CN110071908B - Terminal binding method and device, computer equipment and storage medium - Google Patents

Terminal binding method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN110071908B
CN110071908B CN201910190549.4A CN201910190549A CN110071908B CN 110071908 B CN110071908 B CN 110071908B CN 201910190549 A CN201910190549 A CN 201910190549A CN 110071908 B CN110071908 B CN 110071908B
Authority
CN
China
Prior art keywords
information
terminal
service equipment
network
verification information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910190549.4A
Other languages
Chinese (zh)
Other versions
CN110071908A (en
Inventor
于晓杰
冷国强
魏东
张军昌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Dahua Technology Co Ltd
Original Assignee
Zhejiang Dahua Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Dahua Technology Co Ltd filed Critical Zhejiang Dahua Technology Co Ltd
Priority to CN201910190549.4A priority Critical patent/CN110071908B/en
Publication of CN110071908A publication Critical patent/CN110071908A/en
Application granted granted Critical
Publication of CN110071908B publication Critical patent/CN110071908B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Abstract

The application relates to a terminal binding method, a terminal binding device, computer equipment and a storage medium. The method comprises the following steps: acquiring a terminal identifier, and sending the terminal identifier to an offline service device; receiving verification information generated by the offline service equipment according to the terminal identification; sending verification information to the first service equipment; receiving security information sent by the first service equipment, wherein the security information is generated according to the verification information; and sending safety information to the offline service equipment, wherein the safety information is used for indicating the offline service equipment to compare according to the safety information and the reference safety information, and when the comparison is successful, determining that the terminal identification is successfully bound with the offline service equipment. By adopting the scheme of the application, the terminal binding can be carried out in the private network communication.

Description

Terminal binding method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a terminal binding method and apparatus, a computer device, and a storage medium.
Background
With the development of computer technology, more and more services need to be terminal bound. The traditional terminal binding depends on the connection between a server and a public network, and the verification code generated by the server is sent to the terminal to be bound through a short message. After the terminal receives the verification code, the user sends the verification code to the server side again, and then terminal binding can be completed. However, the current terminal binding method cannot perform terminal binding in private network communication.
Disclosure of Invention
Therefore, it is necessary to provide a terminal binding method, an apparatus, a computer device, and a computer storage medium, which can perform terminal binding in private network communication, for solving the problem that the current terminal binding method cannot perform terminal binding in private network communication.
A method for binding a terminal, the method comprising: acquiring a terminal identifier, and sending the terminal identifier to an offline service device; receiving verification information generated by the offline service equipment according to the terminal identification; sending verification information to the first service equipment; receiving security information sent by the first service equipment, wherein the security information is generated according to the verification information; and sending safety information to the offline service equipment, wherein the safety information is used for indicating the offline service equipment to compare according to the safety information and the reference safety information, and when the comparison is successful, determining that the terminal identification is successfully bound with the offline service equipment.
A method for binding a terminal, the method comprising: receiving a terminal identification, and generating verification information according to the terminal identification; sending verification information to a terminal; receiving security information from the terminal, wherein the security information is generated by the first service equipment according to the verification information, and the verification information on the first service equipment is sent by the terminal; and comparing the safety information with the reference safety information, and when the comparison is successful, determining that the terminal identifier is successfully bound.
A terminal binding apparatus, the apparatus comprising: the acquisition module is used for acquiring the terminal identification; the sending module is used for sending the terminal identification to the offline service equipment; the receiving module is used for receiving verification information generated by the offline service equipment according to the terminal identification; the sending module is further used for sending verification information to the first service equipment; the receiving module is further used for receiving the safety information sent by the first service equipment, and the safety information is generated according to the verification information; and the sending module is also used for sending safety information to the offline service equipment, the safety information is used for indicating the offline service equipment to compare according to the safety information and the reference safety information, and when the comparison is successful, the terminal identifier and the offline service equipment are determined to be successfully bound.
A terminal binding apparatus, the apparatus comprising: the verification information generation module is used for receiving the terminal identification and generating verification information according to the terminal identification; the verification information sending module is used for sending verification information to the terminal; the security information receiving module is used for receiving security information from the terminal, the security information is generated by the first service equipment according to the verification information, and the verification information on the first service equipment is sent by the terminal; and the safety information comparison module is used for comparing the safety information with the reference safety information, and when the comparison is successful, the binding success of the terminal identifier is determined.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program: acquiring a terminal identifier, and sending the terminal identifier to an offline service device; receiving verification information generated by the offline service equipment according to the terminal identification; sending verification information to the first service equipment; receiving security information sent by the first service equipment, wherein the security information is generated according to the verification information; and sending safety information to the offline service equipment, wherein the safety information is used for indicating the offline service equipment to compare according to the safety information and the reference safety information, and when the comparison is successful, determining that the terminal identification is successfully bound with the offline service equipment.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of: acquiring a terminal identifier, and sending the terminal identifier to an offline service device; receiving verification information generated by the offline service equipment according to the terminal identification; sending verification information to the first service equipment; receiving security information sent by the first service equipment, wherein the security information is generated according to the verification information; and sending safety information to the offline service equipment, wherein the safety information is used for indicating the offline service equipment to compare according to the safety information and the reference safety information, and when the comparison is successful, determining that the terminal identification is successfully bound with the offline service equipment.
According to the terminal binding method, the terminal binding device, the computer equipment and the storage medium, the terminal identification is obtained, the terminal identification is sent to the offline service equipment, the verification information generated by the offline service equipment according to the terminal identification is received, the verification information is sent to the first service equipment, the safety information sent by the first service equipment is received, the safety information is generated according to the verification information, the safety information is sent to the offline service equipment and is used for indicating the offline service equipment to compare according to the safety information and the reference safety information, and when the comparison is successful, the terminal identification and the offline service equipment are determined to be successfully bound; the terminal identification can be converted into verification information and then converted into safety information, and the terminal identification can be ensured not to be leaked; and when the safety information is cracked, the terminal identification still cannot be obtained; the binding process only contains one terminal identification and cannot be tampered, so that closed loop of terminal identification authentication is realized, terminal binding in private network communication can be realized, counterfeiting cannot be performed in an intermediate link, and the security of terminal binding is improved.
Drawings
FIG. 1 is a diagram of an application environment of a terminal binding method in one embodiment;
fig. 2 is a flowchart illustrating a terminal binding method according to an embodiment;
fig. 3 is a flowchart illustrating a terminal binding method in another embodiment;
FIG. 4 is a timing diagram illustrating a method for binding a terminal in one embodiment;
FIG. 5 is an interaction diagram illustrating a terminal binding method according to an embodiment;
FIG. 6 is a block diagram showing the structure of a terminal binding apparatus according to an embodiment;
fig. 7 is a block diagram showing the structure of a terminal binding apparatus according to another embodiment;
FIG. 8 is a diagram illustrating an internal structure of a computer device in one embodiment;
fig. 9 is an internal structural view of a computer device in another embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The terminal binding method provided in the embodiment of the present application can be applied to the application environment shown in fig. 1. Wherein the offline serving device 102 communicates with the terminal 104 only through the first network. The terminal 104 communicates with the first service device 106 through the second network. The first network and the second network are not the same network, and the first network and the second network are incompatible networks. For example, the first network may be a private network and the second network may be a public network. The terminal 104 may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices. The number of the terminals 104 is not limited, and may be, for example, 2, where a first terminal is configured to be connected to the offline service device through a first network, and a second terminal is configured to be connected to the offline service device through a second network. The offline service device 104 and the first service device 106 may be terminal service devices, or may be implemented by an independent server or a server cluster formed by a plurality of servers. The offline service device 104 cannot be connected to the second network, and cannot communicate with the terminal 104 through the short message gateway.
In an embodiment, as shown in fig. 2, a terminal binding method is provided, which is described by taking the method as an example applied to the terminal 104 in fig. 1, and includes the following steps:
step 202, acquiring a terminal identifier, and sending the terminal identifier to the offline service device.
The terminal identifier is a unique identifier used for distinguishing a terminal or a user. For example, the terminal identifier may be a social account number, a mailbox address, a mobile phone number, or the like.
Specifically, the terminal accesses a first network that allows communication with an offline serving device. The terminal acquires the input terminal identification and sends the terminal identification to the offline service equipment.
And 204, receiving verification information generated by the offline service equipment according to the terminal identifier.
The verification information may be obtained by encrypting the terminal identifier by the offline service device. The authentication information may be composed of one or more of letters, numbers, or characters.
Specifically, the offline service device receives a terminal identifier sent by the terminal, encrypts the terminal identifier to generate verification information, and sends the verification information to the terminal through the first network. And the terminal receives verification information generated by the offline service equipment according to the terminal identifier through the first network.
Step 206, sending the authentication information to the first service device.
Specifically, the terminal switches into a second network that allows communication with the first serving device. And the terminal sends the verification information generated by the offline service equipment to the first service equipment through the second network.
And step 208, receiving the security information sent by the first service device, wherein the security information is generated according to the verification information.
Wherein the security information is generated by the first service device based on the authentication information. The security information may be comprised of one or more of words, numbers or characters. And the algorithm used by the first service equipment for generating the safety information is different from the algorithm used by the offline service equipment for generating the verification information.
Specifically, the first service device receives the verification information, generates security information according to the verification information by adopting an algorithm, and sends the security information to the terminal. And the terminal receives the safety information sent by the first service equipment, wherein the safety information is generated according to the verification information.
And step 210, sending safety information to the offline service equipment, wherein the safety information is used for indicating the offline service equipment to compare according to the safety information and the reference safety information, and when the comparison is successful, determining that the terminal identifier is successfully bound with the offline service equipment.
The reference security information is obtained by processing the terminal identifier by the offline service device by using the same algorithm as that used by the first service device to generate the security information.
Specifically, the terminal sends security information to the offline service device. The safety information is used for indicating the offline service equipment to compare with the reference safety information according to the safety information, and when the comparison is successful, the terminal identification is determined to be successfully bound with the offline service equipment.
In the terminal binding method, the terminal identification is acquired, the terminal identification is sent to the offline service equipment, the verification information generated by the offline service equipment according to the terminal identification is received, and the verification information is sent to the first service equipment, so that the first service equipment can receive the verification information and realize data synchronization between the offline service equipment and the first service equipment; receiving safety information sent by first service equipment, wherein the safety information is generated according to verification information, and sending the safety information to offline service equipment, the safety information is used for indicating the offline service equipment to compare according to the safety information and reference safety information, when the comparison is successful, the terminal identification is determined to be successfully bound with the offline service equipment, secondary conversion is carried out on the terminal identification, namely the terminal identification is converted into the verification information and then converted into the safety information, and the terminal identification can be ensured not to be leaked; and when the safety information is cracked, the terminal identification still cannot be obtained; the binding process only contains one terminal identification and cannot be tampered, so that closed loop of terminal identification authentication is realized, terminal binding in private network communication is realized, counterfeiting cannot be performed in an intermediate link, and safety of terminal binding is improved.
In one embodiment, the terminal binding method further includes: receiving a two-dimensional code generated by the offline service equipment according to the verification information; and analyzing the two-dimensional code to obtain verification information.
Specifically, the offline service device generates a two-dimensional code according to the verification information, and sends the two-dimensional code to the terminal. And the terminal receives the two-dimensional code generated by the offline service equipment according to the verification information through the first network and displays the two-dimensional code. The two-dimensional code may be displayed on a local GUI (Graphical User Interface) corresponding to the offline service apparatus, or on a client corresponding to a PC (Personal Computer) connected to the offline service apparatus via a first network. And after the terminal is switched to the second network, analyzing the two-dimensional code to obtain verification information. And after the terminal obtains the verification information, the verification information is automatically submitted to the first service equipment.
In this embodiment, the terminals may be two terminals. The first terminal may be a client corresponding to a local GUI (Graphical User Interface) corresponding to the offline service device, or a PC (Personal Computer) connected to the offline service device through a first network. And the first terminal is connected with the offline service apparatus through the first network. The second terminal may be any one of terminals connected to the first service device through the second network. And the first terminal is used for receiving the two-dimensional code generated by the offline service equipment according to the verification information through the first network and displaying the two-dimensional code. The second terminal is used for scanning the two-dimensional code to obtain verification information. The second terminal is further configured to send the authentication information to the serving device.
In the terminal binding method, the two-dimensional code generated by the offline service equipment according to the verification information is received, the two-dimensional code is analyzed to obtain the verification information, the verification information is sent to the first service equipment, the network switching can be completed, and the first service equipment can receive the verification information, so that the information synchronization between the offline service equipment and the first service equipment is achieved.
In one embodiment, the verification information is generated by the offline service device according to the random information and the terminal identification; the safety information is generated by the first service equipment according to the terminal identification and the random information obtained by analyzing the verification information; the reference security information is obtained by processing the random information and the terminal identification by the offline service device through the same algorithm as that for generating the security information.
The random information may be information randomly generated by the offline service device. The random information may be composed of one or more of letters, numbers and characters.
Specifically, the verification information is generated by the offline service device generating random information, combining the random information with the terminal identifier and then encrypting the combined random information and terminal identifier. For example, the offline service device may define a structure, but is not limited to this form, in which 11 bytes of the mobile phone number are added to 13 bytes of the random information to generate the verification information. The offline service device may encrypt the authentication information by using a pre-stored public key, for example, but not limited to, a public key of an RSA2048 encryption algorithm, and send the encrypted authentication information to the terminal. And the terminal receives the encrypted verification information generated by the off-line service equipment according to the terminal identification.
The safety information is obtained by calculating the terminal identification and the random information by adopting an algorithm after the first service equipment analyzes the verification information to obtain the terminal identification and the random information. For example, the first service device analyzes the verification information by using a private key corresponding to the RSA2048 encryption algorithm to obtain the terminal identifier and the random information. The first service device processes the terminal identification and the random information by adopting a Hash irreversible algorithm or other similar algorithms. For example, the first service device extracts only the first few digits calculated by the hash irreversible algorithm. And the terminal receives the processed safety information sent by the first service equipment.
The offline service device stores an algorithm adopted when the first service device generates the security information in advance. The reference security information is obtained by the first service device processing the random information and the terminal identifier by the same algorithm as that used for generating the security information. For example, the first service device generates the security information by using a hash irreversible algorithm, and the offline service device processes the random information and the terminal identifier by using the hash irreversible algorithm to obtain the reference security information.
In this embodiment, the verification information may further include at least one of an offline service device identifier, a binding time, and a binding validity period. The offline service equipment identifier is a unique identifier for distinguishing the offline service equipment. The authentication information may be generated by the offline service apparatus according to the random information and the terminal identification, and at least one of the offline service apparatus identification, the binding time, and the binding validity period.
The first service device may parse the verification information to obtain random information and a terminal identifier, and at least one of an offline service device identifier, a binding time, and a binding validity period. The first service device may generate the security information according to the random information and the terminal identifier, and at least one of the offline service device identifier, the binding time, and the binding validity period.
The offline service device may process the random information and at least one of the terminal identifier and the offline service device identifier, the binding time, and the binding validity period through the same algorithm as the security information generation, and generate the reference security information.
In one embodiment, the first service device may store a binding relationship between the terminal identifier and the offline service device. The binding relationship may be used in subsequent applications.
In the terminal binding method, the information synchronization between the off-line service equipment and the first service equipment can be realized through the generation of the verification information, the safety information and the reference safety information, and the algorithm adopted when the reference safety information is generated is the same as the algorithm adopted when the first service equipment generates the safety information, so that the reliability of the safety code verification is improved, the legality of the terminal identification is ensured, and the safety of the terminal binding is improved.
In an embodiment, as shown in fig. 3, a terminal binding method is provided, which is described by taking the method as an example applied to the offline service device 102 in fig. 1, and includes the following steps:
step 302, receiving the terminal identification, and generating verification information according to the terminal identification.
Specifically, the terminal accesses a first network that allows communication with an offline serving device. And the terminal receives the input terminal identification and sends the terminal identification to the offline service equipment. And the offline service equipment receives the terminal identification sent by the terminal and encrypts the terminal identification to generate verification information.
Step 304, sending the verification information to the terminal.
Specifically, the offline service apparatus transmits authentication information to the terminal through the first network.
Step 306, receiving security information from the terminal, where the security information is generated by the first service device according to the verification information, and the verification information on the first service device is sent by the terminal.
Specifically, the terminal receives the authentication information and transmits the authentication information to the first service device. And the first service equipment generates safety information according to the verification information. Namely, the security information is generated by the first service device according to the authentication information, and the authentication information on the first service device is sent by the terminal. The offline service apparatus receives security information from the terminal through the first network.
And 308, comparing the security information with the reference security information, and determining that the terminal identifier is successfully bound when the comparison is successful.
Specifically, the offline service device compares the security information with the reference security information one by one, and when the comparison is successful, it is determined that the terminal identifier is successfully bound with the offline service device.
In the terminal binding method, the terminal identification is received, the verification information is generated according to the terminal identification, the verification information is sent to the terminal, the safety information is received from the terminal, the safety information is generated by the first service equipment according to the verification information, the verification information on the first service equipment is sent by the terminal, the safety information is compared with the reference safety information, when the comparison is successful, the binding success of the terminal identification is determined, the secondary conversion is carried out on the terminal identification, and the terminal identification can be ensured not to be leaked; and when the safety information is cracked, the terminal identification still cannot be obtained; the binding process only contains one terminal identification and cannot be tampered, so that closed loop of terminal identification authentication is realized, terminal verification in private network communication is realized, counterfeiting cannot be performed in an intermediate link, and safety of terminal binding is improved.
In one embodiment, generating the verification information according to the terminal identification includes: generating random information; and encrypting the terminal identification and the random information to generate verification information.
Specifically, the offline service device generates random information, combines the random information with the terminal identifier, and encrypts the combined terminal identifier and random information to generate verification information. For example, the offline service device may define a structure, but is not limited to this form, in which 11 bytes of the mobile phone number are added to 13 bytes of the random information to generate the verification information. The offline service device may encrypt the authentication information by using a pre-stored public key, for example, but not limited to, a public key of an RSA2048 encryption algorithm, and send the encrypted authentication information to the terminal.
In this embodiment, the verification information may further include at least one of an offline service device identifier, a binding time, and a binding validity period. The offline service equipment identifier is a unique identifier for distinguishing the offline service equipment. The authentication information may be generated by the offline service apparatus according to the random information and the terminal identification, and at least one of the offline service apparatus identification, the binding time, and the binding validity period.
In one embodiment, the first service device may store a binding relationship between the terminal identifier and the offline service device. The binding relationship may be used in subsequent applications.
According to the terminal binding method, the random information is generated, the terminal identification and the random information are encrypted to generate the verification information, the terminal identification and the random information can be simultaneously encrypted, when the verification information is obtained, the difficulty of cracking the terminal identification is improved, and the safety of terminal binding is improved.
In one embodiment, the reference to the generation manner of the security information includes: and processing the random information and the terminal identification through the same algorithm as the security information generated by the first service equipment to obtain the reference security information.
Specifically, an algorithm used when the first service device generates the security information is stored in the offline service device in advance. And the first service equipment calculates the random information and the terminal identification through the same algorithm as the algorithm for generating the safety information. For example, the first service device generates the security information by using a hash irreversible algorithm according to the verification information. The offline service device calculates the random information and the terminal identification through a Hash irreversible algorithm to obtain the reference safety information.
In this embodiment, the offline service device may process at least one of the random information, the terminal identifier, and the offline service device identifier, the binding time, and the binding validity period through the same algorithm as that used for generating the security information, so as to generate the reference security information.
In the terminal binding method, the random information and the terminal identification are processed by the algorithm which is the same as that of the safety information generated by the first service equipment to obtain the reference safety information, and the safety information can be verified, so that the authenticity of the terminal identification is ensured, and the binding safety of the terminal is improved.
In an embodiment, the verification information is used to instruct the first service device to analyze the verification information to obtain random information and a terminal identifier, generate security information according to the random information and the terminal identifier, and send the security information to a corresponding terminal according to the terminal identifier.
Specifically, the verification information is used to instruct the first service device to analyze the verification information by using a private key corresponding to the RSA2048 encryption algorithm, so as to obtain random information and a terminal identifier. The first service equipment processes the random information and the terminal identification by adopting a Hash irreversible algorithm or other similar algorithms to generate the safety information. The first service device may send the security information to the corresponding terminal according to the analyzed terminal identifier. For example, the first service device sends the security information to the terminal corresponding to the mobile phone number through the short message gateway according to the mobile phone number obtained through analysis. And only the terminal corresponding to the legal mobile phone number can receive the safety information. Or the first service equipment broadcasts the safety information through a callback telephone language according to the terminal identification obtained through analysis. And only the terminal corresponding to the legal anti-shake terminal identification can receive the safety information. Or the first service device sends the security information to a terminal corresponding to the social account through a public network according to the social account obtained through analysis. And only the terminal corresponding to the legal social account can receive the safety information.
In this embodiment, the first service device may analyze the verification information to obtain the random information, the terminal identifier, and at least one of the offline service device identifier, the binding time, and the binding validity period. The first service device may generate the security information according to the random information and the terminal identifier, and at least one of the offline service device identifier, the binding time, and the binding validity period. In the terminal binding method, the verification information is used for indicating the first service equipment to analyze the verification information to obtain random information and a terminal identifier, generating safety information according to the random information and the terminal identifier, sending the safety information to the corresponding terminal according to the terminal identifier, realizing information synchronization between the offline service equipment and the first service equipment, analyzing the terminal identifier by the first service equipment, sending the safety information to the corresponding terminal according to the terminal identifier, and realizing closed-loop verification of the terminal identifier in a private network.
In one embodiment, a terminal binding method, as shown in fig. 4, includes the following steps:
step 402, the terminal acquires a terminal identifier.
Step 404, the terminal sends the terminal identifier to the offline service device.
In step 406, the offline service device generates random information, encrypts the terminal identifier and the random information, and generates verification information.
Step 408, the offline service device sends the verification information to the terminal.
And step 410, the terminal analyzes the two-dimension code generated by the off-line service equipment according to the verification information, and analyzes the two-dimension code to obtain the verification information.
In step 412, the terminal sends the authentication information to the first service device.
Step 414, the first service device parses the verification information to obtain random information and a terminal identifier, and generates security information according to the random information and the terminal identifier.
And step 416, the first service device sends the security information to the corresponding terminal according to the terminal identifier.
In step 418, the terminal sends security information to the offline service device.
And step 420, the offline service equipment compares the security information with the reference security information, and when the comparison is successful, the terminal identifier is determined to be successfully bound.
In step 422, the offline service device returns the binding result to the terminal.
In the terminal binding method, the first service equipment receives the verification information, and the data synchronization between the offline service equipment and the first service equipment can be realized; the terminal identification is converted into verification information and then converted into safety information for secondary conversion, so that the terminal identification and the verification information can be prevented from being leaked; and when the safety information is cracked, the terminal identification still cannot be obtained; the binding process only contains one terminal identification and cannot be tampered, and the safety information can only be sent to the terminal corresponding to the terminal identification, so that closed loop of terminal identification authentication is realized, terminal verification in private network communication is realized, counterfeiting cannot be performed in an intermediate link, and the safety of terminal binding is improved.
In an embodiment, as shown in fig. 5, an interaction diagram of a terminal binding method in an embodiment is provided, which includes:
step 502, the first terminal sends a terminal identifier to the offline service device, where the terminal identifier is a terminal identifier of the second terminal.
Step 504, the offline service device receives the terminal identifier, encrypts the terminal identifier and the generated random information by using a pre-stored public key, and generates verification information.
Step 506, the offline service device sends the verification information to the first terminal and displays the verification information as the two-dimensional code.
And step 508, the first terminal displays the two-dimension code.
And 510, the second terminal analyzes the two-dimension code to obtain verification information.
Step 512, the second terminal sends the verification information to the first service device.
And 514, the first service device decrypts the verification information by using the corresponding private key according to the verification information to obtain the random information and the terminal identifier. And the first service equipment adopts an irreversible algorithm to calculate and obtain the safety information according to the random information and the terminal identification.
In step 516, the first service device sends the security information to the corresponding terminal identifier through the short message gateway.
And step 518, the short message gateway sends the security information to the terminal corresponding to the terminal identifier.
Step 520, the second terminal receives the security information, and the first terminal sends the security information to the offline service device.
In step 522, the offline service device uses the same algorithm as the first service device to process the terminal identifier and the generated random information to obtain the reference security information. And the offline service equipment compares the safety information sent by the terminal with the reference safety information, and when the comparison is successful, the terminal identifier and the offline service equipment are successfully bound.
Step 524, the offline service device returns the binding result to the first terminal.
In the terminal binding method, the verification information is obtained by analyzing the two-dimensional code through displaying the two-dimensional code, so that information synchronization between the off-line service equipment and the first service equipment can be realized; the off-line server adopts a pre-stored public key for encryption, the first service equipment adopts a corresponding private key for decrypting the verification information, so that the terminal identification cannot be leaked, and the terminal identification cannot be obtained as before after the safety information is cracked; the binding process only contains one terminal identification and cannot be tampered, so that closed loop of terminal identification authentication is realized, terminal verification in private network communication is realized, counterfeiting cannot be performed in an intermediate link, and safety of terminal binding is improved.
It should be understood that although the various steps in the flow charts of fig. 2-3 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-3 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 6, there is provided a terminal binding apparatus applied to a terminal 104, including: an obtaining module 602, a sending module 604, and a receiving module 606, wherein:
an obtaining module 602, configured to obtain a terminal identifier.
A sending module 604, configured to send the terminal identifier to the offline service device.
A receiving module 606, configured to receive verification information generated by the offline service device according to the terminal identifier.
The sending module 604 is further configured to send the verification information to the first service device.
The receiving module 606 is further configured to receive security information sent by the first service device, where the security information is generated according to the verification information.
The sending module 604 is further configured to send security information to the offline service device, where the security information is used to instruct the offline service device to perform comparison according to the security information and the reference security information, and when the comparison is successful, it is determined that the terminal identifier is successfully bound with the offline service device.
In the terminal binding device, the terminal identification is received, the terminal identification is sent to the offline service equipment, and the verification information generated by the offline service equipment according to the terminal identification is received; sending verification information to the first service equipment, so that the first service equipment can receive the verification information and realize data synchronization between the offline service equipment and the first service equipment; receiving safety information sent by first service equipment, wherein the safety information is generated according to verification information, and sending the safety information to offline service equipment, the safety information is used for indicating the offline service equipment to compare according to the safety information and reference safety information, when the comparison is successful, the terminal identification is determined to be successfully bound with the offline service equipment, secondary conversion is carried out on the terminal identification, namely the terminal identification is converted into the verification information and then converted into the safety information, and the terminal identification can be ensured not to be leaked; and when the safety information is cracked, the terminal identification still cannot be obtained; the binding process only contains one terminal identification and cannot be tampered, so that closed loop of terminal identification authentication is realized, terminal verification in private network communication is realized, counterfeiting cannot be performed in an intermediate link, and the security of terminal binding is improved.
In one embodiment, the receiving module 606 is further configured to receive a two-dimensional code generated by the offline service device according to the verification information; and analyzing the two-dimensional code to obtain verification information.
In the terminal binding apparatus, the two-dimensional code generated by the offline service device according to the verification information is received, the two-dimensional code is analyzed to obtain the verification information, and the verification information is sent to the first service device, so that network switching can be completed, and the first service device can receive the verification information, thereby achieving information synchronization between the offline service device and the first service device.
In one embodiment, the verification information is generated by the offline service device according to the random information and the terminal identification; the safety information is generated by the first service equipment according to the terminal identification and the random information obtained by analyzing the verification information; the reference security information is obtained by processing the random information and the terminal identification by the offline service device through the same algorithm as that for generating the security information.
In the terminal binding device, the information synchronization between the off-line service equipment and the first service equipment can be realized through the generation of the verification information, the safety information and the reference safety information, and the algorithm adopted when the reference safety information is generated is the same as the algorithm adopted when the first service equipment generates the safety information, so that the reliability of the safety code verification is improved, the authenticity of the terminal identification is ensured, and the safety of the terminal binding is improved.
In one embodiment, as shown in fig. 7, a terminal binding apparatus is provided, which is applied to an offline service device 102, and includes: a verification information generating module 702, a verification information sending module 704, a security information receiving module 706 and a comparing module 708, wherein:
and the verification information generation module 702 is configured to receive the terminal identifier and generate verification information according to the terminal identifier.
And an authentication information sending module 704, configured to send authentication information to the terminal.
A security information receiving module 706, configured to receive security information from the terminal, where the security information is generated by the first service device according to the authentication information, and the authentication information on the first service device is sent by the terminal.
The security information comparison module 708 is configured to compare the security information with the reference security information, and when the comparison is successful, determine that the terminal identifier is successfully bound.
In the terminal binding device, the terminal identification is received, the verification information is generated according to the terminal identification, the verification information is sent to the terminal, the safety information is received from the terminal, the safety information is generated by the first service equipment according to the verification information, the verification information on the first service equipment is sent by the terminal, the safety information is compared with the reference safety information, when the comparison is successful, the terminal identification is determined to be successfully bound, the terminal identification is subjected to secondary conversion, and the terminal identification can be ensured not to be leaked; and when the safety information is cracked, the terminal identification still cannot be obtained; the binding process only contains one terminal identification and cannot be tampered, so that closed loop of terminal identification authentication is realized, terminal verification in private network communication is realized, counterfeiting cannot be performed in an intermediate link, and the security of terminal binding is improved.
In one embodiment, the verification information generation module 702 is further configured to generate random information; and encrypting the terminal identification and the random information to generate verification information.
In the terminal binding device, the random information is generated, the terminal identification and the random information are encrypted to generate the verification information, the terminal identification and the random information can be simultaneously encrypted, and when the verification information is obtained, the difficulty of cracking the terminal identification is improved, so that the terminal binding safety is improved.
In one embodiment, the security information comparison module 708 is further configured to process the random information and the terminal identifier by using the same algorithm as that used for generating the security information by the first service device to obtain the reference security information.
In the terminal binding device, the random information and the terminal identification are processed by the algorithm which is the same as that of the safety information generated by the first service equipment to obtain the reference safety information, and the safety information can be verified, so that the authenticity of the terminal identification is ensured, and the binding safety of the terminal is improved.
In an embodiment, the verification information is used to instruct the first service device to analyze the verification information to obtain random information and a terminal identifier, generate security information according to the random information and the terminal identifier, and send the security information to a corresponding terminal according to the terminal identifier.
In the terminal binding device, the verification information is used for indicating the first service equipment to analyze the verification information to obtain random information and a terminal identifier, generating safety information according to the random information and the terminal identifier, and sending the safety information to the corresponding terminal according to the terminal identifier, so that information synchronization between the offline service equipment and the first service equipment can be realized, the first service equipment can analyze the terminal identifier and send the safety information to the corresponding terminal according to the terminal identifier, and closed-loop verification of the terminal identifier in a private network is realized.
For the specific definition of the terminal binding apparatus, reference may be made to the above definition of the terminal binding method, which is not described herein again. The respective modules in the above terminal binding apparatus may be wholly or partially implemented by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 8. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a terminal binding method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 9. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing terminal binding data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a terminal binding method.
Those skilled in the art will appreciate that the configurations shown in fig. 8 and 9 are block diagrams of only some of the configurations relevant to the present disclosure, and do not constitute a limitation on the computing device to which the present disclosure may be applied, and in particular, the computing device may include more or less components than shown, or combine certain components, or have a different arrangement of components.
A terminal binding system comprises a terminal, an offline service device and a first service device, wherein the terminal and the offline service device are communicated through a first network, and the terminal and the first service device are communicated through a second network;
the terminal is used for receiving the terminal identification and sending the terminal identification to the off-line service equipment;
the off-line service equipment is used for receiving the terminal identification, generating verification information according to the terminal identification and sending the verification information to the terminal;
the terminal is used for receiving the verification information and sending the verification information to the first service equipment;
the first service equipment is used for generating safety information according to the verification information;
the terminal is used for receiving the safety information sent by the first service equipment and sending the safety information to the offline service equipment;
the off-line service equipment is used for receiving the safety information from the terminal, comparing the safety information with the reference safety information, and determining that the binding of the terminal identifier is successful when the comparison is successful.
In one embodiment, a computer device is provided, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the terminal binding method when executing the computer program.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the above-mentioned terminal binding method.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (11)

1. A terminal binding method, characterized in that the method comprises:
acquiring a terminal identifier, and sending the terminal identifier to an offline service device; the off-line service equipment is communicated with the terminal through a first network, and the terminal is communicated with the first service equipment through a second network; the first network and the second network are not the same network;
receiving verification information generated by the offline service equipment according to the terminal identification;
sending the authentication information to the first service device;
receiving security information sent by the first service equipment, wherein the security information is generated according to the verification information;
and sending the safety information to the offline service equipment, wherein the safety information is used for indicating the offline service equipment to compare according to the safety information and reference safety information, and when the comparison is successful, determining that the terminal identification is successfully bound with the offline service equipment.
2. The method of claim 1, further comprising:
receiving a two-dimensional code generated by the offline service equipment according to the verification information;
and analyzing the two-dimensional code to obtain verification information.
3. The method according to claim 1 or 2, wherein the verification information is generated by the offline service device according to random information and the terminal identification;
the security information is generated by the first service device according to the terminal identifier and the random information obtained by analyzing the verification information;
the reference safety information is obtained by processing the random information and the terminal identification by the offline service equipment through the same algorithm as that for generating the safety information.
4. A terminal binding method, characterized in that the method comprises:
the method comprises the steps that an offline service device receives a terminal identification and generates verification information according to the terminal identification; the off-line service equipment is communicated with a terminal through a first network, and the terminal is communicated with the first service equipment through a second network; the first network and the second network are not the same network;
the off-line service equipment sends the verification information to the terminal;
the offline service equipment receives security information from the terminal, the security information is generated by the first service equipment according to the verification information, and the verification information on the first service equipment is sent by the terminal;
and the offline service equipment compares the safety information with reference safety information, and when the comparison is successful, the terminal identification is determined to be successfully bound.
5. The method of claim 4, wherein the generating authentication information according to the terminal identifier comprises:
generating random information;
and encrypting the terminal identification and the random information to generate verification information.
6. The method according to claim 5, wherein the reference security information is generated in a manner that includes:
and processing the random information and the terminal identification through the same algorithm as the security information generated by the first service equipment to obtain reference security information.
7. The method according to claim 5, wherein the authentication information is used to instruct the first service device to parse the authentication information to obtain the random information and the terminal identifier, generate the security information according to the random information and the terminal identifier, and send the security information to a corresponding terminal according to the terminal identifier.
8. An apparatus for binding a terminal, the apparatus comprising:
the acquisition module is used for acquiring the terminal identification;
the sending module is used for sending the terminal identification to the off-line service equipment; the off-line service equipment is communicated with the terminal through a first network, and the terminal is communicated with the first service equipment through a second network; the first network and the second network are not the same network;
the receiving module is used for receiving verification information generated by the offline service equipment according to the terminal identification;
the sending module is further configured to send the verification information to the first service device;
the receiving module is further configured to receive security information sent by the first service device, where the security information is generated according to the verification information;
the sending module is further configured to send the security information to the offline service device, where the security information is used to instruct the offline service device to perform comparison according to the security information and reference security information, and when the comparison is successful, it is determined that the terminal identifier and the offline service device are successfully bound.
9. A terminal binding device is applied to an offline service device, wherein the offline service device communicates with a terminal only through a first network, and the terminal communicates with a first service device through a second network; the first network and the second network are not the same network;
the device comprises:
the verification information generation module is used for receiving the terminal identification and generating verification information according to the terminal identification;
the verification information sending module is used for sending the verification information to the terminal;
the security information receiving module is used for receiving security information from the terminal, the security information is generated by the first service equipment according to the verification information, and the verification information on the first service equipment is sent by the terminal;
and the safety information comparison module is used for comparing the safety information with reference safety information, and when the comparison is successful, the terminal identifier is determined to be successfully bound.
10. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 7 when executing the computer program.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN201910190549.4A 2019-03-13 2019-03-13 Terminal binding method and device, computer equipment and storage medium Active CN110071908B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910190549.4A CN110071908B (en) 2019-03-13 2019-03-13 Terminal binding method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910190549.4A CN110071908B (en) 2019-03-13 2019-03-13 Terminal binding method and device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN110071908A CN110071908A (en) 2019-07-30
CN110071908B true CN110071908B (en) 2021-09-21

Family

ID=67365219

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910190549.4A Active CN110071908B (en) 2019-03-13 2019-03-13 Terminal binding method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110071908B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112437071B (en) * 2020-11-17 2023-05-16 珠海格力电器股份有限公司 Method, system, device and storage medium for controlling device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105516103A (en) * 2015-11-30 2016-04-20 青岛海尔智能家电科技有限公司 Method, device and system for binding intelligent household electrical appliances
CN106301785A (en) * 2016-08-09 2017-01-04 Tcl集团股份有限公司 The binding method of a kind of intelligent home device and intelligent terminal and system
CN108173720A (en) * 2017-12-07 2018-06-15 无锡小天鹅股份有限公司 The control method and system of household electrical appliance, home appliance system
CN108768970A (en) * 2018-05-15 2018-11-06 腾讯科技(北京)有限公司 A kind of binding method of smart machine, identity authentication platform and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105974802B (en) * 2016-04-27 2017-09-29 腾讯科技(深圳)有限公司 A kind of methods, devices and systems of control smart machine

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105516103A (en) * 2015-11-30 2016-04-20 青岛海尔智能家电科技有限公司 Method, device and system for binding intelligent household electrical appliances
CN106301785A (en) * 2016-08-09 2017-01-04 Tcl集团股份有限公司 The binding method of a kind of intelligent home device and intelligent terminal and system
CN108173720A (en) * 2017-12-07 2018-06-15 无锡小天鹅股份有限公司 The control method and system of household electrical appliance, home appliance system
CN108768970A (en) * 2018-05-15 2018-11-06 腾讯科技(北京)有限公司 A kind of binding method of smart machine, identity authentication platform and storage medium

Also Published As

Publication number Publication date
CN110071908A (en) 2019-07-30

Similar Documents

Publication Publication Date Title
CN111949953B (en) Identity authentication method, system and device based on block chain and computer equipment
CN109471844B (en) File sharing method and device, computer equipment and storage medium
CN108306876B (en) Client identity authentication method, device, computer equipment and storage medium
CN109325342B (en) Identity information management method, device, computer equipment and storage medium
CN109768979B (en) Data encryption transmission method and device, computer equipment and storage medium
CN109376824B (en) Dynamic two-dimensional code generation method and system
CN110727949B (en) Data storage method and device, computer equipment and storage medium
CN109711824B (en) Resource transfer method, device, computer equipment and storage medium
CN113572743B (en) Data encryption and decryption methods and devices, computer equipment and storage medium
CN112822255B (en) Block chain-based mail processing method, mail sending end, receiving end and equipment
CN109347813B (en) Internet of things equipment login method and system, computer equipment and storage medium
CN113691502A (en) Communication method, communication device, gateway server, client and storage medium
CN112800393B (en) Authorization authentication method, software development kit generation method, device and electronic equipment
CN110768784A (en) Password transmission method, device, computer equipment and storage medium
CN111144531A (en) Two-dimensional code generation method and device, electronic equipment and computer readable storage medium
CN111245771B (en) Instant message encryption and decryption method, device, equipment and storage medium
CN114172747B (en) Method and system for group members to obtain authentication certificate based on digital certificate
CN114168922B (en) User CA certificate generation method and system based on digital certificate
CN110401531B (en) Cooperative signature and decryption system based on SM9 algorithm
CN112836206A (en) Login method, device, storage medium and computer equipment
CN110445757A (en) Personnel information encryption method, device, computer equipment and storage medium
CN110071908B (en) Terminal binding method and device, computer equipment and storage medium
CN111770494A (en) Beidou RDSS user identity authentication and live wire registration method and device based on mobile phone number
CN108390758B (en) User password processing method and device and internal control security monitoring system
CN112583602B (en) Information code data transmission method, device, system, computer device and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant