CN111478770A - Security verification method and device, computer equipment and storage medium - Google Patents

Security verification method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN111478770A
CN111478770A CN202010242737.XA CN202010242737A CN111478770A CN 111478770 A CN111478770 A CN 111478770A CN 202010242737 A CN202010242737 A CN 202010242737A CN 111478770 A CN111478770 A CN 111478770A
Authority
CN
China
Prior art keywords
module
terminal
response value
value
processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010242737.XA
Other languages
Chinese (zh)
Inventor
翟鲜妮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Fibocom Wireless Software Inc
Original Assignee
Xian Fibocom Wireless Software Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Fibocom Wireless Software Inc filed Critical Xian Fibocom Wireless Software Inc
Priority to CN202010242737.XA priority Critical patent/CN111478770A/en
Publication of CN111478770A publication Critical patent/CN111478770A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The application relates to a security verification method, a security verification device, computer equipment and a storage medium. The method comprises the following steps: the method comprises the steps of receiving a state reading request of a processor in a terminal, responding to the state reading request, sending the state of a communication module to the processor, receiving an unlocking request of the processor when the state of the communication module is in a locked state, generating a random value according to the unlocking request, sending the random value to the processor, enabling the processor to carry out Hash calculation on the random value and a terminal identification of the terminal to obtain a terminal response value, carrying out Hash calculation on the random value and the module identification to obtain a module response value, receiving the terminal response value, and matching the terminal response value with the module response value to obtain a verification result. By adopting the method, the matching between the terminal and the module can be realized, the safety is improved, the communication module and the terminal are integrated, the communication module does not need to be authenticated independently, the authentication flow is simplified, and the time and the cost are reduced.

Description

Security verification method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a security verification method and apparatus, a computer device, and a storage medium.
Background
In the era of interconnection of everything, the communication module enables each terminal device to have networking information transmission capability, the communication modules of various different systems are applied to various terminals, and different terminals have different standards for the requirements of the communication module, so the communication module needs to be authenticated before entering the market.
Currently, when a communication module is authenticated, the communication module is authenticated by different standards independently. When a single module is applied to different terminal devices, multiple times of authentication are required, the authentication process is complicated, a large amount of time and cost are required to be consumed, and the terminal and the module are not uniquely matched, so that the safety is poor.
Disclosure of Invention
In view of the above, it is necessary to provide a security verification method, an apparatus, a computer device, and a storage medium capable of improving security.
A security verification method, the method comprising:
receiving a state reading request of a processor in the terminal;
sending a status of the communication module to the processor in response to the status read request;
when the state of the communication module is a locked state, receiving an unlocking request of the processor;
generating a random value according to the unlocking request, and sending the random value to the processor so that the processor performs hash calculation on the random value and the terminal identification of the terminal to obtain a terminal response value;
performing hash calculation on the random value and the module identifier to obtain a module response value, wherein the module identifier is obtained by performing hash calculation on the terminal identifier;
and receiving the terminal response value, and matching the terminal response value with the module response value to obtain a verification result.
In one embodiment, the performing a hash calculation on the random value and the module identifier to obtain a module response value includes:
performing hash calculation on the random value to obtain a hash value of the random value;
and adding the module identification and the hash value of the random value and then carrying out hash calculation to obtain the module response value.
In one embodiment, the communication module includes a plurality of module identifications, and the method further includes:
reading a module identification set, wherein each module identification in the module identification set corresponds to various types of terminals;
adding the hash value of the random value to each module identifier respectively, and then performing hash calculation to obtain a target module response value of each module identifier;
and matching the terminal response value with each target module response value respectively to obtain the verification result.
In one embodiment, the obtaining the terminal response value is obtained by performing hash calculation after the hash value of the terminal identifier is added to the hash value of the random value, and the matching the terminal response value with each target module response value respectively includes:
reading the response values of the target modules one by one;
matching the terminal response value with the current target module response value;
and when the terminal response value is successfully matched with the current target module response value, stopping reading the response values of all the target modules, and obtaining the verification result as verification pass.
In one embodiment, the method further comprises:
when the terminal response value fails to be matched with the current target module response value, reading the next target module response value;
taking the next target module response value as the current target module response value, and returning to execute the step of matching the terminal response value with the current target module response value until the reading of each target module response value is finished;
and when the terminal response value is failed to be matched with each target module response value, obtaining the verification result as that the verification fails.
