CN108810894B - Terminal authorization method, device, computer equipment and storage medium - Google Patents

Terminal authorization method, device, computer equipment and storage medium Download PDF

Info

Publication number
CN108810894B
CN108810894B CN201810546442.4A CN201810546442A CN108810894B CN 108810894 B CN108810894 B CN 108810894B CN 201810546442 A CN201810546442 A CN 201810546442A CN 108810894 B CN108810894 B CN 108810894B
Authority
CN
China
Prior art keywords
server
request
terminal
private key
authorization
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810546442.4A
Other languages
Chinese (zh)
Other versions
CN108810894A (en
Inventor
王海为
章政兴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kangjian Information Technology Shenzhen Co Ltd
Original Assignee
Kangjian Information Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kangjian Information Technology Shenzhen Co Ltd filed Critical Kangjian Information Technology Shenzhen Co Ltd
Priority to CN201810546442.4A priority Critical patent/CN108810894B/en
Publication of CN108810894A publication Critical patent/CN108810894A/en
Application granted granted Critical
Publication of CN108810894B publication Critical patent/CN108810894B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The application relates to a terminal authorization method, a terminal authorization device, computer equipment and a storage medium. The method comprises the following steps: receiving an application program starting instruction; reading a private key and a channel identifier from a preset folder corresponding to an application program starting instruction, acquiring current local time, and splicing the private key, the channel identifier and the current local time into a verification request; transmitting the verification request to a server, and receiving an authorization code corresponding to the verification request transmitted by the server; and carrying out data interaction with the server according to the authorization code. By adopting the method, the third party equipment of all hardware manufacturers can be supported without the need of the hardware manufacturers to be matched with the application programs supported by the server.

Description

Terminal authorization method, device, computer equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a terminal authorization method, a device, a computer device, and a storage medium.
Background
With the rapid development of modern network technology, data interaction between a server and third party hardware is often required through application programs.
Conventionally, the third party hardware is forcibly bound with the application program supported by the server to be normally used, however, the application program supported by the server is difficult to be adapted to hardware factories of all third party devices, and for some third party devices which are not adapted to the application program, the authorization of the server cannot be realized, so that the application program cannot be used.
Disclosure of Invention
Based on this, it is necessary to provide a terminal authorization method, device, computer equipment and storage medium capable of ensuring normal operation of an application program in view of the above technical problems.
A terminal authorization method, the method comprising:
receiving an application program starting instruction;
reading a private key and a channel identifier from a preset folder corresponding to the application program starting instruction, acquiring current local time, and splicing the private key, the channel identifier and the current local time into a verification request;
the verification request is sent to a server, and an authorization code corresponding to the verification request sent by the server is received;
and carrying out data interaction with the server according to the authorization code.
In one embodiment, the data interaction with the server according to the authorization code includes:
receiving an input data request instruction;
generating a data reading request according to the data request instruction and the authorization code;
and sending the data reading request to the server, and acquiring data corresponding to the data reading request returned by the server.
In one embodiment, after the sending the data read request to the server, the method further includes:
receiving an authorization failure message of the authorization code returned by the server;
when an input re-verification instruction aiming at the authorization failure message is received, the private key and the channel identifier are read from a preset folder corresponding to the application program starting instruction, and the current local time is read.
In one embodiment, the injection manner of the private key and the channel identifier includes:
receiving an injection request of a hardware manufacturer;
newly establishing a preset folder in a system folder of the terminal according to the injection request;
the channel identification and the private key sent by the hardware manufacturer are obtained, and the channel identification and the private key are generated by the server according to an authentication channel of the hardware manufacturer;
and storing the channel identification and the private key in the preset folder.
In one embodiment, after the authentication request is sent to the server, the method further includes:
and receiving the failure message sent by the server and displaying the failure message.
In one embodiment, the sending the authentication request to the server includes:
encrypting the verification request according to a preset encryption rule;
and sending the encrypted verification request to a server.
A terminal authorization device, the device comprising:
the triggering module is used for receiving an application program starting instruction;
the request generation module is used for reading a private key and a channel identifier from a preset folder corresponding to the application program starting instruction, acquiring current local time and splicing the private key, the channel identifier and the current local time into a verification request;
the authorization code acquisition module is used for sending the verification request to a server and receiving an authorization code corresponding to the verification request sent by the server;
and the data interaction module is used for carrying out data interaction with the server according to the authorization code.
In one embodiment, the data interaction module includes:
an instruction receiving unit for receiving an input data request instruction;
a request generating unit, configured to generate a data reading request according to the data request instruction and the authorization code;
and the data interaction unit is used for sending the data reading request to the server and acquiring data corresponding to the data reading request returned by the server.
A computer device comprising a memory storing a computer program and a processor implementing the steps of any one of the methods described above when the processor executes the computer program.
A computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method of any of the preceding claims.
After the program is started, the method, the device, the computer equipment and the storage medium for terminal authorization can automatically read the private key and the channel identifier which are injected in advance by the hardware manufacturer of the terminal in the folder through the program, splice the content and the current local time into a verification request, encrypt the verification request, send the verification request to the server to request the server to authorize the terminal, and allow the terminal to perform data interaction with the server. The private key and the channel identifier which are injected in advance by the hardware manufacturer of the terminal in the folder are used as the generation basis of the verification request, and the hardware manufacturer does not need to be matched with the application program supported by the server, so that the third party equipment of all the hardware manufacturers can be supported.
Drawings
FIG. 1 is an application scenario diagram of a terminal authorization method in one embodiment;
FIG. 2 is a flow chart of a terminal authorization method in one embodiment;
FIG. 3 is a flow diagram of a method of injecting a private key and a terminal identifier in one embodiment;
FIG. 4 is a block diagram of a terminal authorization device in one embodiment;
fig. 5 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The terminal authorization method provided by the application can be applied to an application environment shown in figure 1. The terminal and the server communicate through a network. After receiving an application program starting instruction, the terminal automatically reads a private key and a channel identifier which are injected in advance by a hardware manufacturer of the terminal in a folder through the program, splices the content and the current local time into a verification request, encrypts the verification request, and sends the verification request to a server to request the server to authorize the terminal, so that the terminal and the server are allowed to perform data interaction. The terminal may be, but not limited to, various personal computers, notebook computers, smartphones, tablet computers and portable wearable devices, and the server may be implemented by a separate server or a server cluster formed by a plurality of servers.
In one embodiment, as shown in fig. 2, a terminal authorization method is provided, and the method is applied to the terminal in fig. 1 for illustration, and includes the following steps:
s202, receiving an application program starting instruction.
The application program starting instruction is an instruction for running an application program on the terminal, and can be an instruction for operating a user of the terminal to click an icon or a notification bar corresponding to the terminal interface application program, and the terminal starts the application program on the terminal according to the application program starting instruction.
Specifically, the terminal receives an application program starting instruction input by a user through clicking an icon corresponding to the terminal interface application program or an instruction of a notification bar, and the terminal starts to run the corresponding application program.
S204, reading the private key and the channel identifier from the preset folder corresponding to the application program starting instruction, obtaining the current local time, and splicing the private key, the channel identifier and the current local time into a verification request.
The preset folder is an address preset in the terminal by a hardware manufacturer of the terminal and used for storing the private key and the terminal identifier, and can be a folder in a local storage disk on the terminal.
The private key is information which is assigned to the hardware manufacturer by the server and used for allowing the equipment of the hardware manufacturer to perform data interaction with the server; such as a string of server generated characters.
The terminal identification is information for displaying a channel of the terminal accessing the server; information of the hardware vendor and the type of protocol between the hardware vendor and the system represented by the server, etc. If the terminal is a device for retail pharmaceutical products, the terminal identification may be generated based on the hardware brand of the terminal and the retail channel identification.
The verification information is information for requesting authorization from the server by the terminal, and is formed by splicing the private key, the channel identifier and the current local time.
Specifically, after the terminal runs the application program, the terminal can perform data interaction with the server through the authorization of the server, and the method for requesting the server to authorize the terminal is that a private key and a channel identifier which are injected by a hardware manufacturer are read from a preset file corresponding to an application program starting instruction, then the current local time on the terminal is read through network equipment or other timing equipment of the terminal, and the three information are spliced into an authentication request for requesting the server to authorize the terminal according to the authentication request.
S206, sending the verification request to the server, and receiving an authorization code corresponding to the verification request sent by the server.
The authorization code is information for data interaction sent to the terminal after the server requests the authorization through the terminal, and can be a string of character strings for each terminal, etc.
Specifically, the terminal sends the verification request generated in step S204 to the server, requests the server to authorize the terminal, and if the verification request of the server to the terminal passes the verification, the terminal passes the authorization of the server, and the server sends an authorization code for data interaction to the terminal.
And S208, performing data interaction with the server according to the authorization code.
Specifically, after the server authorizes the terminal, the terminal can perform data interaction with the server, and the terminal reads corresponding data from the server according to a data request input by a user.
The scheme terminal is a third party device which needs to be authorized through a server, such as an external medicine selling device which needs to carry out data interaction with a medical server, and is only supplied to special occasions such as a fixed pharmacy, and the terminal such as the external medicine selling device has the limitation and pertinence of the use occasions, so that a private key which is allocated to the hardware manufacturer by the server and a terminal identifier for displaying information of a channel of the terminal accessing the server are required to be injected into a preset folder of the terminal through the hardware manufacturer, and the specificity of a verification request generated by the terminal in the scheme is ensured.
According to the terminal authorization method, after the program is started, the private key and the channel identifier which are injected in advance by the hardware manufacturer of the terminal in the folder can be automatically read through the program, the content and the current local time are spliced into the verification request, the verification request is encrypted and sent to the server to request the server to authorize the terminal, and the terminal and the server are allowed to perform data interaction. The private key and the channel identifier which are injected in advance by the hardware manufacturer of the terminal in the folder are used as the generation basis of the verification request, and the hardware manufacturer does not need to be matched with the application program supported by the server, so that the third party equipment of all the hardware manufacturers can be supported.
In one embodiment, the data interaction with the server according to the authorization code includes: receiving an input data request instruction; generating a data reading request according to the data request instruction and the authorization code; and sending the data reading request to the server, and acquiring data corresponding to the data reading request returned by the server.
The data request instruction is information which is sent to the server by the terminal and used for reading or downloading data on the server; the information input by the user using the terminal through the input device of the terminal may be, for example, the name of a medicine and keywords such as "get indication" if the user using the terminal wants to get indication information of a certain medicine from the server.
The data reading request is request information generated by the terminal according to the data request instruction, for example, the content of the data request instruction is spliced with the authorization code to generate information which can be identified by a server.
Specifically, after the terminal passes the authorization of the server, the terminal can perform data interaction with the server, before the terminal reads the corresponding data of the server according to the data request instruction input by the user, the data request instruction and the authorization code are combined to generate a data reading request through an application program, after the server receives the data reading request sent by the terminal, if the authorization code is valid, the server acquires the data corresponding to the data reading request and sends the data to the terminal, and the data interaction is completed.
Optionally, if the terminal receives the return data of the server, and if the return data of the server is an installable package, the installable package of the installable program can be ensured not to be tampered by verifying the signature information of the package. The terminal can obtain the signature of the installation package of the plug-in to be updated from the server, then calculates the hash value of the signature according to the hash value calculation mode, compares the hash value with the hash value extracted from the installation package, and if the hash values are the same, the signature information verification is successful, so that the installation package is not tampered.
In the above embodiment, each time the terminal performs data interaction with the server, the data sent from the terminal needs to be processed by the application program to carry the authorization code, and the server needs to identify the authorization code before returning the data requested by the terminal to the terminal. Through the operation, the safety of data interaction between the terminal and the server is ensured, and data leakage is avoided.
In one embodiment, after sending the data read request to the server, the method further comprises: receiving an authorization invalidation message of an authorization code returned by the server; when an input re-verification instruction aiming at the authorization failure message is received, the private key and the channel identifier are read from a preset folder corresponding to the application program starting instruction, and the current local time is read.
The authorization invalidation message is information that the server informs the terminal that the authorization code is invalidated; such as information that the authorization code has exceeded the lifetime.
The re-authentication instruction is an instruction for starting the terminal to request the server authorization again, and may be an instruction for re-authentication of the user for information input that the authorization code is invalid.
Specifically, after receiving the data reading request of the terminal, the server verifies the authorization code in the data request a priori, and when the authorization code is found to be invalid, the server sends an authorization failure message to the terminal, and after receiving the authorization failure message, the terminal needs to authorize the server again, then the data interaction can be continuously executed. The terminal displays the authorization failure message to the user, the user selects whether to request the server to authorize the terminal again, if the user agrees, a re-authentication instruction is input to the terminal, the terminal executes the steps of reading the private key and the channel identifier in the preset folder corresponding to the application program starting instruction and reading the current local time again according to the re-authentication instruction, and the authentication request is regenerated until the server sends a new authorization code to the terminal, and the terminal can perform data interaction with the server according to the new authorization code.
Optionally, in the above scheme, the authorization code that the server allows the terminal to access has timeliness, and when the authorization code exceeds the service life, the authorization code fails, and the server needs to authorize the terminal again, so that the terminal can perform data interaction with the server. Or when a certain terminal has illegal operation, the server can avoid the terminal to continue the illegal operation by disabling the authorization code of the terminal.
In the above embodiment, the server can manage the terminals accessing the server through the authorization code, so that the flexibility of the server for managing all the terminals connected with the server is improved.
In one embodiment, referring to fig. 3, the injection manner of the private key and the channel identifier includes:
s302, receiving an injection request of a hardware manufacturer.
Specifically, the hardware manufacturer wants the terminal to send an injection request, and injects the channel identifier and the private key into the terminal, for example, the hardware manufacturer sends information that requires modification of the local storage area of the terminal to the terminal.
Optionally, the terminal may verify login information of the hardware vendor, such as a user name and a password, and only allow the hardware vendor to access the local storage area of the terminal after the verification is successful.
S304, newly establishing a preset folder in the system folder of the terminal according to the injection request.
Specifically, after the hardware manufacturer enters the local storage area of the terminal, a preset folder is newly built in the system folder of the terminal, and the preset folder is used for storing the channel identifier and the private key to be injected. The reason for selecting the system folder is that when the terminal is not entitled, the content in the system file is not modified, only the user using the terminal is allowed to access in a read-only manner, and the security is higher.
S306, obtaining a channel identifier and a private key sent by a hardware manufacturer, wherein the channel identifier and the private key are generated by a server according to an authentication channel of the hardware manufacturer.
Wherein the authentication channel is a protocol type between the hardware manufacturer and the server, such as retail, direct sales, etc.
Specifically, the private key is information assigned to the hardware manufacturer by the server and used for allowing the data interaction between the equipment of the hardware manufacturer and the server, and the terminal identification is information generated according to the brand of the hardware manufacturer, the model of the equipment and the like and the protocol type between the hardware manufacturer and the server. The hardware manufacturer sends the private key and the terminal identification to the terminal.
S308, storing the channel identification and the private key in a preset folder.
Specifically, after receiving the private key and the terminal identifier sent by the hardware manufacturer, the terminal stores the private key and the terminal identifier in a newly built preset folder in the system file for terminal authorization.
In the above embodiment, only the hardware manufacturer having the authority to modify the local storage area information of the terminal can inject the channel identifier and the private key into the system folder of the terminal by the method, thereby overcoming the randomness of the terminal authorization mode of distributing the registration information by the server in the prior art and improving the security of the terminal authorization method in authorizing the terminal with a small range.
In one embodiment, after sending the authentication request to the server, the method further includes: and receiving the failure message sent by the server and displaying the failure message.
Specifically, when the encrypted verification application sent to the server by the terminal cannot pass the verification of the server, the server sends a failure message of verification failure to the terminal, wherein the failure message can include a related message of verification failure, and a user of the terminal can perform corresponding processing on the program, such as upgrading the application program, according to the failure message.
In the above embodiment, if the server fails to authorize the terminal according to the authentication request sent by the terminal, the terminal displays the failure message on the display interface, so that the user operating the terminal can solve the problem in terminal authorization according to the failure message.
In one embodiment, sending the authentication request to the server includes: encrypting the verification request according to a preset encryption rule; and sending the encrypted verification request to a server.
Wherein the preset encryption rule is an algorithm for encrypting the authentication request, and the server can identify the encryption algorithm, such as an RSA algorithm (an asymmetric cryptographic algorithm).
Specifically, before the terminal sends the verification request to the server, the verification request may be encrypted according to a preset encryption rule, and then the encrypted verification request is sent to the server. And for the server side: and acquiring an encrypted verification request sent by the terminal, decrypting the encrypted verification request according to a decryption rule corresponding to a preset encryption rule, acquiring an authorization code corresponding to the terminal, and sending the authorization code to the terminal to complete the authorization of the terminal.
In the embodiment, the terminal encrypts the verification request to be sent to the server through the preset encryption rule, so that the verification request is prevented from being revealed or tampered halfway, and the security of the terminal during authorization is improved.
For example, if the terminal in the method is a retail device provided by a hardware manufacturer for a company a and running an android operating system, the step of injecting the private key and the terminal identifier into the terminal by the company a includes: and (3) operating hardware of the android operating system, and creating a folder in the internal storage device of the terminal by default: the system/etc/, this folder is used to store system hardware critical information, whose operational attributes only allow reading. The terminal creates a preset folder under the system/etc/this folder by using the rights of the hardware manufacturer. Storing two files in the preset folder, wherein a private key, namely a group of passwords, is stored in the first file, and the first file exists in a character string form; the second file stores the terminal identification, i.e. the information of the channel of the terminal accessing the server, in the form of a character string.
Company a provides an authorized SDK (Software Development Kit software development kit) that the terminal installs locally, on the terminal the following steps: reading a private key and a terminal identifier in a preset file, wherein the reading step can be realized through a java (a computer programming language) standard interface FileInputStream; the hardware serial number of the terminal is read, and the serial number reading method comprises the following steps: accessing android.os.SystemProperties (classes used for acquiring and setting system attributes in an android system) through a Java reflection mechanism, and filtering out a hardware serial number through two character strings of ro.boot.servano and ro.servano (device number); reading the local time of the terminal, and acquiring the system time by using a java interface, wherein the time unit is millisecond; and combining and splicing the obtained private key, the terminal identifier and the local time to form a new character string, namely an authentication request, encrypting the authentication request by using an RSA algorithm, generating an encrypted authentication request, transmitting the encrypted authentication request to a server, and carrying the equipment serial number and login information in authentication request information transmitted by the terminal.
The server receives the encrypted verification request sent by the terminal and generates a corresponding authorization code, and the method comprises the following steps: the server receives the encrypted verification request and decrypts the verification request based on an RSA algorithm; verifying the private key and checking the protocol type corresponding to the terminal identifier; if the authentication is passed, the server generates an authorization code for the terminal according to the equipment serial number, the terminal identification, the local time and the login information of the terminal access server of the terminal sending the authentication request, and sends the authorization code to a website preset by the company A.
The terminal accesses the website preset by the A company through the SDK, acquires the authorization code from the website, and stores the authorization code in the SDK of the terminal. When the terminal needs to interact with the server, an authorization code is added to the data to be sent to the server by the terminal through the SDK for identification.
It should be understood that, although the steps in the flowcharts of fig. 2 to 3 are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in fig. 2-3 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the sub-steps or stages are performed necessarily occur sequentially, but may be performed alternately or alternately with at least a portion of other steps or sub-steps or stages of other steps.
In one embodiment, as shown in fig. 4, there is provided a terminal authorization device, including: the system comprises a triggering module 100, a request generating module 200, an authorization code obtaining module 300 and a data interaction module 400, wherein:
the triggering module 100 is configured to receive an application program start instruction.
The request generating module 200 is configured to read the private key and the channel identifier from a preset folder corresponding to the application program start instruction, obtain the current local time, and splice the private key, the channel identifier and the current local time into a verification request.
The authorization code obtaining module 300 is configured to send the verification request to the server, and receive an authorization code corresponding to the verification request sent by the server.
And the data interaction module 400 is used for carrying out data interaction with the server according to the authorization code.
In one embodiment, the data interaction module 400 in the terminal authorization device may include:
and the instruction receiving unit is used for receiving the input data request instruction.
And the request generating unit is used for generating a data reading request according to the data request instruction and the authorization code.
And the data interaction unit is used for sending the data reading request to the server and acquiring data corresponding to the data reading request returned by the server.
In one embodiment, the terminal authorization device may further include:
and the authorization failure module is used for receiving an authorization failure message of the authorization code returned by the server.
And the re-verification module is used for continuously executing the reading of the private key and the channel identifier in the preset folder corresponding to the application program starting instruction and reading the current local time when receiving the input re-verification instruction aiming at the authorization failure message.
In one embodiment, the terminal authorization device may further include:
and the injection request module is used for receiving the injection request of the hardware manufacturer.
And the injection preparation module is used for newly establishing a preset folder in the system folder of the terminal according to the injection request.
The injection information acquisition module is used for acquiring channel identifiers and private keys sent by hardware manufacturers, wherein the channel identifiers and the private keys are generated by the server according to authentication channels of the hardware manufacturers.
And the storage module is used for storing the channel identification and the private key in a preset folder.
In one embodiment, the terminal authorization device may further include:
and the verification failure module is used for receiving the failure message sent by the server and displaying the failure message.
In one embodiment, the authorization code obtaining module 300 of the terminal authorization device may include:
and the encryption unit is used for encrypting the verification request according to a preset encryption rule.
And the sending unit is used for sending the encrypted verification request to the server.
For specific limitations of the terminal authorization device, reference may be made to the above limitation of the terminal authorization method, and the description thereof will not be repeated here. The respective modules in the terminal authorization device described above may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a terminal, and the internal structure of which may be as shown in fig. 5. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a terminal authorization method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the architecture shown in FIG. 5 is a block diagram of only some of the architecture relevant to the present inventive arrangements and is not limiting as to the computer device to which the present inventive arrangements may be implemented, a particular computer device may include more or less components than those shown, or may combine some of the components, or have a different arrangement of components
In one embodiment, a computer device is provided comprising a memory storing a computer program and a processor that when executing the computer program performs the steps of: receiving an application program starting instruction; reading a private key and a channel identifier from a preset folder corresponding to an application program starting instruction, acquiring current local time, and splicing the private key, the channel identifier and the current local time into a verification request; transmitting the verification request to a server, and receiving an authorization code corresponding to the verification request transmitted by the server; and carrying out data interaction with the server according to the authorization code.
In one embodiment, the data interaction with the server according to the authorization code implemented when the processor executes the computer program may include: receiving an input data request instruction; generating a data reading request according to the data request instruction and the authorization code; and sending the data reading request to the server, and acquiring data corresponding to the data reading request returned by the server.
In one embodiment, after the data read request is sent to the server, which is implemented when the processor executes the computer program, the method may further include: receiving an authorization invalidation message of an authorization code returned by the server; when an input re-verification instruction aiming at the authorization failure message is received, the private key and the channel identifier are read from a preset folder corresponding to the application program starting instruction, and the current local time is read.
In one embodiment, the injection of the private key and the channel identifier implemented by the processor when executing the computer program may include: receiving an injection request of a hardware manufacturer; newly establishing a preset folder in a system folder of the terminal according to the injection request; obtaining a channel identifier and a private key sent by a hardware manufacturer, wherein the channel identifier and the private key are generated by a server according to an authentication channel of the hardware manufacturer; storing the channel identification and the private key in a preset folder.
In one embodiment, after the verification request is sent to the server, which is implemented when the processor executes the computer program, the method may further include: and receiving the failure message sent by the server and displaying the failure message.
In one embodiment, sending the authentication request to the server, which is implemented when the processor executes the computer program, may include: encrypting the verification request according to a preset encryption rule; and sending the encrypted verification request to a server.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of: receiving an application program starting instruction; reading a private key and a channel identifier from a preset folder corresponding to an application program starting instruction, acquiring current local time, and splicing the private key, the channel identifier and the current local time into a verification request; transmitting the verification request to a server, and receiving an authorization code corresponding to the verification request transmitted by the server; and carrying out data interaction with the server according to the authorization code.
In one embodiment, the data interaction with the server according to the authorization code, which is implemented when the computer program is executed by the processor, may include: receiving an input data request instruction; generating a data reading request according to the data request instruction and the authorization code; and sending the data reading request to the server, and acquiring data corresponding to the data reading request returned by the server.
In one embodiment, after the computer program is executed by the processor to send the data read request to the server, the method may further include: receiving an authorization invalidation message of an authorization code returned by the server; when an input re-verification instruction aiming at the authorization failure message is received, the private key and the channel identifier are read from a preset folder corresponding to the application program starting instruction, and the current local time is read.
In one embodiment, the injection of the private key and the channel identifier, which is implemented when the computer program is executed by the processor, may include: receiving an injection request of a hardware manufacturer; newly establishing a preset folder in a system folder of the terminal according to the injection request; obtaining a channel identifier and a private key sent by a hardware manufacturer, wherein the channel identifier and the private key are generated by a server according to an authentication channel of the hardware manufacturer; storing the channel identification and the private key in a preset folder.
In one embodiment, after the computer program is executed by the processor to send the authentication request to the server, the method may further include: and receiving the failure message sent by the server and displaying the failure message.
In one embodiment, sending the authentication request to the server, which is implemented when the computer program is executed by the processor, may include: encrypting the verification request according to a preset encryption rule; and sending the encrypted verification request to a server.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.

Claims (10)

1. A terminal authorization method, the method comprising:
receiving an application program starting instruction;
reading a private key and a channel identifier from a preset folder corresponding to the application program starting instruction, acquiring current local time, and splicing the private key, the channel identifier and the current local time into a verification request; the private key is used for allowing the equipment of the hardware manufacturer to perform data interaction with the server;
the verification request is sent to a server, and an authorization code corresponding to the verification request sent by the server is received;
performing data interaction with the server according to the authorization code;
the injection mode of the private key and the channel identifier comprises the following steps:
receiving an injection request of a hardware manufacturer;
newly establishing a preset folder in a system folder of the terminal according to the injection request;
the channel identification and the private key sent by the hardware manufacturer are obtained, and the channel identification and the private key are generated by the server according to an authentication channel of the hardware manufacturer; the certification channel includes retail or direct sales;
and storing the channel identification and the private key in the preset folder.
2. The method of claim 1, wherein the data interaction with the server according to the authorization code comprises:
receiving an input data request instruction;
generating a data reading request according to the data request instruction and the authorization code;
and sending the data reading request to the server, and acquiring data corresponding to the data reading request returned by the server.
3. The method of claim 1, wherein after the sending the data read request to the server, further comprising:
receiving an authorization failure message of the authorization code returned by the server;
when an input re-verification instruction aiming at the authorization failure message is received, the private key and the channel identifier are read from a preset folder corresponding to the application program starting instruction, and the current local time is read.
4. The method of claim 1, wherein after sending the authentication request to a server, further comprising:
and receiving the failure message sent by the server and displaying the failure message.
5. The method of claim 1, wherein the sending the authentication request to a server comprises:
encrypting the verification request according to a preset encryption rule;
and sending the encrypted verification request to a server.
6. A terminal authorization device, the device comprising:
the triggering module is used for receiving an application program starting instruction;
the request generation module is used for reading a private key and a channel identifier from a preset folder corresponding to the application program starting instruction, acquiring current local time and splicing the private key, the channel identifier and the current local time into a verification request; the private key is used for allowing the equipment of the hardware manufacturer to perform data interaction with the server;
the authorization code acquisition module is used for sending the verification request to a server and receiving an authorization code corresponding to the verification request sent by the server;
the data interaction module is used for carrying out data interaction with the server according to the authorization code;
the injection request module is used for receiving an injection request of a hardware manufacturer;
the injection preparation module is used for newly establishing a preset folder in a system folder of the terminal according to the injection request;
the injection information acquisition module is used for acquiring the channel identifier and the private key sent by the hardware manufacturer, wherein the channel identifier and the private key are generated by the server according to an authentication channel of the hardware manufacturer; the certification channel includes retail or direct sales;
and the storage module is used for storing the channel identifier and the private key in the preset folder.
7. The apparatus of claim 6, wherein the data interaction module comprises:
an instruction receiving unit for receiving an input data request instruction;
a request generating unit, configured to generate a data reading request according to the data request instruction and the authorization code;
and the data interaction unit is used for sending the data reading request to the server and acquiring data corresponding to the data reading request returned by the server.
8. The apparatus of claim 6, wherein the device comprises a plurality of sensors,
the authorization failure module is used for receiving an authorization failure message of the authorization code returned by the server;
and the re-verification module is used for continuously executing the reading private key and channel identifier in the preset folder corresponding to the application program starting instruction when receiving the input re-verification instruction aiming at the authorization failure message, and reading the current local time.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 5 when the computer program is executed.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 5.
CN201810546442.4A 2018-05-31 2018-05-31 Terminal authorization method, device, computer equipment and storage medium Active CN108810894B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810546442.4A CN108810894B (en) 2018-05-31 2018-05-31 Terminal authorization method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810546442.4A CN108810894B (en) 2018-05-31 2018-05-31 Terminal authorization method, device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN108810894A CN108810894A (en) 2018-11-13
CN108810894B true CN108810894B (en) 2023-08-25

Family

ID=64089640

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810546442.4A Active CN108810894B (en) 2018-05-31 2018-05-31 Terminal authorization method, device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN108810894B (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109766316A (en) * 2018-12-18 2019-05-17 深圳壹账通智能科技有限公司 File acquisition method, device, computer equipment and storage medium
CN109740306B (en) * 2018-12-27 2021-03-16 苏州思必驰信息科技有限公司 Method and device for authorizing application software based on mixed scheme
CN110097448A (en) * 2019-03-19 2019-08-06 平安普惠企业管理有限公司 Channel side cut-in method, device, equipment and storage medium based on open platform
CN110233857B (en) * 2019-06-28 2022-04-15 深圳开立生物医疗科技股份有限公司 Ultrasonic equipment authorization method, system, equipment and computer storage medium
CN110543448A (en) * 2019-07-22 2019-12-06 深圳壹账通智能科技有限公司 data synchronization method, device, equipment and computer readable storage medium
CN110610360B (en) * 2019-09-09 2022-03-18 飞天诚信科技股份有限公司 Hardware wallet binding authorization method and device
CN110851805A (en) * 2019-10-14 2020-02-28 深圳市非零无限科技有限公司 Method, system and readable storage medium for verifying user access authorization by SDK
CN110990073B (en) * 2019-11-13 2023-09-29 北京城市网邻信息技术有限公司 Method and device for verifying customization requirements of application program
CN111159657A (en) * 2019-11-22 2020-05-15 深圳智链物联科技有限公司 Application program authentication method and system
CN110990796B (en) * 2019-11-26 2022-02-11 广州至真信息科技有限公司 Application processing method and device, application server and storage medium
CN111125677A (en) * 2019-12-24 2020-05-08 苏州思必驰信息科技有限公司 Equipment authorization method and system
CN111666564B (en) * 2020-05-14 2024-02-02 平安科技(深圳)有限公司 Application program safe starting method and device, computer equipment and storage medium
CN112887099B (en) * 2021-01-11 2023-05-16 深圳市新国都支付技术有限公司 Data signing method, electronic device and computer readable storage medium
CN112910867B (en) * 2021-01-21 2022-11-04 四三九九网络股份有限公司 Double verification method for trusted equipment to access application
CN113538777B (en) * 2021-06-25 2022-10-18 合肥美的智能科技有限公司 Authorization method, intelligent container, server and computer storage medium
CN114036491A (en) * 2021-11-25 2022-02-11 京东方科技集团股份有限公司 Software management method, system and storage medium
CN114357386A (en) * 2021-11-30 2022-04-15 北京旷视科技有限公司 Software authorization method and device
CN115017478A (en) * 2022-04-21 2022-09-06 江苏康众汽配有限公司 Method and system for safely controlling login of company background application
CN115037521B (en) * 2022-05-11 2024-02-02 广州小马智卡科技有限公司 Service data verification method, device, computer equipment and storage medium
CN115859230B (en) * 2023-02-27 2023-04-25 深圳市启明智显科技有限公司 Authorization management system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104539589A (en) * 2014-12-10 2015-04-22 华为软件技术有限公司 Authorization method, server and client
CN105635062A (en) * 2014-10-31 2016-06-01 腾讯科技(上海)有限公司 Network access equipment verification method and device
CN105897679A (en) * 2015-12-04 2016-08-24 乐视致新电子科技(天津)有限公司 Communication method and device
CN106096336A (en) * 2016-06-13 2016-11-09 北京京东尚科信息技术有限公司 Software anti-crack method and system
CN107707678A (en) * 2017-11-22 2018-02-16 上海斐讯数据通信技术有限公司 A kind of router realizes the method and system of remote data transmission

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9942229B2 (en) * 2014-10-03 2018-04-10 Gopro, Inc. Authenticating a limited input device via an authenticated application

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105635062A (en) * 2014-10-31 2016-06-01 腾讯科技(上海)有限公司 Network access equipment verification method and device
CN104539589A (en) * 2014-12-10 2015-04-22 华为软件技术有限公司 Authorization method, server and client
CN105897679A (en) * 2015-12-04 2016-08-24 乐视致新电子科技(天津)有限公司 Communication method and device
CN106096336A (en) * 2016-06-13 2016-11-09 北京京东尚科信息技术有限公司 Software anti-crack method and system
CN107707678A (en) * 2017-11-22 2018-02-16 上海斐讯数据通信技术有限公司 A kind of router realizes the method and system of remote data transmission

Also Published As

Publication number Publication date
CN108810894A (en) 2018-11-13

Similar Documents

Publication Publication Date Title
CN108810894B (en) Terminal authorization method, device, computer equipment and storage medium
CN109684790B (en) Software starting method, software authorization verification method, device and storage medium
CN111327643B (en) Multi-party data sharing method and device
US9148415B2 (en) Method and system for accessing e-book data
TWI598814B (en) System and method for managing and diagnosing a computing device equipped with unified extensible firmware interface (uefi)-compliant firmware
US8417964B2 (en) Software module management device and program
US8407481B2 (en) Secure apparatus and method for protecting integrity of software system and system thereof
WO2015184891A1 (en) Security management and control method, apparatus, and system for android system
EP2251810B1 (en) Authentication information generation system, authentication information generation method, and authentication information generation program utilizing a client device and said method
CN101523399A (en) Methods and systems for modifying an integrity measurement based on user athentication
CN113553572A (en) Resource information acquisition method and device, computer equipment and storage medium
CN109150811B (en) Method and device for realizing trusted session and computing equipment
US20220092155A1 (en) Protecting an item of software
WO2022052665A1 (en) Wireless terminal and interface access authentication method for wireless terminal in uboot mode
US10771249B2 (en) Apparatus and method for providing secure execution environment for mobile cloud
KR101711024B1 (en) Method for accessing temper-proof device and apparatus enabling of the method
CN114448722A (en) Cross-browser login method and device, computer equipment and storage medium
CN114239000A (en) Password processing method, device, computer equipment and storage medium
CN113177200A (en) Application package management method and device, computer equipment and storage medium
JP6741236B2 (en) Information processing equipment
US11340801B2 (en) Data protection method and electronic device implementing data protection method
CN116089967B (en) Data rollback prevention method and electronic equipment
KR20240006658A (en) How to secure your use of the software
CN113326480A (en) Authorization verification method, device, medium and equipment for application program
CN115795424A (en) Port control method, system, computer device and computer-readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant