the flashing password is consistent with the verification password, and if so, the mobile terminal is allowed to continue flashing.
4. A machine-swiping verification device for a mobile terminal, comprising:
the receiving unit is used for receiving the identity identification information sent by the safety equipment, verifying whether the identity identification information is correct or not, allowing the flashing process when the identity identification information is correct, and stopping the flashing process if the identity identification information is not correct;
the generating unit is used for generating a verification password by a preset algorithm according to the identity information;
the encryption unit is used for encrypting the verification password by a preset encryption algorithm after the verification password is generated by the preset algorithm according to the identity information and sending the encrypted data to the safety equipment;
the verification unit is used for acquiring the flashing password sent by the safety equipment, judging whether the flashing password is consistent with the flashing password or not, and if so, allowing the flashing to continue;
the verification unit is configured to:
acquiring data after the security equipment decrypts and encrypts the encrypted data;
and decrypting the data, wherein the decrypted data is the flashing password.
5. The flash verification apparatus according to claim 4, wherein the apparatus further comprises a timing unit, configured to set a timing time after the encryption unit sends the encrypted data to the secure device; and judging whether the flashing password is acquired within the timing time, and if the flashing password is not acquired, terminating the flashing process.
6. A brusher verification device for a security apparatus, comprising:
the mobile terminal verifies whether the identity identification information is correct or not, if so, the flashing process is allowed, otherwise, the flashing process is terminated;
a receiving unit, configured to receive encrypted data sent by the mobile terminal; the encrypted data is data obtained by generating a verification password by the mobile terminal according to the identity identification information through a preset algorithm and encrypting the verification password;
the processing unit is used for decrypting and encrypting the encrypted data and sending the processed data to the mobile terminal, the mobile terminal decrypts the processed data, and the decrypted data is the flashing password;
and the mobile terminal judges whether the flashing password is consistent with the verification password, and if so, the mobile terminal is allowed to continue flashing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710201315.6A CN106992857B (en) | 2017-03-30 | 2017-03-30 | Machine-swiping verification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710201315.6A CN106992857B (en) | 2017-03-30 | 2017-03-30 | Machine-swiping verification method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106992857A CN106992857A (en) | 2017-07-28 |
| CN106992857B true CN106992857B (en) | 2020-11-10 |
Family
ID=59411935
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710201315.6A Active CN106992857B (en) | 2017-03-30 | 2017-03-30 | Machine-swiping verification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106992857B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111461913B (en) * | 2020-03-23 | 2022-07-26 | Oppo(重庆)智能科技有限公司 | Monitoring method and device for terminal equipment manufacture, medium and electronic equipment |
| CN114189862A (en) * | 2020-09-14 | 2022-03-15 | 中兴通讯股份有限公司 | Wireless terminal and interface access authentication method of wireless terminal in Uboot mode |
| CN114760621A (en) * | 2022-03-23 | 2022-07-15 | 深圳市普渡科技有限公司 | Terminal flashing method and device, computer equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103501391A (en) * | 2013-10-10 | 2014-01-08 | 上海斐讯数据通信技术有限公司 | Method and system for managing updating behavior of user |
| CN104216742A (en) * | 2014-08-25 | 2014-12-17 | 小米科技有限责任公司 | Upgrade control method and device based on password |
| CN104239099A (en) * | 2014-09-10 | 2014-12-24 | 厦门美图移动科技有限公司 | Mobile phone flushing control method |
| CN106534083A (en) * | 2016-10-31 | 2017-03-22 | 北京小米移动软件有限公司 | Root tool verification method and apparatus |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103905191A (en) * | 2012-12-26 | 2014-07-02 | 阿里巴巴集团控股有限公司 | Verification method applied to mobile terminal, mobile terminal and system |
-
2017
- 2017-03-30 CN CN201710201315.6A patent/CN106992857B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103501391A (en) * | 2013-10-10 | 2014-01-08 | 上海斐讯数据通信技术有限公司 | Method and system for managing updating behavior of user |
| CN104216742A (en) * | 2014-08-25 | 2014-12-17 | 小米科技有限责任公司 | Upgrade control method and device based on password |
| CN104239099A (en) * | 2014-09-10 | 2014-12-24 | 厦门美图移动科技有限公司 | Mobile phone flushing control method |
| CN106534083A (en) * | 2016-10-31 | 2017-03-22 | 北京小米移动软件有限公司 | Root tool verification method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106992857A (en) | 2017-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104902463B (en) | Mobile terminal, multi-card management method of virtual card terminal of mobile terminal and server | |
| US20200084612A1 (en) | System and Method for Multi-SIM Profiles or Embedded SIM | |
| US9647984B2 (en) | System and method for securely using multiple subscriber profiles with a security component and a mobile telecommunications device | |
| US9344882B2 (en) | Apparatus and methods for preventing information disclosure | |
| US20160119143A1 (en) | User identity authenticating method, terminal, and server | |
| CN110557305B (en) | Method, equipment and computer readable storage medium for accessing wireless router | |
| CN111563251B (en) | Encryption method and related device for private information in terminal equipment | |
| US11297176B2 (en) | Remotely controlling devices using short message service | |
| CN106992857B (en) | Machine-swiping verification method and device | |
| CN111918274B (en) | Code number configuration and management method and device, electronic equipment and readable storage medium | |
| WO2020172887A1 (en) | Data processing method, apparatus, smart card, terminal device, and server | |
| KR20160143333A (en) | Method for Double Certification by using Double Channel | |
| CN105282155B (en) | Authority control method, device and system for interaction between terminals | |
| KR20100134892A (en) | Method and system for certificating universal subscriber identity module | |
| CN106101137B (en) | Information processing apparatus and information verification method | |
| US9854444B2 (en) | Apparatus and methods for preventing information disclosure | |
| CN105740728B (en) | Mobile terminal, data encryption or decryption method | |
| CN106686527B (en) | WIFI information identification method and terminal | |
| CN107071769B (en) | Information synchronization security authentication device and method | |
| CN111740980B (en) | Method and device for logging in application, mobile terminal and storage medium | |
| KR101777043B1 (en) | Method for Generating Electronic Signature based on Asynchronous Local Area Radio Communication | |
| CN105574375A (en) | Secure operation method and apparatus | |
| KR101603476B1 (en) | Method for Dual Certification by using Dual Channel | |
| CN114143782A (en) | Method and device for establishing wireless local area network connection | |
| KR20160143336A (en) | Method for Dual Authentication using Dual Channel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20201019 Address after: 322000 no.1-8, building 9, business district, Beiyuan street, Yiwu City, Jinhua City, Zhejiang Province Applicant after: Yiwu Guoxin land planning Consulting Co.,Ltd. Address before: 518057 Guangdong Province, Shenzhen high tech Zone of Nanshan District City, No. 9018 North Central Avenue's innovation building A, 6-8 layer, 10-11 layer, B layer, C District 6-10 District 6 floor Applicant before: NUBIA TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220113 Address after: 322001 2a, science and technology building, No. 968, Xuefeng West Road, Beiyuan street, Yiwu City, Jinhua City, Zhejiang Province (self declaration) Patentee after: Zhejiang Jinguo Intellectual Property Co.,Ltd. Address before: 322000 No. 1-8, building 9, Beiyuan street, Yiwu City, Jinhua City, Zhejiang Province Patentee before: Yiwu Guoxin land planning Consulting Co.,Ltd. |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170728 Assignee: Yiwu ransheng Technology Co.,Ltd. Assignor: Zhejiang Jinguo Intellectual Property Co.,Ltd. Contract record no.: X2022330000311 Denomination of invention: A brush verification method and device Granted publication date: 20201110 License type: Common License Record date: 20220715 |