In one embodiment, after the receiving the terminal response value, matching the terminal response value with the module response value, and obtaining a verification result, the method further includes:
when the verification result is that the verification is passed, registering the network, and sending a verification success message to the processor so that the terminal obtains the use authority of the network;
and when the verification result is that the verification is failed, sending a verification failure message to the processor.
A security verification apparatus, the apparatus comprising:
a status reading request receiving module, configured to receive a status reading request of a processor of the terminal;
a state sending module, configured to send, in response to the state reading request, a state of the communication module to the processor;
an unlocking request receiving module, configured to receive an unlocking request of the processor when the communication module is in a locked state;
the random value generating module is used for generating a random value according to the unlocking request and sending the random value to the processor so that the terminal can calculate the random value and the terminal identification of the terminal to obtain a terminal response value;
the module response value calculating module is used for calculating the random value and the module identification to obtain a module response value, and the module identification is obtained by calculating the terminal identification;
and the matching module is used for receiving the terminal response value, matching the terminal response value with the module response value and obtaining a verification result.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the above method embodiments when executing the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
The security verification method, the device, the computer equipment and the storage medium receive the state reading request of the processor in the terminal, respond to the state reading request, send the state of the communication module to the processor, receive the unlocking request of the processor when the state of the communication module is in the locking state, generate a random value according to the unlocking request, send the random value to the processor, enable the processor to carry out Hash calculation on the random value and the terminal identification of the terminal to obtain a terminal response value, carry out Hash calculation on the random value and the module identification to obtain a module response value, the module identification is obtained by carrying out Hash calculation on the terminal identification, receive the terminal response value, match the terminal response value and the module response value to obtain a verification result, realize the matching between the terminal and the communication module, improve the security, and integrate the successfully matched communication module and the terminal, and the communication module does not need to be authenticated independently, so that the authentication process is simplified, and the time and the cost are reduced.
Drawings
FIG. 1 is a diagram of an application environment of a security verification method in one embodiment;
FIG. 2 is a timing diagram of a security check method in one embodiment;
FIG. 3 is a flow diagram illustrating a security verification method in one embodiment;
FIG. 4 is a flow diagram illustrating a method for calculating a response value of a module according to one embodiment;
FIG. 5 is a flowchart illustrating a method for security verification of a multi-module identifier according to an embodiment;
FIG. 6 is a flowchart illustrating a method for matching a terminal response value with a response value of each target module according to an embodiment;
FIG. 7 is a schematic flow chart of a security verification method in another embodiment;
FIG. 8 is a block diagram showing the structure of a security verification apparatus according to an embodiment;
FIG. 9 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The security verification method provided by the application can be applied to the application environment shown in fig. 1. Wherein the processor 102 and the communication module 104 in the terminal communicate via a system bus. The terminal may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices.
Specifically, as shown in FIG. 2, the processor 102 sends a status read request to the communication module 104. The communication module 104, upon receiving the status read request, sends the status of the communication module 104 to the processor. When the status of the communication module 104 is the locked status, the processor 102 sends an unlock request to the communication module 104. After receiving the unlocking request, the communication module 104 generates a random value, performs hash calculation on the random value and the module identifier to obtain a module response value, and sends the random value to the processor 102. After receiving the random value, the processor 102 performs hash calculation on the random value and the terminal identifier to obtain a terminal response value, and sends the terminal response value to the communication module 104. After receiving the terminal response value, the communication module 104 matches the terminal response value with the module response value to obtain a verification result.
In one embodiment, as shown in fig. 3, a security verification method is provided, which is described by taking the method as an example applied to the communication module in fig. 1, and includes the following steps:
step 302, receiving a status reading request of a processor in a terminal.
Wherein the communication module is built in the terminal. The state reading request is sent by the processor of the terminal to the communication module and is used for reading the state of the communication module.
Specifically, the state of the communication module includes a locked state and an unlocked state. When the communication module is in a locked state, the terminal cannot register the network. When the communication module is in the unlocked state, the terminal can register the network. Therefore, after the terminal is powered on, the terminal needs to send a status reading request to the communication module through the processor, read the status of the communication module, and perform different operations through different statuses of the communication module. In the case of error-free data transmission, the communication module may receive a status reading request sent by the processor.
In response to the status read request, the status of the communication module is sent to the processor, step 304.
Specifically, the communication module sends the state of the communication module to the processor after receiving a state reading request sent by the processor.
Step 306, receiving an unlocking request of the processor when the state of the communication module is the locked state.
The unlocking request is sent to the communication module by the processor and used for triggering the communication module to carry out safety verification on the terminal, and when the verification is passed, the communication module changes the locking state into the unlocking state.
Specifically, when the state of the communication module is the locked state, the processor sends an unlocking request to the communication module, and requests the communication module to replace the locked state with the unlocked state, so that the terminal registers in the network.
In one embodiment, when the state of the communication module is the unlocked state, the processor does not need to send an unlocking request to the communication module, and the terminal can directly register the network.
And 308, generating a random value according to the unlocking request, and sending the random value to the processor so that the processor performs hash calculation on the random value and the terminal identification of the terminal to obtain a terminal response value.
The random value is generated randomly by the communication module, and may be a character string, a number, a special character, and the like. The terminal identifier is an identifier which is set for the terminal and stored in the terminal when a product developer is customized from a factory, and can be a character string, a number, a special character and the like. The hash algorithm is an encryption algorithm, and can improve the information security.
Specifically, the communication module generates a random value after receiving the unlocking request, and sends the random value to the processor. After receiving the random value, the processor performs hash calculation on the terminal identifier to obtain a hash value of the terminal identifier, and then further performs hash calculation on the random value serving as a parameter and the hash value of the terminal identifier to obtain a terminal response value. The random value is generated randomly, so that the uniqueness of the terminal response value during each unlocking can be ensured, and the safety is further improved.
In an embodiment, the communication module may also perform hash calculation on the random value to obtain a hash value of the random value, and then send the hash value of the random value to the processor. And the processor performs hash calculation on the hash value of the random value and the terminal identification of the terminal to obtain a terminal response value.
In one embodiment, other encryption algorithms may be used to calculate the random value and the terminal identification to obtain the terminal response value.
In one embodiment, one type of terminal may correspond to one terminal identifier or may correspond to a plurality of terminal identifiers. Among them, the terminal can be classified into a personal computer, a notebook computer, a palmtop computer, and the like.
And 310, performing hash calculation on the random value and the module identifier to obtain a module response value, wherein the module identifier is obtained by performing hash calculation on the terminal identifier.
The module identifier is an identifier which is set for the communication module and stored in the communication module when a product developer is customized in a factory, and can be a character string, a number, a special character and the like.
Specifically, in order to protect the security of the communication module, when the product developer sets the module identifier, the product developer performs hash calculation on the corresponding terminal identifier, and only when the module identifier and the terminal identifier correspond to each other, the processor of the terminal may request the communication module to change the locked state to the unlocked state, thereby registering the network.
In order to further improve the security, before the communication module performs matching check, the processor and the communication module perform further hash operation on the terminal identifier and the module identifier respectively. When the communication module performs hash calculation on the random value and the module identifier, the communication module performs hash calculation on the random value and the module identifier by using the random value as a parameter to obtain a module response value.
In one embodiment, other encryption algorithms may be used to calculate the module identifier when hashing the terminal identifier.
In one embodiment, the random value and the module identification may be hashed using other cryptographic algorithms to obtain the module response value.
In one embodiment, the communication module may store a plurality of module identifications, so that the communication module may be matched with a plurality of types of terminals, reducing limitations in use of the communication module.
And step 312, receiving the terminal response value, and matching the terminal response value with the module response value to obtain a verification result.
Specifically, after the processor calculates the terminal response value, the terminal response value is sent to the communication module. And the communication module receives the terminal response value, and matches the terminal response value with the module response value to obtain a verification result. And when the terminal response value is consistent with the module response value, the obtained verification result is verification pass. And when the terminal response value is inconsistent with the module response value, the obtained verification result is that the verification is failed.
In one embodiment, the communication module may be set to the unlocked state each time the terminal is powered on.
In one embodiment, the communication module may be configured to be in a locked state when the terminal is initially powered up and in an unlocked state when the terminal is subsequently powered up.
In one embodiment, the communication module may be set to be in a locked state each time the terminal is powered on, and an unlocking request needs to be received to trigger security verification, so that security is improved.
In the security verification method, the state of the communication module is sent to the processor by receiving a state reading request of the processor in the terminal and responding to the state reading request, when the state of the communication module is in a locked state, an unlocking request of the processor is received, a random value is generated according to the unlocking request and sent to the processor, so that the processor performs Hash calculation on the random value and a terminal identifier of the terminal to obtain a terminal response value, the random value and the module identifier are subjected to Hash calculation to obtain a module response value, the module identifier is obtained by Hash calculation of the terminal identifier, the terminal response value is received, the terminal response value and the module response value are matched to obtain a verification result, the matching between the terminal and the communication module is realized, the security is improved, and the successfully matched communication module and the terminal are integrated without separately authenticating the communication module, the authentication process is simplified, and the time and the cost are reduced.
In one embodiment, as shown in FIG. 4, step 310 comprises:
and 402, performing hash calculation on the random value to obtain a hash value of the random value.
And step 404, adding the module identifier and the hash value of the random value, and performing hash calculation to obtain a module response value.
Specifically, the Hash Algorithm is an encryption Algorithm including MD5(Message-Digest Algorithm), SHA (Secure Hash Algorithm), and the like. SHA includes different versions, such as SHA-1, SHA-2, and SHA-3. Based on the length of the message digest, SHA-2 can be divided into sub-versions such as SHA-224, SHA-256, SHA-384, SHA-512, etc. The module response value can be obtained through calculation of any one of the algorithms.
In the embodiment, the hash calculation is performed on the module identifier, so that the safety of information transmission is improved, and in the process of performing the hash calculation on the module identifier, a random value is introduced, so that the uniqueness of a module response value obtained in each safety check is ensured, and the safety can be further improved.
In one embodiment, the communication module includes a plurality of module identifications, and as shown in fig. 5, the method further includes:
step 502, reading a module identification set, wherein each module identification in the module identification set corresponds to various terminals;
step 504, adding the hash value of the random value to each module identifier respectively, and then performing hash calculation to obtain a target module response value of each module identifier;
and step 506, matching the terminal response values with the response values of the target modules respectively to obtain a verification result.
In particular, the communication module may store a plurality of module identifications. And each module identification is obtained by carrying out hash calculation on terminal identifications of various types of terminals and corresponds to various types of terminals. Under the condition that a plurality of module identifications are stored in the communication module, when the communication module carries out safety verification, the communication module needs to read the module identification set, calculate the hash value of the random value, add the hash value of the random value to each module identification respectively and then carry out hash calculation to obtain the target module response value of each module identification. Further, the communication module matches the terminal response values with the target module response values respectively. And when a target module response value is the same as the terminal response value, the target module response value is successfully matched with the terminal response value, and the obtained verification result is verification pass. And when the terminal response value is different from the response values of all the target modules, the communication module and the terminal are failed to be matched, and the obtained verification result is that the verification is failed.
In one embodiment, the communication module may store 10 module identifications.
In the embodiment, by storing a plurality of module identifications in the communication module, the communication module can be matched with a plurality of types of terminals, and the limitation of the use of the communication module is reduced.
In an embodiment, the terminal response value is obtained by performing a hash calculation after adding the hash value of the terminal identifier and the hash value of the random value, as shown in fig. 6, step 506 includes:
step 602, reading the response values of the target modules one by one;
step 604, matching the terminal response value with the current target module response value;
step 606, when the terminal response value is successfully matched with the current target module response value, stopping reading the response values of all the target modules, and obtaining a verification result as verification pass;
step 608, when the terminal response value fails to match the current target module response value, reading the next target module response value;
step 610, taking the response value of the next target module as the response value of the current target module, and returning to execute the step of matching the terminal response value with the response value of the current target module until the response values of all the target modules are completely read;
and step 612, when the terminal response values are failed to be matched with the response values of the target modules, obtaining a verification result as that the verification is failed.
Specifically, when the communication module matches the terminal response value with each target module response value, the communication module may match the terminal response value with each target module response value in a certain order. For example, the arrangement position in the module identification set is identified according to each module. And the communication module reads the response values of the target modules one by one according to a certain sequence and matches the terminal response value with the current response value of the target module. And when the terminal response value is the same as the current target module response value, indicating that the terminal response value is successfully matched with the current target module response value, stopping reading the response values of all the target modules, and obtaining a verification result as verification pass. When the terminal response value is different from the current target module response value, the terminal response value is failed to be matched with the current target module response value, the communication module reads the next target module response value, the next target module response value is used as the current target module response value, and the terminal response value is continuously matched with the current target module response value until the reading of the target module response values is finished. When the reading of the response value of each target module is finished, the response value of the terminal is still different from the current response value of the target module, the matching between the communication module and the terminal fails, and the obtained verification result is that the verification fails.
In the embodiment, the response values of the target modules are read one by one, the terminal response values are matched with the response values of the target modules according to a certain sequence, and when the matching is successful, the reading of the response values of the target modules is stopped, so that the matching calculation times can be reduced, and the safety check efficiency is improved.
In one embodiment, after step 312, the method further comprises: when the verification result is that the verification is passed, registering the network, and sending a verification success message to the processor so that the terminal obtains the use authority of the network; and when the verification result is that the verification is failed, sending a verification failure message to the processor.
When the state of the communication module is the locked state, the terminal cannot close the flight mode and does not have the authority of using the network.
Specifically, when the verification result is that the verification is passed, the communication module changes the locked state into the unlocked state, registers the network, and sends a verification success message to the processor, and the terminal can display the verification success message to inform the terminal user that the flight mode can be closed, so that the terminal can obtain the use permission of the network. And when the verification result is that the verification is failed, sending a verification failure message to the processor, displaying the verification failure message by the terminal, and informing a terminal user that the communication module needs to be replaced if the terminal is not matched with the communication module.
In one embodiment, as shown in fig. 7, another security verification method is provided, which is described by taking the method as an example applied to the communication module in fig. 1, and includes the following steps:
step 702, receiving a state reading request of a processor in a terminal;
step 704, responding to the status reading request, and sending the status of the communication module to the processor;
step 706, receiving an unlocking request of the processor when the state of the communication module is the locked state;
step 708, generating a random value according to the unlocking request, and sending the random value to the processor, so that the processor adds the hash value of the terminal identifier and the hash value of the random value and then performs hash calculation to obtain a terminal response value;
step 710, reading a module identifier set, wherein each module identifier in the module identifier set corresponds to various terminals;
712, adding the hash value of the random value to each module identifier, and performing hash calculation to obtain a target module response value of each module identifier;
714, reading the response values of the target modules one by one, and matching the terminal response value with the current response value of the target module;
step 716, judging whether the terminal response value is successfully matched with the current target module response value;
step 718, when the matching is successful, stopping reading the response value of each target module, registering the network and sending a verification success message to the processor, wherein the verification result is that the verification is passed;
step 720, when the matching fails, judging whether the current target module response value is the last target module response value;
step 722, when the current target module response value is not the last target module response value, reading the next target module response value, taking the next target module response value as the current target module response value, and returning to step 714;
in step 724, when the current target module response value is the last target module response value, the verification result is obtained as verification failure, and a verification failure message is sent to the processor.
In this embodiment, when the terminal processor initiates an unlocking request to the communication module, the communication module may perform security verification through the terminal identifier and the module identifier, so as to improve matching between the terminal and the communication module, protect the communication module, improve security, and after the terminal and the communication module are matched, the terminal and the communication module may be integrated, and the communication module may be authenticated together in subsequent terminal authentication, thereby simplifying an authentication process of the communication module, and reducing time and cost of authentication.
It should be understood that although the various steps in the flow charts of fig. 3-7 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 3-7 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps.
In one embodiment, as shown in fig. 8, there is provided a security verification apparatus 800 comprising: a status reading request receiving module 801, a status sending module 802, an unlocking request receiving module 803, a random value generating module 804, a module response value calculating module 805, and a matching module 806, wherein:
a status reading request receiving module 801, configured to receive a status reading request of a processor of a terminal;
a status sending module 802, configured to send a status of the communication module to the processor in response to the status reading request;
an unlocking request receiving module 803, configured to receive an unlocking request of the processor when the state of the communication module is the locked state;
a random value generating module 804, configured to generate a random value according to the unlocking request, and send the random value to the processor, so that the terminal calculates the random value and the terminal identifier of the terminal, and obtains a terminal response value;
a module response value calculating module 805, configured to calculate a random value and a module identifier to obtain a module response value, where the module identifier is obtained by calculating a terminal identifier;
the matching module 806 is configured to receive the terminal response value, and match the terminal response value with the module response value to obtain a verification result.
In one embodiment, the module response value calculating module 805 is further configured to perform hash calculation on the random value to obtain a hash value of the random value; and adding the module identification and the hash value of the random value, and then carrying out hash calculation to obtain a module response value.
In one embodiment, the module response value calculation module 805 is further configured to read a module identification set, where each module identification in the module identification set corresponds to each type of terminal; adding the hash value of the random value to each module identifier respectively, and then performing hash calculation to obtain a target module response value of each module identifier; the matching module 806 is further configured to match the terminal response value with each target module response value, respectively, to obtain a verification result.
In one embodiment, the matching module 806 is further configured to read each target module response value one by one; matching the terminal response value with the current target module response value; and when the terminal response value is successfully matched with the current target module response value, stopping reading the response value of each target module, and obtaining a verification result as verification pass.
In one embodiment, the matching module 806 is further configured to, when the terminal response value fails to match the current target module response value, read a next target module response value; taking the response value of the next target module as the response value of the current target module, and returning to execute the step of matching the terminal response value with the response value of the current target module until the response values of all the target modules are completely read; and when the terminal response value is failed to be matched with each target module response value, obtaining a verification result as that the verification fails.
In one embodiment, the security verification apparatus 800 further includes a verification result sending module, configured to register the network and send a verification success message to the processor when the verification result is that the verification passes, so that the terminal obtains the usage right of the network; and when the verification result is that the verification is failed, sending a verification failure message to the processor.
For the specific definition of the security verification device, reference may be made to the above definition of the security verification method, which is not described herein again. The modules in the security verification device can be implemented in whole or in part by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 9. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a security check method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 9 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program: receiving a state reading request of a processor in a terminal; in response to the status reading request, sending the status of the communication module to the processor; when the state of the communication module is the locked state, receiving an unlocking request of the processor; generating a random value according to the unlocking request, and sending the random value to a processor so that the processor performs hash calculation on the random value and a terminal identifier of the terminal to obtain a terminal response value; carrying out Hash calculation on the random value and the module identification to obtain a module response value, wherein the module identification is obtained by carrying out Hash calculation on the terminal identification; and receiving the terminal response value, and matching the terminal response value with the module response value to obtain a verification result.
In one embodiment, the processor, when executing the computer program, further performs the steps of: carrying out Hash calculation on the random value to obtain a Hash value of the random value; and adding the module identification and the hash value of the random value, and then carrying out hash calculation to obtain a module response value.
In one embodiment, the processor, when executing the computer program, further performs the steps of: reading a module identification set, wherein each module identification in the module identification set corresponds to various types of terminals; adding the hash value of the random value to each module identifier respectively, and then performing hash calculation to obtain a target module response value of each module identifier; and matching the terminal response value with each target module response value respectively to obtain a verification result.
In one embodiment, the processor, when executing the computer program, further performs the steps of: reading the response values of the target modules one by one; matching the terminal response value with the current target module response value; and when the terminal response value is successfully matched with the current target module response value, stopping reading the response value of each target module, and obtaining a verification result as verification pass.
In one embodiment, the processor, when executing the computer program, further performs the steps of: when the terminal response value fails to be matched with the current target module response value, reading the next target module response value; taking the response value of the next target module as the response value of the current target module, and returning to execute the step of matching the terminal response value with the response value of the current target module until the response values of all the target modules are completely read; and when the terminal response value is failed to be matched with each target module response value, obtaining a verification result as that the verification fails.
In one embodiment, the processor, when executing the computer program, further performs the steps of: when the verification result is that the verification is passed, registering the network, and sending a verification success message to the processor so that the terminal obtains the use authority of the network; and when the verification result is that the verification is failed, sending a verification failure message to the processor.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of: receiving a state reading request of a processor in a terminal; in response to the status reading request, sending the status of the communication module to the processor; when the state of the communication module is the locked state, receiving an unlocking request of the processor; generating a random value according to the unlocking request, and sending the random value to a processor so that the processor performs hash calculation on the random value and a terminal identifier of the terminal to obtain a terminal response value; carrying out Hash calculation on the random value and the module identification to obtain a module response value, wherein the module identification is obtained by carrying out Hash calculation on the terminal identification; and receiving the terminal response value, and matching the terminal response value with the module response value to obtain a verification result.
In one embodiment, the computer program when executed by the processor further performs the steps of: carrying out Hash calculation on the random value to obtain a Hash value of the random value; and adding the module identification and the hash value of the random value, and then carrying out hash calculation to obtain a module response value.
In one embodiment, the computer program when executed by the processor further performs the steps of: reading a module identification set, wherein each module identification in the module identification set corresponds to various types of terminals; adding the hash value of the random value to each module identifier respectively, and then performing hash calculation to obtain a target module response value of each module identifier; and matching the terminal response value with each target module response value respectively to obtain a verification result.
In one embodiment, the computer program when executed by the processor further performs the steps of: reading the response values of the target modules one by one; matching the terminal response value with the current target module response value; and when the terminal response value is successfully matched with the current target module response value, stopping reading the response value of each target module, and obtaining a verification result as verification pass.
In one embodiment, the computer program when executed by the processor further performs the steps of: when the terminal response value fails to be matched with the current target module response value, reading the next target module response value; taking the response value of the next target module as the response value of the current target module, and returning to execute the step of matching the terminal response value with the response value of the current target module until the response values of all the target modules are completely read; and when the terminal response value is failed to be matched with each target module response value, obtaining a verification result as that the verification fails.
In one embodiment, the computer program when executed by the processor further performs the steps of: when the verification result is that the verification is passed, registering the network, and sending a verification success message to the processor so that the terminal obtains the use authority of the network; and when the verification result is that the verification is failed, sending a verification failure message to the processor.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the computer program is executed. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile memory may include Read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A security verification method is applied to a communication module in a terminal, and is characterized by comprising the following steps:
receiving a state reading request of a processor in the terminal;
sending a status of the communication module to the processor in response to the status read request;
when the state of the communication module is a locked state, receiving an unlocking request of the processor;
generating a random value according to the unlocking request, and sending the random value to the processor so that the processor performs hash calculation on the random value and the terminal identification of the terminal to obtain a terminal response value;
performing hash calculation on the random value and the module identifier to obtain a module response value, wherein the module identifier is obtained by performing hash calculation on the terminal identifier;
and receiving the terminal response value, and matching the terminal response value with the module response value to obtain a verification result.
2. The method of claim 1, wherein said hashing the random value and the module identification to obtain a module response value comprises:
performing hash calculation on the random value to obtain a hash value of the random value;
and adding the module identification and the hash value of the random value and then carrying out hash calculation to obtain the module response value.
3. The method of claim 2, wherein the communication module comprises a plurality of module identifications, the method further comprising:
reading a module identification set, wherein each module identification in the module identification set corresponds to various types of terminals;
adding the hash value of the random value to each module identifier respectively, and then performing hash calculation to obtain a target module response value of each module identifier;
and matching the terminal response value with each target module response value respectively to obtain the verification result.
4. The method according to claim 3, wherein the terminal response value is obtained by performing a hash calculation after adding the hash value of the terminal identifier and the hash value of the random value, and the obtaining the verification result by matching the terminal response value with each target module response value respectively comprises:
reading the response values of the target modules one by one;
matching the terminal response value with the current target module response value;
and when the terminal response value is successfully matched with the current target module response value, stopping reading the response values of all the target modules, and obtaining the verification result as verification pass.
5. The method of claim 4, further comprising:
when the terminal response value fails to be matched with the current target module response value, reading the next target module response value;
taking the next target module response value as the current target module response value, and returning to execute the step of matching the terminal response value with the current target module response value until the reading of each target module response value is finished;
and when the terminal response value is failed to be matched with each target module response value, obtaining the verification result as that the verification fails.
6. The method of claim 1, wherein after the receiving the terminal response value, matching the terminal response value with the module response value, and obtaining a check result, the method further comprises:
when the verification result is that the verification is passed, registering the network, and sending a verification success message to the processor so that the terminal obtains the use authority of the network;
and when the verification result is that the verification is failed, sending a verification failure message to the processor.
7. A security verification apparatus, the apparatus comprising:
a status reading request receiving module, configured to receive a status reading request of a processor of the terminal;
a state sending module, configured to send, in response to the state reading request, a state of the communication module to the processor;
an unlocking request receiving module, configured to receive an unlocking request of the processor when the communication module is in a locked state;
the random value generating module is used for generating a random value according to the unlocking request and sending the random value to the processor so that the terminal can calculate the random value and the terminal identification of the terminal to obtain a terminal response value;
the module response value calculating module is used for calculating the random value and the module identification to obtain a module response value, and the module identification is obtained by calculating the terminal identification;
and the matching module is used for receiving the terminal response value, matching the terminal response value with the module response value and obtaining a verification result.
8. The apparatus of claim 7, wherein the module response value calculating module is further configured to perform a hash calculation on the random value to obtain a hash value of the random value; and adding the module identification and the hash value of the random value and then carrying out hash calculation to obtain the module response value.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 6.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
CN202010242737.XA 2020-03-31 2020-03-31 Security verification method and device, computer equipment and storage medium Pending CN111478770A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010242737.XA CN111478770A (en) 2020-03-31 2020-03-31 Security verification method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010242737.XA CN111478770A (en) 2020-03-31 2020-03-31 Security verification method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111478770A true CN111478770A (en) 2020-07-31

Family

ID=71749425

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010242737.XA Pending CN111478770A (en) 2020-03-31 2020-03-31 Security verification method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111478770A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112105023A (en) * 2020-08-03 2020-12-18 深圳市广和通无线股份有限公司 Network connection method, device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6321079B1 (en) * 1998-03-18 2001-11-20 Nec Corporation Network operator controlled locking and unlocking mechanism for mobile telephones
CN1556954A (en) * 2002-06-25 2004-12-22 ������������ʽ���� Information storage device, memory access control method, and computer program
CN1556953A (en) * 2002-06-25 2004-12-22 ������������ʽ���� Information storage device, memory access control system and method, and computer program
CN1564982A (en) * 2002-06-25 2005-01-12 索尼株式会社 Information storage device, memory access control method, and computer program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6321079B1 (en) * 1998-03-18 2001-11-20 Nec Corporation Network operator controlled locking and unlocking mechanism for mobile telephones
CN1556954A (en) * 2002-06-25 2004-12-22 ������������ʽ���� Information storage device, memory access control method, and computer program
CN1556953A (en) * 2002-06-25 2004-12-22 ������������ʽ���� Information storage device, memory access control system and method, and computer program
CN1564982A (en) * 2002-06-25 2005-01-12 索尼株式会社 Information storage device, memory access control method, and computer program

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112105023A (en) * 2020-08-03 2020-12-18 深圳市广和通无线股份有限公司 Network connection method, device, computer equipment and storage medium
WO2022028075A1 (en) * 2020-08-03 2022-02-10 深圳市广和通无线股份有限公司 Network connection method and apparatus, and computer device and storage medium

Similar Documents

Publication Publication Date Title
KR102182894B1 (en) USER DEVICE PERFORMING PASSWROD BASED AUTHENTICATION AND PASSWORD Registration AND AUTHENTICATION METHOD THEREOF
CN111264044B (en) Chip, method for generating private key and method for trustable certification
CN111666564B (en) Application program safe starting method and device, computer equipment and storage medium
CN110651261A (en) Secure memory device with unique identifier for authentication
US11886593B2 (en) Verification of a provisioned state of a platform
EP3206329B1 (en) Security check method, device, terminal and server
US20160267276A1 (en) Systems and Methods for Account Recovery Using a Platform Attestation Credential
EP4024311A1 (en) Method and apparatus for authenticating biometric payment device, computer device and storage medium
CN111901304B (en) Registration method and device of mobile security equipment, storage medium and electronic device
CN113225324A (en) Block chain anonymous account creation method, system, device and storage medium
CN106980800B (en) Measurement method and system for authentication partition of encrypted solid state disk
CN107924440B (en) Method, system, and computer readable medium for managing containers
CN109586898A (en) Dual system communication key generation method and computer readable storage medium
CN111478770A (en) Security verification method and device, computer equipment and storage medium
CN112632573A (en) Intelligent contract execution method, device and system, storage medium and electronic equipment
US10850704B2 (en) Electronic key management device, electronic key management system, electronic key management method, and storage medium
CN115001864B (en) Communication authentication method and device for intelligent furniture, computer equipment and storage medium
JP2020071880A (en) Device attestation techniques
CN110659522B (en) Storage medium security authentication method and device, computer equipment and storage medium
CN109561093B (en) Unauthorized behavior detection method and device, computer equipment and storage medium
CN112184150A (en) Multi-party approval method, device and system in data sharing exchange and electronic device
CN117176472B (en) Data tamper-proof method, device and system based on intelligent password security equipment
CN114547630B (en) Vehicle-mounted multi-operating-system-based verification method and device
CN111357003A (en) Data protection in a pre-operating system environment
CN117633817A (en) Security protection method, security protection device, terminal equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination