CN111131300A - Communication method, terminal and server - Google Patents

Communication method, terminal and server Download PDF

Info

Publication number
CN111131300A
CN111131300A CN201911407635.2A CN201911407635A CN111131300A CN 111131300 A CN111131300 A CN 111131300A CN 201911407635 A CN201911407635 A CN 201911407635A CN 111131300 A CN111131300 A CN 111131300A
Authority
CN
China
Prior art keywords
server
terminal
token
identification information
mac
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911407635.2A
Other languages
Chinese (zh)
Other versions
CN111131300B (en
Inventor
王子翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Queclink Wireless Solutions Co Ltd
Original Assignee
Queclink Wireless Solutions Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Queclink Wireless Solutions Co Ltd filed Critical Queclink Wireless Solutions Co Ltd
Priority to CN201911407635.2A priority Critical patent/CN111131300B/en
Publication of CN111131300A publication Critical patent/CN111131300A/en
Application granted granted Critical
Publication of CN111131300B publication Critical patent/CN111131300B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention provides a communication method, a terminal and a server, which are applied to a network consisting of the server and the terminal, wherein the method comprises the following steps: sending the identification information to a server; receiving MAC information fed back by the server according to the identification information; comparing the MAC information with a locally stored MAC label, if the comparison result is matched, determining that the security authentication between the MAC information and the server is passed, and sending a verification passing request to the server; and establishing communication with the server through the token sent by the server. By the method, the data transmission safety between the server and the terminal can be effectively improved.

Description

Communication method, terminal and server
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a communication method, a terminal and a server.
Background
With the rapid development of the internet of things industry, the data interaction amount between the internet of things terminal and the server is also larger and larger.
In the prior art, a secret key sharing mode is generally adopted to encrypt data transmitted between an internet of things terminal and a server. However, the encryption mode easily causes key leakage, so that the terminal and the server of the internet of things are attacked by hackers, and the security of data transmission is threatened.
Disclosure of Invention
The embodiment of the invention provides a communication method, a terminal and a server, and aims to solve the problem that in the prior art, the data transmission safety between the terminal and the server is poor.
The first aspect of the present invention provides a communication method, applied in a network formed by a server and a terminal, the method comprising:
sending the identification information to a server;
receiving MAC information fed back by the server according to the identification information;
comparing the MAC information with a locally stored MAC label, if the comparison result is matched, determining that the security authentication between the MAC information and the server is passed, and sending a verification passing request to the server;
and establishing communication with the server through the token sent by the server.
In one possible design, the sending the identification information to the server includes:
sending an HTTP request to the server, wherein the HTTP request contains identification information of the terminal, and the identification information comprises: the equipment IMEI number.
In one possible design, before sending the identification information to the server, the method further includes:
and finishing the information registration of the terminal in the server.
In one possible design, the completing, in the server, information registration of the terminal includes:
performing initialization activation setting through a serial port tool;
sending the matched key and the equipment information of the terminal to the server; the device information comprises the identification information;
and receiving and storing the MAC label sent by the server.
In one possible design, establishing communication with the server via a token sent by the server includes:
receiving a token sent by the server according to the verification passing request;
a connection request sent to the server, wherein the connection request comprises the token;
and after the server verifies that the connection request passes according to the corresponding relation between the token and the terminal stored in the database of the server, establishing communication with the server.
In one possible design, before the connection request sent to the server, the method further includes:
and detecting whether the validity period of the token is expired, and if so, re-performing security authentication with the server.
In one possible design, further comprising:
encrypting the service data by adopting a symmetric encryption algorithm to obtain encrypted data;
and sending the encrypted data to the server.
The second aspect of the present invention provides a communication method, applied to a network formed by a server and a terminal, the method including:
receiving identification information sent by a terminal;
verifying the identification information, and if the identification information passes the verification, sending MAC information to the terminal;
receiving a verification passing request fed back by the terminal;
sending a token to the terminal according to the verification passing request;
and establishing communication with the terminal by checking the token carried by the terminal during access.
In one possible design, before verifying the identification information, the method further includes:
receiving a matching key sent by the terminal and equipment information of the terminal, and finishing registration of the terminal;
generating a MAC label by a hashing algorithm and the matching key according to label parameters of the server, the label parameters including: the MAC address of the service, the serial number of the mainboard;
and sending the MAC label to the terminal.
In one possible design, further comprising: storing the corresponding relation between the token and the terminal in a database; the establishing communication with the terminal by checking the token carried by the terminal during access comprises:
receiving a connection request sent by the terminal;
extracting the token from the connection request;
and checking the extracted token according to the corresponding relation between the token and the terminal stored in the database of the token, and if the check is passed and the validity period of the token is not expired, establishing communication with the terminal.
In one possible design, further comprising:
receiving encrypted data sent by the terminal;
and decrypting the encrypted data through a symmetric encryption algorithm to obtain service data.
A third aspect of the present invention provides a terminal, comprising:
a transceiver for transmitting the identification information to the server; receiving MAC information fed back by the server according to the identification information;
the processor is used for comparing the MAC information with a locally stored MAC label, if the comparison result is matched, the security authentication between the processor and the server is determined to be passed, and a verification passing request is sent to the server; and establishing communication with the server through the token sent by the server.
In one possible design, the transceiver is specifically configured to:
sending an HTTP request to the server, wherein the HTTP request contains identification information of the terminal, and the identification information comprises: the equipment IMEI number.
In one possible design, the processor is further to:
and finishing the information registration of the terminal in the server.
In one possible design, the processor is specifically configured to:
performing initialization activation setting through a serial port tool;
sending the matched key and the equipment information of the terminal to the server; the device information comprises the identification information;
and receiving and storing the MAC label sent by the server.
In one possible design, the processor is specifically configured to:
receiving a token sent by the server according to the verification passing request;
a connection request sent to the server, wherein the connection request comprises the token;
and after the server verifies that the connection request passes according to the corresponding relation between the token and the terminal stored in the database of the server, establishing communication with the server.
In one possible design, the processor is further configured to:
and detecting whether the validity period of the token is expired, and if so, re-performing security authentication with the server.
In one possible design, the processor is further configured to:
encrypting the service data by adopting a symmetric encryption algorithm to obtain encrypted data;
and sending the encrypted data to the server.
A fourth aspect of the present invention provides a server comprising:
the transceiver is used for receiving the identification information sent by the terminal;
the processor is used for verifying the identification information, and if the identification information passes the verification, the processor sends MAC information to the terminal;
the transceiver is used for receiving the verification passing request fed back by the terminal; sending a token to the terminal according to the verification passing request;
and the processor is used for establishing communication with the terminal by checking the token carried by the terminal during access.
In one possible design of the system, the system may be,
the transceiver is also used for receiving the matching key sent by the terminal and the equipment information of the terminal and finishing the registration of the terminal;
a processor further configured to generate a MAC tag by a hashing algorithm and the matching key according to tag parameters of the server, the tag parameters including: the MAC address of the service, the serial number of the mainboard;
a transceiver further configured to transmit the MAC tag to the terminal.
In one possible design, the processor is specifically configured to:
storing the corresponding relation between the token and the terminal in a database;
receiving a connection request sent by the terminal;
extracting the token from the connection request;
and checking the extracted token according to the corresponding relation between the token and the terminal stored in the database of the token, and if the check is passed and the validity period of the token is not expired, establishing communication with the terminal.
In one possible design of the system, the system may be,
the transceiver is also used for receiving the encrypted data sent by the terminal;
