CN110427785B

CN110427785B - Equipment fingerprint acquisition method and device, storage medium and electronic device

Info

Publication number: CN110427785B
Application number: CN201910667673.5A
Authority: CN
Inventors: 李伟; 张军; 陈春荣; 韩景维
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2019-07-23
Filing date: 2019-07-23
Publication date: 2023-07-14
Anticipated expiration: 2039-07-23
Also published as: CN110427785A

Abstract

The invention discloses a method and a device for acquiring equipment fingerprints, a storage medium and an electronic device. Wherein the method comprises the following steps: acquiring hardware information of multiple dimensions of a first terminal device, wherein the hardware information of the multiple dimensions is acquired by accessing a kernel layer of the first terminal device through a first mode, the first mode is different from a mode of calling a first application programming interface, and the first application programming interface is an application programming interface provided by an operating system of the first terminal device for an application program; the hardware information of each dimension is respectively converted into intermediate data for identifying the hardware information of the corresponding dimension; and generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension. The invention solves the technical problem that the device fingerprint is easy to forge.

Description

Equipment fingerprint acquisition method and device, storage medium and electronic device

Technical Field

The present invention relates to the field of computers, and in particular, to a method and apparatus for acquiring a device fingerprint, a storage medium, and an electronic apparatus.

Background

The current method for calculating the device fingerprint, namely the unique ID of the device, mainly relies on the IMEI (International Mobile Equipment Identity ) of the device to calculate and obtain.

However, in order to combat the existing fingerprint algorithm of the device, the network black product often changes the system information of the mobile phone by means of a mobile phone brushing, a ROM (Read-Only Memory) upgrading, a mobile phone formatting, a mobile phone brushing software installing, and the like, so that the device fingerprint is forged, and the device fingerprint cannot be effectively identified uniquely by the existing method.

In view of the above problems, no effective solution has been proposed at present.

Disclosure of Invention

The embodiment of the invention provides a method and a device for acquiring equipment fingerprints, a storage medium and an electronic device, which are used for at least solving the technical problem that the equipment fingerprints are easy to forge.

According to an aspect of an embodiment of the present invention, there is provided a method for acquiring a device fingerprint, including: acquiring hardware information of multiple dimensions of a first terminal device, wherein the hardware information of the multiple dimensions is acquired by accessing a kernel layer of the first terminal device through a first mode, the first mode is different from a mode of calling a first application programming interface, and the first application programming interface is an application programming interface provided by an operating system of the first terminal device for an application program; the hardware information of each dimension is respectively converted into intermediate data for identifying the hardware information of the corresponding dimension; and generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension.

According to another aspect of the embodiment of the present invention, there is also provided an apparatus for acquiring a device fingerprint, including: the first acquisition module is used for acquiring the hardware information of the plurality of dimensions of the first terminal equipment, wherein the hardware information of the plurality of dimensions is acquired by accessing a kernel layer of the first terminal equipment through a first mode, the first mode is different from a mode of calling a first application programming interface, and the first application programming interface is an application programming interface provided by an operating system of the first terminal equipment for an application program; the first conversion module is used for respectively converting the hardware information of each dimension into intermediate data for identifying the hardware information of the corresponding dimension; and the generating module is used for generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension.

According to still another aspect of the embodiments of the present invention, there is also provided a storage medium having stored therein a computer program, wherein the computer program is configured to perform the above-described device fingerprint acquisition method when run.

According to still another aspect of the embodiment of the present invention, there is further provided an electronic apparatus including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the method for acquiring a device fingerprint described above through the computer program.

In the embodiment of the invention, the kernel layer is accessed in a first mode to acquire the hardware information with multiple dimensions, so that the real hardware information with multiple dimensions of the first terminal equipment is acquired, the first equipment fingerprint is generated according to the intermediate data acquired by the conversion of the hardware information with multiple dimensions, the first equipment fingerprint can indicate the hardware information with multiple dimensions, and the hardware information of the first terminal equipment is not easy to tamper, so that the first equipment fingerprint can uniquely identify the first terminal equipment. The purpose that the obtained equipment fingerprint is not easy to forge is achieved, so that the technical effect of generating the equipment fingerprint which is not easy to forge is achieved, and the technical problem that the equipment fingerprint is easy to forge is solved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiments of the invention and together with the description serve to explain the invention and do not constitute a limitation on the invention. In the drawings:

FIG. 1 is a schematic illustration of an application environment of an alternative method of device fingerprint acquisition in accordance with an embodiment of the present invention;

FIG. 2 is a flow chart of an alternative method of device fingerprint acquisition in accordance with an embodiment of the present invention;

FIG. 3 is a schematic diagram of interaction between a terminal device and a server according to an embodiment of the present invention;

FIG. 4 is a flow chart of another alternative method of device fingerprint acquisition according to an embodiment of the invention;

FIG. 5 is a schematic diagram of the structure of a device fingerprint according to an embodiment of the invention;

FIG. 6 is a flow diagram of generating a device fingerprint according to an embodiment of the invention;

FIG. 7 is a flow chart of yet another alternative method of device fingerprint acquisition in accordance with an embodiment of the present invention;

FIG. 8 is a schematic diagram of an alternative device fingerprint acquisition apparatus according to an embodiment of the present invention;

fig. 9 is a schematic structural view of an alternative electronic device according to an embodiment of the present invention.

Detailed Description

In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.

It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

According to an aspect of the embodiment of the present invention, there is provided a method for acquiring a device fingerprint, optionally, as an optional implementation manner, the method for acquiring a device fingerprint may be applied, but is not limited to, in an environment as shown in fig. 1.

In the embodiment of the present invention, in order to obtain the device fingerprint of the user device 102, the server 110 may execute steps S116 to 118 through the processing engine 114, send an obtaining instruction to the user device 102, and when receiving the obtaining instruction sent by the server 110 and used for obtaining the device instruction of the user device by the user, the user device 102 may execute step S120 through the processor 106, so as to obtain the hardware information of multiple dimensions of the first terminal device, where the hardware information of multiple dimensions is obtained by accessing the kernel layer of the first terminal device in a first manner, and the first manner is different from a manner of calling the first application programming interface, where the first application programming interface is an application programming interface provided by the operating system of the first terminal device for an application program; step S122, converting the hardware information of each dimension into intermediate data for identifying the hardware information of the corresponding dimension; and step S124, generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension. The kernel layer is accessed through a first mode to acquire hardware information of multiple dimensions, so that real hardware information of the first terminal device is acquired, and a first device fingerprint is generated according to intermediate data obtained through conversion of the hardware information of the multiple dimensions, so that the first device fingerprint can indicate the hardware information of the multiple dimensions, and the hardware information of the first terminal device is not easy to tamper, so that the first device fingerprint can be uniquely identified for the first terminal device. The user device 102 may also perform steps S126-S128 to send the device fingerprint to the server 110. Here, the user device 102 may store the device fingerprint through the memory 104 and may display the device fingerprint through the display 108. The server 110 may store the device fingerprint transmitted by the user device 102 via the database 112.

Alternatively, in this embodiment, the method for acquiring the device fingerprint may be applied to the user device 102, but not limited to, and may also be applied to the server 110. The user device 102 may be provided with an application client for performing information interaction with the server 110 through the application client, and the user device 102 may be, but is not limited to, a terminal device supporting running of the application client, such as a mobile phone, a tablet computer, a notebook computer, a PC, etc. The server 110 and the user device 102 may interact with each other via, but are not limited to, a network 130, and the network 130 may include, but is not limited to, a wireless network or a wired network. Wherein the wireless network comprises: bluetooth, WIFI, and other networks that enable wireless communications. The wired network may include, but is not limited to: wide area network, metropolitan area network, local area network. The above is merely an example, and is not limited in any way in the present embodiment.

Optionally, as an optional implementation manner, as shown in fig. 2, the method for acquiring the device fingerprint includes:

step S202, acquiring hardware information of multiple dimensions of a first terminal device, wherein the hardware information of the multiple dimensions is acquired by accessing a kernel layer of the first terminal device through a first mode, the first mode is different from a mode of calling a first application programming interface, and the first application programming interface is an application programming interface provided by an operating system of the first terminal device for an application program;

Step S204, converting the hardware information of each dimension into intermediate data for identifying the hardware information of the corresponding dimension;

step S206, generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension.

According to the embodiment of the invention, the kernel layer is accessed in the first mode to obtain the hardware information with multiple dimensions, so that the real hardware information with multiple dimensions of the first terminal equipment is obtained, the first equipment fingerprint is generated according to the intermediate data obtained through the conversion of the hardware information with multiple dimensions, the first equipment fingerprint can indicate the hardware information with multiple dimensions, and the hardware information of the first terminal equipment is not easy to tamper, so that the first equipment fingerprint can carry out unique identification on the first terminal equipment.

The first terminal equipment comprises a kernel layer, wherein the kernel layer provides process management, file network management, system security authority management, system and hardware equipment communication foundation and the like for the first terminal equipment. The kernel layer may provide underlying drivers for various hardware of the first terminal device, such as display, audio, bluetooth, power management, etc. The first terminal equipment is used for facilitating the application program to access the kernel layer and avoiding the harm caused by the application program directly accessing the kernel layer, and an operating system of the first terminal equipment provides a first application program programming interface for the application program. In the embodiment of the invention, the inventor finds that the black product can perform HOOK on the system function through the machine changing software and the like, so that when the hardware information is acquired through a first application programming interface provided by an operating system for an application program, the acquired hardware information is not real hardware information fed back by a kernel layer, but data after HOOK HOOK processing. Therefore, in the embodiment of the invention, the kernel layer is accessed through a first mode different from a mode of calling the first application programming interface so as to acquire the hardware information of the first terminal equipment, thereby acquiring the real hardware information of the first terminal equipment. Since the hardware information of the first terminal device is associated with the hardware of the first terminal device, the hardware of the terminal device is not changed by performing operations such as flashing, so that the terminal device can be determined according to the first target field for representing the hardware information in the fingerprint of the first device. In the embodiment of the invention, the device fingerprint generated according to the hardware information obtained by accessing the kernel layer and the obtained system information is not easy to forge.

In an alternative embodiment of the present invention, a first target field may be carried in a first device fingerprint generated according to the intermediate data, and the first target field is used to indicate hardware information of the first device. Optionally, system information of multiple dimensions of the first terminal device may be obtained, so that the system information is converted into conversion data, and device fingerprints of the first device are generated according to the intermediate data and the conversion data. At this time, the device fingerprint carries a first target field and may also carry a second target field for representing system information, so that a change of a system environment of the first terminal device, such as whether a swipe behavior exists, can be observed according to the first device fingerprint.

In the embodiment of the present invention, the hardware information may include: a central processing unit (Central Processing Unit, abbreviated as CPU), a memory, a real-time clock RCT, a wireless network card MAC address Wlan0MAC, a network card address P2P0MAC, a handset local IP (Internet Protocol Address ), a gateway MAC (Media Access Control, media access control) address. The system information may include: application list information, terminal attribute information, terminal environment information, terminal file information, sensor information, and the like. Here, the application list information may include: the name, version, installation time, etc. of the application package installed on the terminal device. The terminal environment information may include: resolution of the terminal display screen, ROM size, CPU frequency, ROOT, etc. The terminal file information may include: CPU files, memory files, font number files, APP files, etc. The sensor information may include: sensor name, version, vendor, error, etc.

Optionally, acquiring hardware information of multiple dimensions of the first terminal device includes: and calling a system application programming interface in a target layer of the first terminal device to access a kernel layer of the first terminal device to acquire hardware information of multiple dimensions, wherein the system application programming interface in the target layer is used for accessing the hardware information in the kernel layer, and the first mode comprises a mode of calling the system application programming interface in the target layer. Here, the kernel layer may be accessed by calling a system application programming interface in a target layer of an operating system of the first terminal device, thereby acquiring hardware information. It will be appreciated that the system application programming interface in the target layer may access the kernel layer to obtain hardware information, and that the system application programming interface is different from the first application programming interface. Thus, the request sent to the first application programming interface by the black office and the like can be avoided from being subjected to HOOK.

Optionally, invoking a system application programming interface in a target layer of the first terminal device to access a kernel layer of the first terminal device to obtain hardware information of multiple dimensions, including: a first system application programming interface of a target virtual machine layer of the first terminal equipment is called in a reflection mode to access a kernel layer of the first terminal equipment so as to acquire hardware information with multiple dimensions; or a second system application programming interface of the local framework layer of the first terminal device is called to access the kernel layer of the first terminal device so as to acquire hardware information with multiple dimensions. In the embodiment of the invention, the first system application programming interface of the target virtual machine dalvik layer can be called in a reflection calling mode, so that the hardware information is obtained. Or directly acquiring the hardware information through a second system application programming interface of the native layer of the local framework. In the embodiment of the invention, the hardware of the first terminal equipment is acquired by a lower-layer technical means, so that the technical means of conventional machine brushing and modification of the API of the mobile phone system can be avoided, and the correct hardware information is acquired.

Optionally, acquiring the hardware information of the multiple dimensions of the first terminal device includes: the method comprises the steps of reading a target file recorded with hardware information of multiple dimensions in a kernel layer of first terminal equipment, and obtaining the hardware information of the multiple dimensions of the first terminal equipment, wherein a first mode comprises a mode of reading the target file. In the embodiment of the invention, because the file recorded with the hardware information often exists in the terminal equipment, the hardware information can be obtained by reading the target file recorded with the hardware information in the kernel layer, thereby avoiding that the black product reports false hardware information through a HOOK means. Here, it is understood that the hardware information of multiple dimensions may be recorded in one object file or may be recorded in multiple object files, so that the hardware information of multiple dimensions may be obtained by reading each object file.

Optionally, reading the target file recorded with the hardware information of multiple dimensions in the kernel layer of the first terminal device, and obtaining the hardware information of multiple dimensions of the first terminal device includes: acquiring model information of a first terminal device, and determining a storage position of a first target file recorded with hardware information with multiple dimensions through a model information-hardware information storage position mapping relation; reading a first target file at a storage position to obtain hardware information of multiple dimensions; or determining a second target file recorded with hardware information of a plurality of dimensions in the files stored on the first terminal device; and reading the second target file to obtain hardware information with multiple dimensions. For terminal devices of different models, the locations of files storing hardware information may be different from each other, and in the embodiment of the present invention, a first target file storing hardware information may be determined according to model information of a first terminal device and a mapping relationship between model information and hardware information storage locations, so as to obtain hardware information recorded in the first target file. It may be understood that, for the mapping relationship between the model information and the hardware information storage location, the mapping relationship may be stored in the first terminal device, or after the model information is obtained, a request carrying the model information is sent to the server, and the server determines, according to the mapping relationship between the model information and the hardware information storage location and the model information carried in the request sent by the first terminal device, the storage location of the file storing the hardware information, and sends the storage location to the first terminal device, so that the first terminal device may obtain the first target file according to the storage location. It may be understood that in the embodiment of the present invention, there may be a plurality of storage locations of the first target file storing the hardware information, where the storage locations are determined according to the mapping relationship between model information and hardware information storage locations, and in the case where there are a plurality of storage locations, the file at each storage location may be read, so that the hardware information is obtained. It will be appreciated that, since the file recording the hardware information is stored in the first terminal device, in an alternative embodiment of the present invention, the hardware information recorded in the second target file may also be obtained by traversing the file stored in the first terminal device.

Optionally, acquiring the hardware information of the multiple dimensions of the first terminal device includes: operating a state checking command for acquiring a hardware state of the first terminal device to access a kernel layer of the first terminal device, wherein the hardware state comprises hardware information of multiple dimensions, and the first mode comprises a mode of operating the state checking command; and obtaining hardware information with multiple dimensions from the state information fed back by the first terminal equipment in response to the state checking command, wherein the state information carries the hardware information with multiple dimensions. Here, a state check command matched with the operation instruction of the first terminal device may also be executed, so that the hardware information is obtained according to the state information fed back by the operating system in response to the state check command. Taking an android system as an example, the hardware information can be directly obtained by calling a linux command line. It can be appreciated that the method for acquiring the hardware information of multiple dimensions by calling the linux command according to the embodiment of the present invention can be applied to a system based on linux.

Optionally, acquiring the hardware information of the multiple dimensions of the first terminal device includes: detecting vulnerability information of first terminal equipment; acquiring system rights through a target vulnerability when vulnerability information indicates that the first terminal equipment has the target vulnerability for providing the system rights for an application program on the first terminal equipment; and accessing a kernel layer of the first terminal equipment through the authority of the system for accessing the first terminal equipment, which is configured by the system authority, so as to acquire hardware information with multiple dimensions, wherein the first mode comprises a mode of acquiring the system authority through a target vulnerability. Here, in the case that the operating system of the first terminal device has a system vulnerability, the authority for accessing the kernel layer may be obtained through the system vulnerability, so that the hardware information may be directly obtained.

It will be appreciated that the above-provided alternative embodiments for obtaining hardware information may be used in conjunction with each other, so that in a case where hardware information cannot be obtained by means of one alternative embodiment, the method disclosed in other embodiments may be used to obtain hardware information. That is, in an alternative embodiment of the present invention, the first mode includes: the method of calling the system application programming interface in the target layer, the method of reading the target file, the method of running state checking command and the method of acquiring the system authority through the target vulnerability can adopt one or more of the methods when acquiring the hardware information of multiple dimensions. It should be understood that the above-mentioned alternative first mode is only an alternative mode of the present invention, and the present invention is not limited thereto.

Optionally, the hardware information of each dimension is respectively converted into intermediate data for identifying the hardware information of the corresponding dimension, including: and respectively encoding the hardware information of each dimension through a Cyclic Redundancy Check (CRC) algorithm to obtain corresponding intermediate data. In the embodiment of the invention, the hardware information can be encoded through a cyclic redundancy check CRC (Cyclic Redundancy Check) algorithm, so that intermediate data is obtained. It can be understood that intermediate data obtained by encoding through a Cyclic Redundancy Check (CRC) algorithm cannot be reversely decoded to obtain data before encoding, so that data desensitization can be realized, data of a user are protected, and intermediate data for generating equipment fingerprints can be obtained according to real hardware information conversion. In an alternative embodiment of the present invention, the hardware information may also be encoded by an MD5Message-Digest Algorithm (MD 5Message-Digest Algorithm) to obtain intermediate data.

Optionally, generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension includes: and combining the intermediate data according to a target order to obtain a first device fingerprint, wherein the first device fingerprint carries first target fields which are the same in number as the intermediate data and are used for identifying hardware information of each dimension, and the target order is used for indicating the dimension of the hardware information corresponding to each first target field. In the embodiment of the invention, the intermediate data are combined according to the target order to obtain the first equipment fingerprint, so that the order of the intermediate data corresponding to the hardware information of each dimension in the obtained first equipment fingerprint in the equipment fingerprint is the same, and the first target fields in the fingerprints of different equipment can be compared, thereby judging whether the hardware information of the corresponding dimension is the same. It can be understood that, because the hardware information is not easy to be tampered, it can be determined that the devices represented by the two device fingerprints are the same device when the first target fields corresponding to the hardware information in each dimension are the same. For the combined approach, the target data may be added to the target data structure in the target order.

Optionally, in an embodiment of the present invention, the identification field and the intermediate data may be further combined in the target order to obtain the first device fingerprint. Here, the identification field may be located at the first bit in the first device fingerprint, thereby facilitating the determination of the data type from the identification field, i.e. the determination that the data is a device fingerprint. For example, the embodiment of the invention can further include: the first device fingerprint is sent to a server. The server, upon receiving the first device fingerprint, may determine that the received data is a device fingerprint based on an identification field in the first device fingerprint. Optionally, when the server needs to perform device verification, the server may actively send a device fingerprint acquisition instruction to the terminal device, so as to request the device fingerprint from the terminal device.

Optionally, the method further comprises: acquiring system information of multiple dimensions of a first terminal device; converting the system information of each dimension into conversion data for identifying the system information of the corresponding dimension;

generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension comprises: generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension and the converted data obtained by converting the system information of each dimension, wherein the first device fingerprint carries first target fields which are the same in number as the intermediate data and used for identifying the hardware information of each dimension, and second target fields which are the same in number as the converted data and used for representing the system information of each dimension.

In the embodiment of the invention, the system information of multiple dimensions of the first terminal equipment can be acquired, so that the equipment fingerprint can be generated according to the conversion data obtained by the conversion of the intermediate data and the system information, the equipment fingerprint can also be used for indicating the system information of the terminal equipment, and the change of the system environment indicated by the system information of the terminal equipment can be judged according to the equipment fingerprints acquired at different times.

Optionally, acquiring the system information of multiple dimensions of the first terminal device includes: and calling a first application programming interface to acquire system information of multiple dimensions. The acquisition of system information for multiple dimensions may be acquired by invoking a first application programming interface. It will be understood, of course, that system information may also be obtained by the first manner of obtaining hardware information in multiple dimensions. That is, in an alternative embodiment of the present invention, the system information may be acquired through the first mode.

In an alternative embodiment of the present invention, the first device fingerprint carries a first target field, which is the same as the intermediate data in number and is used for identifying hardware information of each dimension, and a second target field, which is the same as the converted data in number and is used for representing system information of each dimension, so that comparison can be performed according to device fingerprints acquired at different times, and whether the hardware information of the terminal devices corresponding to the two devices are the same is determined according to the first target field, thereby judging whether the terminal devices are the same. In the case that the two device fingerprints are determined to be the device fingerprints of the same terminal device according to the first target field, the change of the system environment indicated by the system information may also be determined according to the second target field. For example, for the first terminal device, the first device fingerprint obtained for the first time is A1A2A3B1B2B3, where A1, A2, A3 are respectively a first target field, represent intermediate data obtained by converting hardware information of one dimension, B1, B2, B3 are respectively a second target field, respectively represent converted data obtained by converting system information of one dimension, and then obtain a device fingerprint A1A2A3B6B2B3, where it is understood that, since the device fingerprints in the embodiment of the present invention are formed according to the target order, A1A2A3B6B2B3 are respectively a first target field, and according to the first target fields A1, A2, A3 are identical to the first target fields in the first device fingerprint A1A2A3B1B2B3, the hardware information of both may be identical to each other, and indicate that both are identical terminal devices. Here, a second target field changes, B1 changes to B6, which can determine the change currently sent by the system environment of the terminal device according to the system information of one dimension indicated by the field. Here, it is understood that the unique code, state, etc. may be different for the same model of hardware, and the hardware information of the corresponding hardware may be different. Thus, in the case where the first target fields representing the hardware information are identical, it is possible to determine that both are identical hardware devices.

Optionally, after generating the first device fingerprint for identifying the first terminal device based on the intermediate data, the method further comprises: acquiring a second equipment fingerprint reported by second terminal equipment; and determining the second terminal device as the first terminal device under the condition that the first target field in the first device fingerprint is the same as the first target field in the second device fingerprint.

In the embodiment of the invention, when the second device fingerprint is acquired, the second terminal device and the first terminal device can be determined to be the same terminal device by comparing the first target field in the second device fingerprint with the first target field in the first device fingerprint, and the terminal device can be distinguished according to the hardware information identified by the first target field in the device fingerprint. It will be appreciated that this step may be performed by the first terminal device or by the server.

Optionally, after the second device fingerprint reported by the second terminal device is obtained, the method further includes: comparing the second target field in the second device fingerprint with the second target field in the first device fingerprint; and under the condition that the first target field in the first equipment fingerprint is the same as the first target field in the second equipment fingerprint, determining the system environment change indicated by the system information of the corresponding dimension of the first terminal equipment according to the second target field which is different between the second equipment fingerprint and the first equipment fingerprint.

In the embodiment of the invention, under the condition that the first target fields are the same, the second terminal equipment can be determined to be the first terminal equipment, and further, whether the system of the first terminal equipment changes or not can be determined according to the difference between the second target fields in the second equipment fingerprint and the second target fields in the first equipment fingerprint, so that whether the current system environment has the behavior of machine brushing or not can be judged. It will be appreciated that this step may be performed by the first terminal device or by the server. It may be appreciated that in the case where the first target field in the first device fingerprint is the same as the first target field in the second device fingerprint, and the second target field of the second device fingerprint is the same as the second target field of the first device fingerprint, it may be determined that the system environment indicated by the system information of the first terminal device has not changed. It will be appreciated that the second target field can only indicate whether the system information corresponding to the second target field has changed.

The method of an embodiment of the present invention is illustrated in the following with reference to fig. 3.

S302, the server 31 sends a device fingerprint acquisition instruction to the terminal device 32, wherein the device fingerprint acquisition instruction is used for instructing the terminal device 32 to generate a device fingerprint;

S304, the terminal device 32 acquires the hardware information with multiple dimensions and the system information with multiple dimensions through the first mode, and generates device fingerprints according to the hardware information with multiple dimensions and the system information with multiple dimensions.

S306, the terminal device 32 transmits the device fingerprint to the server 31. Here, the server 31 may acquire a device fingerprint so as to verify the current device according to the device fingerprint. For example, when the terminal device performs payment operation, the acquired device fingerprint is compared with a third device fingerprint which is pre-stored and verified for verification, so as to judge whether the current terminal device is the terminal device matched with the third device fingerprint, and thus the payment environment can be verified.

For the generating device fingerprints of S304, specifically, as shown in fig. 4, in an embodiment of the present invention, the terminal device 32 may perform the following steps to generate the device fingerprints:

s402, acquiring hardware information and system information of multiple dimensions;

s404, calculating CRC of hardware information and system information of each dimension respectively;

s406, integrating CRC of multiple dimensions;

s408, generating a device fingerprint, wherein the device fingerprint is data obtained by CRC integration of multiple dimensions;

As shown in the above table, in an alternative embodiment of the present invention, the hardware information and the system information of the terminal device may be acquired from 11 dimensions. Dimensions 1-7 are hardware information and dimensions 8-11 are system information. In each dimension, any item of data content is acquired and accumulated to perform CRC check calculation. Thereby generating a CRC value for the current dimension. 11 dimensions generate 11 CRC values in total, wherein some dimensions are key information, the information is unique information of the device fingerprint, other information is environment change points of the terminal device, such as whether a machine refreshing behavior exists, whether a ROM refreshing behavior exists, whether a software installing behavior exists and the like under the condition that the fingerprint is unchanged. Here, 11 CRCs are organized and assembled by a data header, and a device fingerprint of the final reporting server is generated. Therefore, complete desensitization of the data of the reporting server is realized by calculating CRC. After the device fingerprint is reported to the server, the server can analyze according to the data head, and the server cannot reversely deduce the original data according to the reported CRC value because the device fingerprint is acquired by adopting a mode of calculating the CRC, so that the data security of the terminal device can be ensured.

As shown in fig. 5, the obtained device fingerprint may be compared with the device fingerprint for comparison to determine whether the same device is present according to the data in the hardware information 51, whether the network environment is changed according to the terminal device IP and the routing MAC in the system information 52, and whether the system of the terminal device is modified according to the sensor, the hardware environment, and the like in the system information.

The acquisition of a device fingerprint by means of calculating a CRC is illustrated below in connection with fig. 6.

When the hardware information of one dimension or the system information of one dimension includes a plurality of information items, if the hardware information of one dimension includes a CPU and memory information, S602 is executed to acquire the current information item, such as CPU information, when the hardware information of the dimension is acquired, it is determined whether the CPU information has been subjected to CRC calculation, if CRC calculation has not been performed, S604 is executed to encode the CRC generated from the one information item of the hardware information of one dimension and the current information item into a new CRC. It will be appreciated that in the case where the current information item is the first information item in the hardware information of this dimension, i.e. in the absence of a history item CRC, then the CRC is encoded in accordance with the current item. S606 is performed to determine whether an end condition is satisfied, that is, whether there is an information item for which CRC encoding is not performed in the hardware information of the dimension. For example, if there is memory information, S602-S604 are repeatedly executed, so as to obtain the CRC corresponding to the hardware information of the dimension. And (3) after the hardware information of each dimension in the hardware information of the plurality of dimensions is encoded, obtaining intermediate data after the hardware information of the corresponding dimension is encoded, executing S608, merging each intermediate data corresponding to the plurality of dimensions, and determining the merged CRC as the device fingerprint of the current terminal device. As shown in fig. 6, the device fingerprint A1A2A3A4 … … F1F2F3F4 includes hardware information of each dimension and encoded data of CRC encoded system information of each dimension, and when the device fingerprint is compared, it can be determined whether the CPU and the memory of the two devices are identical according to whether the encoded data are identical, taking the encoded data 0×a1a2a3a4 obtained by encoding the CPU and the memory information as an example.

In the embodiment of the invention, the hardware information is acquired in the first mode, so that the real hardware information of the terminal equipment can be obtained, the fingerprint of the equipment can resist the actions of machine refreshing, factory setting recovery and the like. For example, when the SIM card is available or the SIM card is not available, the data used for representing the hardware information in the device fingerprint can be kept unchanged; when the WLAN network exists and the WLAN network does not exist, the data used for representing the hardware information in the device fingerprint can be kept unchanged; when a GPRS network exists and a GPRS network does not exist, the data used for representing hardware information in the device fingerprint can be kept unchanged; before and after the ROOT terminal device, the data used for representing the hardware information in the device fingerprint can be kept unchanged; before the terminal equipment is restored to factory setting, after the terminal equipment is restored to factory setting, the data used for representing the hardware information in the equipment fingerprint can be kept unchanged; before formatting the SD card of the terminal equipment, after formatting the SD card of the terminal equipment, data used for representing hardware information in the equipment fingerprint can be kept unchanged; before the terminal equipment brushes the ROM, after the terminal equipment brushes the ROM (different versions of ROM), the data used for representing the hardware information in the equipment fingerprint can be kept unchanged; before and after the terminal equipment is changed by the one-key machine changing software, the data used for representing the hardware information in the equipment fingerprint can be kept unchanged; before and after restarting the terminal device, the data used for representing the hardware information in the device fingerprint can be kept unchanged; the system address randomization can also keep the data used for representing the hardware information in the device fingerprint unchanged, for example, android 9 mac address randomization and Android Q mac address randomization, and at this time, the hardware information cannot change, so that the data used for representing the hardware information in the device fingerprint can keep unchanged. It can be understood that in the embodiment of the present invention, whether the terminal devices are the same device is determined by the data representing the hardware information in the device fingerprint, so the above manner of changing the system or the software does not change the uniqueness of the generated device fingerprint indicating terminal devices.

An embodiment of the present invention will be further described by way of example with reference to fig. 7.

S702, acquiring hardware information of multiple dimensions and system information of multiple dimensions of a first terminal device; here, the hardware information of multiple dimensions is acquired through a first mode, so that the real hardware information is acquired through a first mode of accessing the kernel layer of the system, and the system information can be acquired through the first mode or through an API interface provided by the system for an application program. It may be appreciated that in the embodiment of the present invention, the device uniqueness needs to be determined by the field indicating the hardware information in the generated device fingerprint, so that the hardware information needs to be acquired in the first manner. The system information is used for judging whether the system environment of the terminal equipment changes or not, so that even if false system information is obtained by black product attack, the uniqueness identification of the terminal equipment according to the generated equipment fingerprint judgment is not affected.

S704, respectively encoding the hardware information of each dimension through a Cyclic Redundancy Check (CRC) algorithm to obtain corresponding intermediate data;

s706, coding the system information of each dimension through a Cyclic Redundancy Check (CRC) algorithm to obtain corresponding conversion data;

S708, combining the intermediate data and the conversion data according to a target order to obtain a first device fingerprint; here, the intermediate data and the conversion data may be sequentially combined according to a pre-configured order, thereby obtaining the first device fingerprint. The pre-configured order is used to indicate the order of the intermediate data corresponding to the hardware information of each dimension and the conversion data corresponding to the system information of each dimension in the device fingerprint.

S710, acquiring a second device fingerprint reported by a second terminal device; in the embodiment of the invention, the second device fingerprint can be acquired, so that whether the terminal devices indicated by the two fingerprints are the same terminal device or not is judged through the first device fingerprint and the second device fingerprint.

S712, determining that the second terminal device is the first terminal device under the condition that the first target field in the first device fingerprint is the same as the first target field in the second device fingerprint; here, since the hardware information is difficult to be tampered with, in the case where the first target field in the device fingerprint indicates that the hardware information is the same, it can be determined that the terminal devices indicated by the two device fingerprints are the same terminal device.

S714, determining, in the case that the first target field in the first device fingerprint and the first target field in the second device fingerprint are the same, a system environment change indicated by the system information of the corresponding dimension of the first terminal device according to the second target field different between the second device fingerprint and the first device fingerprint. In the embodiment of the invention, the device fingerprint comprises a first target field and a second target field, wherein the first target field is used for indicating hardware information, and the second target field is used for indicating system information, so that whether the terminals indicated by the two device fingerprints are the same device can be judged according to the first target field, and the change of the system environment indicated by the corresponding system information is determined according to the second target field, so that whether the terminal device is in a machine or not can be inferred.

It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present invention is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present invention. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required for the present invention.

According to another aspect of the embodiment of the present invention, there is also provided an apparatus for acquiring a device fingerprint for implementing the method for acquiring a device fingerprint described above. As shown in fig. 8, the apparatus includes: the first obtaining module 802 obtains hardware information of multiple dimensions of the first terminal device, where the hardware information of multiple dimensions is obtained by accessing a kernel layer of the first terminal device through a first mode, and the first mode is different from a mode of calling a first application programming interface, where the first application programming interface is an application programming interface provided by an operating system of the first terminal device for an application program; a first conversion module 804, configured to convert the hardware information of each dimension into intermediate data for identifying the hardware information of the corresponding dimension; a generating module 806, configured to generate a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension.

Optionally, the first obtaining module includes: the first mode comprises a mode of calling the system application programming interface in the target layer of the first terminal device. Here, the kernel layer may be accessed by calling a system application programming interface in a target layer of an operating system of the first terminal device, thereby acquiring hardware information. It will be appreciated that the system application programming interface in the target layer may access the kernel layer to obtain hardware information, and that the system application programming interface is different from the first application programming interface. Thus, the request sent to the first application programming interface by the black office and the like can be avoided from being subjected to HOOK.

Optionally, the calling unit is specifically configured to: a first system application programming interface of a target virtual machine layer of the first terminal equipment is called in a reflection mode to access a kernel layer of the first terminal equipment so as to acquire hardware information with multiple dimensions; or a second system application programming interface of the local framework layer of the first terminal device is called to access the kernel layer of the first terminal device so as to acquire hardware information with multiple dimensions. In the embodiment of the invention, the first system application programming interface of the target virtual machine dalvik layer can be called in a reflection calling mode, so that the hardware information is obtained. Or directly acquiring the hardware information through a second system application programming interface of the native layer of the local framework. In the embodiment of the invention, the hardware of the first terminal equipment is acquired by a lower-layer technical means, so that the technical means of conventional machine brushing and modification of the API of the mobile phone system can be avoided, and the correct hardware information is acquired.

Optionally, the first obtaining module includes: the first mode comprises a mode of reading the target file. In the embodiment of the invention, because the file recorded with the hardware information often exists in the terminal equipment, the hardware information can be obtained by reading the target file recorded with the hardware information in the kernel layer, thereby avoiding that the black product reports false hardware information through a HOOK means. Here, it is understood that the hardware information of multiple dimensions may be recorded in one object file or may be recorded in multiple object files, so that the hardware information of multiple dimensions may be obtained by reading each object file.

Optionally, the reading unit is specifically configured to: acquiring model information of a first terminal device, and determining a storage position of a first target file recorded with hardware information with multiple dimensions through a model information-hardware information storage position mapping relation; reading a first target file at a storage position to obtain hardware information of multiple dimensions; or determining a second target file recorded with hardware information of a plurality of dimensions in the files stored on the first terminal device; and reading the second target file to obtain hardware information with multiple dimensions. For terminal devices of different models, the locations of files storing hardware information may be different from each other, and in the embodiment of the present invention, a first target file storing hardware information may be determined according to model information of a first terminal device and a mapping relationship between model information and hardware information storage locations, so as to obtain hardware information recorded in the first target file. It may be understood that, for the mapping relationship between the model information and the hardware information storage location, the mapping relationship may be stored in the first terminal device, or after the model information is obtained, a request carrying the model information is sent to the server, and the server determines, according to the mapping relationship between the model information and the hardware information storage location and the model information carried in the request sent by the first terminal device, the storage location of the file storing the hardware information, and sends the storage location to the first terminal device, so that the first terminal device may obtain the first target file according to the storage location. It may be understood that in the embodiment of the present invention, there may be a plurality of storage locations of the first target file storing the hardware information, where the storage locations are determined according to the mapping relationship between model information and hardware information storage locations, and in the case where there are a plurality of storage locations, the file at each storage location may be read, so that the hardware information is obtained. It will be appreciated that, since the file recording the hardware information is stored in the first terminal device, in an alternative embodiment of the present invention, the hardware information recorded in the second target file may also be obtained by traversing the file stored in the first terminal device.

Optionally, the first obtaining module includes: the operation unit is used for operating a state check command for acquiring the hardware state of the first terminal equipment to access the kernel layer of the first terminal equipment, wherein the hardware state comprises hardware information with multiple dimensions, and the first mode comprises a mode of operating the state check command; the first acquisition unit is used for acquiring hardware information with multiple dimensions from state information fed back by the first terminal equipment in response to the state checking command, wherein the state information carries the hardware information with multiple dimensions. Here, a state check command matched with the operation instruction of the first terminal device may also be executed, so that the hardware information is obtained according to the state information fed back by the operating system in response to the state check command. Taking an android system as an example, the hardware information can be directly obtained by calling a linux command line.

Optionally, the first obtaining module includes: the detection unit is used for detecting vulnerability information of the first terminal equipment; the second acquisition unit is used for acquiring the system authority through the target vulnerability when the vulnerability information indicates that the first terminal equipment has the target vulnerability for providing the system authority for the application program on the first terminal equipment; the third obtaining unit is configured to access the kernel layer of the first terminal device through the authority of the system accessing the first terminal device, where the authority of the system is configured by the system authority, so as to obtain hardware information in multiple dimensions, and the first mode includes a mode of obtaining the authority of the system through a target vulnerability. Here, in the case that the operating system of the first terminal device has a system vulnerability, the authority for accessing the kernel layer may be obtained through the system vulnerability, so that the hardware information may be directly obtained.

Optionally, the first conversion module includes: the conversion unit is used for obtaining corresponding intermediate data through cyclic redundancy check CRC algorithm coding on the hardware information of each dimension. In the embodiment of the invention, the hardware information can be encoded through a cyclic redundancy check CRC (Cyclic Redundancy Check) algorithm, so that intermediate data is obtained. It can be understood that intermediate data obtained by encoding through a Cyclic Redundancy Check (CRC) algorithm cannot be reversely decoded to obtain data before encoding, so that data desensitization can be realized, data of a user are protected, and intermediate data for generating equipment fingerprints can be obtained according to real hardware information conversion. In an alternative embodiment of the present invention, the hardware information may also be encoded by an MD5Message-Digest Algorithm (MD 5Message-Digest Algorithm) to obtain intermediate data.

Optionally, the generating module includes: and a fourth obtaining unit, configured to combine the intermediate data according to a target order to obtain a first device fingerprint, where the first device fingerprint carries first target fields, which are the same as the intermediate data in number and are used to identify hardware information of each dimension, and the target order is used to indicate the dimension of the hardware information corresponding to each first target field. In the embodiment of the invention, the intermediate data are combined according to the target order to obtain the first equipment fingerprint, so that the order of the intermediate data corresponding to the hardware information of each dimension in the obtained first equipment fingerprint in the equipment fingerprint is the same, and the first target fields in the fingerprints of different equipment can be compared, thereby judging whether the hardware information of the corresponding dimension is the same. It can be understood that, because the hardware information is not easy to be tampered, it can be determined that the devices represented by the two device fingerprints are the same device when the first target fields corresponding to the hardware information in each dimension are the same. For the combined approach, the target data may be added to the target data structure in the target order.

Optionally, the apparatus further includes: the second acquisition module is used for acquiring system information of multiple dimensions of the first terminal equipment; the second conversion module is used for respectively converting the system information of each dimension into conversion data for identifying the system information of the corresponding dimension;

the generation module includes: the generating unit is used for generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension and the converted data obtained by converting the system information of each dimension, wherein the first device fingerprint carries first target fields which are the same in number as the intermediate data and used for identifying the hardware information of each dimension, and second target fields which are the same in number as the converted data and used for representing the system information of each dimension.

Optionally, the apparatus further includes: the third acquisition module is used for acquiring a second device fingerprint reported by the second terminal device; and the first determining module is used for determining the second terminal equipment as the first terminal equipment under the condition that the first target field in the first equipment fingerprint is the same as the first target field in the second equipment fingerprint. In the embodiment of the invention, when the second device fingerprint is acquired, the second terminal device and the first terminal device can be determined to be the same terminal device by comparing the first target field in the second device fingerprint with the first target field in the first device fingerprint, and the terminal device can be distinguished according to the hardware information identified by the first target field in the device fingerprint.

Optionally, the apparatus further includes: the comparison module is used for comparing the second target field in the second device fingerprint with the second target field in the first device fingerprint; and the second determining module is used for determining the system environment change indicated by the system information of the corresponding dimension of the first terminal equipment according to the second different target fields between the second equipment fingerprint and the first equipment fingerprint under the condition that the first target fields in the first equipment fingerprint and the first target fields in the second equipment fingerprint are the same. In the embodiment of the invention, under the condition that the first target fields are the same, the second terminal equipment can be determined to be the first terminal equipment, and further, whether the system of the first terminal equipment changes or not can be determined according to the difference between the second target fields in the second equipment fingerprint and the second target fields in the first equipment fingerprint, so that whether the current system environment has the behavior of machine brushing or not can be judged. It will be appreciated that this step may be performed by the first terminal device or by the server. It may be appreciated that in the case where the first target field in the first device fingerprint is the same as the first target field in the second device fingerprint, and the second target field of the second device fingerprint is the same as the second target field of the first device fingerprint, it may be determined that the system environment indicated by the system information of the first terminal device has not changed. It will be appreciated that the second target field can only indicate whether the system information corresponding to the second target field has changed.

According to a further aspect of the embodiments of the present invention, there is also provided an electronic device for implementing the method of obtaining a device fingerprint as described above, as shown in fig. 9, the electronic device comprising a memory 902 and a processor 904, the memory 902 having stored therein a computer program, the processor 904 being arranged to perform the steps of any of the method embodiments described above by means of the computer program.

Alternatively, in this embodiment, the electronic apparatus may be located in at least one network device of a plurality of network devices of the computer network.

Alternatively, in the present embodiment, the above-described processor may be configured to execute the following steps by a computer program:

s1, acquiring hardware information of multiple dimensions of a first terminal device, wherein the hardware information of the multiple dimensions is acquired by accessing a kernel layer of the first terminal device through a first mode, the first mode is different from a mode of calling a first application programming interface, and the first application programming interface is an application programming interface provided by an operating system of the first terminal device for an application program;

s2, respectively converting the hardware information of each dimension into intermediate data for identifying the hardware information of the corresponding dimension;

And S3, generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension.

Alternatively, it will be understood by those skilled in the art that the structure shown in fig. 9 is only schematic, and the electronic device may also be a terminal device such as a smart phone (e.g. an Android phone, an iOS phone, etc.), a tablet computer, a palm computer, and a mobile internet device (Mobile Internet Devices, MID), a PAD, etc. Fig. 9 is not limited to the structure of the electronic device. For example, the electronic device may also include more or fewer components (e.g., network interfaces, etc.) than shown in FIG. 9, or have a different configuration than shown in FIG. 9.

The memory 902 may be used to store software programs and modules, such as program instructions/modules corresponding to the method and apparatus for acquiring a device fingerprint in the embodiment of the present invention, and the processor 904 executes the software programs and modules stored in the memory 902, thereby executing various functional applications and data processing, that is, implementing the method for acquiring a device fingerprint as described above. The memory 902 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 902 may further include memory remotely located relative to the processor 904, which may be connected to the terminal via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The memory 902 may be used to store, but is not limited to, information such as a first device fingerprint. As an example, as shown in fig. 9, the memory 902 may include, but is not limited to, a first acquiring module 802, a first converting module 804, and a generating module 806 in the acquiring apparatus including the device fingerprint. In addition, other module units in the device fingerprint acquisition apparatus may be included, but are not limited to, and are not described in detail in this example.

Optionally, the transmission device 906 is used to receive or transmit data via a network. Specific examples of the network described above may include wired networks and wireless networks. In one example, the transmission means 906 includes a network adapter (Network Interface Controller, NIC) that can connect to other network devices and routers via a network cable to communicate with the internet or a local area network. In one example, the transmission device 906 is a Radio Frequency (RF) module for communicating wirelessly with the internet.

In addition, the electronic device further includes: a display 908 for displaying the first device fingerprint; and a connection bus 910 for connecting the respective module parts in the above-described electronic device.

According to a further aspect of embodiments of the present invention there is also provided a storage medium having stored therein a computer program, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.

Alternatively, in the present embodiment, the above-described storage medium may be configured to store a computer program for performing the steps of:

Alternatively, in this embodiment, it will be understood by those skilled in the art that all or part of the steps in the methods of the above embodiments may be performed by a program for instructing a terminal device to execute the steps, where the program may be stored in a computer readable storage medium, and the storage medium may include: flash disk, read-Only Memory (ROM), random-access Memory (Random Access Memory, RAM), magnetic or optical disk, and the like.

The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.

The integrated units in the above embodiments may be stored in the above-described computer-readable storage medium if implemented in the form of software functional units and sold or used as separate products. Based on such understanding, the technical solution of the present invention may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing one or more computer devices (which may be personal computers, servers or network devices, etc.) to perform all or part of the steps of the method described in the embodiments of the present invention.

In the foregoing embodiments of the present invention, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.

In several embodiments provided in the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, such as the division of the units, is merely a logical function division, and may be implemented in another manner, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention, which are intended to be comprehended within the scope of the present invention.

Claims

1. A method for obtaining a device fingerprint, comprising:

acquiring hardware information of multiple dimensions of a first terminal device, wherein the hardware information of the multiple dimensions is acquired by accessing a kernel layer of the first terminal device in a first mode, and the first mode comprises: invoking a system application programming interface in a target layer to access the kernel layer, reading a target file recorded with hardware information in the kernel layer, and running a state checking command matched with an operation instruction of the first terminal equipment to acquire state information carrying the hardware information, wherein the first mode is different from a mode of invoking a first application programming interface, and the first application programming interface is an application programming interface provided by an operation system of the first terminal equipment for an application program;

Respectively converting the hardware information of each dimension into intermediate data for identifying the hardware information of the corresponding dimension;

and generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension.

2. The method according to claim 1, wherein the obtaining hardware information of multiple dimensions of the first terminal device includes:

invoking the system application programming interface in the target layer of the first terminal device to access a kernel layer of the first terminal device to obtain the hardware information of the multiple dimensions, wherein the system application programming interface in the target layer is used for accessing the hardware information in the kernel layer, and the first mode comprises invoking the system application programming interface in the target layer.

3. The method of claim 2, wherein the invoking the system application programming interface in the target layer of the first terminal device to access the kernel layer of the first terminal device to obtain the hardware information of the plurality of dimensions comprises:

A first system application programming interface of a target virtual machine layer of the first terminal equipment is called in a reflection mode to access a kernel layer of the first terminal equipment so as to acquire hardware information of multiple dimensions; or (b)

And calling a second system application programming interface of the local framework layer of the first terminal equipment to access the kernel layer of the first terminal equipment so as to acquire the hardware information of the multiple dimensions.

4. The method according to claim 1, wherein the obtaining hardware information of multiple dimensions of the first terminal device includes:

and reading the target file recorded with the hardware information of the multiple dimensions in the kernel layer of the first terminal equipment, and obtaining the hardware information of the multiple dimensions of the first terminal equipment, wherein the first mode comprises a mode of reading the target file.

5. The method according to claim 4, wherein the reading the target file in which the hardware information of multiple dimensions is recorded in the kernel layer of the first terminal device, and obtaining the hardware information of multiple dimensions of the first terminal device, includes:

acquiring model information of the first terminal equipment, and determining the storage position of a first target file recorded with the hardware information of multiple dimensions through a model information-hardware information storage position mapping relation; reading the first target file at the storage position to obtain hardware information of the multiple dimensions; or (b)

Determining a second target file recorded with the hardware information of the multiple dimensions in the files stored on the first terminal device; and reading the second target file to obtain the hardware information of the multiple dimensions.

6. The method according to claim 1, wherein the obtaining hardware information of multiple dimensions of the first terminal device includes:

operating the state checking command for acquiring the hardware state of the first terminal device to access a kernel layer of the first terminal device, wherein the hardware state comprises hardware information of the plurality of dimensions, and the first mode comprises a mode of operating the state checking command;

and obtaining the hardware information of the multiple dimensions from the state information fed back by the first terminal equipment in response to the state checking command, wherein the state information carries the hardware information of the multiple dimensions.

7. The method according to claim 1, wherein the obtaining hardware information of multiple dimensions of the first terminal device includes:

detecting vulnerability information of the first terminal equipment;

acquiring the system authority through the target vulnerability under the condition that the vulnerability information indicates that the first terminal equipment has the target vulnerability for providing the system authority for the application program on the first terminal equipment;

And accessing a kernel layer of the first terminal equipment through the authority of the system for accessing the first terminal equipment, which is configured by the system authority, so as to acquire the hardware information with multiple dimensions, wherein the first mode comprises a mode of acquiring the system authority through the target vulnerability.

8. The method according to any one of claims 1 to 7, wherein the converting the hardware information for each dimension into intermediate data for identifying the hardware information for the corresponding dimension, respectively, comprises:

and respectively encoding the hardware information of each dimension through a Cyclic Redundancy Check (CRC) algorithm to obtain the corresponding intermediate data.

9. The method of claim 8, wherein the generating the first device fingerprint for identifying the first terminal device based on the intermediate data converted from the hardware information for each dimension comprises:

and combining the intermediate data according to a target order to obtain the first equipment fingerprint, wherein the first equipment fingerprint carries first target fields which are the same in number as the intermediate data and are used for identifying the hardware information of each dimension, and the target order is used for indicating the dimension of the hardware information corresponding to each first target field.

10. The method according to any one of claims 1 to 7, further comprising:

acquiring system information of multiple dimensions of the first terminal equipment; converting the system information of each dimension into conversion data for identifying the system information of the corresponding dimension;

generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension comprises: generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension and the converted data obtained by converting the system information of each dimension, wherein the first device fingerprint carries first target fields for identifying the hardware information of each dimension, which are the same as the intermediate data in number, and second target fields for representing the system information of each dimension, which are the same as the converted data in number.

11. The method of claim 10, wherein after generating a first device fingerprint for identifying the first terminal device from the intermediate data, the method further comprises:

Acquiring a second equipment fingerprint reported by second terminal equipment;

and determining the second terminal equipment as the first terminal equipment under the condition that the first target field in the first equipment fingerprint is the same as the first target field in the second equipment fingerprint.

12. The method of claim 11, wherein after obtaining the second device fingerprint reported by the second terminal device, the method further comprises:

comparing the second target field in the second device fingerprint with the second target field in the first device fingerprint;

and under the condition that the first target field in the first equipment fingerprint is the same as the first target field in the second equipment fingerprint, determining the system environment change indicated by the system information of the corresponding dimension of the first terminal equipment according to the second target field which is different between the second equipment fingerprint and the first equipment fingerprint.

13. An apparatus for obtaining a device fingerprint, comprising:

a first acquisition module for acquiring hardware information of multiple dimensions of the first terminal device, wherein,

the hardware information of the multiple dimensions is obtained by accessing a kernel layer of the first terminal device in a first mode, wherein the first mode comprises: invoking a system application programming interface in a target layer to access the kernel layer, reading a target file recorded with hardware information in the kernel layer, running a state checking command matched with an operation instruction of the first terminal equipment, and acquiring state information carrying the hardware information, accessing the kernel layer through a target vulnerability on the first terminal equipment, wherein the first mode is different from a mode of invoking a first application programming interface, and the first application programming interface is an application programming interface provided by an operation system of the first terminal equipment for an application program;

The first conversion module is used for respectively converting the hardware information of each dimension into intermediate data for identifying the hardware information of the corresponding dimension;

and the generating module is used for generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension.

14. The apparatus of claim 13, wherein the first acquisition module comprises:

the first mode includes a mode of calling the system application programming interface in the target layer of the first terminal device to access a kernel layer of the first terminal device to obtain the hardware information of the multiple dimensions, wherein the system application programming interface in the target layer is used for accessing the hardware information in the kernel layer.

15. The apparatus of claim 14, wherein the calling unit is configured to:

16. The apparatus of claim 13, wherein the first acquisition module comprises:

the first mode comprises a mode of reading the target file.

17. The apparatus of claim 16, wherein the reading unit is configured to:

18. The apparatus of claim 13, wherein the first acquisition module comprises:

an operation unit, configured to operate the state view command for obtaining a hardware state of the first terminal device to access a kernel layer of the first terminal device, where the hardware state includes hardware information of the multiple dimensions, and the first mode includes a mode of operating the state view command;

the first obtaining unit is configured to obtain, from the state information fed back by the first terminal device in response to the state viewing command, the hardware information of the multiple dimensions, where the state information carries the hardware information of the multiple dimensions.

19. The apparatus of claim 13, wherein the first acquisition module comprises:

the detection unit is used for detecting vulnerability information of the first terminal equipment;

the second obtaining unit is used for obtaining the system authority through the target vulnerability when the vulnerability information indicates that the first terminal equipment has the target vulnerability for providing the system authority for the application program on the first terminal equipment;

the third obtaining unit is configured to access the kernel layer of the first terminal device through the authority of the system accessing the first terminal device, where the authority of the system is configured by the system authority, so as to obtain the hardware information in multiple dimensions, and the first mode includes a mode of obtaining the system authority through the target vulnerability.

20. The apparatus of any one of claims 13 to 19, wherein the first conversion module comprises:

and the conversion unit is used for respectively encoding the hardware information of each dimension through a Cyclic Redundancy Check (CRC) algorithm to obtain the corresponding intermediate data.

21. The apparatus of claim 20, wherein the generating means comprises:

and a fourth obtaining unit, configured to combine the intermediate data according to a target order to obtain the first device fingerprint, where the first device fingerprint carries first target fields that are the same as the intermediate data in number and are used to identify the hardware information of each dimension, and the target order is used to indicate the dimension of the hardware information corresponding to each first target field.

22. The apparatus according to any one of claims 13 to 19, further comprising:

the second acquisition module is used for acquiring system information of multiple dimensions of the first terminal equipment; converting the system information of each dimension into conversion data for identifying the system information of the corresponding dimension;

the generation module further includes: the generating unit is configured to generate a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension, where the generating unit includes: generating a first device fingerprint for identifying the first terminal device according to the intermediate data obtained by converting the hardware information of each dimension and the converted data obtained by converting the system information of each dimension, wherein the first device fingerprint carries first target fields for identifying the hardware information of each dimension, which are the same as the intermediate data in number, and second target fields for representing the system information of each dimension, which are the same as the converted data in number.

23. The apparatus of claim 22, wherein the apparatus further comprises:

the third acquisition module is used for acquiring a second device fingerprint reported by the second terminal device;

and the first determining module is used for determining the second terminal equipment as the first terminal equipment under the condition that the first target field in the first equipment fingerprint is the same as the first target field in the second equipment fingerprint.

24. The apparatus of claim 23, wherein the apparatus further comprises:

a comparison module for comparing the second target field in the second device fingerprint with the second target field in the first device fingerprint;

and the second determining module is used for determining the system environment change indicated by the system information of the corresponding dimension of the first terminal equipment according to the second different target fields between the second equipment fingerprint and the first equipment fingerprint under the condition that the first target fields in the first equipment fingerprint and the first target fields in the second equipment fingerprint are the same.

25. A storage medium comprising a stored program, wherein the program when run performs the method of any one of the preceding claims 1 to 12.

26. An electronic device comprising a memory and a processor, characterized in that the memory has stored therein a computer program, the processor being arranged to execute the method according to any of the claims 1 to 12 by means of the computer program.