CN107426251A - Terminal security detection method and device - Google Patents

Terminal security detection method and device Download PDF

Info

Publication number
CN107426251A
CN107426251A CN201710818144.1A CN201710818144A CN107426251A CN 107426251 A CN107426251 A CN 107426251A CN 201710818144 A CN201710818144 A CN 201710818144A CN 107426251 A CN107426251 A CN 107426251A
Authority
CN
China
Prior art keywords
preset
data
terminal
information
checked
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710818144.1A
Other languages
Chinese (zh)
Inventor
刘馨靖
周晓龙
侯玉华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201710818144.1A priority Critical patent/CN107426251A/en
Publication of CN107426251A publication Critical patent/CN107426251A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/26Testing cryptographic entity, e.g. testing integrity of encryption key or encryption algorithm

Abstract

The embodiment of the present invention provides a kind of Terminal security detection method and device.This method includes:Obtain the method for determining and calculating to be checked in the identification information of the target hardware in terminal to be detected, and the target hardware;The identification information of the identification information of the target hardware and the terminal to be detected is sent to server, so that the encryption hardware that the server prestores according to the identification information of the target hardware and the identification information-enquiry of the terminal to be detected identification information and ciphering terminal identification information corresponding relation, to determine whether the target hardware matches with the terminal to be detected;Preset input data is carried out using method of determining and calculating to be checked result data is calculated;By comparative result data and presetting results data, the validity of method of determining and calculating to be checked is detected.Whether the embodiment of the present invention realizes the legitimacy self-test for the encryption hardware for treating detection terminal, effective additionally by the algorithm in checking target hardware, realizes the validity self-test to encryption hardware.

Description

Terminal security detection method and device
Technical field
The present embodiments relate to communication technical field, more particularly to a kind of Terminal security detection method and device.
Background technology
With the popularization of intelligent terminal, intelligent terminal has become means of communication indispensable in people's daily life, Incident is the safety issue of intelligent terminal.
There is certain safety issue in the operating system of current intelligent terminal, cause individual subscriber privacy information, business Information etc. is by serious threat, and in order to solve the safety issue of intelligent terminal, prior art proposes ciphering terminal, and encryption is eventually Mainly short message service and the safety issue of talk business are solved at end.
But lack the self checking method of the security of ciphering terminal in the prior art.
The content of the invention
The embodiment of the present invention provides a kind of Terminal security detection method and device, to realize the security to ciphering terminal Self-test.
The one side of the embodiment of the present invention is to provide a kind of Terminal security detection method, including:
Obtain the measuring and calculating to be checked stored in the identification information of the target hardware in terminal to be detected, and the target hardware Method, preset input data, obtain after being calculated in advance using the method for determining and calculating to be checked the preset input data it is preset Result data;
The identification information of the identification information of the target hardware and the terminal to be detected is sent to server, so that institute Server is stated according to what the identification information of the target hardware and the identification information-enquiry of the terminal to be detected prestored to be added The corresponding relation of the identification information of close hardware and the identification information of ciphering terminal, with determine the target hardware with it is described to be detected Whether terminal matches;
The preset input data is carried out that result data is calculated using the method for determining and calculating to be checked;
Pass through the result data and the presetting results data, the validity of the detection method of determining and calculating to be checked.
The other side of the embodiment of the present invention is to provide a kind of Terminal security detection means, including:
Acquisition module, for obtaining in the identification information of the target hardware in terminal to be detected, and the target hardware The method of determining and calculating to be checked of storage, preset input data, the preset input data is counted using the method for determining and calculating to be checked in advance The presetting results data obtained after calculation;
Sending module, for the identification information of the identification information of the target hardware and the terminal to be detected to be sent to Server, so that the server is according to the identification information of the target hardware and the identification information-enquiry of the terminal to be detected The corresponding relation of the identification information of the encryption hardware prestored and the identification information of ciphering terminal, to determine the target hardware Whether matched with the terminal to be detected;
Computing module, for the preset input data carrying out that number of results is calculated using the method for determining and calculating to be checked According to;
Detection module, for by the result data and the presetting results data, detecting the measuring and calculating to be checked The validity of method.
Terminal security detection method and device provided in an embodiment of the present invention, by obtaining the target in terminal to be detected The identification information of hardware, the identification information of the identification information of target hardware and terminal to be detected is sent to server, so that clothes Business device detection target hardware whether matched with terminal to be detected, so that it is determined that the encryption hardware in terminal to be detected whether by for Change, realize the legitimacy self-test for the encryption hardware for treating detection terminal, additionally by checking target hardware in algorithm whether Effectively, the validity self-test to encryption hardware is realized.
Brief description of the drawings
Accompanying drawing herein is merged in specification and forms the part of this specification, shows the implementation for meeting the disclosure Example, and be used to together with specification to explain the principle of the disclosure.
Fig. 1 is the schematic diagram of communication system provided in an embodiment of the present invention;
Fig. 2 is the schematic diagram for the communication system that another embodiment of the present invention provides;
Fig. 3 is Terminal security detection method flow chart provided in an embodiment of the present invention;
Fig. 4 is the Terminal security detection method flow chart that another embodiment of the present invention provides;
Fig. 5 is the Terminal security detection method flow chart that another embodiment of the present invention provides;
Fig. 6 is the Terminal security detection method flow chart that another embodiment of the present invention provides;
Fig. 7 is the Terminal security detection method flow chart that another embodiment of the present invention provides;
Fig. 8 is the Terminal security detection method flow chart that another embodiment of the present invention provides;
Fig. 9 is the structure chart of Terminal security detection means provided in an embodiment of the present invention;
Figure 10 is the structure chart for the Terminal security detection means that another embodiment of the present invention provides;
Figure 11 is the structure chart for the Terminal security detection means that another embodiment of the present invention provides;
Figure 12 is the structure chart for the Terminal security detection means that another embodiment of the present invention provides.
Pass through above-mentioned accompanying drawing, it has been shown that the clear and definite embodiment of the disclosure, will hereinafter be described in more detail.These accompanying drawings It is not intended to limit the scope of disclosure design by any mode with word description, but is by reference to specific embodiment Those skilled in the art illustrate the concept of the disclosure.
Embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Following description is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the disclosure.On the contrary, they be only with it is such as appended The example of the consistent apparatus and method of some aspects be described in detail in claims, the disclosure.
Terminal security detection method provided by the invention, goes for the communication system shown in Fig. 1.As shown in figure 1, The communication system includes:Access network equipment 11 and terminal device 12.It should be noted that communication system shown in Fig. 1 can be with Suitable for different network formats, for example, going for global system for mobile telecommunications (Global System of Mobile Communication, abbreviation GSM), CDMA (Code Division Multiple Access, abbreviation CDMA), broadband CDMA (Wideband Code Division Multiple Access, abbreviation WCDMA), TD SDMA (Time Division-Synchronous Code Division Multiple Access, abbreviation TD-SCDMA), drill for a long time Enter the network formats such as (Long Term Evolution, abbreviation LTE) system and the 5G in future.Optionally, above-mentioned communication system can Think highly reliable low time delay communication (Ultra-Reliable and Low Latency in 5G communication systems Communications, abbreviation URLLC) transmission scene in system.
So optionally, above-mentioned access network equipment 11 can be base station (the Base Transceiver in GSM or CDMA Station, abbreviation BTS) and/or base station (NodeB, abbreviation NB) in base station controller or WCDMA and/or wireless Network controller (Radio Network Controller, abbreviation RNC), can also be the evolved base station in LTE (Evolutional Node B, abbreviation eNB or eNodeB), the either base in relay station or access point or following 5G networks Stand (gNB) etc., and the present invention does not limit herein.
Above-mentioned terminal device 12 can be that wireless terminal can also be catv terminal.Wireless terminal can be directed to user and carry For the connective equipment of voice and/or other business datums, there is the portable equipment of wireless connecting function or be connected to wireless Other processing equipments of modem.Wireless terminal can be through wireless access network (Radio Access Network, abbreviation RAN) communicated with one or more equipments of the core network, wireless terminal can be mobile terminal, as mobile phone (or is " honeycomb " phone) and with mobile terminal computer, for example, it may be portable, pocket, hand-held, built-in computer Or vehicle-mounted mobile device, they exchange language and/or data with wireless access network.For another example wireless terminal can be with It is PCS (Personal Communication Service, abbreviation PCS) phone, wireless phone, session setup Agreement (Session Initiation Protocol, abbreviation SIP) phone, WLL (Wireless Local Loop, abbreviation WLL) stand, the equipment such as personal digital assistant (Personal Digital Assistant, abbreviation PDA).It is wireless whole End is referred to as system, subscri er unit (Subscriber Unit), subscriber station (Subscriber Station), movement station (Mobile Station), mobile station (Mobile), distant station (Remote Station), remote terminal (Remote Terminal), access terminal (Access Terminal), user terminal (User Terminal), user agent (User Agent), user equipment (User Device or User Equipment), is not limited thereto.Optionally, above-mentioned terminal is set Standby 12 can also be the equipment such as intelligent watch, tablet personal computer.
Specific application scenarios of the invention communication system as shown in Figure 2, access network equipment 11 are specially eNB, and terminal is set Standby 12 are communicated by access network equipment 11 with long-range server 13, and server 13 can be specifically the safety to terminal device 12 Property the platform that is detected, the corresponding pass for the encryption hardware being stored with the platform in default ciphering terminal and the ciphering terminal System, specifically, the mark for the encryption hardware being stored with the platform in the identification information and the ciphering terminal of default ciphering terminal Know the corresponding relation of information.Optionally, the terminal device 12 in Fig. 1 or Fig. 2 can be a ciphering terminal, in the ciphering terminal Encryption hardware is provided with, the encryption hardware can ensure the security of user profile in the ciphering terminal.
Terminal security detection method provided by the invention, it is intended to solve the as above technical problem of prior art.
How to be solved to the technical scheme of technical scheme and the application with specifically embodiment below above-mentioned Technical problem is described in detail.These specific embodiments can be combined with each other below, for same or analogous concept Or process may repeat no more in certain embodiments.Below in conjunction with accompanying drawing, embodiments of the invention are described.
Fig. 3 is Terminal security detection method flow chart provided in an embodiment of the present invention.The embodiment of the present invention is for existing The as above technical problem of technology, there is provided Terminal security detection method, this method comprise the following steps that:
Step 301, the identification information for obtaining target hardware in terminal to be detected, and stored in the target hardware Method of determining and calculating to be checked, preset input data, the preset input data is calculated using the method for determining and calculating to be checked in advance after The presetting results data arrived.
Specifically, when establishing machine by cable in the terminal to be detected, the mark letter of the target hardware in terminal to be detected is obtained Breath, and stored in the target hardware method of determining and calculating to be checked, preset input data, in advance using the method for determining and calculating to be checked to institute State the presetting results data obtained after preset input data is calculated.Terminal to be detected in the present embodiment can be specifically figure Terminal device 12 in terminal device 12 in 1 or Fig. 2, Fig. 1 or Fig. 2 can be a ciphering terminal, be set in the ciphering terminal Encryption hardware is equipped with, the encryption hardware can ensure the security of user profile in the ciphering terminal.But in the ciphering terminal The encryption hardware be also possible to be replaced, so as to cause the security of user profile in the ciphering terminal reduction, therefore, in order to Realize the safety detection to terminal device 12, when establishing machine by cable on terminal device 12, one or more of terminal device 12 Processor obtains the identification information of encryption hardware in terminal device 12, and the processor can be universal or special processor, at this Managing device can be with the encryption hardware electrical connection in terminal device 12, and the identification information of the encryption hardware can be specifically that the encryption is hard One sequence number of part.
In addition, the encryption hardware in terminal device 12 is also including described in method of determining and calculating to be checked, preset input data, advance use The presetting results data that method of determining and calculating to be checked obtains after calculating the preset input data, wherein, method of determining and calculating to be checked is specific Such as AES, decipherment algorithm, signature algorithm, digest algorithm etc., when establishing machine by cable on terminal device 12, in terminal device 12 One or more processors can also obtain out method of determining and calculating to be checked, preset input data, presetting results number in encryption hardware According to.
Step 302, the identification information of the identification information of the target hardware and the terminal to be detected is sent to service Device, so that the server is advance according to the identification information of the target hardware and the identification information-enquiry of the terminal to be detected The corresponding relation of the identification information of the encryption hardware of storage and the identification information of ciphering terminal, to determine the target hardware and institute State whether terminal to be detected matches.
Optionally, terminal device 12 itself is corresponding with an identification information, and the identification information of terminal device 12 specifically can be with It is the device identification of terminal device 12, the communication module such as radio receiving transmitting module of terminal device 12 will be encrypted in terminal device 12 The identification information of hardware and the identification information of terminal device 12 are sent to long-range server 13 by access network equipment 11.
The corresponding pass for the encryption hardware being stored with long-range server 13 in default ciphering terminal and the ciphering terminal System, specifically, being stored with the encryption in the identification information and the ciphering terminal of default ciphering terminal in long-range server 13 The corresponding relation of the identification information of hardware.When long-range server 13 receive terminal device 12 transmission terminal device 12 in plus During the identification information of the identification information of close hardware and terminal device 12, by inquiring about its stored default ciphering terminal The corresponding relation of the identification information of encryption hardware in identification information and the ciphering terminal, determines encryption hardware in terminal device 12 Identification information and the corresponding relation of identification information of terminal device 12 whether be stored in long-range server 13.
If the corresponding relation of the identification information of the identification information of encryption hardware and terminal device 12 is deposited in terminal device 12 Storage represents that encryption hardware and terminal device 12 are matchings in terminal device 12, that is to say, that eventually in long-range server 13 Encryption hardware in end equipment 12 is not replaced.
If being stored with the identification information of terminal device 12 in long-range server 13, but deposited in long-range server 13 The identification information of encryption hardware corresponding to the terminal device 12 of storage is not in the terminal device 12 that long-range server 13 receives The identification information of encryption hardware, then it represents that encryption hardware and terminal device 12 in terminal device 12 mismatch, that is to say, that eventually Encryption hardware in end equipment 12 may be replaced.
If being stored with the identification information of the encryption hardware of the transmission of terminal device 12 in long-range server 13, but remotely Server 13 in the identification information of terminal device corresponding to the identification information of the encryption hardware that stores be not terminal device 12 Identification information, then it represents that encryption hardware and terminal device 12 in terminal device 12 mismatch, that is to say, that terminal device 12 In encryption hardware may be replaced.
Step 303, using the method for determining and calculating to be checked the preset input data is carried out that result data is calculated.
Step 304, by the result data and the presetting results data, detect having for the method for determining and calculating to be checked Effect property.
Further, one or more of terminal device 12 processor can also use the encryption hardware of terminal device 12 In method of determining and calculating to be checked preset input data is carried out result data is calculated, and the result data more currently calculated and Whether the presetting results data stored in encryption hardware are consistent, if stored in the result data and encryption hardware that currently calculate Presetting results data it is consistent, then to the validation checking of the method for determining and calculating to be checked in encryption hardware by otherwise to encryption hardware In method of determining and calculating to be checked validation checking failure.The embodiment of the present invention is by obtaining the mark of the target hardware in terminal to be detected Know information, the identification information of the identification information of target hardware and terminal to be detected is sent to server, so that server detects Whether target hardware matches with terminal to be detected, so that it is determined that whether the encryption hardware in terminal to be detected is replaced, realizes The legitimacy self-test of the encryption hardware of detection terminal is treated, it is whether effective additionally by the algorithm in checking target hardware, realize Validity self-test to encryption hardware.
Fig. 4 is the Terminal security detection method flow chart that another embodiment of the present invention provides.Fig. 5 is another reality of the present invention The Terminal security detection method flow chart of example offer is provided.On the basis of above-described embodiment, it is stored with the target hardware Preset cipher-text information, AES and/or decipherment algorithm corresponding to preset cleartext information, the preset cleartext information;The side Method also includes step as shown in Figure 4, and/or step as shown in Figure 5.
As shown in figure 4, the preset input data is calculated using the method for determining and calculating to be checked for above-mentioned steps 303 Result data specifically includes step 401:
Step 401, using the AES the preset cleartext information is encrypted, obtains encryption information.
For example, the encryption hardware in terminal device 12 is also stored with preset cleartext information, the preset cleartext information corresponds to Preset cipher-text information, AES and/or decipherment algorithm, terminal device 12 it is upper establish machine by cable when, the place in terminal device 12 Reason device uses the AES in encryption hardware that the preset cleartext information in encryption hardware is encrypted, and obtains encryption information.
Above-mentioned steps 304 detect the method for determining and calculating to be checked by the result data and the presetting results data Validity specifically include step 402:
Step 402, the encryption information and the preset cipher-text information, if the encryption information and described preset close Literary information is consistent, then the validation checking of the AES passes through the otherwise validation checking failure of the AES.
Further, the processor comparison step 401 in terminal device 12 obtains encryption information and terminal device 12 The preset cipher-text information stored in encryption hardware, if both are consistent, then it represents that the AES in encryption hardware be it is effective, AES self-test in encryption hardware is passed through;Otherwise the AES in encryption hardware is invalid, in encryption hardware AES fail self-test.
As shown in figure 5, the preset input data is calculated using the method for determining and calculating to be checked for above-mentioned steps 303 Result data specifically includes step 501:
Step 501, using the decipherment algorithm the preset cipher-text information is decrypted, obtains solving confidential information.
Terminal device 12 it is upper establish machine by cable when, the processor in terminal device 12 uses the decipherment algorithm pair in encryption hardware Preset cipher-text information in encryption hardware is decrypted, and obtains solving confidential information.
Above-mentioned steps 304 detect the method for determining and calculating to be checked by the result data and the presetting results data Validity specifically include step 502:
Step 502, the solution confidential information and preset cleartext information, if the solution confidential information and described preset bright Literary information is consistent, then the validation checking of the decipherment algorithm passes through the otherwise validation checking failure of the decipherment algorithm.
Further, the solution confidential information and terminal device 12 that processor comparison step 501 in terminal device 12 obtains The preset cleartext information stored in encryption hardware, if both are consistent, then it represents that the decipherment algorithm in encryption hardware be it is effective, Decipherment algorithm self-test in encryption hardware is passed through;Otherwise the decipherment algorithm in encryption hardware is invalid, in encryption hardware Decipherment algorithm fail self-test.
Preset cleartext information is encrypted using AES for the present embodiment, obtains encryption information, by comparing encryption Information and preset cipher-text information, determine whether AES is effective, realize and the AES in encryption hardware is verified, Realize to the AES self-test in encryption hardware.In addition, preset cipher-text information is decrypted using decipherment algorithm, obtain To solution confidential information, by comparing solution confidential information and preset cleartext information, determine whether decipherment algorithm is effective, realize hard to encrypting Decipherment algorithm in part is verified, that is, is realized to the decipherment algorithm self-test in encryption hardware.
Fig. 6 is the Terminal security detection method flow chart that another embodiment of the present invention provides.Fig. 7 is another reality of the present invention The Terminal security detection method flow chart of example offer is provided.On the basis of above-described embodiment, it is stored with the target hardware Preset signature value, signature algorithm and/or sign test algorithm corresponding to preset signed data, the preset signed data;Methods described Also include step as shown in Figure 6, and/or step as shown in Figure 7.
As shown in fig. 6, the preset input data is calculated using the method for determining and calculating to be checked for above-mentioned steps 303 Result data specifically includes step 601:
Step 601, using the signature algorithm the preset signed data is signed, obtain signature value.
In the present embodiment, the encryption hardware in terminal device 12 is also stored with preset signed data, the preset signature Preset signature value, signature algorithm and/or sign test algorithm corresponding to data.Terminal device 12 it is upper establish machine by cable when, terminal device 12 In processor use encryption hardware in signature algorithm the preset signed data in encryption hardware is signed, signed Value.
Above-mentioned steps 304 detect the method for determining and calculating to be checked by the result data and the presetting results data Validity specifically include step 602:
Step 602, the signature value and the preset signature value, if the signature value and the preset signature value Unanimously, then the validation checking of the signature algorithm passes through the otherwise validation checking failure of the signature algorithm.
Further, the processor comparison step 601 in terminal device 12 obtains signature value and terminal device 12 plus The preset signature value stored in close hardware, if both are consistent, then it represents that the signature algorithm in encryption hardware be it is effective, pair plus Signature algorithm self-test in close hardware passes through;Otherwise the signature algorithm in encryption hardware is invalid, to the label in encryption hardware Name algorithm fail self-test.
As shown in fig. 7, the preset input data is calculated using the method for determining and calculating to be checked for above-mentioned steps 303 Result data specifically includes step 701:
Step 701, sign test carried out to the preset signature value using the sign test algorithm, obtain signed data.
Terminal device 12 it is upper establish machine by cable when, the processor in terminal device 12 uses the sign test algorithm pair in encryption hardware Preset signature value in encryption hardware carries out sign test, obtains signed data.
Above-mentioned steps 304 detect the method for determining and calculating to be checked by the result data and the presetting results data Validity specifically include step 702:
Step 702, the signed data and the preset signed data, if the signed data and described preset Signed data is consistent, then the validation checking of the sign test algorithm passes through the otherwise validation checking failure of the sign test algorithm.
Further, the processor comparison step 701 in terminal device 12 obtains signed data and terminal device 12 The preset signed data stored in encryption hardware, if both are consistent, then it represents that the sign test algorithm in encryption hardware be it is effective, Sign test algorithm self-test in encryption hardware is passed through;Otherwise the sign test algorithm in encryption hardware is invalid, in encryption hardware Sign test algorithm fail self-test.
The present embodiment is signed using signature algorithm to preset signed data, obtains signature value, by comparing signature value With preset signature value, determine whether signature algorithm is effective, realize and the signature algorithm in encryption hardware is verified, that is, realize To the signature algorithm self-test in encryption hardware.In addition, carrying out sign test to preset signature value using sign test algorithm, number of signature is obtained According to by comparing signed data and preset signed data, determining whether sign test algorithm is effective, realize to testing in encryption hardware Label algorithm is verified, that is, is realized to the sign test algorithm self-test in encryption hardware.
Fig. 8 is the Terminal security detection method flow chart that another embodiment of the present invention provides.In the base of above-described embodiment On plinth, preset knowledge data are stored with the target hardware, preset summary data, summary corresponding to the preset knowledge data Algorithm.Methods described also includes step as shown in Figure 8.
As shown in figure 8, the preset input data is calculated using the method for determining and calculating to be checked for above-mentioned steps 303 Result data specifically includes step 801:
Step 801, using the digest algorithm preset knowledge data are made a summary, obtain summary data.
In the present embodiment, the encryption hardware in terminal device 12 is also stored with preset knowledge data, the preset knowledge Preset summary data, digest algorithm corresponding to data.Terminal device 12 it is upper establish machine by cable when, the processor in terminal device 12 is adopted The preset knowledge data in encryption hardware are made a summary with the digest algorithm in encryption hardware, obtain summary data.
Above-mentioned steps 304 detect the method for determining and calculating to be checked by the result data and the presetting results data Validity specifically include step 802:
Step 802, the summary data and the preset summary data, if the summary data and described preset Summary data is consistent, then the validation checking of the digest algorithm passes through the otherwise validation checking failure of the digest algorithm.
Further, the processor comparison step 801 in terminal device 12 obtains summary data and terminal device 12 The preset summary data stored in encryption hardware, if both are consistent, then it represents that the digest algorithm in encryption hardware be it is effective, Digest algorithm self-test in encryption hardware is passed through;Otherwise the digest algorithm in encryption hardware is invalid, in encryption hardware Digest algorithm fail self-test.
The present embodiment is made a summary using digest algorithm to preset knowledge data, obtains summary data, by comparing summary Data and preset summary data, determine whether digest algorithm is effective, realize and the digest algorithm in encryption hardware is verified, Realize to the digest algorithm self-test in encryption hardware.
Fig. 9 is the structure chart of Terminal security detection means provided in an embodiment of the present invention.It is provided in an embodiment of the present invention Terminal security detection means can perform the handling process of Terminal security detection method embodiment offer, as shown in figure 9, eventually End safety detection device 90 includes:Acquisition module 91, sending module 92, computing module 93, detection module 94;Wherein, obtain Module 91 is used for the identification information for obtaining the target hardware in terminal to be detected, and is stored in the target hardware to be detected Algorithm, preset input data, obtain after being calculated in advance using the method for determining and calculating to be checked the preset input data it is pre- Put result data;Sending module 92 is used to send out the identification information of the target hardware and the identification information of the terminal to be detected Server is given, so that the server is according to the identification information of the target hardware and the identification information of the terminal to be detected The corresponding relation of the identification information of the encryption hardware prestored and the identification information of ciphering terminal is inquired about, to determine the target Whether hardware matches with the terminal to be detected;Computing module 93 is used for using the method for determining and calculating to be checked to the preset input number According to carrying out that result data is calculated;Detection module 94 is used to pass through the result data and the presetting results data, Detect the validity of the method for determining and calculating to be checked.
Acquisition module 91 is specifically used for:When establishing machine by cable in the terminal to be detected, the target in terminal to be detected is obtained The method of determining and calculating to be checked that is stored in the identification information of hardware, and the target hardware, preset input data, treat described in advance use The presetting results data that detection algorithm obtains after calculating the preset input data.
Terminal security detection means provided in an embodiment of the present invention can be specifically used for performing the side that above-mentioned Fig. 3 is provided Method embodiment, here is omitted for concrete function.
The embodiment of the present invention is by obtaining the identification information of the target hardware in terminal to be detected, by the mark of target hardware The identification information of information and terminal to be detected is sent to server so that server detection target hardware and terminal to be detected whether Matching, so that it is determined that whether the encryption hardware in terminal to be detected is replaced, realize the encryption hardware for the treatment of detection terminal Legitimacy self-test, it is whether effective additionally by the algorithm in checking target hardware, realize the validity self-test to encryption hardware.
Figure 10 is the structure chart for the Terminal security detection means that another embodiment of the present invention provides.In above-described embodiment On the basis of, preset cleartext information is stored with the target hardware, preset cipher-text information corresponding to the preset cleartext information plus Close algorithm and/or decipherment algorithm;Computing module 93 includes:Ciphering unit 931, ciphering unit 931 are used to calculate using the encryption The preset cleartext information is encrypted method, obtains encryption information;Detection module 94 includes:Comparing unit 941, comparing unit 941 are used for the encryption information and the preset cipher-text information, if the encryption information and the preset cipher-text information one Cause, then the validation checking of the AES passes through the otherwise validation checking failure of the AES.And/or calculate Module 93 includes:Decryption unit 932, decryption unit 932 are used to carry out the preset cipher-text information using the decipherment algorithm Decryption, obtain solving confidential information;Detection module 94 includes:Comparing unit 941, comparing unit 941 are used for the solution confidential information With the preset cleartext information, if it is described solution confidential information it is consistent with the preset cleartext information, the decipherment algorithm it is effective Property detection pass through, otherwise the decipherment algorithm validation checking failure.
The equipment provided in an embodiment of the present invention that sends can be specifically used for performing the method reality that above-mentioned Fig. 4 or Fig. 5 is provided Example is applied, here is omitted for concrete function.
Preset cleartext information is encrypted using AES for the embodiment of the present invention, is obtained encryption information, is passed through and compare Encryption information and preset cipher-text information, determine whether AES is effective, realize and the AES in encryption hardware is carried out Checking, that is, realize to the AES self-test in encryption hardware.In addition, preset cipher-text information is solved using decipherment algorithm It is close, obtain solving confidential information, by comparing solution confidential information and preset cleartext information, determine whether decipherment algorithm is effective, realize pair Decipherment algorithm in encryption hardware is verified, that is, is realized to the decipherment algorithm self-test in encryption hardware.
Figure 11 is the structure chart for the Terminal security detection means that another embodiment of the present invention provides.In above-described embodiment On the basis of, preset signed data, preset signature value, signature corresponding to the preset signed data are stored with the target hardware Algorithm;Computing module 93 also includes:Signature unit 933;Signature unit 933 is used for using the signature algorithm to the preset label Name data are signed, and obtain signature value;Detection module 94 includes:Comparing unit 941, comparing unit 941 are used for described in comparison Signature value and the preset signature value, if the signature value is consistent with the preset signature value, the signature algorithm has The detection of effect property passes through, otherwise the validation checking failure of the signature algorithm.
The equipment provided in an embodiment of the present invention that sends can be specifically used for performing the embodiment of the method that above-mentioned Fig. 6 is provided, Here is omitted for concrete function.
The embodiment of the present invention is signed using signature algorithm to preset signed data, obtains signature value, by comparing label Name value and preset signature value, determine whether signature algorithm is effective, realize and the signature algorithm in encryption hardware is verified, i.e., Realize to the signature algorithm self-test in encryption hardware.
Figure 12 is the structure chart for the Terminal security detection means that another embodiment of the present invention provides.In above-described embodiment On the basis of, preset knowledge data, preset summary data corresponding to the preset knowledge data are stored with the target hardware, is plucked Want algorithm;Computing module 93 also includes:Summary unit 934;Unit 934 of making a summary is used for using the digest algorithm to described preset Message data is made a summary, and obtains summary data;Detection module 94 includes:Comparing unit 941, comparing unit 941 are used to compare The summary data and the preset summary data, it is described if the summary data is consistent with the preset summary data The validation checking of digest algorithm passes through the otherwise validation checking failure of the digest algorithm.
The equipment provided in an embodiment of the present invention that sends can be specifically used for performing the embodiment of the method that above-mentioned Fig. 8 is provided, Here is omitted for concrete function.
The embodiment of the present invention is made a summary using digest algorithm to preset knowledge data, is obtained summary data, is passed through and compare Summary data and preset summary data, determine whether digest algorithm is legal, realize and the digest algorithm in encryption hardware is carried out Checking, that is, realize to the digest algorithm self-test in encryption hardware.
In summary, the embodiment of the present invention is by obtaining the identification information of the target hardware in terminal to be detected, by target The identification information of hardware and the identification information of terminal to be detected are sent to server so that server detect target hardware with it is to be checked Survey whether terminal matches, so that it is determined that whether the encryption hardware in terminal to be detected is replaced, realizes and treat detection terminal The legitimacy self-test of encryption hardware, it is whether effective additionally by the algorithm in checking target hardware, realize to encryption hardware Validity self-test;Preset cleartext information is encrypted using AES, obtains encryption information, by compare encryption information and Preset cipher-text information, determine whether AES is effective, realize and the AES in encryption hardware is verified, that is, realize To the AES self-test in encryption hardware.In addition, preset cipher-text information is decrypted using decipherment algorithm, decrypted Information, by comparing solution confidential information and preset cleartext information, determine whether decipherment algorithm is effective, realizes in encryption hardware Decipherment algorithm is verified, that is, is realized to the decipherment algorithm self-test in encryption hardware;Using signature algorithm to preset number of signature According to being signed, signature value is obtained, by comparing signature value and preset signature value, determines whether signature algorithm is effective, realizes Signature algorithm in encryption hardware is verified, that is, realized to the signature algorithm self-test in encryption hardware;Calculated using summary Method is made a summary to preset knowledge data, obtains summary data, by comparing summary data and preset summary data, it is determined that summary Whether algorithm is effective, realizes and the digest algorithm in encryption hardware is verified, that is, realizes to the summary in encryption hardware Algorithm self-test.
In several embodiments provided by the present invention, it should be understood that disclosed apparatus and method, it can be passed through Its mode is realized.For example, device embodiment described above is only schematical, for example, the division of the unit, only Only a kind of division of logic function, there can be other dividing mode when actually realizing, such as multiple units or component can be tied Another system is closed or is desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or discussed Mutual coupling or direct-coupling or communication connection can be the INDIRECT COUPLINGs or logical by some interfaces, device or unit Letter connection, can be electrical, mechanical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, can also be realized in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit realized in the form of SFU software functional unit, can be stored in one and computer-readable deposit In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are causing a computer It is each that equipment (can be personal computer, server, or network equipment etc.) or processor (processor) perform the present invention The part steps of embodiment methods described.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (Read- Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disc or CD etc. it is various Can be with the medium of store program codes.
Those skilled in the art can be understood that, for convenience and simplicity of description, only with above-mentioned each functional module Division progress for example, in practical application, can be complete by different functional modules by above-mentioned function distribution as needed Into the internal structure of device being divided into different functional modules, to complete all or part of function described above.On The specific work process of the device of description is stated, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
Finally it should be noted that:Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations;To the greatest extent The present invention is described in detail with reference to foregoing embodiments for pipe, it will be understood by those within the art that:Its according to The technical scheme described in foregoing embodiments can so be modified, either which part or all technical characteristic are entered Row equivalent substitution;And these modifications or replacement, the essence of appropriate technical solution is departed from various embodiments of the present invention technology The scope of scheme.

Claims (10)

  1. A kind of 1. Terminal security detection method, it is characterised in that including:
    Obtain stored in the identification information of the target hardware in terminal to be detected, and the target hardware method of determining and calculating to be checked, Preset input data, the presetting results obtained after being calculated in advance using the method for determining and calculating to be checked the preset input data Data;
    The identification information of the identification information of the target hardware and the terminal to be detected is sent to server, so that the clothes The encryption that business device prestores according to the identification information of the target hardware and the identification information-enquiry of the terminal to be detected is hard The corresponding relation of the identification information of part and the identification information of ciphering terminal, to determine the target hardware and the terminal to be detected Whether match;
    The preset input data is carried out that result data is calculated using the method for determining and calculating to be checked;
    Pass through the result data and the presetting results data, the validity of the detection method of determining and calculating to be checked.
  2. 2. according to the method for claim 1, it is characterised in that the mark for obtaining the target hardware in terminal to be detected Information, including:
    When establishing machine by cable in the terminal to be detected, the identification information of the target hardware in terminal to be detected is obtained, and it is described The method of determining and calculating to be checked that is stored in target hardware, preset input data, in advance using the method for determining and calculating to be checked to the preset input The presetting results data that data obtain after being calculated.
  3. 3. method according to claim 1 or 2, it is characterised in that be stored with the target hardware preset cleartext information, Preset cipher-text information, AES and/or decipherment algorithm corresponding to the preset cleartext information;
    It is described that the preset input data is carried out that result data is calculated using the method for determining and calculating to be checked, including:
    The preset cleartext information is encrypted using the AES, obtains encryption information;
    It is described to pass through the result data and the presetting results data, the validity of the detection method of determining and calculating to be checked, bag Include:
    Compare the encryption information and the preset cipher-text information, if the encryption information is consistent with the preset cipher-text information, Then the validation checking of the AES passes through the otherwise validation checking failure of the AES;
    And/or
    It is described that the preset input data is carried out that result data is calculated using the method for determining and calculating to be checked, including:
    The preset cipher-text information is decrypted using the decipherment algorithm, obtains solving confidential information;
    It is described to pass through the result data and the presetting results data, the validity of the detection method of determining and calculating to be checked, bag Include:
    Compare the solution confidential information and the preset cleartext information, if the solution confidential information is consistent with the preset cleartext information, Then the validation checking of the decipherment algorithm passes through the otherwise validation checking failure of the decipherment algorithm.
  4. 4. method according to claim 1 or 2, it is characterised in that be stored with the target hardware preset signed data, Preset signature value, signature algorithm corresponding to the preset signed data;
    It is described that the preset input data is carried out that result data is calculated using the method for determining and calculating to be checked, including:
    The preset signed data is signed using the signature algorithm, obtains signature value;
    It is described to pass through the result data and the presetting results data, the validity of the detection method of determining and calculating to be checked, bag Include:
    Compare the signature value and the preset signature value, it is described if the signature value is consistent with the preset signature value The validation checking of signature algorithm passes through the otherwise validation checking failure of the signature algorithm.
  5. 5. method according to claim 1 or 2, it is characterised in that be stored with the target hardware preset knowledge data, Preset summary data, digest algorithm corresponding to the preset knowledge data;
    It is described that the preset input data is carried out that result data is calculated using the method for determining and calculating to be checked, including:
    The preset knowledge data are made a summary using the digest algorithm, obtain summary data;
    It is described to pass through the result data and the presetting results data, the validity of the detection method of determining and calculating to be checked, bag Include:
    Compare the summary data and the preset summary data, if the summary data and the preset summary data one Cause, then the validation checking of the digest algorithm passes through the otherwise validation checking failure of the digest algorithm.
  6. A kind of 6. Terminal security detection means, it is characterised in that including:
    Acquisition module, stored for obtaining in the identification information of the target hardware in terminal to be detected, and the target hardware Method of determining and calculating to be checked, preset input data, the preset input data is calculated using the method for determining and calculating to be checked in advance after Obtained presetting results data;
    Sending module, for the identification information of the identification information of the target hardware and the terminal to be detected to be sent into service Device, so that the server is advance according to the identification information of the target hardware and the identification information-enquiry of the terminal to be detected The corresponding relation of the identification information of the encryption hardware of storage and the identification information of ciphering terminal, to determine the target hardware and institute State whether terminal to be detected matches;
    Computing module, for the preset input data carrying out that result data is calculated using the method for determining and calculating to be checked;
    Detection module, for by the result data and the presetting results data, detecting the method for determining and calculating to be checked Validity.
  7. 7. Terminal security detection means according to claim 6, it is characterised in that the acquisition module is specifically used for:
    When establishing machine by cable in the terminal to be detected, the identification information of the target hardware in terminal to be detected is obtained, and it is described The method of determining and calculating to be checked that is stored in target hardware, preset input data, in advance using the method for determining and calculating to be checked to the preset input The presetting results data that data obtain after being calculated.
  8. 8. the Terminal security detection means according to claim 6 or 7, it is characterised in that stored in the target hardware There is preset cleartext information, preset cipher-text information, AES and/or decipherment algorithm corresponding to the preset cleartext information;
    The computing module includes:
    Ciphering unit, for the preset cleartext information to be encrypted using the AES, obtain encryption information;
    The detection module includes:
    Comparing unit, for the encryption information and the preset cipher-text information, if the encryption information and described preset Cipher-text information is consistent, then the validation checking of the AES passes through the otherwise validation checking failure of the AES; And/or
    The computing module includes:
    Decryption unit, for the preset cipher-text information to be decrypted using the decipherment algorithm, obtain solving confidential information;
    The detection module includes:
    Comparing unit, for the solution confidential information and preset cleartext information, if the solution confidential information and described preset Cleartext information is consistent, then the validation checking of the decipherment algorithm passes through the otherwise validation checking failure of the decipherment algorithm.
  9. 9. the Terminal security detection means according to claim 6 or 7, it is characterised in that stored in the target hardware There is preset signed data, preset signature value, signature algorithm corresponding to the preset signed data;
    The computing module includes:
    Signature unit, for being signed using the signature algorithm to the preset signed data, obtain signature value;
    The detection module includes:
    Comparing unit, for the signature value and the preset signature value, if the signature value and the preset signature Value is consistent, then the validation checking of the signature algorithm passes through the otherwise validation checking failure of the signature algorithm.
  10. 10. the Terminal security detection means according to claim 6 or 7, it is characterised in that stored in the target hardware There are preset knowledge data, preset summary data, digest algorithm corresponding to the preset knowledge data;
    The computing module includes:
    Summary unit, for being made a summary using the digest algorithm to the preset knowledge data, obtain summary data;
    The detection module includes:
    Comparing unit, for the summary data and the preset summary data, if the summary data and described pre- Put that summary data is consistent, then the validation checking of the digest algorithm passes through, and otherwise the validation checking of the digest algorithm loses Lose.
CN201710818144.1A 2017-09-12 2017-09-12 Terminal security detection method and device Pending CN107426251A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710818144.1A CN107426251A (en) 2017-09-12 2017-09-12 Terminal security detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710818144.1A CN107426251A (en) 2017-09-12 2017-09-12 Terminal security detection method and device

Publications (1)

Publication Number Publication Date
CN107426251A true CN107426251A (en) 2017-12-01

Family

ID=60432841

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710818144.1A Pending CN107426251A (en) 2017-09-12 2017-09-12 Terminal security detection method and device

Country Status (1)

Country Link
CN (1) CN107426251A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108763917A (en) * 2018-06-05 2018-11-06 北京华大智宝电子系统有限公司 A kind of data encryption/decryption method and device
CN110505048A (en) * 2019-08-16 2019-11-26 兆讯恒达微电子技术(北京)有限公司 A kind of method of data encryption standards coprocessor self-test
CN111818025A (en) * 2020-06-23 2020-10-23 五八有限公司 User terminal detection method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098162A (en) * 2011-03-26 2011-06-15 成都勤智数码科技有限公司 Method for performing safety management of operation and maintenance based on security token
CN103500405A (en) * 2013-09-26 2014-01-08 北京奇虎科技有限公司 Method and device for identifying nominal model of target terminal
CN105263141A (en) * 2015-10-30 2016-01-20 广东美的制冷设备有限公司 Household electrical appliance and control method thereof
CN106708555A (en) * 2016-06-29 2017-05-24 腾讯科技(深圳)有限公司 Method and device for loading plug-ins

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098162A (en) * 2011-03-26 2011-06-15 成都勤智数码科技有限公司 Method for performing safety management of operation and maintenance based on security token
CN103500405A (en) * 2013-09-26 2014-01-08 北京奇虎科技有限公司 Method and device for identifying nominal model of target terminal
CN105263141A (en) * 2015-10-30 2016-01-20 广东美的制冷设备有限公司 Household electrical appliance and control method thereof
CN106708555A (en) * 2016-06-29 2017-05-24 腾讯科技(深圳)有限公司 Method and device for loading plug-ins

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108763917A (en) * 2018-06-05 2018-11-06 北京华大智宝电子系统有限公司 A kind of data encryption/decryption method and device
CN108763917B (en) * 2018-06-05 2021-03-30 北京华大智宝电子系统有限公司 Data encryption and decryption method and device
CN110505048A (en) * 2019-08-16 2019-11-26 兆讯恒达微电子技术(北京)有限公司 A kind of method of data encryption standards coprocessor self-test
CN110505048B (en) * 2019-08-16 2022-04-15 兆讯恒达科技股份有限公司 Self-checking method for data encryption standard coprocessor
CN111818025A (en) * 2020-06-23 2020-10-23 五八有限公司 User terminal detection method and device

Similar Documents

Publication Publication Date Title
CN107770182A (en) The date storage method and home gateway of home gateway
CN105847247A (en) Authentication system and working method thereof
CN108322902A (en) A kind of data transmission method and data transmission system
CN105227537A (en) Method for authenticating user identity, terminal and service end
CN103812651B (en) Method of password authentication, apparatus and system
CN102150446A (en) Authentication in a communication network
CN104303583B (en) System and method for establishing secure connection in a communications system
CN105323754B (en) A kind of distributed method for authenticating based on wildcard
CN110381075B (en) Block chain-based equipment identity authentication method and device
CN110475249A (en) A kind of authentication method, relevant device and system
CN102143492B (en) Method for establishing virtual private network (VPN) connection, mobile terminal and server
US20140068780A1 (en) Apparatus and method for remotely deleting critical information
CN102984335B (en) Dial the identity identifying method of landline telephone, equipment and system
CN103974248A (en) Terminal security protection method, device and system in ability open system
CN101841814B (en) Terminal authentication method and system
CN107454558A (en) A kind of method that master-slave equipment reaches bluetooth and connected automatically by sharing information
CN106102062A (en) A kind of public wireless network cut-in method and device
CN108183798A (en) Real name identification method, server, mobile terminal and the readable storage medium storing program for executing of application
CN106789024A (en) A kind of remote de-locking method, device and system
CN107426251A (en) Terminal security detection method and device
CN105898743A (en) Network connection method, device and system
CN108964895B (en) User-to-User identity authentication system and method based on group key pool and improved Kerberos
CN104796262B (en) Data ciphering method and terminal system
CN103684759A (en) Terminal data encrypting method and device
CN103441989B (en) A kind of authentication, information processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171201