CN107426235A - Purview certification method, apparatus and system based on device-fingerprint - Google Patents
Purview certification method, apparatus and system based on device-fingerprint Download PDFInfo
- Publication number
- CN107426235A CN107426235A CN201710671447.5A CN201710671447A CN107426235A CN 107426235 A CN107426235 A CN 107426235A CN 201710671447 A CN201710671447 A CN 201710671447A CN 107426235 A CN107426235 A CN 107426235A
- Authority
- CN
- China
- Prior art keywords
- fingerprint
- identifying code
- purview certification
- cryptographic hash
- account number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Collating Specific Patterns (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application is related to field of computer technology, more particularly to a kind of purview certification method, apparatus and system based on device-fingerprint, to solve the unsafe problem of Authority Verification present in prior art.The application mainly includes:The device-fingerprint of the first identifying code received and itself generation is sent to certificate server and carries out double probate by purview certification device, wherein, device-fingerprint is that combination obtains after the cryptographic Hash determined according to multiple hardware informations carries out bit arithmetic, thus, the complexity of character string is added, so as to improve the reliability and accuracy for determining device-fingerprint, the device-fingerprint for avoiding distinct electronic apparatuses from determining duplicates, and ensures the uniqueness of device-fingerprint.Meanwhile the application, for the scheme of Authority Verification is carried out only with short message verification code in the prior art, the level or content of checking are more, and the work that cracks to attacker adds difficulty, improve the security and reliability of purview certification.
Description
Technical field
The application is related to field of computer technology, more particularly to a kind of purview certification method, apparatus based on device-fingerprint
And system.
Background technology
With the rise of internet, being more and more related to the matters such as personal information, issued transaction or property revenue and expenditure can
To complete on the internet.But, it is contemplated that the shared characteristic of internet, there may be hacker attacks attack, therefore, in order to
Ensure the personal information of user and the safety of property etc., need progress user identity to test in most matters processing scene
Card, it can just allow after being verified using corresponding service and account.
However, current subscriber authentication, the usually checking only to user account and password, or also increase has hand
The checking of machine short message verification code, still, once the attacker such as hacker has cracked password corresponding to user account, and blocked using telecommunications
Technology or perturbation technique are cut, or using trojan horse program, intercepts and captures short message verification code;The can user that disguises oneself as passes through user
Authentication, and then user profile is stolen, or even steal user's property.
Therefore, in view of current purview certification scheme and dangerous, needs badly and find a kind of new purview certification scheme.
The content of the invention
The embodiment of the present application provides a kind of purview certification method, apparatus and system based on device-fingerprint, existing to solve
There is unsafe problem present in technology.
The embodiment of the present application uses following technical proposals:
A kind of purview certification method based on device-fingerprint, including:
The purview certification that transmission carries account number is asked to certificate server;
The first identifying code that the certificate server returns is received, first identifying code is relative with the account number
Should;
The first cryptographic Hash and the second cryptographic Hash are determined respectively according to multiple hardware informations of electronic equipment;By respectively to institute
State the first cryptographic Hash and second cryptographic Hash performs the result that bit arithmetic obtains and is combined, be defined as the electronic equipment
Device-fingerprint;
The device-fingerprint and first identifying code are sent to the certificate server, to cause the authentication service
Device carries out the first verification, and the second school of the first identifying code progress after verify successfully first to receiving to the device-fingerprint
Test;
The authority acknowledgement notification that reception second returns after verifying successfully.
Alternatively, before the purview certification request is sent, methods described also includes:
The bind request for carrying account number is sent to certificate server;
The second identifying code that the certificate server returns is received, second identifying code is relative with the account number
Should;
Second identifying code and account number are sent into the certificate server to be verified;
Receive the binding notice that the certificate server is sent after verifying successfully;
The first cryptographic Hash and the second cryptographic Hash are determined respectively according to multiple hardware informations of electronic equipment;By respectively to institute
State the first cryptographic Hash and second cryptographic Hash performs the result that bit arithmetic obtains and is combined, be defined as the electronic equipment
Device-fingerprint, and it is sent to the certificate server.
Alternatively, the first cryptographic Hash and the second cryptographic Hash are determined respectively according to the multiple hardware informations of itself, specific bag
Include:
Remainder processing is carried out respectively to the multiple hardware information, the first character string is determined according to obtained remainder;To institute
State the first character string and carry out Hash operation, obtain first cryptographic Hash;And
Any hardware information that string length meets threshold value is chosen from the multiple hardware information;To any of selection
Hardware information carries out Hash operation, obtains second cryptographic Hash.
Alternatively, each hardware information is corresponding with default remainder algorithm;
Remainder processing is carried out respectively to the multiple hardware information, the first character string is determined according to obtained remainder, specifically
Including:
Corresponding remainder algorithm is searched respectively for each hardware information;
Complementation is carried out to corresponding hardware information according to the remainder algorithm found;
According to default splicing rule, the remainder that the multiple hardware information is carried out after remainder processing is spliced to obtain institute
State the first character string.
Alternatively, the result obtained respectively to first cryptographic Hash and second cryptographic Hash execution bit arithmetic is carried out
Combination, is defined as the device-fingerprint of the electronic equipment, specifically includes:
Bit arithmetic is performed to first cryptographic Hash and obtains the character string of the first presetting digit capacity;
Bit arithmetic is performed to second cryptographic Hash and obtains the character string of the second presetting digit capacity;
The character string of the character string of first presetting digit capacity and second presetting digit capacity head and the tail are spliced to form new
Character string, the device-fingerprint as the electronic equipment.
A kind of purview certification method based on device-fingerprint, including:
Receive the purview certification request for carrying account number;
Generation first identifying code corresponding with the account number, and it is sent to purview certification device;
The device-fingerprint and the first identifying code for carrying account number are received, the first verification is carried out to the device-fingerprint,
And the second verification is carried out after being verified successfully first to first identifying code;
After being verified successfully second authority acknowledgement notification is returned to the purview certification device.
Alternatively, the first verification is carried out to the device-fingerprint, and to first identifying code after being verified successfully first
The second verification is carried out, is specifically included:
Lookup is stored in local and the device-fingerprint of identical account number with the device-fingerprint be present, according to what is found
Device-fingerprint verifies to the device-fingerprint;
Lookup is stored in local and the first identifying code of identical account number with first identifying code be present, and will search
To the first identifying code verified with first identifying code.
Alternatively, before the purview certification request is received, methods described also includes:
Receive the bind request for carrying account number;
Generation second identifying code corresponding with the account number, and it is sent to purview certification device;
Second identifying code and corresponding account number are received, and second identifying code is verified;
Binding notice is sent after verifying successfully to the purview certification device;
Receive the device-fingerprint that the purview certification device is sent.
A kind of purview certification device, including:
First transmitting element, the purview certification that account number is carried for sending are asked to certificate server;
First receiving unit, the first identifying code returned for receiving the certificate server, first identifying code with
The account number is corresponding;
Determining unit, for determining the first cryptographic Hash and the second Hash respectively according to multiple hardware informations of electronic equipment
Value;The result obtained respectively to first cryptographic Hash and second cryptographic Hash execution bit arithmetic is combined, is defined as
The device-fingerprint of the electronic equipment;
First transmitting element, it is additionally operable to the device-fingerprint and first identifying code being sent to the certification clothes
It is engaged in device, to cause the certificate server to carry out the first verification to the device-fingerprint, and to reception after verify successfully first
The first identifying code arrived carries out the second verification;
First receiving unit, it is additionally operable to the authority acknowledgement notification returned after reception second verifies successfully.
A kind of purview certification server, including:
Second receiving unit, the purview certification request of account number is carried for receiving;
Second transmitting element, for generating first identifying code corresponding with the account number, and it is sent to authority and recognizes
Card device;
Second receiving unit, it is additionally operable to receive the device-fingerprint and the first identifying code for carrying account number, to institute
State device-fingerprint and carry out the first verification, and the second verification is carried out to first identifying code after being verified successfully first;
Second transmitting element, it is additionally operable to after verifying successfully second return to authority confirmation to the purview certification device
Notice.
A kind of purview certification system, including:Purview certification device and purview certification server;Wherein,
The purview certification device, the purview certification that account number is carried for sending ask, to certificate server, to connect
The first identifying code that the certificate server returns is received, first identifying code is corresponding with the account number, according to electronics
Multiple hardware informations of equipment determine the first cryptographic Hash and the second cryptographic Hash respectively;By respectively to first cryptographic Hash and institute
State the result that the second cryptographic Hash execution bit arithmetic obtains to be combined, be defined as the device-fingerprint of the electronic equipment, by described in
Device-fingerprint is sent to the certificate server with first identifying code, to cause the certificate server to refer to the equipment
Line carries out the first verification, and carries out second to the first identifying code received after verify successfully first and verify, the second school of reception
Test the authority acknowledgement notification successfully returned afterwards;
The purview certification server, the purview certification request of account number, generation and the account are carried for receiving
Number corresponding the first identifying code of mark, and be sent to purview certification device, receive the device-fingerprint that carries account number and
First identifying code, the first verification is carried out to the device-fingerprint, and first identifying code is carried out after being verified successfully first
Second verification, authority acknowledgement notification is returned to after being verified successfully second to the purview certification device.
Above-mentioned at least one technical scheme that the embodiment of the present application uses can reach following beneficial effect:
The information exchange being related in Pass through above-mentioned technical proposal understands that terminal device is by the first identifying code and device-fingerprint
It is sent to certificate server and carries out purview certification, just contains two layers of certification among these, first layer is the checking of device-fingerprint, if
Compare identical then first layer to verify successfully, carry out the verification of second layer checking, i.e. the first identifying code again;Device-fingerprint therein
By taking remainder to handle hardware information, add the obtained complexity of character string, meanwhile, also subsequently to obtain
One cryptographic Hash and the second cryptographic Hash carry out bit arithmetic processing respectively, have further upset the proper string of hardware information, lifting
The complexity for the character string determined, the device-fingerprint for avoiding distinct electronic apparatuses from determining duplicate.So as to improve really
Determine the reliability and accuracy of the device-fingerprint of electronic equipment, ensure the uniqueness of device-fingerprint;And then device-fingerprint is only
The lifting of one property necessarily strengthens verification difficulty, after only bilayer verifies successfully, just can confirm that purview certification by subsequently may be used
To carry out payment cipher checking or login password authentication etc. according to specific service content.It can be seen that the application is compared to existing skill
For the scheme for carrying out Authority Verification in art only with short message verification code, the level or content of checking are more, to the broken of attacker
Solution work adds difficulty, improves the security and reliability of purview certification, and then, ensure that user uses property during service
Can safety and information security.
Brief description of the drawings
Accompanying drawing described herein is used for providing further understanding of the present application, forms the part of the application, this Shen
Schematic description and description please is used to explain the application, does not form the improper restriction to the application.In the accompanying drawings:
System architecture schematic diagram under the application scenarios that Fig. 1 is applicable by purview certification scheme in the application;
Fig. 2 is one of step schematic diagram of purview certification method that the embodiment of the present application provides;
Fig. 3 is the two of the step schematic diagram for the purview certification method that the embodiment of the present application provides;
Fig. 4 is the three of the step schematic diagram for the purview certification method that the embodiment of the present application provides;
Fig. 5 is the four of the step schematic diagram for the purview certification method that the embodiment of the present application provides;
Fig. 6 is one of interaction diagrams of purview certification method that the embodiment of the present application provides;
Fig. 7 is the two of the interaction diagrams for the purview certification method that the embodiment of the present application provides;
Fig. 8 is the module diagram for the purview certification device that the embodiment of the present application provides;
Fig. 9 is the module diagram for the certificate server that the embodiment of the present application provides;
Figure 10 is the structural representation for the purview certification system that the embodiment of the present application provides.
Embodiment
To make the purpose, technical scheme and advantage of the application clearer, below in conjunction with the application specific embodiment and
Technical scheme is clearly and completely described corresponding accompanying drawing.Obviously, described embodiment is only the application one
Section Example, rather than whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing
Go out under the premise of creative work the every other embodiment obtained, belong to the scope of the application protection.
Below in conjunction with accompanying drawing, the technical scheme that each embodiment of the application provides is described in detail.
In this application, involved scheme is primarily adapted for use in the scene of purview certification, such as:Bank transaction, account
Login, bill payment etc. involve the need for the practical scene verified to subscriber identity information.
Further, involved purview certification scheme is applicable to the system architecture shown in Fig. 1, and the system mainly includes:
Terminal device 11, certificate server 12, wherein, certificate server 12 compatible can be implemented to operate corresponding service in user
In device, for example, be deployed in banking system server, or, it is deployed in the login system server of certain chat tool;
In addition, certificate server 12 is it is also understood that be banking system server or the login system server of certain chat tool.Eventually
End equipment 11 and certificate server 12 carry out information exchange by the wireless communication link or wired communications links established, with reality
The certification of the user right of service request is now carried out to using terminal equipment 11.
The purview certification scheme involved by the application is described in detail with reference to embodiment, it is necessary to illustrate,
The all the elements being related to below are only as explaining that application scheme is proposed, not to the usage scenario and implementation of scheme
It is defined.
Embodiment one
The purview certification method and step schematic diagram of the embodiment of the present application offer is provided, is based primarily upon device-fingerprint
Purview certification is carried out, the executive agent of this method is purview certification device, and the application is mainly said by taking terminal device as an example
It is bright, such as can be that mobile phone, pad or other computer equipments, this method mainly include the following steps that:
Step 21:The purview certification that transmission carries account number is asked to certificate server.
Wherein, the account number that this step 21 is related to can be understood as distinguishing the mark of user, such as:Cell-phone number,
Identification card number etc., or sequence number, the Quick Response Code that can distinguish user generated according to user profile etc..
In addition, the purview certification request in this step can be sent out by user when being logged in or carrying out and the service request such as pay
Rise, purview certification request specifically the control of display interface can be clicked on according to user or phonetic entry generates.
Step 22:Receive the first identifying code that certificate server returns, first identifying code and the account number phase
It is corresponding.
Wherein, taken in certificate server side, the purview certification request that first identifying code receives with certificate server
The account number of band is corresponding.And first identifying code can specifically include any row of the character such as numeral, letter, additional character
Row combination, can also be individually comprising digital either letter or additional character;And comprising number of characters it is unlimited.For example, first
Identifying code can be:1ac4.
Step 23:The first cryptographic Hash and the second cryptographic Hash are determined respectively according to multiple hardware informations of electronic equipment;Will
The result that bit arithmetic obtains is performed to first cryptographic Hash and second cryptographic Hash respectively to be combined, is defined as the electricity
The device-fingerprint of sub- equipment.
In the embodiment of the present application, involved hardware information can be the character string of preset length, these character strings
It can be the combination of letter or number.Wherein, multiple hardware informations in electronic equipment can include:Equipment mainboard information, it is
System customization business information, cpu instruction collection information, device parameter information, hardware manufacturer information, mobile-phone manufacturers information.Illustrate
Bright, equipment mainboard information can be equipment mainboard sequence number, such as:201700004563;Or equipment mainboard sequence number is with setting
The sequence number that standby motherboard manufacturers mark is spliced to form, such as:201700004563HWP2, wherein, 201700004563 be to set
Standby mainboard sequence number, HWP2 identify for equipment manufacturers.And hardware manufacturer information refers to the manufacturer of the electronic equipment,
Identified different from equipment motherboard manufacturers involved in equipment mainboard information.
Alternatively, this step 23 is determining the first cryptographic Hash and the second Hash respectively according to the multiple hardware informations of itself
During value, specific perform is:
The first step, remainder processing is carried out to the multiple hardware information respectively, and the first character is determined according to obtained remainder
String;Hash operation is carried out to first character string, obtains first cryptographic Hash;And
Second step, any hardware information that string length meets threshold value is chosen from the multiple hardware information;To choosing
Any hardware information taken carries out Hash operation, obtains second cryptographic Hash.
In fact, in this application, a variety of remainder algorithms can be prestored, and each hardware information is corresponding with accordingly in advance
If remainder algorithm;For example, it may be take the remainder the remainder algorithm for 0, take the remainder remainder algorithm etc. for 3;Wherein, remainder is calculated
The type of method can be more than the type of hardware information, in this manner it is ensured that the remainder mode of hardware information is more flexible, and can be with
Adjustment.The type of remainder algorithm might be less that the type of hardware information, then, multiple hardware informations can be preset and be used in conjunction with
A kind of remainder algorithm, and other hardware informations can use another or a variety of remainder algorithms.In fact, remainder algorithm
Type can also be equal to the type of hardware information, and so, remainder algorithm maps one by one with hardware information.
Mapping relations one by one referred to above or one-to-many, many-to-one mapping relations, can be stored in one kind
In table, record has the mark and the corresponding relation of corresponding remainder algorithm of hardware information in the table, such as:Equipment in hardware information
Mainboard information can be marked as a, and this remainder algorithm tag for 0 that takes the remainder in remainder algorithm is A, and both mutually map
It is corresponding.
According to the above-mentioned involved mapping relations to prestore, the first step is carrying out remainder respectively to the multiple hardware information
Processing, when determining the first character string according to obtained remainder, specific perform is:
(1) corresponding remainder algorithm is searched respectively for each hardware information;Specifically can according to the mapping relations to prestore, according to
The corresponding remainder algorithm of the identifier lookup of hardware information.
(2) complementation is carried out to corresponding hardware information according to the remainder algorithm found.
A kind of remainder processing:Multiple hardware informations find identical remainder algorithm, then, these hardware informations are taken
Identical remainder processing mode, obtain the remainder of corresponding each hardware information.
Another remainder processing:Multiple hardware informations find different remainder algorithms, then, searched respectively according to respective
The remainder algorithm arrived carries out remainder processing, obtains the remainder of corresponding each hardware information.
(3) according to default splicing rule, the remainder that the multiple hardware information is carried out after remainder processing splice
To first character string.
In fact, in this application, presetting splicing rule can set according to the demand of user, for example, according to hardware information
String length conduct splicing order from long to short, stitching portion is carried out to remainder corresponding to obtained multiple hardware informations
Reason.So, the character string that an information is upset and has certain length is just obtained, is defined as the first character string.
Thus, handled by above-mentioned remainder, the character string information of hardware information can be upset according to pre-defined rule, is had
There is the first character string of certain complexity, the character string is handled by remainder, and is possible to the processing by different remainder algorithms,
Therefore, the complexity of the character string obtained is higher, and the uniqueness of the first character string obtained using aforesaid way is more reliable,
Hardly there is the situation that distinct electronic apparatuses obtain identical first character string.
In fact, it is contemplated that the string length of hardware information, the accuracy and reliability of device-fingerprint are have impact on, if character
String length is longer, then the repetitive rate of the hardware information of distinct electronic apparatuses will be than relatively low, conversely, string length is shorter, that
The repetitive rate of the hardware information of distinct electronic apparatuses will be higher.It is thereby possible to select the hardware that string length is most long
Information, to determine the second cryptographic Hash.In second step threshold value can with empirically determined, or with any length, such as sixteen bit,
As threshold value.The hardware information that every string length is more than sixteen bit can serve as determining that the hardware of the second cryptographic Hash is believed
Breath, then therefrom selects a selection.
It should be noted that in this application, the order of the first step and second step can be with unlimited, i.e., two steps can be same
Shi Zhihang, the content that can also first carry out second step perform the content of the first step again.
In fact, by the processing of above-mentioned remainder algorithm, and the first cryptographic Hash to obtaining and the second cryptographic Hash are carried out respectively
Bit arithmetic, afterwards, the result for carrying out bit arithmetic respectively is combined, is defined as the device-fingerprint of electronic equipment, due to using
Remainder algorithm, and the processing of hash algorithm twice has been carried out respectively, therefore, obtained character can be lifted to a certain extent
Reliability, the accuracy of string (device-fingerprint), ensure the uniqueness of device-fingerprint.
Alternatively, in this application, by respectively to first cryptographic Hash and second cryptographic Hash in above-mentioned steps 23
Perform the result that bit arithmetic obtains to be combined, be defined as the device-fingerprint of the electronic equipment, a kind of relatively good implementation:It is right
First cryptographic Hash performs bit arithmetic and obtains the character string of the first presetting digit capacity;Bit arithmetic is performed to second cryptographic Hash to obtain
To the character string of the second presetting digit capacity;The character string of the character string of first presetting digit capacity and second presetting digit capacity is first
Tail is spliced to form new character string, is defined as the device-fingerprint of the electronic equipment.
Specifically, it is assumed that after the first cryptographic Hash C carries out the bit arithmetic of 32, obtain the character string of one 8;It is meanwhile right
First cryptographic Hash C carries out the bit arithmetic of 16, obtains the character string of one 4.Bit arithmetic twice is being carried out to the first cryptographic Hash C
Afterwards, the character string of one 12 is combined as, the character string C ' as the first presetting digit capacity.
Assuming that carrying out the bit arithmetic of 64 for the second cryptographic Hash D, the character string of one 12 is obtained;Meanwhile to second
Cryptographic Hash D carries out the bit arithmetic of 32, obtains the character string of one 8.After bit arithmetic twice is carried out to the second cryptographic Hash D,
The character string of one 20 is combined as, the character string D ' as the second presetting digit capacity.
Finally, character string C ' and character string D ' is subjected to head and the tail and is spliced to form new character string F, character string F is institute
The device-fingerprint for the electronic equipment to be determined.Wherein, head and the tail splicing order can according to first, second order, or according to
Default splicing order.
Thus, in technical scheme, by taking remainder to handle hardware information, obtained character string is added
Complexity, meanwhile, bit arithmetic processing is subsequently also being carried out respectively to obtained the first cryptographic Hash and the second cryptographic Hash, further
The proper string of hardware information is upset, has lifted the complexity for the character string determined, avoid distinct electronic apparatuses from determining
Device-fingerprint duplicate.So as to improve the reliability and accuracy of the device-fingerprint for determining electronic equipment, ensure to set
The uniqueness of standby fingerprint.
Step 24:The device-fingerprint and first identifying code are sent to the certificate server, it is described to cause
Certificate server carries out the first verification to the device-fingerprint, and the first identifying code received is entered after being verified successfully first
Row second verifies.
Step 25:The authority acknowledgement notification that reception second returns after verifying successfully.
In fact, authority acknowledgement notification here is only to confirm feedback to the authority of user, informs that user is smooth
By purview certification, or corresponding service is carried out after by purview certification, for example, confirming to pay, confirming to log in
Deng.
The information exchange being related in Pass through above-mentioned technical proposal understands that terminal device is by the first identifying code and device-fingerprint
It is sent to certificate server and carries out purview certification, just contains two layers of certification among these, first layer is the checking of device-fingerprint, if
Compare identical then first layer to verify successfully, carry out the verification of second layer checking, i.e. the first identifying code again;Device-fingerprint therein
By taking remainder to handle hardware information, add the obtained complexity of character string, meanwhile, also subsequently to obtain
One cryptographic Hash and the second cryptographic Hash carry out bit arithmetic processing respectively, have further upset the proper string of hardware information, lifting
The complexity for the character string determined, the device-fingerprint for avoiding distinct electronic apparatuses from determining duplicate.So as to improve really
Determine the reliability and accuracy of the device-fingerprint of electronic equipment, ensure the uniqueness of device-fingerprint;And then device-fingerprint is only
The lifting of one property necessarily strengthens verification difficulty, after only bilayer verifies successfully, just can confirm that purview certification by subsequently may be used
To carry out payment cipher checking or login password authentication etc. according to specific service content.It can be seen that the application is compared to existing skill
For the scheme for carrying out Authority Verification in art only with short message verification code, the level or content of checking are more, to the broken of attacker
Solution work adds difficulty, improves the security and reliability of purview certification, and then, ensure that user uses property during service
Can safety.Moreover, in this application, device-fingerprint is not stored in terminal device, but it is sent to completing binding
Just removed after certificate server, in subsequent authentication, regenerate identical device-fingerprint and be sent in company with the first identifying code and recognized
Demonstrate,prove server and carry out Authority Verification.So as to, avoid being stored in and maliciously rewritten in terminal device, the safety of lifting means fingerprint
Property.
Alternatively, before step 21, shown in reference picture 3, the purview certification method also includes:
Step 31:The bind request for carrying account number is sent to certificate server;
Step 32:Receive the second identifying code that the certificate server returns, second identifying code and the account mark
Sensible correspondence;
Step 33:Second identifying code and account number are sent into the certificate server to be verified;
Step 34:Receive the binding notice that the certificate server is sent after verifying successfully;
Step 35:The first cryptographic Hash and the second cryptographic Hash are determined respectively according to multiple hardware informations of electronic equipment;Will
The result that bit arithmetic obtains is performed to first cryptographic Hash and second cryptographic Hash respectively to be combined, is defined as the electricity
The device-fingerprint of sub- equipment, and it is sent to the certificate server.
It should be noted that in this application, device-fingerprint need not store, and generate in real time according to demand,
Therefore, after certificate server is sent to, purview certification server side not retaining device fingerprint.
Alternatively, in the step 22 of the application, the first identifying code that certificate server returns is received, can specifically be passed through
The mode of base station passback is realized.For example, the first identifying code is sent to base station by certificate server, base station is by searching corresponding hand
Machine number (can be used as account number), and SMS notification or verbal announcement are sent for terminal device corresponding to the cell-phone number.In fact, this Shen
Please in the first identifying code transmission means be not limited to using base station return by the way of, can also include others with communication link
Based on transmission means.
Another purview certification method and step schematic diagram of the embodiment of the present application offer is provided, is based primarily upon equipment
Fingerprint carries out purview certification, and the executive agent of this method is certificate server, is mainly included:
Step 41:Receive the purview certification request for carrying account number.
It should be noted that the account number can be certified server identification, and use is matched according to the account number
Wish the content of certification in family.For example, in bank transaction scene, the account number can be cell-phone number, and the cell-phone number can be adjoint
Client-initiated pays request and is sent to certificate server in the lump, and certificate server matches user according to cell-phone number and set in the early time
The bank card information for being used to pay, paid in order to carry out follow-up confirmation.
Step 42:Generation first identifying code corresponding with the account number, and it is sent to purview certification device.
In fact, in this step, certificate server can generate the first identifying code at random, the form of first identifying code with it is upper
The form stated in scheme corresponding to Fig. 2 is identical.
Step 43:Receive and carry the device-fingerprint and the first identifying code of account number, the is carried out to the device-fingerprint
One verification, and the second verification is carried out to first identifying code after being verified successfully first.
Alternatively, the step 43 is carrying out the first verification to the device-fingerprint, and to first after being verified successfully first
When identifying code carries out the second verification, it can specifically perform and be:Lookup is stored in local and identical account be present with the device-fingerprint
The device-fingerprint of mark, the device-fingerprint is verified according to the device-fingerprint found;Lookup be stored in it is local and with
There is the first identifying code of identical account number in first identifying code, and the first identifying code found and described first are tested
Card code is verified.
In this application, the device-fingerprint and the first identifying code that certificate server receives, and uncertain is account
Whether terminal device is sent corresponding to mark, therefore prestored before to should account, it is necessary to be searched according to account number
The device-fingerprint of mark, if search less than, then determine this purview certification request be illegal, do not allow send ask use
Enjoy further service in family.If finding, verification twice important in the application is proceeded by:
Verify for the first time:According to account number search whether prestore before to should account number device-fingerprint, if
It is illegal to search less than the request of, it is determined that this purview certification, if finding, by the device-fingerprint found with receiving
Device-fingerprint be compared, if identical, verify successfully, it is allowed to which the first identifying code received is verified;Otherwise, school
Test failure.
Second of verification:According to account number search whether prestore before to should account number the first identifying code,
If it is illegal to search less than the request of, it is determined that this purview certification, if finding, by the first identifying code found with connecing
The first identifying code received is compared, if identical, verifies successfully, it is determined that passing through purview certification, it is allowed to carries out follow-up account
Single payment or account log in.Otherwise, verification failure.
In fact, after each verification failure, the notice of authority authentification failure can be returned to terminal device.
Step 44:After being verified successfully second authority acknowledgement notification is returned to the purview certification device.
It should be noted that in this application, after second verifies successfully, you can confirm purview certification success, it is allowed to use
Family carries out corresponding service.Generally, above-mentioned purview certification process can be carried out before user's initiating business request.Its
It is real, it is contemplated that purview certification and service request may thus to be kept apart, then even if purview certification, by rear, hacker also may be used
With by being attacked in the service request stage.Therefore, can combine service request with purview certification, i.e., sent out in user
Think to have initiated purview certification request simultaneously when playing service request, meanwhile, while terminal device returns to identifying code
Also business information can be submitted, such as:Bill details and payment cipher;The account pet name and login password etc..So, it is sent to certification
Server, and pass through in certificate server purview certification rear, you can bill payment is carried out according to business information or account logs in industry
Business.
Therefore, the authority acknowledgement notification returned in this step, it can be understood as only sent after by purview certification
Notification message, such as:" purview certification success!" or, it is understood that to be by purview certification and progress business processing
The notification message sent afterwards, such as:" pay successfully!", the successful information of purview certification is implied with here.
Alternatively, before step 41, shown in reference picture 5, methods described also includes:
Step 51:Receive the bind request for carrying account number;
Step 52:Generation second identifying code corresponding with the account number, and it is sent to purview certification device;
Step 53:The second identifying code and corresponding account number are received, and second identifying code is verified;
Step 54:Binding notice is sent after verifying successfully to the purview certification device;
Step 55:Receive the device-fingerprint that the purview certification device is sent.
Below by taking specific application scenarios as an example, above-mentioned purview certification scheme is further illustrated.
Shown in reference picture 6, for the interaction diagrams of purview certification in bank transaction scene, the interaction scenarios of the purview certification
In mainly include:Terminal device (being deployed with apparatus bound device) A, bank server B, security server C, base station D.It is specific real
Existing flow is as follows:
Step 601:Terminal device A initiates to pay request, it is desirable to Pay Bill a;
Step 602:Bank server B generates the first identifying code, and sends;
Step 603:Base station D sends the first identifying code by short message or voice;
Step 604:Terminal device A confirms payment cipher and bill a;
Step 605:First identifying code and device-fingerprint are sent to server C by terminal device A;Simultaneously to bank server
B sends payment cipher and bill a;The step of the identifying code of transmission first shown in (two transmit the transmission for having account number) figure
Suddenly there is sequencing with sending payment cipher and bill a the step of, but actually both sequencings do not limit.
Step 606:Security server C calibration equipment fingerprints;
Specifically, in this step, security server C equipment according to corresponding to account number finds the account number refers to
Line, verification is compared with the device-fingerprint received for the device-fingerprint found.
Step 607:Security server C sends the first identifying code after device-fingerprint verifies successfully;
Step 608:Bank server B is first according to corresponding to the account number received before finds the account number
Identifying code, verification is compared with the first identifying code received in the first identifying code found.In fact, this step can be with
Payment cipher is verified simultaneously.So as to it increase the reliability and security of verification.
Step 609:After the first identifying code and payment cipher verify successfully, the bill payment is completed, and returns to payment
Acknowledgement notification.
Shown in reference picture 7, the interaction diagrams of purview certification in scene, the interaction scenarios of the purview certification are logged in for account
In mainly include:Terminal device (being deployed with apparatus bound device) A, service server B, security server C, base station D.It is specific real
Existing flow is as follows:
Step 701:Terminal device A initiates logging request;
Step 702:Service server B generates the first identifying code, and sends;
Step 703:Base station D sends the first identifying code by short message or voice;
Step 704:Terminal device A confirms login password;
Step 705:First identifying code, device-fingerprint and login password are sent to security server C by terminal device A;
Step 706:Security server C calibration equipment fingerprints;
Specifically, in this step, security server C equipment according to corresponding to account number finds the account number refers to
Line, verification is compared with the device-fingerprint decrypted for the device-fingerprint found.
Step 707:Security server C sends the first identifying code and login password after device-fingerprint verifies successfully;
Step 708:Bank server B is first according to corresponding to the account number received before finds the account number
Identifying code, verification is compared with the first identifying code received in the first identifying code found.Simultaneously also to login password
Verified.So as to it increase the reliability and security of verification.
Step 709:After the first identifying code and login password verify successfully, bill login is completed, and return to login
Acknowledgement notification.
Embodiment two
Belong to same inventive concept with above-mentioned purview certification method, present invention also provides the device for performing the above method.
Shown in reference picture 8, a kind of purview certification device, including:
First transmitting element 81, the purview certification that account number is carried for sending are asked to certificate server;
First receiving unit 82, the first identifying code returned for receiving the certificate server, first identifying code
It is corresponding with the account number;
Determining unit 83, for determining the first cryptographic Hash and the second Kazakhstan respectively according to multiple hardware informations of electronic equipment
Uncommon value;The result obtained respectively to first cryptographic Hash and second cryptographic Hash execution bit arithmetic is combined, it is determined that
For the device-fingerprint of the electronic equipment;
First transmitting element 81, it is additionally operable to the device-fingerprint and first identifying code being sent to the certification
Server, to cause the certificate server to carry out the first verification to the device-fingerprint, and docked after being verified successfully first
The first identifying code received carries out the second verification;
First receiving unit 82, it is additionally operable to the authority acknowledgement notification returned after reception second verifies successfully.
Alternatively, first transmitting element 81, it is additionally operable to before the purview certification request is sent, transmission carries
The bind request of account number is to certificate server;First receiving unit 82, it is additionally operable to receive the certificate server and returns
The second identifying code returned, second identifying code are corresponding with the account number;First transmitting element 81, be additionally operable to by
Second identifying code and account number are sent to the certificate server and verified;First receiving unit 82, use
In the binding notice that the reception certificate server is sent after verifying successfully;First transmitting element 81, for according to electricity
Multiple hardware informations of sub- equipment determine the first cryptographic Hash and the second cryptographic Hash respectively;By respectively to first cryptographic Hash and
Second cryptographic Hash performs the result that bit arithmetic obtains and is combined, and is defined as the device-fingerprint of the electronic equipment, concurrently
Give the certificate server.
Alternatively, the determining unit 83 is determining the first cryptographic Hash and respectively according to the multiple hardware informations of itself
During two cryptographic Hash, it is specifically used for:Remainder processing is carried out respectively to the multiple hardware information, first is determined according to obtained remainder
Character string;Hash operation is carried out to first character string, obtains first cryptographic Hash;And for from the multiple hard
Any hardware information that string length meets threshold value is chosen in part information;Hash fortune is carried out to any hardware information of selection
Calculate, obtain second cryptographic Hash.
Alternatively, each hardware information is corresponding with default remainder algorithm;The determining unit 83 is to described more
Individual hardware information carries out remainder processing respectively, when determining the first character string according to obtained remainder, is specifically used for:For each hardware
Information searches corresponding remainder algorithm respectively;Complementation is carried out to corresponding hardware information according to the remainder algorithm found;Press
According to default splicing rule, the remainder that the multiple hardware information is carried out after remainder processing is spliced to obtain first character
String.
Alternatively, the determining unit will perform bit arithmetic to first cryptographic Hash and second cryptographic Hash respectively
Obtained result is combined, and when being defined as the device-fingerprint of the electronic equipment, is specifically used for:First cryptographic Hash is held
Line position computing obtains the character string of the first presetting digit capacity;Bit arithmetic is performed to second cryptographic Hash and obtains the second presetting digit capacity
Character string;The character string of the character string of first presetting digit capacity and second presetting digit capacity head and the tail are spliced to form new word
Symbol string, the device-fingerprint as the electronic equipment.
As shown in figure 9, the module diagram of the purview certification server provided for the embodiment of the present application, the certificate server
Including:
Second receiving unit 91, the purview certification request of account number is carried for receiving;
Second transmitting element 92, for generating first identifying code corresponding with the account number, and it is sent to authority
Authentication device;
Second receiving unit 91, it is additionally operable to receive the device-fingerprint and the first identifying code for carrying account number, it is right
The device-fingerprint carries out the first verification, and the second verification is carried out to first identifying code after being verified successfully first;
Second transmitting element 92, it is additionally operable to after being verified successfully second true to purview certification device return authority
Recognize notice.
Alternatively, second receiving unit 91 to the device-fingerprint carry out first verification, and first verification into
When carrying out the second verification to first identifying code after work(, it is specifically used for:
Lookup is stored in local and the device-fingerprint of identical account number with the device-fingerprint be present, according to what is found
Device-fingerprint verifies to the device-fingerprint;
Lookup is stored in local and the first identifying code of identical account number with first identifying code be present, and will search
To the first identifying code verified with first identifying code.
Alternatively, second receiving unit 91 is additionally operable to reception and carried before the purview certification request is received
The bind request of account number;And second transmitting element 92, for generating second corresponding with the account number
Identifying code, and it is sent to purview certification device;And second receiving unit 91, for second identifying code and phase
Corresponding account number, and second identifying code is verified;And second transmitting element 92, for verifying
Binding notice is sent after success to the purview certification device;And second receiving unit 91, for receiving the authority
The device-fingerprint that authentication device is sent.
Embodiment three
The embodiment of the present application additionally provides a kind of purview certification system, shown in reference picture 10, including:Purview certification device
1001 and certificate server 1002;Wherein,
The purview certification device 1001, the purview certification that account number is carried for sending are asked to authentication service
Device;The first identifying code that the certificate server returns is received, first identifying code is corresponding with the account number;According to
Multiple hardware informations of electronic equipment determine the first cryptographic Hash and the second cryptographic Hash respectively;By respectively to first cryptographic Hash
The result obtained with second cryptographic Hash execution bit arithmetic is combined, and is defined as the device-fingerprint of the electronic equipment;Will
The device-fingerprint is sent to the certificate server with first identifying code, to cause the certificate server to be set to described
Standby fingerprint carries out the first verification, and the first identifying code progress second received is verified after verify successfully first;Receive the
Two verify successfully after the authority acknowledgement notification that returns;
The purview certification server 1002, the purview certification request of account number is carried for receiving;Generation and institute
The first corresponding identifying code of account number is stated, and is sent to purview certification device;The equipment that reception carries account number refers to
Line and the first identifying code, the first verification is carried out to the device-fingerprint, and to first identifying code after being verified successfully first
Carry out the second verification;After being verified successfully second authority acknowledgement notification is returned to the purview certification device.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net
Network interface and internal memory.
Internal memory may include computer-readable medium in volatile memory, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moved
State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus
Or any other non-transmission medium, the information that can be accessed by a computing device available for storage.Define, calculate according to herein
Machine computer-readable recording medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability
Comprising so that process, method, commodity or equipment including a series of elements not only include those key elements, but also wrapping
Include the other element being not expressly set out, or also include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that wanted including described
Other identical element also be present in the process of element, method, commodity or equipment.
Embodiments herein is the foregoing is only, is not limited to the application.For those skilled in the art
For, the application can have various modifications and variations.All any modifications made within spirit herein and principle, it is equal
Replace, improve etc., it should be included within the scope of claims hereof.
Claims (11)
- A kind of 1. purview certification method based on device-fingerprint, it is characterised in that including:The purview certification that transmission carries account number is asked to certificate server;The first identifying code that the certificate server returns is received, first identifying code is corresponding with the account number;The first cryptographic Hash and the second cryptographic Hash are determined respectively according to multiple hardware informations of electronic equipment;By respectively to described One cryptographic Hash and second cryptographic Hash perform the result that bit arithmetic obtains and are combined, and are defined as the equipment of the electronic equipment Fingerprint;The device-fingerprint and first identifying code are sent to the certificate server, to cause the certificate server pair The device-fingerprint carries out the first verification, and the first identifying code progress second received is verified after verify successfully first;The authority acknowledgement notification that reception second returns after verifying successfully.
- 2. the method as described in claim 1, it is characterised in that before the purview certification request is sent, methods described is also Including:The bind request for carrying account number is sent to certificate server;The second identifying code that the certificate server returns is received, second identifying code is corresponding with the account number;Second identifying code and account number are sent into the certificate server to be verified;Receive the binding notice that the certificate server is sent after verifying successfully;The first cryptographic Hash and the second cryptographic Hash are determined respectively according to multiple hardware informations of electronic equipment;By respectively to described One cryptographic Hash and second cryptographic Hash perform the result that bit arithmetic obtains and are combined, and are defined as the equipment of the electronic equipment Fingerprint, and it is sent to the certificate server.
- 3. method as claimed in claim 1 or 2, it is characterised in that determine first respectively according to the multiple hardware informations of itself Cryptographic Hash and the second cryptographic Hash, are specifically included:Remainder processing is carried out respectively to the multiple hardware information, the first character string is determined according to obtained remainder;To described One character string carries out Hash operation, obtains first cryptographic Hash;AndAny hardware information that string length meets threshold value is chosen from the multiple hardware information;To any hardware of selection Information carries out Hash operation, obtains second cryptographic Hash.
- 4. method as claimed in claim 3, it is characterised in that each hardware information is corresponding with default remainder algorithm;Remainder processing is carried out respectively to the multiple hardware information, the first character string is determined according to obtained remainder, specifically included:Corresponding remainder algorithm is searched respectively for each hardware information;Complementation is carried out to corresponding hardware information according to the remainder algorithm found;According to default splicing rule, the remainder that the multiple hardware information is carried out after remainder processing is spliced to obtain described the One character string.
- 5. method as claimed in claim 1 or 2, it is characterised in that will be breathed out respectively to first cryptographic Hash and described second Uncommon value performs the result that bit arithmetic obtains and is combined, and is defined as the device-fingerprint of the electronic equipment, specifically includes:Bit arithmetic is performed to first cryptographic Hash and obtains the character string of the first presetting digit capacity;Bit arithmetic is performed to second cryptographic Hash and obtains the character string of the second presetting digit capacity;The character string of the character string of first presetting digit capacity and second presetting digit capacity head and the tail are spliced to form new character String, the device-fingerprint as the electronic equipment.
- A kind of 6. purview certification method based on device-fingerprint, it is characterised in that including:Receive the purview certification request for carrying account number;Generation first identifying code corresponding with the account number, and it is sent to purview certification device;The device-fingerprint and the first identifying code for carrying account number are received, carrying out first to the device-fingerprint verifies, and First verify successfully after to first identifying code carry out second verification;After being verified successfully second authority acknowledgement notification is returned to the purview certification device.
- 7. method as claimed in claim 6, it is characterised in that the first verification is carried out to the device-fingerprint, and in the first school Test and successfully carry out the second verification to first identifying code afterwards, specifically include:Lookup is stored in locally and the device-fingerprint of identical account number, the equipment according to finding with the device-fingerprint be present Fingerprint verifies to the device-fingerprint;Lookup is stored in local and the first identifying code of identical account number with first identifying code be present, and will find First identifying code is verified with first identifying code.
- 8. method as claimed in claim 6, it is characterised in that before the purview certification request is received, methods described is also Including:Receive the bind request for carrying account number;Generation second identifying code corresponding with the account number, and it is sent to purview certification device;Second identifying code and corresponding account number are received, and second identifying code is verified;Binding notice is sent after verifying successfully to the purview certification device;Receive the device-fingerprint that the purview certification device is sent.
- A kind of 9. purview certification device, it is characterised in that including:First transmitting element, the purview certification that account number is carried for sending are asked to certificate server;First receiving unit, the first identifying code returned for receiving the certificate server, first identifying code with it is described Account number is corresponding;Determining unit, for determining the first cryptographic Hash and the second cryptographic Hash respectively according to multiple hardware informations of electronic equipment; The result obtained respectively to first cryptographic Hash and second cryptographic Hash execution bit arithmetic is combined, is defined as described The device-fingerprint of electronic equipment;First transmitting element, it is additionally operable to the device-fingerprint and first identifying code being sent to the authentication service Device, to cause the certificate server to carry out the first verification to the device-fingerprint, and to receiving after being verified successfully first The first identifying code carry out second verification;First receiving unit, it is additionally operable to the authority acknowledgement notification returned after reception second verifies successfully.
- A kind of 10. purview certification server, it is characterised in that including:Second receiving unit, the purview certification request of account number is carried for receiving;Second transmitting element, for generating first identifying code corresponding with the account number, and it is sent to purview certification dress Put;Second receiving unit, it is additionally operable to receive the device-fingerprint and the first identifying code for carrying account number, is set to described Standby fingerprint carries out the first verification, and the second verification is carried out to first identifying code after being verified successfully first;Second transmitting element, it is additionally operable to after verifying successfully second confirm to lead to purview certification device return authority Know.
- A kind of 11. purview certification system, it is characterised in that including:Purview certification device and purview certification server;Wherein,The purview certification device, the purview certification that account number is carried for sending ask, to certificate server, to receive institute The first identifying code of certificate server return is stated, first identifying code is corresponding with the account number, according to electronic equipment Multiple hardware informations determine the first cryptographic Hash and the second cryptographic Hash respectively;By respectively to first cryptographic Hash and described Two cryptographic Hash perform the result that bit arithmetic obtains and are combined, and are defined as the device-fingerprint of the electronic equipment, by the equipment Fingerprint is sent to the certificate server with first identifying code, to cause the certificate server to enter the device-fingerprint Row first verifies, and carries out the second verification to the first identifying code received after being verified successfully first, receive the second verification into The authority acknowledgement notification returned after work(;The purview certification server, the purview certification request of account number, generation and the account mark are carried for receiving First identifying code corresponding to sensible, and purview certification device is sent to, receive the device-fingerprint and first for carrying account number Identifying code, the first verification is carried out to the device-fingerprint, and second is carried out to first identifying code after being verified successfully first Verification, authority acknowledgement notification is returned to the purview certification device after being verified successfully second.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710671447.5A CN107426235B (en) | 2017-08-08 | 2017-08-08 | Authority authentication method, device and system based on equipment fingerprint |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710671447.5A CN107426235B (en) | 2017-08-08 | 2017-08-08 | Authority authentication method, device and system based on equipment fingerprint |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107426235A true CN107426235A (en) | 2017-12-01 |
| CN107426235B CN107426235B (en) | 2020-01-24 |
Family
ID=60437505
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710671447.5A Active CN107426235B (en) | 2017-08-08 | 2017-08-08 | Authority authentication method, device and system based on equipment fingerprint |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107426235B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108632295A (en) * | 2018-05-09 | 2018-10-09 | 湖南东方华龙信息科技有限公司 | The method for preventing terminal attack server repeatedly |
| CN109120642A (en) * | 2018-09-28 | 2019-01-01 | 深圳市盈视讯电子科技有限公司 | A kind of detection of mountain vallage equipment, verification method, apparatus and system |
| CN109922049A (en) * | 2019-02-02 | 2019-06-21 | 立旃(上海)科技有限公司 | Verifying device and method based on block chain |
| CN110717170A (en) * | 2019-10-09 | 2020-01-21 | 重庆市筑智建信息技术有限公司 | BIM system fingerprint login system, method and device |
| CN110798307A (en) * | 2019-10-30 | 2020-02-14 | 武汉极意网络科技有限公司 | Method, device and equipment for marking distributed anti-crawler user equipment and storage medium |
| CN111143904A (en) * | 2018-11-02 | 2020-05-12 | 北京嘉楠捷思信息技术有限公司 | Data decryption method and device and computer readable storage medium |
| CN113779651A (en) * | 2021-09-23 | 2021-12-10 | 北京神州慧安科技有限公司 | Hard disk anti-theft method and device |
| CN114726550A (en) * | 2022-05-25 | 2022-07-08 | 北京奇虎科技有限公司 | Identification code generation method, device, equipment and storage medium |
| CN115470464A (en) * | 2022-06-10 | 2022-12-13 | 慧之安信息技术股份有限公司 | Authorization management system based on hardware fingerprint |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130167203A1 (en) * | 2011-12-08 | 2013-06-27 | Netauthority, Inc. | Method and system for authorizing remote access to customer account information |
| CN104243155A (en) * | 2013-06-18 | 2014-12-24 | 腾讯科技(深圳)有限公司 | Safety verification method and device |
| CN105450614A (en) * | 2014-09-01 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Server account login method, apparatus and system |
| CN105763521A (en) * | 2014-12-18 | 2016-07-13 | 阿里巴巴集团控股有限公司 | Equipment verification method and device |
| CN105975272A (en) * | 2016-05-05 | 2016-09-28 | 北京元心科技有限公司 | Method and system for generating unique device number of device |
| CN106507343A (en) * | 2016-09-07 | 2017-03-15 | 努比亚技术有限公司 | A kind of information processing method, mobile terminal and server |
-
2017
- 2017-08-08 CN CN201710671447.5A patent/CN107426235B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130167203A1 (en) * | 2011-12-08 | 2013-06-27 | Netauthority, Inc. | Method and system for authorizing remote access to customer account information |
| CN104243155A (en) * | 2013-06-18 | 2014-12-24 | 腾讯科技(深圳)有限公司 | Safety verification method and device |
| CN105450614A (en) * | 2014-09-01 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Server account login method, apparatus and system |
| CN105763521A (en) * | 2014-12-18 | 2016-07-13 | 阿里巴巴集团控股有限公司 | Equipment verification method and device |
| CN105975272A (en) * | 2016-05-05 | 2016-09-28 | 北京元心科技有限公司 | Method and system for generating unique device number of device |
| CN106507343A (en) * | 2016-09-07 | 2017-03-15 | 努比亚技术有限公司 | A kind of information processing method, mobile terminal and server |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108632295A (en) * | 2018-05-09 | 2018-10-09 | 湖南东方华龙信息科技有限公司 | The method for preventing terminal attack server repeatedly |
| CN108632295B (en) * | 2018-05-09 | 2020-11-24 | 湖南东方华龙信息科技有限公司 | Method for preventing terminal from repeatedly attacking server |
| CN109120642B (en) * | 2018-09-28 | 2022-04-15 | 深圳市盈视讯电子科技有限公司 | Detection and verification method, device and system for emulational equipment |
| CN109120642A (en) * | 2018-09-28 | 2019-01-01 | 深圳市盈视讯电子科技有限公司 | A kind of detection of mountain vallage equipment, verification method, apparatus and system |
| CN111143904B (en) * | 2018-11-02 | 2024-03-29 | 嘉楠明芯(北京)科技有限公司 | Data decryption method, device and computer readable storage medium |
| CN111143904A (en) * | 2018-11-02 | 2020-05-12 | 北京嘉楠捷思信息技术有限公司 | Data decryption method and device and computer readable storage medium |
| CN109922049A (en) * | 2019-02-02 | 2019-06-21 | 立旃(上海)科技有限公司 | Verifying device and method based on block chain |
| CN110717170A (en) * | 2019-10-09 | 2020-01-21 | 重庆市筑智建信息技术有限公司 | BIM system fingerprint login system, method and device |
| CN110717170B (en) * | 2019-10-09 | 2023-08-11 | 江苏重华数字科技有限公司 | Fingerprint login system, method and device of BIM system |
| CN110798307B (en) * | 2019-10-30 | 2023-08-22 | 武汉极意网络科技有限公司 | Decentralized anticreeper user equipment marking method, device, equipment and storage medium |
| CN110798307A (en) * | 2019-10-30 | 2020-02-14 | 武汉极意网络科技有限公司 | Method, device and equipment for marking distributed anti-crawler user equipment and storage medium |
| CN113779651A (en) * | 2021-09-23 | 2021-12-10 | 北京神州慧安科技有限公司 | Hard disk anti-theft method and device |
| CN113779651B (en) * | 2021-09-23 | 2022-06-24 | 北京神州慧安科技有限公司 | Hard disk anti-theft method and device |
| CN114726550A (en) * | 2022-05-25 | 2022-07-08 | 北京奇虎科技有限公司 | Identification code generation method, device, equipment and storage medium |
| CN115470464A (en) * | 2022-06-10 | 2022-12-13 | 慧之安信息技术股份有限公司 | Authorization management system based on hardware fingerprint |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107426235B (en) | 2020-01-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107426235A (en) | Purview certification method, apparatus and system based on device-fingerprint | |
| CN103929402B (en) | Sensitive operation verification method, terminal unit, server and checking system | |
| CN105188055B (en) | wireless network access method, wireless access point and server | |
| CN103825734B (en) | Sensitive operation verification method, terminal device, server and checking system | |
| CN110287682A (en) | A kind of login method, apparatus and system | |
| CN108009825A (en) | A kind of identity management system and method based on block chain technology | |
| CN105591744B (en) | A kind of genuine cyber identification authentication method and system | |
| CN106372940A (en) | Identity authentication method based on block chain network, server and terminal device | |
| CN107277017A (en) | Purview certification method, apparatus and system based on encryption key and device-fingerprint | |
| CN107204985A (en) | Purview certification method based on encryption key, apparatus and system | |
| CN105516195A (en) | Security authentication system and security authentication method based on application platform login | |
| CN104580112B (en) | A kind of service authentication method, system and server | |
| CN108462710A (en) | Authentication authority method, device, certificate server and machine readable storage medium | |
| CN206212040U (en) | A kind of real-name authentication system for express delivery industry | |
| KR20130107188A (en) | Server and method for authentication using sound code | |
| CN107169775A (en) | False proof marketing system and the method for tracing to the source based on wechat | |
| CN107086979A (en) | A kind of user terminal method for verifying login and device | |
| CN107317807A (en) | A kind of apparatus bound method, apparatus and system | |
| US20140095863A1 (en) | Internet based security information interaction apparatus and method | |
| CN107995200B (en) | Certificate issuing method, identity authentication method and system based on smart card | |
| CN105515781B (en) | A kind of application platform login system and its login method | |
| CN104426657B (en) | A kind of service authentication method, system and server | |
| CN107347049A (en) | A kind of account method for authenticating and server | |
| CN106411950A (en) | Block-chain transaction ID based authentication method, device and system | |
| CN104778579A (en) | Induction payment method and device based on electronic identity recognition carrier |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100083 Beijing, Haidian District Xueyuan Road 30 days building A 20 floor Applicant after: Beijing Bang Bang Safety Technology Co. Ltd. Address before: 100083 Beijing city Haidian District No. 30 Xueyuan Road Tiangong building A block 20 layer (bang bang safety) Applicant before: Yangpuweiye Technology Limited |
|
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |