CN108738011A - The Activiation method and system of equipment - Google Patents

The Activiation method and system of equipment Download PDF

Info

Publication number
CN108738011A
CN108738011A CN201710270409.9A CN201710270409A CN108738011A CN 108738011 A CN108738011 A CN 108738011A CN 201710270409 A CN201710270409 A CN 201710270409A CN 108738011 A CN108738011 A CN 108738011A
Authority
CN
China
Prior art keywords
equipment
key element
server
key
activation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710270409.9A
Other languages
Chinese (zh)
Inventor
罗猛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201710270409.9A priority Critical patent/CN108738011A/en
Publication of CN108738011A publication Critical patent/CN108738011A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Abstract

The invention discloses a kind of Activiation method of equipment and system, method includes:Equipment carries out authentication with server and after authenticating successfully, obtains the key element being locally stored, be sent to server in activation;Server verifies key element, after verifying successfully, issues the relevant information of equipment to equipment, and the key element that needs carry when activating next time is issued to equipment;The relevant information of reception is written locally equipment, and updates the key element being locally stored.The present invention also ensures that user information is not leaked while reducing server non-productive work, and the significant increase safety of user information solves in equipment, and camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble.

Description

The Activiation method and system of equipment
Technical field
The present invention relates to field of communication technology more particularly to the Activiation methods and system of a kind of equipment.
Background technology
Currently, equipment is especially machine card integrated in activation, merely by HMAC between equipment and server The authentication of (Hash-based Message Authentication Code, hash message authentication code) is mutually authenticated, and is recognized Card issues the information such as number and configuration to equipment by rear server.
But above-mentioned existing device activation mode, due to carrying out phase merely by HMAC between equipment and server Mutually authentication, and in HMAC authentications, due to MEID (Mobile Equipment Identifier, the mobile device identification of equipment Code) and public key be well known, if so be able to know that the MEID of equipment, re-write MEID can disguise oneself as it is known Equipment.In addition to HMAC is authenticated, not other mode is for the verification between equipment and server during device activation. It is the process of repeated plant activation for the first time when equipment subsequent activation, this is easy to be utilized by hacker and by pretending equipment Into line activating, the problem of to obtain the information such as Subscriber Number and configuration, information security is brought to user.
Invention content
The main purpose of the present invention is to provide a kind of Activiation method of equipment and systems, it is intended to solve equipment especially machine In card equipment integrating, camouflage equipment obtains the information such as number and the configuration of known device and security hidden trouble, raising is caused to set Standby safety in utilization.
To achieve the above object, the Activiation method of a kind of equipment provided by the invention, including:
The equipment carries out authentication with server and after authenticating successfully, obtains the pass being locally stored in activation Key element is sent to the server;
The server verifies the key element, after verifying successfully, issues the relevant information of the equipment To the equipment, and the key element that needs carry when activating next time is issued to the equipment, the relevant information is at least wrapped Include the number and relevant configuration information of the equipment;
The relevant information of reception is written locally the equipment, and updates the key element being locally stored.
Preferably, the equipment carries out after authenticating successfully with server in activation, obtains the key being locally stored Element further includes before the step of being sent to the server:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, institute It states when server issues activation next time to the equipment and needs the key element carried;
The key element that the equipment issues the server stores.
Preferably, the key element is stored in local non-erasable region.
Preferably, the key element is by the server dynamic generation, the server dynamic generation key element Step includes:
The MEID of the equipment is obtained, and extracts the top N of the mobile device identification code MEID of the equipment or rear N work For seed, wherein N is positive integer;
The time range interacted with the server from preset time point to current device obtains random number, when described default Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Preferably, the key element transmitted between the server and the equipment is encrypted;Wherein:It is described The step of key element for being handed down to the equipment is encrypted in server include:
The server generates a symmetric key when sending key element to the equipment, is used in combination described symmetrical close The key element is encrypted in key;
Symmetric key described in public key encryption by the equipment.
Preferably, the step of equipment stores key element that the server issues include:
When the equipment receives the encrypted key element that the server is sent, pass through the private key pair of the equipment The encrypted key element is decrypted, and obtains symmetric key;
Encrypted key element is unlocked by the symmetric key, and this key element is stored to local non-erasable area Domain, and/or new and old key element.
The embodiment of the present invention also proposes a kind of Activiation method of equipment, including:
The equipment carries out authentication with server and after authenticating successfully, obtains the pass being locally stored in activation Key element is sent to the server;
The equipment receives the server and is verified to the key element, and after verifying successfully, what is issued is described The key element carried, the relevant information is needed at least to wrap the relevant information of equipment and the equipment activate next time when Include the number and relevant configuration information of the equipment;
The relevant information of reception is written locally the equipment, and updates the key element being locally stored.
Preferably, the equipment carries out after authenticating successfully with server in activation, obtains the key being locally stored Element further includes before the step of being sent to the server:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, institute It states equipment and receives the key element for needing to carry when activating next time that the server issues;
The key element that the equipment issues the server stores.
Preferably, the key element transmitted between the server and the equipment is encrypted;The equipment Include by the step of key element that the server issues storage:
When the equipment receives the encrypted key element that the server is sent, pass through the private key pair of the equipment The encrypted key element is decrypted, and obtains symmetric key;
Encrypted key element is unlocked by the symmetric key, and this key element is stored to local non-erasable area Domain, and/or new and old key element.
The embodiment of the present invention also proposes a kind of Activiation method of equipment, including:
The server carries out authentication with the equipment and after authenticating successfully, receives during the device activation The key element that the equipment is sent;
The server verifies the key element, after verifying successfully, issues the relevant information of the equipment To the equipment, and the key element that needs carry when activating next time is issued to the equipment, the relevant information is at least wrapped The relevant information of reception is written locally by the equipment, and updates local by the number and relevant configuration information for including the equipment The key element of storage.
Preferably, the server with the equipment authenticate and authenticating successfully during the device activation Afterwards, further include before the step of receiving the key element that the equipment is sent:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, institute It states when server issues activation next time to the equipment and needs the key element carried, it will be under the server by the equipment The key element of hair stores.
Preferably, the key element is by the server dynamic generation, the server dynamic generation key element Step includes:
The MEID of the equipment is obtained, and extracts the top N of the mobile device identification code MEID of the equipment or rear N work For seed, wherein N is positive integer;
The time range interacted with the server from preset time point to current device obtains random number, when described default Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Preferably, the key element transmitted between the server and the equipment is encrypted;Wherein:It is described The step of key element for being handed down to the equipment is encrypted in server include:
The server generates a symmetric key when sending key element to the equipment, is used in combination described symmetrical close The key element is encrypted in key;
Symmetric key described in public key encryption by the equipment.
The embodiment of the present invention also proposes that a kind of equipment, the equipment include:Memory, processor and it is stored in the storage On device and the computer program that can run on the processor, realized such as when the computer program is executed by the processor Above the step of method.
The embodiment of the present invention also proposes that a kind of server, the server include:It memory, processor and is stored in described It is real when the computer program is executed by the processor on memory and the computer program that can run on the processor Now the step of method as described above.
The embodiment of the present invention also proposes a kind of activation system of equipment, including:Equipment and server;Wherein:
The equipment, in activation, carrying out authentication with server and after authenticating successfully, acquisition being locally stored Key element, be sent to the server;
The server after verifying successfully, issues the correlation of the equipment for being verified to the key element Information issues the key element that needs carry when activating next time to the equipment to the equipment, and the relevant information is extremely Include the number and relevant configuration information of the equipment less;
The equipment is additionally operable to the relevant information that will be received write-in locally, and updates the key element being locally stored.
Preferably, the server is additionally operable in the equipment initial activation, the equipment and the server into Row authenticates and after authenticating successfully, needs the key element carried when issuing activation next time to the equipment;
The equipment is additionally operable to the key element for issuing server storage.
Preferably, the server is additionally operable to key element described in dynamic generation, is specifically used for:
Obtain the MEID of the equipment, and extract the MEID of the equipment top N or it is rear N be used as seed, wherein N For positive integer;
The time range interacted with the server from preset time point to current device obtains random number, when described default Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Preferably, the key element transmitted between the server and the equipment is encrypted;Wherein:
The server is additionally operable to that the key element for being handed down to the equipment is encrypted, is specifically used for:
When sending key element to the equipment, a symmetric key is generated, is used in combination the symmetric key to the pass Key element is encrypted;Symmetric key described in public key encryption by the equipment.
Preferably, the equipment passes through institute when being additionally operable to receive the encrypted key element that the server is sent The encrypted key element is decrypted in the private key for stating equipment, obtains symmetric key;It is unlocked by the symmetric key Encrypted key element, and this key element is stored to local non-erasable region, and/or new and old key element.
The Activiation method and system of a kind of equipment proposed by the present invention are mutually recognized each other with current device activation with server Based on the HMAC authentications of card, after authenticating successfully, the key element that equipment reads storage is sent to server, server pair This key element is verified, if verify successfully, issues the information such as number and configuration, and activation is verified next time After equipment receives key element success, this key element is stored to equipment for key element, updates the key member stored before Element, and by number and configuration information write device, using the present invention program, while reducing server non-productive work, It ensure that user information is not leaked, thus the significant increase safety of user information solves in equipment, camouflage equipment obtains It takes the information such as number and the configuration of known device to cause security hidden trouble, improves the safety in utilization of equipment.
Description of the drawings
Fig. 1 is the flow diagram of the Activiation method first embodiment of present device;
Fig. 2 is the flow diagram of the Activiation method second embodiment of present device;
Fig. 3 is the processing flow schematic diagram of equipment initial activation in the embodiment of the present invention;
Fig. 4 is the processing flow schematic diagram that equipment activates again in the embodiment of the present invention;
Fig. 5 is the flow diagram of the Activiation method 3rd embodiment of present device;
Fig. 6 is the flow diagram of the Activiation method fourth embodiment of present device;
Fig. 7 is the flow diagram of the 5th embodiment of Activiation method of present device;
Fig. 8 is the flow diagram of the Activiation method sixth embodiment of present device;
Fig. 9 is the block schematic illustration of the activation system of present device.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
In order to keep technical scheme of the present invention clearer, clear, it is described in further detail below in conjunction with attached drawing.
Specific implementation mode
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The primary solutions of the embodiment of the present invention are:The HMAC being mutually authenticated with server with current device activation Based on authentication, after authenticating successfully, the key element that equipment reads storage is sent to server, and server is to this crucial member Element is verified, if verifying successfully, issues the information such as number and configuration, and activate the key element verified next time To equipment, after equipment reception key element succeeds, this key element is stored, updates the key element stored before, and general number Code and configuration information write device, to solve in equipment, camouflage equipment obtains the information such as number and the configuration of known device Security hidden trouble is caused, the safety in utilization of equipment is improved, while reducing server non-productive work, also ensures user's letter Breath is not leaked, the safety of significant increase user information.
Equipment includes but not limited to machine card integrated equipment in the present embodiment, and by taking machine card integrated equipment as an example, the present embodiment is examined Consider:During the machine card integrated device activation of sprint operators, the authentication mode used is OMADM (Open Mobile Alliance, Open Mobile Alliance) agreement Plays hmac algorithm, three kinds of fundamentals of this algorithm are the mark of equipment (meid), server identification (serverID) and secret (key).Equipment for having activated, as long as can obtain To its meid, it will be able to by authentication, and successfully get corresponding facility information from sprint servers.
For such case, the present invention provides a solution, can solve in machine card integrated equipment, and camouflage equipment obtains It takes the information such as number and the configuration of known device to cause security hidden trouble, ensures the safety of equipment normal users, also avoid The invalid activation of server.
As shown in Figure 1, first embodiment of the invention proposes a kind of Activiation method of equipment, including:
Step S101, the equipment carry out authentication in activation, with server and after authenticating successfully, obtain local The key element of storage is sent to the server;
This embodiment scheme is being reflected based on the HMAC authentications that current device activation is mutually authenticated with server After weighing successfully, equipment reads the key element that is locally stored, and is sent to server, so as to server to this key element into Row verification issues the relevant informations such as number and configuration if verifying successfully, and the key member that activation next time is verified After element gives equipment, equipment to receive key element success, this key element is stored, updates the key element stored before, and will The relevant informations write device such as number and configuration.If server verification failure, this activation failure of annunciator.
Specifically, in the present embodiment, by transmitting key element between equipment and server, device activation process is solved In, camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, ensures equipment normal users Safety, also avoid the invalid activation of server.
Wherein, the key element for verification that server issues is locally stored in equipment, as an implementation, The key element can be generated by server, and certainly, as another embodiment, which can also be by other equipment It generates and sends to server.The present embodiment is illustrated with key element by server generation.
Equipment carries out HMAC authentications with server first in activation.After authenticating successfully, equipment obtains local deposit The key element of storage is sent to the server, is verified to this key element by server.
Step S102, the server verifies the key element, after verifying successfully, issues the equipment Relevant information issues the key element that needs carry when activating next time to the equipment to the equipment, the related letter Number and relevant configuration information of the breath including at least the equipment;
The relevant information of reception is written locally for step S103, the equipment, and updates the key element being locally stored.
Server verifies this key element after the key element for receiving equipment transmission, if verifying successfully, The relevant informations such as number and configuration are issued, and the key element that activation is verified next time, to equipment, equipment, which receives, closes After the success of key element, this key element is stored, updates the key element stored before, and the correlation such as number and configuration is believed Cease write device.If server verification failure, this activation failure of annunciator.
Wherein, in order to improve the storage security of key element, in the present embodiment, key that equipment can issue server Element is stored to local non-erasable region.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server HMAC authentication based on, after authenticate successfully, equipment reading store key element be sent to server, server is to this Key element is verified, if verifying successfully, issues the information such as number and configuration, and activate the pass verified next time Key element is to equipment, and after equipment receives key element success, this key element storage to non-erasable region is deposited before update The key element of storage, and number and configuration information write device are being reduced into server non-productive work using the present invention program While, also ensuring that user information is not leaked, thus the significant increase safety of user information solves in equipment, Camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, improves the safe to use of equipment Property.
As shown in Fig. 2, second embodiment of the invention proposes a kind of Activiation method of equipment, including:
Step S90, the equipment in initial activation, the equipment and the server carry out authentication and authentication at After work(, the server needs the key element carried when issuing activation next time to the equipment;
Step S200, the key element that the equipment issues the server store;
Step S201, the equipment carry out authentication in activation, with server and after authenticating successfully, obtain local The key element of storage is sent to the server;
Step S202, the server verifies the key element, after verifying successfully, issues the equipment Relevant information issues the key element that needs carry when activating next time to the equipment to the equipment, the related letter Number and relevant configuration information of the breath including at least the equipment;
The relevant information of reception is written locally for step S203, the equipment, and updates the key element being locally stored.
Activation next time is obtained compared to above-mentioned first embodiment shown in FIG. 1, when the present embodiment further includes equipment initial activation The scheme of key element.
Step S101 in the present embodiment in step S201, S202, S203 and above-mentioned first embodiment shown in FIG. 1, S102, S103 correspond to identical, and this will not be repeated here.
In the present embodiment, equipment carries out after authenticating successfully with server in activation, obtains the key being locally stored Element, being sent to the server further includes before:
Step S90, the equipment in initial activation, the equipment and the server carry out authentication and authentication at After work(, the server needs the key element carried when issuing activation next time to the equipment;
Step S200, the key element storage that the equipment issues the server to local non-erasable region.
Specifically, equipment is authenticated with server first in initial activation, and after authenticating successfully, server is to setting It is standby to issue the key element for needing to carry when activating next time.Later, the key element storage that equipment issues server is to originally The non-erasable region in ground.
The process flow of equipment initial activation can be with as shown in figure 3, detailed process be as follows in the present embodiment:
S001:Equipment connects configuration server.
S002:Mutual HMAC authentications are carried out between equipment and server.
S003:It authenticates successfully, server sending device activates the key element for needing to verify and this activation next time Equipment needs the information such as the number being written and configuration;If failed authentication, server annunciator failed authentication.
S004:Equipment receives key element success, then stores key element, and new and old key element;Equipment receives Key element failure is not received by key element, then server is required to retransmit key element.
S005:Equipment stores and updates key element success, and the information write-in such as number, configuration of server transmission is set It is standby, and notification server activates successfully;Equipment stores and updates key element failure, then is not written into the information such as number, configuration, accuses Know the update failure of server key element.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server HMAC authentication based on, in equipment initial activation, from server obtain this activation number and configuration etc. information, and The key element that activation is verified next time that server issues is obtained, this key element is stored to non-erasable region, And by number and configuration information write device, also ensured while reducing server non-productive work using the present invention program User information is not leaked, thus the significant increase safety of user information solves in equipment, camouflage equipment obtains Know that the information such as number and the configuration of equipment cause security hidden trouble, improves the safety in utilization of equipment.
Further, in this embodiment the process flow that equipment activates again can be with as shown in figure 4, detailed process be as follows:
S001:Equipment connects configuration server.
S002:Mutual HMAC authentications are carried out between equipment and server.
S003:If authenticating successfully, equipment reads the key element of storage and reports server;If failed authentication, server Annunciator failed authentication.
S004:Server verifies the key element that equipment reports.
S005:Key element verification passes through, and server sending device activates the key element for needing to verify next time, and This activation equipment needs the information such as the number being written and configuration;If key element verification failure, server annunciator mirror Power failure.
S006:Equipment receives key element success, then stores key element, and new and old key element;Equipment receives Key element failure is not received by key element, then server is required to retransmit key element.
S007:Equipment stores and updates key element success, and the information write-in such as number, configuration of server transmission is set It is standby, and notification server activates successfully;Equipment stores and updates key element failure, then is not written into the information such as number, configuration, accuses Know the update failure of server key element.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server HMAC authentication based on, after authenticate successfully, equipment reading store key element be sent to server, server is to this Key element is verified, if verifying successfully, issues the information such as number and configuration, and activate the pass verified next time Key element is to equipment, and after equipment receives key element success, this key element storage to non-erasable region is deposited before update The key element of storage, and number and configuration information write device are being reduced into server non-productive work using the present invention program While, also ensuring that user information is not leaked, thus the significant increase safety of user information solves in equipment, Camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, improves the safe to use of equipment Property.
Further, as previously mentioned, in the present embodiment, key element is by server dynamic generation, specific key element Generating algorithm may be used such as under type:
First, obtain the MEID of the equipment, and extract the MEID of the equipment top N or it is rear N be used as seed, In, N is positive integer, for example can take 0;
The time range interacted with the server from preset time point to current device obtains random number, when described default Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Concrete example is as follows:
The MEID for obtaining the equipment is used as seed by six after the MEID of equipment, then with from 0 to current device with clothes Be engaged in device interaction time range obtain random number, the two take and as key element value.
It is directed to each MEID or same MEID in this way, the value for the key element that server issues every time is all that dynamic becomes Change.
Certainly, it should be noted that the generating algorithm of key element can not also be limited to aforesaid way in the present embodiment, this Embodiment is not especially limited this.
In addition it is also necessary to explanation, the transmission for key element, in order to avoid being cut in key element transmission process Take, in the present embodiment, between server and equipment the transmission of key element carried out encryption.
Wherein:The process that the key element for being handed down to the equipment is encrypted in server may include:
The server generates a symmetric key when sending key element to the equipment, is used in combination described symmetrical close The key element is encrypted in key;Later, symmetric key described in the public key encryption by the equipment.
In equipment side, when the equipment receives the encrypted key element that the server is sent, set by described The encrypted key element is decrypted in standby private key, obtains symmetric key;Again encrypted pass is unlocked with symmetric key Key element, and this key element is stored to local non-erasable region, new and old key element.
Process when device-to-server transmission key element is similar, and details are not described herein.
As a result, through the above scheme, all it is ciphertext in transmission process due to key element, can not be solved being intercepted It is close go out key element therefore, further ensure user information because private key is that each equipment is unique and be not leaked, greatly Improve the safety of user information.
As shown in figure 5, third embodiment of the invention proposes a kind of Activiation method of equipment, including:
Step S301, the equipment carry out authentication in activation, with server and after authenticating successfully, obtain local The key element of storage is sent to the server;
This embodiment scheme is being reflected based on the HMAC authentications that current device activation is mutually authenticated with server After weighing successfully, equipment reads the key element that is locally stored, and is sent to server, so as to server to this key element into Row verification issues the relevant informations such as number and configuration if verifying successfully, and the key member that activation next time is verified After element gives equipment, equipment to receive key element success, this key element is stored, updates the key element stored before, and will The relevant informations write device such as number and configuration.If server verification failure, this activation failure of annunciator.
Specifically, in the present embodiment, by transmitting key element between equipment and server, device activation process is solved In, camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, ensures equipment normal users Safety, also avoid the invalid activation of server.
Wherein, the key element for verification that server issues is locally stored in equipment, as an implementation, The key element can be generated by server, and certainly, as another embodiment, which can also be by other equipment It generates and sends to server.The present embodiment is illustrated with key element by server generation.
Equipment carries out HMAC authentications with server first in activation.After authenticating successfully, equipment obtains local deposit The key element of storage is sent to the server, is verified to this key element by server.
Step S302, the equipment receives the server and is verified to the key element, after verifying successfully, under The key element carried, the related letter are needed the relevant information and the equipment of the equipment of hair activate next time when Number and relevant configuration information of the breath including at least the equipment;
The relevant information of reception is written locally for step S303, the equipment, and updates the key element being locally stored.
Server verifies this key element after the key element for receiving equipment transmission, if verifying successfully, The relevant informations such as number and configuration are issued, and the key element that activation is verified next time, to equipment, equipment, which receives, closes After the success of key element, this key element is stored, updates the key element stored before, and the correlation such as number and configuration is believed Cease write device.If server verification failure, this activation failure of annunciator.
Wherein, in order to improve the storage security of key element, in the present embodiment, key that equipment can issue server Element is stored to local non-erasable region.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server HMAC authentication based on, after authenticate successfully, equipment reading store key element be sent to server, server is to this Key element is verified, if verifying successfully, issues the information such as number and configuration, and activate the pass verified next time Key element is to equipment, and after equipment receives key element success, this key element storage to non-erasable region is deposited before update The key element of storage, and number and configuration information write device are being reduced into server non-productive work using the present invention program While, also ensuring that user information is not leaked, thus the significant increase safety of user information solves in equipment, Camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, improves the safe to use of equipment Property.
As shown in fig. 6, fourth embodiment of the invention proposes a kind of Activiation method of equipment, including:
Step S400, the equipment with the server authenticate and authenticating in initial activation in the equipment After success, the equipment receives the key element for needing to carry when activating next time that the server issues;The equipment will The key element storage that the server issues.
Step S401, the equipment carry out authentication in activation, with server and after authenticating successfully, obtain local The key element of storage is sent to the server;
Step S402, the equipment receives the server and is verified to the key element, after verifying successfully, under The key element carried, the related letter are needed the relevant information and the equipment of the equipment of hair activate next time when Number and relevant configuration information of the breath including at least the equipment;
The relevant information of reception is written locally for step S403, the equipment, and updates the key element being locally stored.
Activation next time is obtained compared to above-mentioned 3rd embodiment shown in fig. 5, when the present embodiment further includes equipment initial activation The scheme of key element.
Step S301 in the present embodiment in step S401, S402, S403 and above-mentioned 3rd embodiment shown in fig. 5, S302, S303 correspond to identical, and this will not be repeated here.
In the present embodiment, the equipment is carried out with server after authenticating successfully, acquisition is locally stored in activation Key element, further include before the step of being sent to the server:
Step S400, the equipment with the server authenticate and authenticating in initial activation in the equipment After success, the equipment receives the key element for needing to carry when activating next time that the server issues;The equipment will The key element storage that the server issues.
Specifically, equipment is authenticated with server first in initial activation, and after authenticating successfully, server is to setting It is standby to issue the key element for needing to carry when activating next time.Later, the key element storage that equipment issues server is to originally The non-erasable region in ground.
The process flow of equipment initial activation can be with as shown in figure 3, detailed process be as follows in the present embodiment:
S001:Equipment connects configuration server.
S002:Mutual HMAC authentications are carried out between equipment and server.
S003:It authenticates successfully, server sending device activates the key element for needing to verify and this activation next time Equipment needs the information such as the number being written and configuration;If failed authentication, server annunciator failed authentication.
S004:Equipment receives key element success, then stores key element, and new and old key element;Equipment receives Key element failure is not received by key element, then server is required to retransmit key element.
S005:Equipment stores and updates key element success, and the information write-in such as number, configuration of server transmission is set It is standby, and notification server activates successfully;Equipment stores and updates key element failure, then is not written into the information such as number, configuration, accuses Know the update failure of server key element.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server HMAC authentication based on, in equipment initial activation, from server obtain this activation number and configuration etc. information, and The key element that activation is verified next time that server issues is obtained, this key element is stored to non-erasable region, And by number and configuration information write device, also ensured while reducing server non-productive work using the present invention program User information is not leaked, thus the significant increase safety of user information solves in equipment, camouflage equipment obtains Know that the information such as number and the configuration of equipment cause security hidden trouble, improves the safety in utilization of equipment.
Further, in this embodiment the process flow that equipment activates again can be with as shown in figure 4, detailed process be as follows:
S001:Equipment connects configuration server.
S002:Mutual HMAC authentications are carried out between equipment and server.
S003:If authenticating successfully, equipment reads the key element of storage and reports server;If failed authentication, server Annunciator failed authentication.
S004:Server verifies the key element that equipment reports.
S005:Key element verification passes through, and server sending device activates the key element for needing to verify next time, and This activation equipment needs the information such as the number being written and configuration;If key element verification failure, server annunciator mirror Power failure.
S006:Equipment receives key element success, then stores key element, and new and old key element;Equipment receives Key element failure is not received by key element, then server is required to retransmit key element.
S007:Equipment stores and updates key element success, and the information write-in such as number, configuration of server transmission is set It is standby, and notification server activates successfully;Equipment stores and updates key element failure, then is not written into the information such as number, configuration, accuses Know the update failure of server key element.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server HMAC authentication based on, after authenticate successfully, equipment reading store key element be sent to server, server is to this Key element is verified, if verifying successfully, issues the information such as number and configuration, and activate the pass verified next time Key element is to equipment, and after equipment receives key element success, this key element storage to non-erasable region is deposited before update The key element of storage, and number and configuration information write device are being reduced into server non-productive work using the present invention program While, also ensuring that user information is not leaked, thus the significant increase safety of user information solves in equipment, Camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, improves the safe to use of equipment Property.
Further, as previously mentioned, in the present embodiment, key element is by server dynamic generation, specific key element Generating algorithm may be used such as under type:
First, obtain the MEID of the equipment, and extract the MEID of the equipment top N or it is rear N be used as seed, In, N is positive integer, for example can take 0;
The time range interacted with the server from preset time point to current device obtains random number, when described default Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Concrete example is as follows:
The MEID for obtaining the equipment is used as seed by six after the MEID of equipment, then with from 0 to current device with clothes Be engaged in device interaction time range obtain random number, the two take and as key element value.
It is directed to each MEID or same MEID in this way, the value for the key element that server issues every time is all that dynamic becomes Change.
Certainly, it should be noted that the generating algorithm of key element can not also be limited to aforesaid way in the present embodiment, this Embodiment is not especially limited this.
In addition it is also necessary to explanation, the transmission for key element, in order to avoid being cut in key element transmission process Take, in the present embodiment, between server and equipment the transmission of key element carried out encryption.
Wherein:The process that the key element for being handed down to the equipment is encrypted in server may include:
The server generates a symmetric key when sending key element to the equipment, is used in combination described symmetrical close The key element is encrypted in key;Later, symmetric key described in the public key encryption by the equipment.
In equipment side, when the equipment receives the encrypted key element that the server is sent, set by described The encrypted key element is decrypted in standby private key, obtains symmetric key;Again encrypted pass is unlocked with symmetric key Key element, and this key element is stored to local non-erasable region, new and old key element.
Process when device-to-server transmission key element is similar, and details are not described herein.
As a result, through the above scheme, all it is ciphertext in transmission process due to key element, can not be solved being intercepted It is close go out key element therefore, further ensure user information because private key is that each equipment is unique and be not leaked, greatly Improve the safety of user information.
As shown in fig. 7, fifth embodiment of the invention proposes a kind of Activiation method of equipment, including:
Step S501, the server during device activation, with the equipment carry out authentication and authentication at After work(, the key element that the equipment is sent is received;
This embodiment scheme is being reflected based on the HMAC authentications that current device activation is mutually authenticated with server After weighing successfully, equipment reads the key element that is locally stored, and is sent to server, so as to server to this key element into Row verification issues the relevant informations such as number and configuration if verifying successfully, and the key member that activation next time is verified After element gives equipment, equipment to receive key element success, this key element is stored, updates the key element stored before, and will The relevant informations write device such as number and configuration.If server verification failure, this activation failure of annunciator.
Specifically, in the present embodiment, by transmitting key element between equipment and server, device activation process is solved In, camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, ensures equipment normal users Safety, also avoid the invalid activation of server.
Wherein, the key element for verification that server issues is locally stored in equipment, as an implementation, The key element can be generated by server, and certainly, as another embodiment, which can also be by other equipment It generates and sends to server.The present embodiment is illustrated with key element by server generation.
Equipment carries out HMAC authentications with server first in activation.After authenticating successfully, equipment obtains local deposit The key element of storage is sent to the server, is verified to this key element by server.
Step S502, the server verifies the key element, after verifying successfully, issues the equipment Relevant information issues the key element that needs carry when activating next time to the equipment to the equipment, the related letter The relevant information of reception is written locally by the equipment including at least the number and relevant configuration information of the equipment for breath, and Update the key element being locally stored.
Server verifies this key element after the key element for receiving equipment transmission, if verifying successfully, The relevant informations such as number and configuration are issued, and the key element that activation is verified next time, to equipment, equipment, which receives, closes After the success of key element, this key element is stored, updates the key element stored before, and the correlation such as number and configuration is believed Cease write device.If server verification failure, this activation failure of annunciator.
Wherein, in order to improve the storage security of key element, in the present embodiment, key that equipment can issue server Element is stored to local non-erasable region.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server HMAC authentication based on, after authenticate successfully, equipment reading store key element be sent to server, server is to this Key element is verified, if verifying successfully, issues the information such as number and configuration, and activate the pass verified next time Key element is to equipment, and after equipment receives key element success, this key element storage to non-erasable region is deposited before update The key element of storage, and number and configuration information write device are being reduced into server non-productive work using the present invention program While, also ensuring that user information is not leaked, thus the significant increase safety of user information solves in equipment, Camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, improves the safe to use of equipment Property.
As shown in figure 8, sixth embodiment of the invention proposes a kind of Activiation method of equipment, including:
Step S601, the server during device activation, with the equipment carry out authentication and authentication at After work(, the key element that the equipment is sent is received;
Step S602, the server verifies the key element, after verifying successfully, issues the equipment Relevant information issues the key element that needs carry when activating next time to the equipment to the equipment, the related letter The relevant information of reception is written locally by the equipment including at least the number and relevant configuration information of the equipment for breath, and Update the key element being locally stored.
Activation next time is obtained compared to above-mentioned 5th embodiment shown in Fig. 7, when the present embodiment further includes equipment initial activation The scheme of key element.
Step S601, S602 are corresponding with step S501, S502 in above-mentioned 5th embodiment shown in Fig. 7 in the present embodiment Identical, this will not be repeated here.
In the present embodiment, the server during device activation, with the equipment authenticate and authenticating After success, further include before the step of receiving the key element that the equipment is sent:
Step S500, the equipment with the server authenticate and authenticating in initial activation in the equipment After success, the server needs the key element that carries when issuing activation next time to the equipment, by the equipment by institute State the key element storage that server issues.
Specifically, equipment is authenticated with server first in initial activation, and after authenticating successfully, server is to setting It is standby to issue the key element for needing to carry when activating next time.Later, the key element storage that equipment issues server is to originally The non-erasable region in ground.
The process flow of equipment initial activation can be with as shown in figure 3, detailed process be as follows in the present embodiment:
S001:Equipment connects configuration server.
S002:Mutual HMAC authentications are carried out between equipment and server.
S003:It authenticates successfully, server sending device activates the key element for needing to verify and this activation next time Equipment needs the information such as the number being written and configuration;If failed authentication, server annunciator failed authentication.
S004:Equipment receives key element success, then stores key element, and new and old key element;Equipment receives Key element failure is not received by key element, then server is required to retransmit key element.
S005:Equipment stores and updates key element success, and the information write-in such as number, configuration of server transmission is set It is standby, and notification server activates successfully;Equipment stores and updates key element failure, then is not written into the information such as number, configuration, accuses Know the update failure of server key element.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server HMAC authentication based on, in equipment initial activation, from server obtain this activation number and configuration etc. information, and The key element that activation is verified next time that server issues is obtained, this key element is stored to non-erasable region, And by number and configuration information write device, also ensured while reducing server non-productive work using the present invention program User information is not leaked, thus the significant increase safety of user information solves in equipment, camouflage equipment obtains Know that the information such as number and the configuration of equipment cause security hidden trouble, improves the safety in utilization of equipment.
Further, in this embodiment the process flow that equipment activates again can be with as shown in figure 4, detailed process be as follows:
S001:Equipment connects configuration server.
S002:Mutual HMAC authentications are carried out between equipment and server.
S003:If authenticating successfully, equipment reads the key element of storage and reports server;If failed authentication, server Annunciator failed authentication.
S004:Server verifies the key element that equipment reports.
S005:Key element verification passes through, and server sending device activates the key element for needing to verify next time, and This activation equipment needs the information such as the number being written and configuration;If key element verification failure, server annunciator mirror Power failure.
S006:Equipment receives key element success, then stores key element, and new and old key element;Equipment receives Key element failure is not received by key element, then server is required to retransmit key element.
S007:Equipment stores and updates key element success, and the information write-in such as number, configuration of server transmission is set It is standby, and notification server activates successfully;Equipment stores and updates key element failure, then is not written into the information such as number, configuration, accuses Know the update failure of server key element.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server HMAC authentication based on, after authenticate successfully, equipment reading store key element be sent to server, server is to this Key element is verified, if verifying successfully, issues the information such as number and configuration, and activate the pass verified next time Key element is to equipment, and after equipment receives key element success, this key element storage to non-erasable region is deposited before update The key element of storage, and number and configuration information write device are being reduced into server non-productive work using the present invention program While, also ensuring that user information is not leaked, thus the significant increase safety of user information solves in equipment, Camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, improves the safe to use of equipment Property.
Further, as previously mentioned, in the present embodiment, key element is by server dynamic generation, specific key element Generating algorithm may be used such as under type:
First, obtain the MEID of the equipment, and extract the MEID of the equipment top N or it is rear N be used as seed, In, N is positive integer, for example can take 0;
The time range interacted with the server from preset time point to current device obtains random number, when described default Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Concrete example is as follows:
The MEID for obtaining the equipment is used as seed by six after the MEID of equipment, then with from 0 to current device with clothes Be engaged in device interaction time range obtain random number, the two take and as key element value.
It is directed to each MEID or same MEID in this way, the value for the key element that server issues every time is all that dynamic becomes Change.
Certainly, it should be noted that the generating algorithm of key element can not also be limited to aforesaid way in the present embodiment, this Embodiment is not especially limited this.
In addition it is also necessary to explanation, the transmission for key element, in order to avoid being cut in key element transmission process Take, in the present embodiment, between server and equipment the transmission of key element carried out encryption.
Wherein:The process that the key element for being handed down to the equipment is encrypted in server may include:
The server generates a symmetric key when sending key element to the equipment, is used in combination described symmetrical close The key element is encrypted in key;Later, symmetric key described in the public key encryption by the equipment.
In equipment side, when the equipment receives the encrypted key element that the server is sent, set by described The encrypted key element is decrypted in standby private key, obtains symmetric key;Again encrypted pass is unlocked with symmetric key Key element, and this key element is stored to local non-erasable region, new and old key element.
Process when device-to-server transmission key element is similar, and details are not described herein.
As a result, through the above scheme, all it is ciphertext in transmission process due to key element, can not be solved being intercepted It is close go out key element therefore, further ensure user information because private key is that each equipment is unique and be not leaked, greatly Improve the safety of user information.
In addition, the embodiment of the present invention also proposes that a kind of equipment, the equipment include:Memory, processor and it is stored in institute The computer program that can be run on memory and on the processor is stated, when the computer program is executed by the processor Realize following operation:
The equipment carries out authentication with server and after authenticating successfully, obtains the pass being locally stored in activation Key element is sent to the server;
The equipment receives the server and is verified to the key element, and after verifying successfully, what is issued is described The key element carried, the relevant information is needed at least to wrap the relevant information of equipment and the equipment activate next time when Include the number and relevant configuration information of the equipment;
The relevant information of reception is written locally the equipment, and updates the key element being locally stored.
The computer program can also realize following operation when being executed by the processor:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, institute It states equipment and receives the key element for needing to carry when activating next time that the server issues;
The key element that the equipment issues the server stores.
The computer program can also realize following operation when being executed by the processor:
When the equipment receives the encrypted key element that the server is sent, pass through the private key pair of the equipment The encrypted key element is decrypted, and obtains symmetric key;
Encrypted key element is unlocked by the symmetric key, and this key element is stored to local non-erasable area Domain, and/or new and old key element.
Equipment interacts the detailed schematic for the activation for realizing equipment with server in the present embodiment, please refers to above-mentioned each implementation Example, details are not described herein.
The embodiment of the present invention also proposes a kind of server, which is characterized in that the server includes:Memory, processor And it is stored in the computer program that can be run on the memory and on the processor, the computer program is by the place It manages and realizes following operation when device executes:
The server carries out authentication with the equipment and after authenticating successfully, receives during the device activation The key element that the equipment is sent;
The server verifies the key element, after verifying successfully, issues the relevant information of the equipment To the equipment, and the key element that needs carry when activating next time is issued to the equipment, the relevant information is at least wrapped The relevant information of reception is written locally by the equipment, and updates local by the number and relevant configuration information for including the equipment The key element of storage.
The computer program can also realize following operation when being executed by the processor:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, institute It states when server issues activation next time to the equipment and needs the key element carried, it will be under the server by the equipment The key element of hair stores.
The computer program can also realize following operation when being executed by the processor:
The MEID of the equipment is obtained, and extracts the top N of the mobile device identification code MEID of the equipment or rear N work For seed, wherein N is positive integer;
The time range interacted with the server from preset time point to current device obtains random number, when described default Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
The computer program can also realize following operation when being executed by the processor:
The server generates a symmetric key when sending key element to the equipment, is used in combination described symmetrical close The key element is encrypted in key;
Symmetric key described in public key encryption by the equipment.
Equipment interacts the detailed schematic for the activation for realizing equipment with server in the present embodiment, please refers to above-mentioned each implementation Example, details are not described herein.
Accordingly, the activation system embodiment of present device is proposed.
As shown in figure 9, present pre-ferred embodiments propose a kind of activation system of equipment, including:Equipment and server;Its In:
The equipment, in activation, carrying out authentication with server and after authenticating successfully, acquisition being locally stored Key element, be sent to the server;
The server after verifying successfully, issues the correlation of the equipment for being verified to the key element Information issues the key element that needs carry when activating next time to the equipment to the equipment, and the relevant information is extremely Include the number and relevant configuration information of the equipment less;
The equipment is additionally operable to the relevant information that will be received write-in locally, and updates the key element being locally stored.
Further, the server is additionally operable in the equipment initial activation, in the equipment and the server It carries out authentication and after authenticating successfully, needs the key element carried when issuing activation next time to the equipment;
The equipment is additionally operable to the key element for issuing server storage to local non-erasable region.
Further, the server is additionally operable to key element described in dynamic generation, is specifically used for:
Obtain the MEID of the equipment, and extract the MEID of the equipment top N or it is rear N be used as seed, wherein N For positive integer;
The time range interacted with the server from preset time point to current device obtains random number, when described default Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Further, the key element transmitted between the server and the equipment is encrypted;Wherein:
The server is additionally operable to that the key element for being handed down to the equipment is encrypted, is specifically used for:
When sending key element to the equipment, a symmetric key is generated, is used in combination the symmetric key to the pass Key element is encrypted;Symmetric key described in public key encryption by the equipment.
Further, the equipment passes through when being additionally operable to receive the encrypted key element that the server is sent The encrypted key element is decrypted in the private key of the equipment, obtains symmetric key;Pass through the symmetric key solution Encrypted key element is opened, and this key element is stored to local non-erasable region, and/or new and old key element.
Specifically, this embodiment scheme is authenticated as base with current device activation and the HMAC that server is mutually authenticated Plinth, after authenticating successfully, equipment reads the key element being locally stored, and is sent to server, so that server closes this Key element is verified, if verifying successfully, issues the relevant informations such as number and configuration, and activation is verified next time Key element to equipment, after equipment receives key element success, this key element is stored, updates the key member stored before Element, and by the relevant informations write device such as number and configuration.If server verification failure, this activation of annunciator is lost It loses.
Specifically, in the present embodiment, by transmitting key element between equipment and server, device activation process is solved In, camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, ensures equipment normal users Safety, also avoid the invalid activation of server.
Wherein, the key element for verification that server issues is locally stored in equipment, as an implementation, The key element can be generated by server, and certainly, as another embodiment, which can also be by other equipment It generates and sends to server.The present embodiment is illustrated with key element by server generation.
Equipment carries out HMAC authentications with server first in activation.After authenticating successfully, equipment obtains local deposit The key element of storage is sent to the server, is verified to this key element by server.
Server verifies this key element after the key element for receiving equipment transmission, if verifying successfully, The relevant informations such as number and configuration are issued, and the key element that activation is verified next time, to equipment, equipment, which receives, closes After the success of key element, this key element is stored, updates the key element stored before, and the correlation such as number and configuration is believed Cease write device.If server verification failure, this activation failure of annunciator.
Wherein, in order to improve the storage security of key element, in the present embodiment, key that equipment can issue server Element is stored to local non-erasable region.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server HMAC authentication based on, after authenticate successfully, equipment reading store key element be sent to server, server is to this Key element is verified, if verifying successfully, issues the information such as number and configuration, and activate the pass verified next time Key element is to equipment, and after equipment receives key element success, this key element storage to non-erasable region is deposited before update The key element of storage, and number and configuration information write device are being reduced into server non-productive work using the present invention program While, also ensuring that user information is not leaked, thus the significant increase safety of user information solves in equipment, Camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, improves the safe to use of equipment Property.
More specifically, the process flow of equipment initial activation can be with as shown in figure 3, the place activated again in the present embodiment Managing flow can be as shown in Figure 4.
Further, in this embodiment key element is by server dynamic generation, specific key element generating algorithm can With in the following way:
First, obtain the MEID of the equipment, and extract the MEID of the equipment top N or it is rear N be used as seed, In, N is positive integer, for example can take 0;
The time range interacted with the server from preset time point to current device obtains random number, when described default Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Concrete example is as follows:
The MEID for obtaining the equipment is used as seed by six after the MEID of equipment, then with from 0 to current device with clothes Be engaged in device interaction time range obtain random number, the two take and as key element value.
It is directed to each MEID or same MEID in this way, the value for the key element that server issues every time is all that dynamic becomes Change.
Certainly, it should be noted that the generating algorithm of key element can not also be limited to aforesaid way in the present embodiment, this Embodiment is not especially limited this.
In addition it is also necessary to explanation, the transmission for key element, in order to avoid being cut in key element transmission process Take, in the present embodiment, between server and equipment the transmission of key element carried out encryption.
Wherein:The process that the key element for being handed down to the equipment is encrypted in server may include:
The server generates a symmetric key when sending key element to the equipment, is used in combination described symmetrical close The key element is encrypted in key;Later, symmetric key described in the public key encryption by the equipment.
In equipment side, when the equipment receives the encrypted key element that the server is sent, set by described The encrypted key element is decrypted in standby private key, obtains symmetric key;Again encrypted pass is unlocked with symmetric key Key element, and this key element is stored to local non-erasable region, new and old key element.
Process when device-to-server transmission key element is similar, and details are not described herein.
As a result, through the above scheme, all it is ciphertext in transmission process due to key element, can not be solved being intercepted It is close go out key element therefore, further ensure user information because private key is that each equipment is unique and be not leaked, greatly Improve the safety of user information.
The foregoing is merely the preferred embodiment of the present invention, are not intended to limit the scope of the invention, every utilization Equivalent structure made by description of the invention and accompanying drawing content or flow transformation, are applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (14)

1. a kind of Activiation method of equipment, which is characterized in that including:
The equipment carries out authentication in activation, with server and after authenticating successfully, obtains the key member being locally stored Element is sent to the server;
The server verifies the key element, after verifying successfully, issues the relevant information of the equipment to institute The key element carried, the relevant information is needed to include at least institute when stating equipment, and activation next time is issued to the equipment State the number and relevant configuration information of equipment;
The relevant information of reception is written locally the equipment, and updates the key element being locally stored.
2. according to the method described in claim 1, it is characterized in that, the equipment is reflected in activation with server After weighing successfully, further include before the step of obtaining the key element being locally stored, being sent to the server:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, the clothes Business device needs the key element carried when issuing activation next time to the equipment;
The key element that the equipment issues the server stores.
3. according to the method described in claim 2, it is characterized in that, the key element is stored in local non-erasable region.
4. according to the method described in claim 1, it is characterized in that, the key element is by the server dynamic generation, institute The step of stating server dynamic generation key element include:
The MEID of the equipment is obtained, and extracts the top N of the mobile device identification code MEID of the equipment or rear N conduct kind Son, wherein N is positive integer;
The time range interacted with the server from preset time point to current device obtains random number, the preset time point More than or equal to 0, it is less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
5. according to the described method of any one of claim 1-4, which is characterized in that passed between the server and the equipment Defeated key element is encrypted;Wherein:The key element for being handed down to the equipment is encrypted in the server The step of include:
The server generates a symmetric key, the symmetric key pair is used in combination when sending key element to the equipment The key element is encrypted;
Symmetric key described in public key encryption by the equipment.
6. according to the method described in claim 5, it is characterized in that, the equipment deposits the key element that the server issues The step of storage includes:
When the equipment receives the encrypted key element that the server is sent, by the private key of the equipment to described Encrypted key element is decrypted, and obtains symmetric key;
Encrypted key element is unlocked by the symmetric key, and this key element is stored to local non-erasable region, And/or new and old key element.
7. a kind of Activiation method of equipment, which is characterized in that including:
The equipment carries out authentication in activation, with server and after authenticating successfully, obtains the key member being locally stored Element is sent to the server;
The equipment receives the server and is verified to the key element, after verifying successfully, the equipment that issues Relevant information and the equipment need when activating next time the key element carried, the relevant information to include at least institute State the number and relevant configuration information of equipment;
The relevant information of reception is written locally the equipment, and updates the key element being locally stored.
8. the method according to the description of claim 7 is characterized in that the equipment is reflected in activation with server After weighing successfully, further include before the step of obtaining the key element being locally stored, being sent to the server:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, described to set The standby key element for needing to carry when activating next time for receiving the server and issuing;
The key element that the equipment issues the server stores.
9. method according to claim 7 or 8, which is characterized in that the pass transmitted between the server and the equipment Key element is encrypted;The step of equipment stores key element that the server issues include:
When the equipment receives the encrypted key element that the server is sent, by the private key of the equipment to described Encrypted key element is decrypted, and obtains symmetric key;
Encrypted key element is unlocked by the symmetric key, and this key element is stored to local non-erasable region, And/or new and old key element.
10. a kind of Activiation method of equipment, which is characterized in that including:
The server carries out authentication during the device activation, with the equipment and after authenticating successfully, described in reception The key element that equipment is sent;
The server verifies the key element, after verifying successfully, issues the relevant information of the equipment to institute The key element carried, the relevant information is needed to include at least institute when stating equipment, and activation next time is issued to the equipment The relevant information of reception is written locally by the equipment, and updates and be locally stored by the number and relevant configuration information for stating equipment Key element.
11. according to the method described in claim 10, it is characterized in that, the server during device activation, with The step of equipment carries out authentication and after authenticate successfully, the key element for receiving equipment transmission further include before:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, the clothes Business device needs the key element carried when issuing activation next time to the equipment, is issued the server by the equipment Key element stores.
12. according to the method for claim 11, which is characterized in that the key element by the server dynamic generation, The step of server dynamic generation key element includes:
The MEID of the equipment is obtained, and extracts the top N of the mobile device identification code MEID of the equipment or rear N conduct kind Son, wherein N is positive integer;
The time range interacted with the server from preset time point to current device obtains random number, the preset time point More than or equal to 0, it is less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
13. according to the method described in claim 10,11 or 12, which is characterized in that passed between the server and the equipment Defeated key element is encrypted;Wherein:The key element for being handed down to the equipment is encrypted in the server The step of include:
The server generates a symmetric key, the symmetric key pair is used in combination when sending key element to the equipment The key element is encrypted;
Symmetric key described in public key encryption by the equipment.
14. a kind of activation system of equipment, which is characterized in that including:Equipment and server;Wherein:
The equipment, in activation, carrying out authentication with server and after authenticating successfully, obtaining the pass being locally stored Key element is sent to the server;
The server after verifying successfully, issues the relevant information of the equipment for being verified to the key element To the equipment, and the key element that needs carry when activating next time is issued to the equipment, the relevant information is at least wrapped Include the number and relevant configuration information of the equipment;
The equipment is additionally operable to the relevant information that will be received write-in locally, and updates the key element being locally stored.
CN201710270409.9A 2017-04-21 2017-04-21 The Activiation method and system of equipment Pending CN108738011A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710270409.9A CN108738011A (en) 2017-04-21 2017-04-21 The Activiation method and system of equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710270409.9A CN108738011A (en) 2017-04-21 2017-04-21 The Activiation method and system of equipment

Publications (1)

Publication Number Publication Date
CN108738011A true CN108738011A (en) 2018-11-02

Family

ID=63933812

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710270409.9A Pending CN108738011A (en) 2017-04-21 2017-04-21 The Activiation method and system of equipment

Country Status (1)

Country Link
CN (1) CN108738011A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113050995A (en) * 2021-02-06 2021-06-29 广州朗国电子科技有限公司 Screen projection activation information storage method, screen projection equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113050995A (en) * 2021-02-06 2021-06-29 广州朗国电子科技有限公司 Screen projection activation information storage method, screen projection equipment and storage medium

Similar Documents

Publication Publication Date Title
CN108768988B (en) Block chain access control method, block chain access control equipment and computer readable storage medium
US11882442B2 (en) Handset identifier verification
CA2744971C (en) Secure transaction authentication
CN1323538C (en) A dynamic identity certification method and system
CN105847247A (en) Authentication system and working method thereof
CN108270571A (en) Internet of Things identity authorization system and its method based on block chain
US20040172536A1 (en) Method for authentication between a portable telecommunication object and a public access terminal
KR20170139093A (en) A method for a network access device to access a wireless network access point, a network access device, an application server, and a non-volatile computer readable storage medium
CN108418691A (en) Dynamic network identity identifying method based on SGX
CN101641976A (en) An authentication method
CN108683510A (en) A kind of user identity update method of encrypted transmission
CN105099690A (en) OTP and user behavior-based certification and authorization method in mobile cloud computing environment
CN105323754B (en) A kind of distributed method for authenticating based on wildcard
CN108024243B (en) A kind of eSIM is caught in Network Communication method and its system
US9398024B2 (en) System and method for reliably authenticating an appliance
CN101990201B (en) Method, system and device for generating general bootstrapping architecture (GBA) secret key
CN107026823A (en) Applied to the access authentication method and terminal in WLAN WLAN
CN108769029A (en) It is a kind of to application system authentication device, method and system
Khan et al. Offline OTP based solution for secure internet banking access
CN109587683B (en) Method and system for preventing short message from being monitored, application program and terminal information database
CN110519222A (en) Outer net access identity authentication method and system based on disposable asymmetric key pair and key card
CN110493177A (en) Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system
CN109981677A (en) A kind of credit management method and device
CN107888376B (en) NFC authentication system based on quantum communication network
CN110098925A (en) Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20181102