the processor is further configured to decrypt the encrypted data through a symmetric encryption algorithm to obtain service data.
A fifth aspect of the present invention provides an electronic apparatus comprising: a memory and a processor; the memory has stored therein a computer program, and the processing is for executing the communication method according to any one of the first aspect when the processor executes the computer program stored in the memory.
A sixth aspect of the present invention provides a service platform, comprising: a memory and a processor; the memory has stored therein a computer program, and the processing is for executing the communication method according to any one of the second aspect when the processor executes the computer program stored in the memory.
A seventh aspect of the present invention provides a storage medium having stored thereon a computer program comprising: which program, when executed by a processor, implements the communication method of any one of the first aspect.
An eighth aspect of the present invention provides a storage medium having stored thereon a computer program comprising: which program, when executed by a processor, implements the communication method of any one of the second aspects.
The communication method, the terminal and the server provided by the invention are applied to a network consisting of the server and the terminal, and the identification information is sent to the server; receiving MAC information fed back by the server according to the identification information; comparing the MAC information with a locally stored MAC label, if the comparison result is matched, determining that the security authentication between the MAC information and the server is passed, and sending a verification passing request to the server; and establishing communication with the server through the token sent by the server. By the method, the data transmission safety between the server and the terminal can be effectively improved.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the following briefly introduces the drawings needed to be used in the description of the embodiments or the prior art, and obviously, the drawings in the following description are some embodiments of the present invention, and those skilled in the art can obtain other drawings according to the drawings without inventive labor.
Fig. 1 is a schematic view of a communication method according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a communication method according to an embodiment of the present application;
fig. 3 is a flowchart of a communication method according to a second embodiment of the present invention;
fig. 4 is a flowchart of a communication method according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of a terminal according to a fourth embodiment of the present invention;
fig. 6 is a schematic structural diagram of a server according to a fifth embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
With the rapid development of the internet of things industry, the data interaction amount between the internet of things terminal and the server is also larger and larger.
In the prior art, a secret key sharing mode is generally adopted to encrypt data transmitted between an internet of things terminal and a server. However, the encryption mode easily causes key leakage, so that the terminal and the server of the internet of things are attacked by hackers, and the security of data transmission is threatened.
In order to solve the above problem, embodiments of the present application provide a communication method, an apparatus, a terminal, and a storage medium, so as to solve the problem in the prior art that security of data transmission between a terminal and a server is poor.
Fig. 1 is a scene schematic diagram of a communication method according to an embodiment of the present application. As shown in fig. 1, the terminal device 10 and the server 20 are included. The terminal device 10 and the server 20 perform double authentication through the unique identification information of the terminal device and the MAC information of the server, so that the data transmission security between the server and the terminal can be effectively improved. The unique identification may be a device IMEI number, or other unique identification.
The Terminal device 10 may also be referred to as an internet of things Terminal, a Terminal, a User Equipment (UE), a Mobile Station (MS), a Mobile Terminal (MT), or the like. The terminal device 10 may be a mobile phone (mobile phone), a tablet (pad), a computer with a wireless transceiving function, a Virtual Reality (VR) terminal device, an Augmented Reality (AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in self driving (self driving), a wireless terminal in remote surgery (remote medical supply), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety (transportation safety), a wireless terminal in smart city (smart city), a wireless terminal in smart home (smart home), and the like.
In an alternative embodiment, the terminal device 10 may include a transceiver and a processor. A transceiver for transmitting the identification information to the server; receiving MAC information fed back by the server according to the identification information; the processor is used for comparing the MAC information with the MAC label stored locally, if the comparison result is matched, the security authentication between the processor and the server is confirmed to be passed, and a verification passing request is sent to the server; and establishing communication with the server through the token sent by the server.
The server 20 may be a cloud service platform, an IOT platform, an internet of things platform, a service platform, or the like, and the server 20 may establish connection with a plurality of terminal devices 10 and perform authentication.
It should be noted that the application scenario in the technical solution of the present application may be the application scenario in fig. 1, but is not limited to this, and may also be applied to other scenarios that need to perform communication.
The following describes in detail the technical solutions of the embodiments of the present application with specific embodiments, taking a terminal device integrated or installed with a relevant execution code as an example. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
Fig. 2 is a flowchart of a communication method according to an embodiment of the present application, where the embodiment may be applied to a network composed of a server and a terminal. As shown in fig. 2, the method includes:
s101, sending identification information to a server.
In this embodiment, the internet of things terminal sends an HTTP request to the server, where the HTTP request includes identification information of the terminal, and the identification information includes: the equipment IMEI number.
Specifically, the terminal of the internet of things transmits the unique identifier of the terminal through an HTTP request, and the unique identifier may be an IMEI number of the device or another unique identifier. This identification will serve as the basis for a secure authentication with the server.
Preferably, before sending the identification information to the server, the method further includes: and finishing the information registration of the terminal in the server. Initialization activation setting can be carried out through a serial port tool; sending the matched key and the equipment information of the terminal to a server; the equipment information comprises identification information; and receiving and storing the MAC label sent by the server.
Specifically, the terminal of the internet of things performs initialization activation setting through a serial port tool, and the terminal of the internet of things sends a matching key and equipment information to a server for matching registration. After the registration is successful, the server sends a series of label parameters such as the MAC address of the server, the mainboard serial number and the like to generate an MAC label to the terminal of the Internet of things by using a hash algorithm and a shared public key, and the terminal of the Internet of things stores the MAC label locally.
And S102, receiving the MAC information fed back by the server according to the identification information.
In this embodiment, the server may verify the identification information, and after the verification is passed, the server may feed back the MAC information to the terminal of the internet of things. And the terminal of the Internet of things receives the MAC information returned by the server and verifies the MAC information at the end of the Internet of things.
S103, comparing the MAC information with the MAC label stored locally, if the comparison result is matched, determining that the security authentication between the server and the MAC label is passed, and sending a verification passing request to the server.
In this embodiment, the terminal of the internet of things compares the MAC information returned by the server with the MAC tag locally stored during the initialization activation, and authenticates the server. And if the security authentication passes, sending a verification passing request to the server.
And S104, establishing communication with the server through the token sent by the server.
In the embodiment, the internet of things terminal receives a token sent by the server according to the verification passing request; and sending a connection request to the server, wherein the connection request comprises a token. The server checks the extracted token according to the corresponding relation between the token and the terminal stored in the database of the server, and if the check is passed and the validity period of the token is not expired, communication with the terminal is established.
Specifically, the internet of things terminal sends a verification passing request to the server again, the server authentication module responds and returns a token (token), the server authentication module maintains the relationship between the token and the internet of things terminal in a redis database, the token needs to be taken each time the internet of things terminal is connected, and the server conducts verification through the token. After the authentication is passed, the terminal of the internet of things is connected to the server through the TCP protocol, and the connection does not need to be authenticated again, so that the waste of server resources is greatly reduced.
Preferably, before the connection request sent to the server, the method further includes: and detecting whether the valid period of the token is expired, and if so, re-performing security authentication with the server.
In particular, the token has a validity period, and therefore it is necessary to detect whether the validity period of the token has expired before the connection request sent to the server. If the token is valid, the terminal of the Internet of things is connected to the server through the TCP protocol, and at the moment, the connection does not need to be authenticated again, so that the waste of server resources is greatly reduced. And if the server is expired, carrying out security authentication with the server again according to the steps.
Preferably, a symmetric encryption algorithm is adopted to encrypt the service data to obtain encrypted data; the encrypted data is sent to the server.
Specifically, in order to prevent data leakage in the data transmission process, when data transmission is performed between the internet of things terminal and the server, all data sending parties encrypt data to be sent by using a symmetric encryption algorithm before data transmission, and a data receiving party decrypts the received encrypted data by using a data decryption algorithm, so that the data security can be effectively improved.
The embodiment is applied to a network consisting of a server and a terminal, and identification information is sent to the server; receiving MAC information fed back by the server according to the identification information; comparing the MAC information with a locally stored MAC label, if the comparison result is matched, determining that the security authentication between the server and the MAC label passes, and sending a verification passing request to the server; and establishing communication with the server through the token sent by the server. By the method, the data transmission safety between the server and the terminal can be effectively improved.
Fig. 3 is a flowchart of a communication method according to a second embodiment of the present invention, and as shown in fig. 3, the method in this embodiment may include:
s201, receiving the identification information sent by the terminal.
In this embodiment, the server receives the unique identifier sent by the terminal, where the unique identifier may be an IMEI number of the device, or another unique identifier. This identification will serve as the basis for a secure authentication with the server.
S202, the identification information is verified, and if the identification information passes the verification, the MAC information is sent to the terminal.
In this embodiment, the server may verify the identification information, and if the verification passes, send the MAC information of the server to the terminal. The MAC information of the server is provided to the terminal so that the terminal can perform authentication.
Preferably, before verifying the identification information, the method further comprises: receiving a matching key and equipment information of the terminal sent by the terminal, and finishing the registration of the terminal; generating a MAC label by a hashing algorithm and a matching key according to label parameters of a server, wherein the label parameters comprise: MAC address of service, motherboard serial number.
Specifically, the terminal of the internet of things performs initialization activation setting through a serial port tool, and the terminal of the internet of things sends a matching key and equipment information to a server for matching registration. After the registration is successful, the server sends a series of label parameters such as the MAC address of the server, the mainboard serial number and the like to generate an MAC label to the terminal of the Internet of things by using a hash algorithm and a shared public key, and the terminal of the Internet of things stores the MAC label locally.
And S203, receiving a verification passing request fed back by the terminal.
In this embodiment, the terminal compares the MAC information returned by the server with the MAC locally stored when the server is initialized and activated, and authenticates the server. And if the security authentication passes, sending a verification passing request to the server. And the server receives a verification passing request fed back by the terminal.
And S204, sending the token to the terminal according to the verification passing request.
In this embodiment, the server authentication module responds and returns a token (token), and the module maintains the relationship between the token and the internet of things terminal in a redis database.
S205, communication with the terminal is established by checking the token carried by the terminal during access.
In this embodiment, a server receives a connection request sent by a terminal; extracting a token from the connection request; and checking the extracted token according to the corresponding relation between the token and the terminal stored in the database, and if the checking is passed and the validity period of the token is not expired, establishing communication with the terminal.
Specifically, the token is required to be taken every time the internet of things terminal is connected, and the server checks through the token. After the authentication is passed, the terminal of the Internet of things is connected to the platform of the Internet of things through the TCP protocol, and the connection does not need to be authenticated again, so that the waste of server resources is greatly reduced.
Preferably, the encrypted data sent by the terminal is received; and decrypting the encrypted data through a symmetric encryption algorithm to obtain the service data.
Specifically, in order to prevent data leakage in the data transmission process, all data sending parties encrypt data by using a symmetric encryption algorithm, and a data receiving party decrypts the data by using a data decryption algorithm, so that the data security can be effectively improved.
The embodiment is applied to a network consisting of a server and a terminal, and identification information sent by the terminal is received; verifying the identification information, and if the identification information passes the verification, sending MAC information to the terminal; receiving a verification passing request fed back by the terminal; sending a token to the terminal according to the verification passing request; and establishing communication with the terminal by checking the token carried by the terminal when the terminal is accessed. By the method, the data transmission safety between the server and the terminal can be effectively improved.
Fig. 4 is a flowchart of a communication method provided in a third embodiment of the present invention, and as shown in fig. 4, the method in this embodiment may include:
s301, the terminal sends identification information to the server.
S302, the server receives the identification information sent by the terminal.
S303, the server verifies the identification information, and if the verification is passed, the server sends the MAC information to the terminal.
S304, the terminal receives the MAC information fed back by the server according to the identification information.
S305, the terminal compares the MAC information with the MAC label stored locally, if the comparison result is matched, the security authentication between the terminal and the server is confirmed to be passed, and a verification passing request is sent to the server.
S306, the server receives the verification passing request fed back by the terminal.
And S307, the server sends the token to the terminal according to the verification passing request.
And S308, the terminal establishes communication with the server through the token sent by the server.
In this embodiment, for concrete implementation processes and technical principles of step S301, step S304, step S305, and step S308, reference is made to relevant descriptions in step S101 to step S104 in the method shown in fig. 2, and details are not described here again.
In this embodiment, for concrete implementation processes and technical principles of step S302, step S303, step S306, and step S307, reference is made to relevant descriptions in step S201 to step S204 in the method shown in fig. 3, and details are not described here again.
In this embodiment, the server may establish a connection with a plurality of terminals and perform authentication.
The embodiment is applied to a network consisting of a server and a terminal, and identification information is sent to the server; receiving MAC information fed back by the server according to the identification information; comparing the MAC information with a locally stored MAC label, if the comparison result is matched, determining that the security authentication between the server and the MAC label passes, and sending a verification passing request to the server; and establishing communication with the server through the token sent by the server. By the method, the data transmission safety between the server and the terminal can be effectively improved.
Fig. 5 is a schematic structural diagram of a terminal according to a fourth embodiment of the present invention, and as shown in fig. 5, the terminal according to this embodiment may include:
a transceiver 31 for transmitting identification information to a server; receiving MAC information fed back by the server according to the identification information;
the processor 32 is configured to compare the MAC information with a locally stored MAC tag, and if the comparison result matches the locally stored MAC tag, determine that the security authentication with the server passes, and send a verification passing request to the server; and establishing communication with the server through the token sent by the server.
In one possible design, the transceiver 31 is specifically configured to:
sending an HTTP request to a server, wherein the HTTP request contains identification information of a terminal, and the identification information comprises: the equipment IMEI number.
In one possible design, processor 32 may be further configured to:
and finishing the information registration of the terminal in the server.
In one possible design, processor 32 is specifically configured to:
performing initialization activation setting through a serial port tool;
sending the matched key and the equipment information of the terminal to a server; the equipment information comprises identification information;
and receiving and storing the MAC label sent by the server.
In one possible design, processor 32 is specifically configured to:
receiving a token sent by the server according to the verification passing request;
a connection request is sent to a server, wherein the connection request comprises a token;
and after the server verifies the connection passing request according to the corresponding relation between the token and the terminal stored in the database of the server, establishing communication with the server.
In one possible design, processor 32 is further configured to:
and detecting whether the valid period of the token is expired, and if so, re-performing security authentication with the server.
In one possible design, processor 32 is further configured to:
encrypting the service data by adopting a symmetric encryption algorithm to obtain encrypted data;
the encrypted data is sent to the server.
The terminal of this embodiment may execute the technical solution in the method shown in fig. 2, and for the specific implementation process and the technical principle, reference is made to the relevant description in the method shown in fig. 2, which is not described herein again.
The embodiment is applied to a network consisting of a server and a terminal, and identification information is sent to the server; receiving MAC information fed back by the server according to the identification information; comparing the MAC information with a locally stored MAC label, if the comparison result is matched, determining that the security authentication between the server and the MAC label passes, and sending a verification passing request to the server; and establishing communication with the server through the token sent by the server. By the method, the data transmission safety between the server and the terminal can be effectively improved.
Fig. 6 is a schematic structural diagram of a server according to a fifth embodiment of the present invention, and as shown in fig. 6, a terminal according to this embodiment may include:
a transceiver 41 for receiving the identification information transmitted by the terminal;
a processor 42, configured to verify the identification information, and if the verification passes, send MAC information to the terminal;
a transceiver 41, configured to receive a verification passing request fed back by the terminal; sending a token to the terminal according to the verification passing request;
and the processor 42 is used for establishing communication with the terminal by checking the token carried by the terminal during access.
In one possible design of the system, the system may be,
the transceiver 41 is further configured to receive the matching key sent by the terminal and the device information of the terminal, and complete registration of the terminal;
the processor 42 is further configured to generate a MAC tag by a hash algorithm and a matching key according to tag parameters of the server, the tag parameters including: the MAC address of the service, the serial number of the mainboard;
and a transceiver 41 for transmitting the MAC tag to the terminal.
In one possible design, processor 42 is specifically configured to:
storing the corresponding relation between the token and the terminal in a database;
receiving a connection request sent by a terminal;
extracting a token from the connection request;
and checking the extracted token according to the corresponding relation between the token and the terminal stored in the database, and if the checking is passed and the validity period of the token is not expired, establishing communication with the terminal.
In one possible design of the system, the system may be,
a transceiver 41, further configured to receive encrypted data sent by the terminal;
and the processor 42 is further configured to decrypt the encrypted data through a symmetric encryption algorithm to obtain the service data.
The server in this embodiment may execute the technical solution in the method shown in fig. 3, and for the specific implementation process and the technical principle, reference is made to the relevant description in the method shown in fig. 3, which is not described herein again.
The embodiment is applied to a network consisting of a server and a terminal, and identification information sent by the terminal is received; verifying the identification information, and if the identification information passes the verification, sending MAC information to the terminal; receiving a verification passing request fed back by the terminal; sending a token to the terminal according to the verification passing request; and establishing communication with the terminal by checking the token carried by the terminal when the terminal is accessed. By the method, the data transmission safety between the server and the terminal can be effectively improved.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 7, the data querying device may include: at least one processor 51 and a memory 52. Fig. 7 shows an electronic device as an example of a processor.
And a memory 52 for storing programs. In particular, the program may include program code including computer operating instructions.
The memory 52 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The processor 51 is used for executing computer-executable instructions stored in the memory 52 to implement the above-mentioned communication method;
the processor 51 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement the embodiments of the present Application.
Alternatively, in a specific implementation, if the communication interface, the memory 52 and the processor 51 are implemented independently, the communication interface, the memory 52 and the processor 51 may be connected to each other through a bus and perform communication with each other. The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. Buses may be classified as address buses, data buses, control buses, etc., but do not represent only one bus or type of bus.
Alternatively, in a specific implementation, if the communication interface, the memory 52 and the processor 51 are integrated into a chip, the communication interface, the memory 52 and the processor 51 may complete communication through an internal interface.
The present invention also provides a computer-readable storage medium, which may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and in particular, the computer-readable storage medium stores program instructions, and the program instructions are used in the method in the foregoing embodiments.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (15)

1. A communication method, applied to a network consisting of a server and a terminal, the method comprising:
sending the identification information to a server;
receiving MAC information fed back by the server according to the identification information;
comparing the MAC information with a locally stored MAC label, if the comparison result is matched, determining that the security authentication between the MAC information and the server is passed, and sending a verification passing request to the server;
and establishing communication with the server through the token sent by the server.
2. The method of claim 1, wherein sending identification information to the server comprises:
sending an HTTP request to the server, wherein the HTTP request contains identification information of the terminal, and the identification information comprises: the equipment IMEI number.
3. The method of claim 1, prior to sending the identification information to the server, further comprising:
and finishing the information registration of the terminal in the server.
4. The method according to claim 3, wherein the completing information registration of the terminal in the server comprises:
performing initialization activation setting through a serial port tool;
sending the matched key and the equipment information of the terminal to the server; the device information comprises the identification information;
and receiving and storing the MAC label sent by the server.
5. The method according to any of claims 1-4, wherein establishing communication with the server via the token sent by the server comprises:
receiving a token sent by the server according to the verification passing request;
a connection request sent to the server, wherein the connection request comprises the token;
and after the server verifies that the connection request passes according to the corresponding relation between the token and the terminal stored in the database of the server, establishing communication with the server.
6. The method of claim 5, further comprising, prior to the connection request sent to the server:
and detecting whether the validity period of the token is expired, and if so, re-performing security authentication with the server.
7. The method according to any one of claims 1-4, further comprising:
encrypting the service data by adopting a symmetric encryption algorithm to obtain encrypted data;
and sending the encrypted data to the server.
8. A communication method, applied to a network consisting of a server and a terminal, the method comprising:
receiving identification information sent by a terminal;
verifying the identification information, and if the identification information passes the verification, sending MAC information to the terminal;
receiving a verification passing request fed back by the terminal;
sending a token to the terminal according to the verification passing request;
and establishing communication with the terminal by checking the token carried by the terminal during access.
9. The method of claim 8, further comprising, prior to verifying the identification information:
receiving a matching key sent by the terminal and equipment information of the terminal, and finishing registration of the terminal;
generating a MAC label by a hashing algorithm and the matching key according to label parameters of the server, the label parameters including: the MAC address of the service, the serial number of the mainboard;
and sending the MAC label to the terminal.
10. The method of claim 8, further comprising: storing the corresponding relation between the token and the terminal in a database; the establishing communication with the terminal by checking the token carried by the terminal during access comprises:
receiving a connection request sent by the terminal;
extracting the token from the connection request;
and checking the extracted token according to the corresponding relation between the token and the terminal stored in the database of the token, and if the check is passed and the validity period of the token is not expired, establishing communication with the terminal.
11. The method according to any one of claims 8-10, further comprising:
receiving encrypted data sent by the terminal;
and decrypting the encrypted data through a symmetric encryption algorithm to obtain service data.
12. A terminal, comprising:
a transceiver for transmitting the identification information to the server; receiving MAC information fed back by the server according to the identification information;
the processor is used for comparing the MAC information with a locally stored MAC label, if the comparison result is matched, the security authentication between the processor and the server is determined to be passed, and a verification passing request is sent to the server; and establishing communication with the server through the token sent by the server.
13. A server, comprising:
the transceiver is used for receiving the identification information sent by the terminal;
the processor is used for verifying the identification information, and if the identification information passes the verification, the processor sends MAC information to the terminal;
the transceiver is used for receiving the verification passing request fed back by the terminal; sending a token to the terminal according to the verification passing request;
and the processor is used for establishing communication with the terminal by checking the token carried by the terminal during access.
14. An electronic device, comprising: a memory and a processor; the memory has stored therein a computer program, which when executed by the processor is adapted to perform the communication method according to any one of claims 1-7.
15. A service platform, comprising: a memory and a processor; the memory has stored therein a computer program, which when executed by the processor is adapted to perform the communication method according to any of claims 8-11.
CN201911407635.2A 2019-12-31 2019-12-31 Communication method, terminal and server Active CN111131300B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911407635.2A CN111131300B (en) 2019-12-31 2019-12-31 Communication method, terminal and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911407635.2A CN111131300B (en) 2019-12-31 2019-12-31 Communication method, terminal and server

Publications (2)

Publication Number Publication Date
CN111131300A true CN111131300A (en) 2020-05-08
CN111131300B CN111131300B (en) 2022-06-17

Family

ID=70506110

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911407635.2A Active CN111131300B (en) 2019-12-31 2019-12-31 Communication method, terminal and server

Country Status (1)

Country Link
CN (1) CN111131300B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112669192A (en) * 2021-01-14 2021-04-16 视联动力信息技术股份有限公司 Watermark acquisition method, watermark acquisition device, terminal equipment and storage medium
CN113127337A (en) * 2020-12-30 2021-07-16 中国农业银行股份有限公司 Debugging method and device for individually starting mobile terminal
CN114624751A (en) * 2022-01-29 2022-06-14 上海移为通信技术股份有限公司 Auxiliary positioning method and device, electronic equipment and storage medium
CN115296890A (en) * 2022-08-02 2022-11-04 浙江浙科信息技术有限公司 Method and system for data security interaction between terminal applications
CN115333847A (en) * 2022-08-22 2022-11-11 超聚变数字技术有限公司 Data transmission method, data processing system and computing equipment
WO2023178686A1 (en) * 2022-03-25 2023-09-28 Oppo广东移动通信有限公司 Security implementation method and apparatus, and terminal device, network element and certificate generation device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201218729A (en) * 2010-10-22 2012-05-01 Hon Hai Prec Ind Co Ltd System and method for performing a bi-verification for a handheld device
CN104125565A (en) * 2013-04-23 2014-10-29 中兴通讯股份有限公司 Method for realizing terminal authentication based on OMA DM, terminal and server
US20150012750A1 (en) * 2013-07-05 2015-01-08 Clarion Co., Ltd. Information distribution system, and server, on-board terminal and communication terminal used therefor
US20150128243A1 (en) * 2012-03-08 2015-05-07 Oltio (Proprietary) Limited Method of authenticating a device and encrypting data transmitted between the device and a server
CN105391695A (en) * 2015-10-20 2016-03-09 山东泰信电子股份有限公司 Terminal registration method and verification method
CN109286599A (en) * 2017-07-20 2019-01-29 北京展讯高科通信技术有限公司 Data security protection method, smart machine, server and readable storage medium storing program for executing

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201218729A (en) * 2010-10-22 2012-05-01 Hon Hai Prec Ind Co Ltd System and method for performing a bi-verification for a handheld device
US20150128243A1 (en) * 2012-03-08 2015-05-07 Oltio (Proprietary) Limited Method of authenticating a device and encrypting data transmitted between the device and a server
CN104125565A (en) * 2013-04-23 2014-10-29 中兴通讯股份有限公司 Method for realizing terminal authentication based on OMA DM, terminal and server
US20150012750A1 (en) * 2013-07-05 2015-01-08 Clarion Co., Ltd. Information distribution system, and server, on-board terminal and communication terminal used therefor
CN105391695A (en) * 2015-10-20 2016-03-09 山东泰信电子股份有限公司 Terminal registration method and verification method
CN109286599A (en) * 2017-07-20 2019-01-29 北京展讯高科通信技术有限公司 Data security protection method, smart machine, server and readable storage medium storing program for executing

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113127337A (en) * 2020-12-30 2021-07-16 中国农业银行股份有限公司 Debugging method and device for individually starting mobile terminal
CN112669192A (en) * 2021-01-14 2021-04-16 视联动力信息技术股份有限公司 Watermark acquisition method, watermark acquisition device, terminal equipment and storage medium
CN114624751A (en) * 2022-01-29 2022-06-14 上海移为通信技术股份有限公司 Auxiliary positioning method and device, electronic equipment and storage medium
WO2023178686A1 (en) * 2022-03-25 2023-09-28 Oppo广东移动通信有限公司 Security implementation method and apparatus, and terminal device, network element and certificate generation device
CN115296890A (en) * 2022-08-02 2022-11-04 浙江浙科信息技术有限公司 Method and system for data security interaction between terminal applications
CN115296890B (en) * 2022-08-02 2024-03-12 浙江浙科信息技术有限公司 Method and system for safely interacting data between terminal applications
CN115333847A (en) * 2022-08-22 2022-11-11 超聚变数字技术有限公司 Data transmission method, data processing system and computing equipment
CN115333847B (en) * 2022-08-22 2024-03-19 超聚变数字技术有限公司 Data transmission method, data processing system and computing device

Also Published As

Publication number Publication date
CN111131300B (en) 2022-06-17

Similar Documents

Publication Publication Date Title
CN111131300B (en) Communication method, terminal and server
CN106657152B (en) Authentication method, server and access control device
KR101904177B1 (en) Data processing method and apparatus
CN106161032B (en) A kind of identity authentication method and device
CN103136463B (en) System and method for for the temporary transient safety opening terminal flow process of electronic installation
CN112202772B (en) Authorization management method, device, electronic equipment and medium
CN106789841B (en) Service processing method, terminal, server and system
JP2012530311A5 (en)
CN110690956B (en) Bidirectional authentication method and system, server and terminal
CN106817346B (en) Data transmission method and device and electronic equipment
CN112351037B (en) Information processing method and device for secure communication
CN111800377B (en) Mobile terminal identity authentication system based on safe multi-party calculation
CN112615834B (en) Security authentication method and system
WO2014014793A1 (en) Anti-cloning system and method
CN106548338B (en) Method and system for transferring resource numerical value
CN109729000B (en) Instant messaging method and device
JP2008535427A (en) Secure communication between data processing device and security module
CN114143108A (en) Session encryption method, device, equipment and storage medium
CN107040501B (en) Authentication method and device based on platform as a service
CN106411520B (en) Method, device and system for processing virtual resource data
CN109451504B (en) Internet of things module authentication method and system
CN104796262A (en) Data encryption method and terminal system
JP2003234734A (en) Mutual authentication method, server device, client device, mutual authentication program and storage medium stored with mutual authentication program
CN114297597B (en) Account management method, system, equipment and computer readable storage medium
CN106789076B (en) Interaction method and device for server and intelligent equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant