CN111935059B - Processing method, device and system for equipment identification - Google Patents

Processing method, device and system for equipment identification Download PDF

Info

Publication number
CN111935059B
CN111935059B CN201910396047.7A CN201910396047A CN111935059B CN 111935059 B CN111935059 B CN 111935059B CN 201910396047 A CN201910396047 A CN 201910396047A CN 111935059 B CN111935059 B CN 111935059B
Authority
CN
China
Prior art keywords
information
equipment
identifier
initial
updated
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910396047.7A
Other languages
Chinese (zh)
Other versions
CN111935059A (en
Inventor
杨长锐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201910396047.7A priority Critical patent/CN111935059B/en
Publication of CN111935059A publication Critical patent/CN111935059A/en
Application granted granted Critical
Publication of CN111935059B publication Critical patent/CN111935059B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Abstract

The application discloses a processing method, a device and a system for equipment identification. Wherein the method comprises the following steps: acquiring an initial device identifier sent by a first computing device and initial seed information for generating verification information; generating verification information aiming at the initial equipment identifier according to the initial seed information; transmitting the authentication information to the first computing device; and acquiring at least one of updated equipment identification and updated seed information returned by the first computing equipment according to a verification result of the verification information. The method provided by the application is adopted to avoid the problems of identifier conflict and identifier drift of the device identifier of the client in the prior art as much as possible.

Description

Processing method, device and system for equipment identification
Technical Field
The present application relates to the field of communications, and in particular, to a method, an apparatus, and a system for processing a device identifier.
Background
In network applications, it is important to identify user assets by accurately identifying a device by device identification, and to efficiently perform resource management. For example, in some network applications with relatively high security levels, such as online shopping, online payment, online banking, etc., it is far from sufficient to rely on user name password authentication alone. The application also needs to enhance authentication by adopting a software or hardware token, a certificate and other modes, detect the login environment and the like of the user and dynamically determine the security level of the login. In this scenario, it is desirable to be able to uniquely identify the device used by the user by device identification.
In the prior art, there are generally three methods for device identification of a client. First, the client is single identified. The method uses a single identification of hardware or software on a host computer where the client is located, such as a network card MAC address, a Bluetooth MAC address and the like. But a single identification of such hardware or software is hard modifiable. Therefore, the phenomena of identification conflict, identification drift and the like are serious and difficult to use. Second, the client combines the identifications. The method combines multiple identifiers of the client, and jointly calculates the final device identifier. For example, the client characteristics such as the network card MAC address, the browser version number and the like are combined, and the device identification is obtained through hash calculation. This approach improves the situation of identity collisions with respect to the first approach, and the identity drift may increase slightly. Thirdly, a server side identifier. In the method, the device identifier is directly issued by the server. However, since the client does not participate in the calculation in this process, it is difficult to ensure the stability of the device identification. Thus, in the prior art, the device identification of the client inevitably has the problems of identification conflict and identification drift.
Disclosure of Invention
The application provides a processing method of equipment identifiers, which aims to avoid the problems of identifier conflict and identifier drift of client equipment identifiers as much as possible.
The processing method of the equipment identifier comprises the following steps:
acquiring an initial device identifier sent by a first computing device and initial seed information for generating verification information;
generating verification information aiming at the initial equipment identifier according to the initial seed information;
transmitting the authentication information to the first computing device;
and acquiring at least one of updated equipment identification and updated seed information returned by the first computing equipment.
Optionally, the acquiring the initial device identifier sent by the first computing device and the initial seed information for generating the verification information includes:
sending initialization request information of applying for equipment identification to the first computing equipment;
and acquiring an initial device identifier returned by the first computing device and an initial seed for generating verification information.
Optionally, the sending, to the first computing device, initialization request information for applying for a device identifier includes:
judging whether the target position stores the equipment identifier or not;
if yes, setting the state identifier in the initialization request information as a reapplication device identifier; if not, setting the state identifier as a first application device identifier;
The initialization request information is sent to the first computing device.
Optionally, the generating verification information for the initial device identifier according to the initial seed information includes:
and performing hash operation on the initial seed information by using a hash message identity verification algorithm to generate verification information for the initial equipment identifier.
Optionally, the sending the verification information to the first computing device includes:
and sending the verification information and the initial equipment identification carried in heartbeat request information to the first computing equipment.
Optionally, the generating verification information for the initial device identifier according to the initial seed information includes:
when the state identifier is a reapplication equipment identifier, acquiring designated heartbeat time;
and performing hash operation on the initial seed information and the heartbeat time by using a hash message identity verification algorithm to generate verification information of the initial equipment identifier.
Optionally, the initial device identifier is an initial universal unique identifier, and the updated device identifier is an updated universal unique identifier.
Optionally, the method for processing the device identifier further includes:
Generating service request information according to the updated equipment identifier;
transmitting the service request information to a second computing device;
and acquiring business services provided by the second computing equipment aiming at the business request information.
Optionally, the method for processing the device identifier further includes:
taking the updated equipment identifier as the initial equipment identifier;
taking the updated seed as the initial seed;
and returning the step of generating verification information for the initial equipment identifier according to the initial seed information.
The embodiment provides a processing apparatus for a device identifier, including:
the first acquisition unit is used for acquiring an initial device identifier sent by the first computing device and initial seed information used for generating verification information;
the generation unit is used for generating verification information aiming at the initial equipment identifier according to the initial seed information;
a transmitting unit configured to transmit the authentication information to the first computing device;
and the second acquisition unit is used for acquiring at least one of updated equipment identification and updated seed information returned by the first computing equipment.
Optionally, the first obtaining unit is specifically configured to:
Sending initialization request information of applying for equipment identification to the first computing equipment;
and acquiring an initial device identifier returned by the first computing device and an initial seed for generating verification information.
Optionally, the first obtaining unit is further configured to:
judging whether the target position stores the equipment identifier or not;
if yes, setting the state identifier in the initialization request information as a reapplication device identifier; if not, setting the state identifier as a first application device identifier;
the initialization request information is sent to the first computing device.
Optionally, the generating unit is specifically configured to:
and performing hash operation on the initial seed information by using a hash message identity verification algorithm to generate verification information for the initial equipment identifier.
Optionally, the sending unit is specifically configured to:
and sending the verification information and the initial equipment identification carried in heartbeat request information to the first computing equipment.
Optionally, the generating unit is specifically configured to:
when the state identifier is a reapplication equipment identifier, acquiring designated heartbeat time;
and performing hash operation on the initial seed information and the heartbeat time by using a hash message identity verification algorithm to generate verification information of the initial equipment identifier.
Optionally, the initial device identifier is an initial universal unique identifier, and the updated device identifier is an updated universal unique identifier.
Optionally, the processing device of the device identifier further includes a service acquisition unit, where the service acquisition unit is configured to:
generating service request information according to the updated equipment identifier;
transmitting the service request information to a second computing device;
and acquiring business services provided by the second computing equipment aiming at the business request information.
Optionally, the processing device of the device identifier further includes a return unit, where the return unit is configured to:
taking the updated equipment identifier as the initial equipment identifier;
taking the updated seed as the initial seed;
and returning the step of generating verification information for the initial equipment identifier according to the initial seed information.
The application provides a processing method of equipment identification, which comprises the following steps:
providing the initial device identification and initial seed information for generating authentication information to the third computing device;
acquiring verification information for the initial equipment identifier, which is sent by the third computing equipment;
Verifying the verification information, and generating at least one of updated equipment identification and updated seed information according to a verification result;
and sending at least one of the updated equipment identification and the updated seed information to the third computing equipment.
Optionally, the providing the initial device identification and the initial seed information for generating the verification information to the third computing device includes:
acquiring initialization request information of an application device identifier sent by a third computing device;
acquiring current time information and machine identification information of a first computing device side according to the request information, wherein the first computing device is used for providing an initial device identification and initial seed information for generating verification information for a third computing device;
generating an initial device identification for the third computing device according to the current time information and the machine identification information;
generating a random number according to the request information;
and obtaining initial seed information for generating verification information according to the random number.
Optionally, the verifying the verification information, generating at least one of updated device identifier and updated seed information according to a verification result, includes:
Searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment;
performing hash operation on the historical seed information by utilizing a hash message identity verification algorithm to obtain first computing equipment end verification information of equipment identification reported by third computing equipment, wherein the first computing equipment is used for providing initial equipment identification and initial seed information for generating verification information for the third computing equipment;
and verifying the verification information according to the verification information of the first computing equipment end, and generating at least one of updated equipment identification and updated seed information according to a verification result.
Optionally, the searching the historical seed information sent to the third computing device according to the device identifier reported by the third computing device includes:
acquiring heartbeat request information sent by the third computing equipment;
according to the heartbeat request information, obtaining the equipment identifier reported by the third computing equipment;
and searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment.
Optionally, the searching the historical seed information sent to the third computing device according to the device identifier reported by the third computing device includes:
Acquiring initialization request information sent by the third computing equipment;
according to the initialization request information, obtaining the device identifier reported by the third computing device;
searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment;
performing hash operation on the history seed information by using a hash message identity verification algorithm to obtain first computing device side verification information of a device identifier reported by a third computing device, wherein the first computing device side verification information comprises:
searching the historical heartbeat time sent by the third computing equipment according to the equipment identifier reported by the third computing equipment;
and performing hash operation on the historical seed information and the historical heartbeat time by using a hash message identity verification algorithm to obtain first computing equipment end verification information of the equipment identifier reported by the third computing equipment.
Optionally, the verifying the verification information, generating at least one of updated device identifier and updated seed information according to a verification result, includes:
verifying the verification information, and if the verification result is successful, generating updated seed information;
The sending at least one of the updated device identifier and the updated seed information to the third computing device includes:
and sending the updated seed information to the third computing device.
Optionally, the verifying the verification information, generating at least one of updated device identifier and updated seed information according to a verification result, includes:
verifying the verification information, and if the verification result is failure, generating updated seed information and updated equipment identification;
the sending at least one of the updated device identifier and the updated seed information to the third computing device includes:
and sending the updated seed information and the updated equipment identifier to the third computing equipment.
Optionally, the initial device identifier is an initial universal unique identifier, and the updated device identifier is an updated universal unique identifier.
The application provides a processing device of equipment identification, comprising:
a providing unit configured to provide an initial device identification and initial seed information for generating authentication information to a third computing device;
A third obtaining unit, configured to obtain verification information for the initial device identifier sent by the third computing device;
the verification unit is used for verifying the verification information and generating at least one of updated equipment identification and updated seed information according to a verification result;
and the first sending unit is used for sending at least one of the updated equipment identification and the updated seed information to the third computing equipment.
Optionally, the providing unit is specifically configured to:
acquiring initialization request information of an application device identifier sent by a third computing device;
acquiring current time information and machine identification information of a first computing device side according to the request information, wherein the first computing device is used for providing an initial device identification and initial seed information for generating verification information for a third computing device;
generating an initial device identification for the third computing device according to the current time information and the machine identification information;
generating a random number according to the request information;
and obtaining initial seed information for generating verification information according to the random number.
Optionally, the verification unit is specifically configured to:
Searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment;
performing hash operation on the historical seed information by utilizing a hash message identity verification algorithm to obtain first computing equipment end verification information of equipment identification reported by third computing equipment, wherein the first computing equipment is used for providing initial equipment identification and initial seed information for generating verification information for the third computing equipment;
and verifying the verification information according to the verification information of the first computing equipment end, and generating at least one of updated equipment identification and updated seed information according to a verification result.
Optionally, the verification unit is further configured to:
acquiring heartbeat request information sent by the third computing equipment;
according to the heartbeat request information, obtaining the equipment identifier reported by the third computing equipment;
and searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment.
Optionally, the verification unit is further configured to:
acquiring initialization request information sent by the third computing equipment;
According to the initialization request information, obtaining the device identifier reported by the third computing device;
searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment;
performing hash operation on the history seed information by using a hash message identity verification algorithm to obtain first computing device side verification information of a device identifier reported by a third computing device, wherein the first computing device side verification information comprises:
searching the historical heartbeat time sent by the third computing equipment according to the equipment identifier reported by the third computing equipment;
and performing hash operation on the historical seed information and the historical heartbeat time by using a hash message identity verification algorithm to obtain first computing equipment end verification information of the equipment identifier reported by the third computing equipment.
Optionally, the verification unit is further configured to:
verifying the verification information, and if the verification result is successful, generating updated seed information;
the sending at least one of the updated device identifier and the updated seed information to the third computing device includes:
and sending the updated seed information to the third computing device.
Optionally, the verification unit is further configured to:
verifying the verification information, and if the verification result is failure, generating updated seed information and updated equipment identification;
the sending at least one of the updated device identifier and the updated seed information to the third computing device includes:
and sending the updated seed information and the updated equipment identifier to the third computing equipment.
Optionally, the initial device identifier is an initial universal unique identifier, and the updated device identifier is an updated universal unique identifier.
The application provides a processing system of a device identifier, which comprises a third computing device for applying the device identifier and a first computing device for providing the device identifier;
the first computing device is used for providing an initial device identification and initial seed information for generating verification information to the third computing device; acquiring verification information for the initial equipment identifier, which is sent by the third computing equipment; verifying the verification information, and generating at least one of updated equipment identification and updated seed information according to a verification result; transmitting at least one of the updated device identifier and the updated seed information to the third computing device;
The third computing device is used for acquiring an initial device identifier sent by the first computing device and initial seed information used for generating verification information; generating verification information aiming at the initial equipment identifier according to the initial seed information; transmitting the authentication information to the first computing device; and acquiring at least one of updated equipment identification and updated seed information returned by the first computing equipment.
Optionally, the processing system of the device identifier further includes a second computing device that provides a service;
the third computing device is configured to generate service request information according to the initial device identifier or the updated device identifier; transmitting the service request information to a second computing device; acquiring business services provided by the second computing equipment;
the second computing device is used for receiving service request information sent by the third computing device; obtaining the equipment identifier of the third computing equipment according to the service request information; according to the equipment identification, carrying out identity verification on the third computing equipment; and providing the business service corresponding to the business request information for the third computing equipment according to the authentication result.
The application provides an information processing method, which comprises the following steps:
obtaining an initial device identifier or an updated device identifier according to any one of the above-mentioned device identifier processing methods;
generating service request information for the second computing device according to the initial device identifier or the updated device identifier;
and obtaining the service provided by the second computing device and aiming at the service request information.
The application provides a data processing method, which comprises the following steps:
acquiring a first device identifier and first seed information corresponding to a first computing device;
generating verification information for the first equipment identifier according to the first seed information;
transmitting the authentication information to the first computing device;
and acquiring a second device identifier and/or second seed information returned by the first computing device.
Optionally, the generating verification information for the first device identifier according to the first seed information includes:
and performing hash operation on the first seed information by using a hash message identity verification algorithm to generate verification information for the first equipment identifier.
The method for processing the equipment identifier comprises the steps of firstly, acquiring an initial equipment identifier sent by first computing equipment and initial seed information for generating verification information; then, generating verification information aiming at the initial equipment identifier according to the initial seed information; further, sending the authentication information to the first computing device; and finally, acquiring at least one of updated equipment identification and updated seed information returned by the first computing equipment. Through the steps, the problems of identifier conflict and identifier drift of the device identifier of the client are avoided as much as possible.
Drawings
Fig. 1 is a schematic diagram of an embodiment of an application scenario of a device identifier provided by the present application;
fig. 2 is a flowchart of a processing method of a device identifier according to a first embodiment of the present application;
FIG. 3 is a schematic diagram of a processing apparatus for device identification according to a second embodiment of the present application;
fig. 4 is a flowchart of a processing method of a device identifier according to a third embodiment of the present application;
FIG. 5 is a schematic diagram of a processing apparatus for device identification according to a fourth embodiment of the present application;
FIG. 6 is a schematic diagram of a processing system for device identification according to a fifth embodiment of the present application;
fig. 7 is a timing chart of an application example according to a fifth embodiment of the present application;
fig. 8 is a flowchart of a data processing method according to a ninth embodiment of the present application.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application. The present application may be embodied in many other forms than those herein described, and those skilled in the art will readily appreciate that the present application may be similarly embodied without departing from the spirit or essential characteristics thereof, and therefore the present application is not limited to the specific embodiments disclosed below.
In order to enable those skilled in the art to better understand the present application, a specific application scenario embodiment of the present application will be described in detail first. Fig. 1 is a schematic diagram of an embodiment of an application scenario of a processing method of a device identifier provided by the present application. In the specific implementation process, the client can send initialization request information for applying for the equipment identifier to the server side for providing the equipment identifier; after receiving the initialization request information, the server generates and returns the device identifier applied by the client and seed information for verification; the client generates a service request according to the equipment identifier and obtains corresponding service; the client may also periodically initiate heartbeat request information to the server to update the seed information. Through the steps, the problems of identification conflict and identification drift of the client can be avoided as much as possible. A brief description is given below regarding the identity collision and the identity drift. Assuming that the real identification set of the client is M and the generated identification set is N, for a certain time period, the number count (M) of the real identification set elements and the number count (N) of the generated identification set elements are equal, identification conflict is generated when the count (M) is more than the count (N), and identification drift is generated when the count (M) is less than the count (N). The identity conflict and the identity conflict respectively measure the uniqueness and the stability of the generated equipment identity.
Referring to fig. 2, a flowchart of a first embodiment of the present application is shown. A method for processing a device identifier according to a first embodiment of the present application is described in detail below with reference to fig. 2. The method comprises the following steps:
step S201: an initial device identification sent by a first computing device and initial seed information used to generate authentication information are obtained.
This step is used to obtain an initial device identification sent by the first computing device and initial seed information used to generate authentication information.
The initial device identification may be an initial universally unique identification code (UUID, universally Unique Identifier). In this embodiment, a Hash-based One-Time Password (HOTP) algorithm based on a Hash-message authentication code (HMAC) algorithm may be used to perform a Hash-message authentication code operation on the initial seed information to obtain authentication information (token) of the initial device identifier.
The first computing device may be a computing device of a server.
The implementation subject of this step may be a third computing device that is a client, i.e., the third computing device obtains the initial device identification sent by the first computing device and the initial seed information for generating the authentication information.
The obtaining the initial device identifier sent by the first computing device and the initial seed information for generating verification information includes:
sending initialization request information of applying for equipment identification to the first computing equipment;
and acquiring an initial device identifier returned by the first computing device and an initial seed for generating verification information.
Firstly, after the third computing device is started, initialization request information for applying for the device identifier is constructed, and then the initialization request information for applying for the device identifier is sent to the first computing device. The initialization request information may include a network address of the first computing device, a network address of the third computing device, time information of the initialization request, and the like. After receiving the initialization request information, the first computing device obtains the device identifier of the third computing device and an initial seed for generating verification information, and returns the initial seed to the third computing device.
The sending, to the first computing device, initialization request information for applying for a device identifier, including:
judging whether the target position stores the equipment identifier or not;
if yes, setting the state identifier in the initialization request information as a reapplication device identifier; if not, setting the state identifier as a first application device identifier;
The initialization request information is sent to the first computing device.
The third computing device first determines whether the target location has saved a device identification. If the third computing device has once obtained the device identification, the obtained device identification is saved at the target location, e.g., a designated location of the non-volatile storage medium. If the third computing device has never obtained a device identification, the target location may store a special value identifying that the device identification has never been obtained. The third computing device uses a status identifier to distinguish between different situations of the initialization request message when constructing the initialization request message. For example, if the target location does not store the device identifier, the state identifier in the initialization request information is set to be the reapplication device identifier, and if the target location stores the device identifier, the state identifier is set to be the first application device identifier. And the first computing equipment reads the state identification after receiving the initialization request information. And executing different processes according to different conditions of the state identifier. For example, for the case where the third computing device has not acquired the device identification, it is necessary to generate the device identification of the third computing device and seed information for authentication. For the case where the third computing device has once obtained the device identification, only seed information for authentication may be generated.
Step S102: and generating verification information aiming at the initial equipment identifier according to the initial seed information.
The step is used for generating verification information aiming at the initial equipment identifier according to the initial seed information.
The generating verification information for the initial equipment identifier according to the initial seed information comprises the following steps:
and according to the initial seed information, performing hash operation on the initial equipment identifier by utilizing a hash message identity verification algorithm, and generating verification information for the initial equipment identifier.
In this embodiment, the HOTP algorithm may be used to perform token verification between the server and the client, so that the device identifier of the client remains stable and consistent. The implementation principle of the HOTP algorithm is as follows:
HOTP(K,C)=truncate(HMAC(K,C))
wherein K may be a key shared by the server and the client, and C is a counter. In this embodiment, the seed generated by the server may be used as the counter C.
In this step, the specific calculation formula for the verification information is: token=hmac (seed).
The token may be verification information in heartbeat request information sent to the server by the client, and the seed may be the initial seed information.
The generating verification information for the initial equipment identifier according to the initial seed information comprises the following steps:
When the state identifier is a reapplication equipment identifier, acquiring designated heartbeat time;
and performing hash operation on the initial seed information and the heartbeat time by using a hash message identity verification algorithm to generate verification information of the initial equipment identifier.
For example, if a process on a third computing device running as a client is restarted, and the third computing device receives a device identifier returned by a server, at which time the state identifier is a reapplication device identifier, a specified heartbeat time (which may be a heartbeat time in a last heartbeat request before the process is restarted) may be obtained, and a hash operation is performed on the initial device identifier and the heartbeat time by using an HMAC algorithm, so as to generate verification information of the initial device identifier.
The calculation formula of the verification information at this time is: token=hmac (seed+heart).
Wherein token is the verification information of the initial equipment identifier, seed is the initial seed information, and heartbeat is the designated heartbeat time.
Step S103: the authentication information is sent to the first computing device.
This step is for transmitting the authentication information to the first computing device.
The sending the authentication information to the first computing device includes:
and sending the verification information and the initial equipment identification carried in heartbeat request information to the first computing equipment.
After the third computing device as the client side prepares the verification information, the verification information may be put into the initialization request information and then sent to the first computing device, or the verification information may be put into the heartbeat request information and then sent to the first computing device.
Step S104: and acquiring at least one of updated equipment identification and updated seed information returned by the first computing equipment.
The step is used for acquiring at least one of updated equipment identification and updated seed information returned by the first computing equipment.
The initial equipment identifier is an initial universal unique identification code, and the updated equipment identifier is an updated universal unique identification code.
In this embodiment, the device identifier may be a universally unique identifier (UUID, universally Unique Identifier). Since the universal unique identification code is the prior art, the description thereof will not be repeated here.
After receiving the verification information sent by the third computing device, the first computing device can verify the server according to the device identifier and the seed information sent by the third computing device. If the verification is successful, new seed information is generated and the updated seed information is returned to the third computing device. If the verification fails, generating new seed information and new equipment identification, and transmitting the updated seed information and the updated equipment identification to third computing equipment; the third computing device may also be required to reapply the device identification.
The processing method of the equipment identifier further comprises the following steps:
generating service request information according to the updated equipment identifier;
transmitting the service request information to a second computing device;
and acquiring business services provided by the second computing equipment aiming at the business request information.
For example, in the network communication Protocol (intelt Protocol), the updated device identifier may be used as a physical address of the third computing device, a message of the service request may be generated, the message may be sent to a second computing device capable of providing a service (such as a server that provides video content, etc.), and then the video service provided by the second computing device for the service request information may be acquired.
The processing method of the equipment identifier further comprises the following steps:
taking the updated equipment identifier as the initial equipment identifier;
taking the updated seed as the initial seed;
and returning the step of generating verification information for the initial equipment identifier according to the initial seed information.
In this embodiment, the seed information provided by the service needs to be updated periodically, so as to ensure the stability of the device identifier acquired by the client from the server.
In the above embodiment, a method for processing a device identifier is provided, and correspondingly, the application also provides a device for processing a device identifier. Referring to fig. 3, a schematic diagram of an embodiment of a processing apparatus for device identification according to the present application is shown. Since this embodiment, i.e. the second embodiment, is substantially similar to the method embodiment, the description is relatively simple, and reference should be made to the description of the method embodiment for relevant points. The device embodiments described below are merely illustrative.
The processing apparatus for device identifier provided in this embodiment includes:
a first obtaining unit 301, configured to obtain an initial device identifier sent by a first computing device and initial seed information for generating verification information;
A generating unit 302, configured to generate verification information for the initial device identifier according to the initial seed information;
a transmitting unit 303, configured to transmit the authentication information to the first computing device;
a second obtaining unit 304, configured to obtain at least one of updated device identifier and updated seed information returned by the first computing device.
In this embodiment, the first obtaining unit is specifically configured to:
sending initialization request information of applying for equipment identification to the first computing equipment;
and acquiring an initial device identifier returned by the first computing device and an initial seed for generating verification information.
In this embodiment, the first obtaining unit is further configured to:
judging whether the target position stores the equipment identifier or not;
if yes, setting the state identifier in the initialization request information as a reapplication device identifier; if not, setting the state identifier as a first application device identifier;
the initialization request information is sent to the first computing device.
In this embodiment, the generating unit is specifically configured to:
and performing hash operation on the initial seed information by using a hash message identity verification algorithm to generate verification information for the initial equipment identifier.
In this embodiment, the sending unit is specifically configured to:
and sending the verification information and the initial equipment identification carried in heartbeat request information to the first computing equipment.
In this embodiment, the generating unit is specifically configured to:
when the state identifier is a reapplication equipment identifier, acquiring designated heartbeat time;
and performing hash operation on the initial seed information and the heartbeat time by using a hash message identity verification algorithm to generate verification information of the initial equipment identifier.
In this embodiment, the initial device identifier is an initial universal unique identifier, and the updated device identifier is an updated universal unique identifier.
In this embodiment, the processing apparatus for a device identifier further includes a service obtaining unit, where the service obtaining unit is configured to:
generating service request information according to the updated equipment identifier;
transmitting the service request information to a second computing device;
and acquiring business services provided by the second computing equipment aiming at the business request information.
In this embodiment, the processing apparatus for a device identifier further includes a return unit, where the return unit is configured to:
Taking the updated equipment identifier as the initial equipment identifier;
taking the updated seed as the initial seed;
and returning the step of generating verification information for the initial equipment identifier according to the initial seed information.
The third embodiment of the application provides a processing method of equipment identification. Referring to fig. 4, a flowchart of a third embodiment of the present application is shown. A method for processing a device identifier according to a third embodiment of the present application is described in detail below with reference to fig. 4. The method comprises the following steps:
step S401: the third computing device is provided with an initial device identification and initial seed information for generating authentication information.
This step is for providing the initial device identification and initial seed information for generating authentication information to the third computing device.
The execution body of the embodiment may be a first computing device that is a server. This step may be used for the first computing device to provide the initial device identification and initial seed information for generating authentication information to the third computing device.
The providing the initial device identification and initial seed information for generating authentication information to the third computing device includes:
Acquiring initialization request information of an application device identifier sent by a third computing device;
acquiring current time information and machine identification information of a first computing device side according to the initialization request information, wherein the first computing device is used for providing an initial device identification and initial seed information for generating verification information for a third computing device;
generating an initial device identification for the third computing device according to the current time information and the machine identification information;
generating a random number according to the request information;
and obtaining initial seed information for generating verification information according to the random number.
Firstly, a first computing device obtains initialization request information of an application device identifier sent by a third computing device, then obtains current time of the first computing device and machine identification information such as a network card physical address according to the initialization request information, and generates an initial device identifier (such as a UUID) for the third computing device according to the current time information and the machine identification information. Further, generating a random number according to the request information; finally, initial seed information for generating verification information is obtained according to the random number.
Step S402: and acquiring verification information which is sent by the third computing equipment and aims at the initial equipment identification.
The step is used for acquiring verification information aiming at the initial equipment identifier, which is sent by the third computing equipment.
For example, the first computing device may acquire the verification information for the initial device identifier sent by the third computing device, which may be through the initialization request information sent by the third computing device or through the heartbeat request information sent by the third computing device.
Step S403: and verifying the verification information, and generating at least one of updated equipment identification and updated seed information according to a verification result.
The step is used for verifying the verification information, and generating at least one of updated equipment identification and updated seed information according to a verification result.
The verifying the verification information, generating at least one of updated equipment identification and updated seed information according to a verification result, including:
searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment;
according to the historical seed information, performing hash operation on the equipment identifier reported by the third computing equipment by utilizing a hash message identity verification algorithm to obtain first computing equipment end verification information of the equipment identifier reported by the third computing equipment, wherein the first computing equipment is used for providing initial equipment identifier and initial seed information for generating verification information for the third computing equipment;
And verifying the verification information according to the verification information of the first computing equipment end, and generating at least one of updated equipment identification and updated seed information according to a verification result.
For example, the first computing device obtains initialization request information sent by the third computing device, and obtains a device identifier reported by the third computing device by analyzing the initialization request information; then, according to the reported equipment identification, searching historical seed information which is sent to the third computing equipment in a historical record; and according to the historical seed information, performing hash operation on the equipment identifier reported by the third computing equipment by utilizing a hash message identity verification algorithm to obtain first computing equipment end verification information of the equipment identifier reported by the third computing equipment. Since the step of obtaining the first computing device side authentication information for the device identification reported by the third computing device corresponds to the same step as in the first embodiment, it will not be described in detail here. After receiving the verification information sent by the third computing device, the first computing device can verify the server according to the device identifier and the seed information sent by the third computing device. If the verification is successful, new seed information is generated and the updated seed information is returned to the third computing device. If the verification fails, generating new seed information and new equipment identification, and transmitting the updated seed information and the updated equipment identification to third computing equipment; the third computing device may also be required to reapply the device identification.
According to the device identifier reported by the third computing device, searching the historical seed information sent to the third computing device, including:
acquiring heartbeat request information sent by the third computing equipment;
according to the heartbeat request information, obtaining the equipment identifier reported by the third computing equipment;
and searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment.
First, a first computing device acquires heartbeat request information sent by a third computing device; then, analyzing the heartbeat request information to obtain the equipment identifier reported by the third computing equipment; and finally, searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment.
According to the device identifier reported by the third computing device, searching the historical seed information sent to the third computing device, including:
acquiring initialization request information sent by the third computing equipment;
according to the initialization request information, obtaining the device identifier reported by the third computing device;
searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment;
And according to the history seed information, performing hash operation on the device identifier reported by the third computing device by using a hash message authentication algorithm to obtain first computing device authentication information of the device identifier reported by the third computing device, including:
searching the historical heartbeat time sent by the third computing equipment according to the equipment identifier reported by the third computing equipment;
and according to the historical seed information, performing hash operation on the equipment identifier reported by the third computing equipment and the historical heartbeat time by utilizing a hash message identity verification algorithm to obtain first computing equipment end verification information of the equipment identifier reported by the third computing equipment.
Firstly, the first computing device acquires initialization request information sent by the third computing device; then, the first computing device obtains a device identifier reported by the third computing device according to the initialization request information; finally, the first computing device searches historical seed information sent to the third computing device in a historical record according to the device identifier reported by the third computing device;
and according to the history seed information, performing hash operation on the device identifier reported by the third computing device by using a hash message authentication algorithm to obtain first computing device authentication information of the device identifier reported by the third computing device, including:
Searching the historical heartbeat time sent by the third computing equipment according to the equipment identifier reported by the third computing equipment;
and according to the historical seed information, performing hash operation on the equipment identifier reported by the third computing equipment and the historical heartbeat time by utilizing a hash message identity verification algorithm to obtain first computing equipment end verification information of the equipment identifier reported by the third computing equipment.
Firstly, searching historical heartbeat time sent by the third computing equipment according to equipment identification reported by the third computing equipment; and then, the first computing device executes hash operation on the device identifier reported by the third computing device and the historical heartbeat time by utilizing a hash message authentication algorithm according to the historical seed information to obtain first computing device authentication information of the device identifier reported by the third computing device.
The verifying the verification information, generating at least one of updated equipment identification and updated seed information according to a verification result, including:
verifying the verification information, and if the verification result is successful, generating updated seed information;
The sending at least one of the updated device identifier and the updated seed information to the third computing device includes:
and sending the updated seed information to the third computing device.
First, the first computing device performs verification on the verification information, if the verification result is successful, updated seed information is generated, and then the updated seed information is sent to the third computing device.
The verifying the verification information, generating at least one of updated equipment identification and updated seed information according to a verification result, including:
verifying the verification information, and if the verification result is failure, generating updated seed information and updated equipment identification;
the sending at least one of the updated device identifier and the updated seed information to the third computing device includes:
and sending the updated seed information and the updated equipment identifier to the third computing equipment.
Firstly, verifying the verification information by a first computing device, and if the verification result is failure, generating updated seed information and updated device identification; the first computing device then sends the updated seed information and the updated device identification to the third computing device.
Alternatively, if the verification results in a failure, the first computing device may also generate a command to reapply the device identification and then send the command to the third computing device.
Step S404: and sending at least one of the updated equipment identification and the updated seed information to the third computing equipment.
The step is used for sending at least one of the updated equipment identifier and the updated seed information to the third computing equipment.
The initial device identifier may be an initial universal unique identifier, and the updated device identifier may be an updated universal unique identifier.
In the above embodiment, a method for processing a device identifier is provided, and correspondingly, the application also provides a device for processing a device identifier. Referring to fig. 5, a schematic diagram of an embodiment of a processing apparatus for device identification according to the present application is shown. Since this embodiment, the fourth embodiment, is substantially similar to the method embodiment, the description is relatively simple, and reference will be made to the partial explanation of the method embodiment for the relevant points. The device embodiments described below are merely illustrative.
The processing apparatus for device identifier provided in this embodiment includes:
a providing unit 501 for providing an initial device identification and initial seed information for generating authentication information to the third computing device;
a third obtaining unit 502, configured to obtain verification information for the initial device identifier sent by the third computing device;
a verification unit 503, configured to perform verification on the verification information, and generate at least one of updated device identifier and updated seed information according to a verification result;
a first sending unit 504, configured to send at least one of the updated device identifier and updated seed information to the third computing device.
In this embodiment, the providing unit is specifically configured to:
acquiring initialization request information of an application device identifier sent by a third computing device;
acquiring current time information and machine identification information of a first computing device side according to the request information, wherein the first computing device is used for providing an initial device identification and initial seed information for generating verification information for a third computing device;
generating an initial device identification for the third computing device according to the current time information and the machine identification information;
Generating a random number according to the request information;
and obtaining initial seed information for generating verification information according to the random number.
In this embodiment, the verification unit is specifically configured to:
searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment;
performing hash operation on the historical seed information by utilizing a hash message identity verification algorithm to obtain first computing equipment end verification information of equipment identification reported by third computing equipment, wherein the first computing equipment is used for providing initial equipment identification and initial seed information for generating verification information for the third computing equipment;
and verifying the verification information according to the verification information of the first computing equipment end, and generating at least one of updated equipment identification and updated seed information according to a verification result.
In this embodiment, the verification unit is further configured to:
acquiring heartbeat request information sent by the third computing equipment;
according to the heartbeat request information, obtaining the equipment identifier reported by the third computing equipment;
and searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment.
In this embodiment, the verification unit is further configured to:
acquiring initialization request information sent by the third computing equipment;
according to the initialization request information, obtaining the device identifier reported by the third computing device;
searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment;
the step of performing hash operation on the history seed information by using a hash message authentication algorithm to obtain first computing device authentication information of a device identifier reported by a third computing device, includes:
searching the historical heartbeat time sent by the third computing equipment according to the equipment identifier reported by the third computing equipment;
and performing hash operation on the historical seed information and the historical heartbeat time by using a hash message identity verification algorithm to obtain first computing equipment end verification information of the equipment identifier reported by the third computing equipment.
In this embodiment, the verification unit is further configured to:
verifying the verification information, and if the verification result is successful, generating updated seed information;
the sending at least one of the updated device identifier and the updated seed information to the third computing device includes:
And sending the updated seed information to the third computing device.
In this embodiment, the verification unit is further configured to:
verifying the verification information, and if the verification result is failure, generating updated seed information and updated equipment identification;
the sending at least one of the updated device identifier and the updated seed information to the third computing device includes:
and sending the updated seed information and the updated equipment identifier to the third computing equipment.
In this embodiment, the initial device identifier is an initial universal unique identifier, and the updated device identifier is an updated universal unique identifier.
A fifth embodiment of the present application provides a processing system for equipment identifier, please refer to fig. 6, which is a schematic diagram of a processing system for equipment identifier. The processing system includes a third computing device 603 applying for a device identification, and a first computing device 601 providing a device identification;
the first computing device is used for providing an initial device identification and initial seed information for generating verification information to the third computing device; acquiring verification information for the initial equipment identifier, which is sent by the third computing equipment; verifying the verification information, and generating at least one of updated equipment identification and updated seed information according to a verification result; transmitting at least one of the updated device identifier and the updated seed information to the third computing device;
The third computing device is used for acquiring an initial device identifier sent by the first computing device and initial seed information used for generating verification information; generating verification information aiming at the initial equipment identifier according to the initial seed information; transmitting the authentication information to the first computing device; and acquiring at least one of updated equipment identification and updated seed information returned by the first computing equipment.
The processing system of the device identification further includes a second computing device 602 that provides a service;
the third computing device is configured to generate service request information according to the initial device identifier or the updated device identifier; transmitting the service request information to a second computing device; acquiring business services provided by the second computing equipment;
the second computing device is used for receiving service request information sent by the third computing device; obtaining the equipment identifier of the third computing equipment according to the service request information; according to the equipment identification, carrying out identity verification on the third computing equipment; and providing the business service corresponding to the business request information for the third computing equipment according to the authentication result.
Fig. 7 is a timing diagram illustrating an example of the operation of a processing system for providing a device identification using the fifth embodiment. The following describes the timing chart.
In the first step, the client starts for the first time, the server generates a UUID for the client as a unique device identifier, and returns a seed (seed) for the HOTP algorithm counter at the same time. Secondly, after the client receives the UUID, the UUID is persisted into the file, the UUID is used as a unique device identifier of the client later, and the initialized seed is not persisted and is kept in the memory. And thirdly, the client sends heartbeat request information to the server at a certain time interval, wherein the heartbeat request information carries UUID and verification information (token), and the token=HMAC (seed) is obtained by encrypting according to the seed (seed) according to an HMAC algorithm. Fourth, after receiving the heartbeat request information, the server obtains the associated seed (seed) according to the UUID, calculates the token with the same algorithm, and if the token is matched, generates a new seed file and synchronizes the new seed file to the client. And fifthly, the client receives the new seed file, persists the last seed into the file, and keeps the new seed in the memory. And sixthly, if the calculated token is not matched with the token calculated by the client after the server receives the heartbeat request information, indicating that UUID conflict occurs once currently, and commanding the current client to reinitialize and allocate a new UUID by the server. Seventh, if the client process is restarted, the client process may carry the UUID of the last time and the seed of the last time during initialization, and request the server for updating the seed through the last heartbeat time, where token=hmac (seed+heartbeat). Eighth, if the verification of the server passes, the seed is updated, and the current client is allowed to keep the UUID of the last time, so that the stability of the UUID is ensured; and if the verification is not passed, reassigning the UUID to the client.
A sixth embodiment of the present application provides an information processing method, including:
according to the method for processing the device identifier provided in the first embodiment, an initial device identifier or an updated device identifier is obtained;
generating service request information for the second computing device according to the initial device identifier or the updated device identifier;
and obtaining the service provided by the second computing device and aiming at the service request information.
For cloud environment, the application of the mirror image technology and the container technology is very wide, the machines produced from the same system mirror image or the containers produced from the same container mirror image are very similar in environment, and the application of unique device identification of a client side is greatly challenged. The sixth embodiment provides an information processing method, which improves the uniqueness and stability of the device identifier acquired by the client in the above scenario.
A seventh embodiment of the present application provides an electronic apparatus, including:
a processor:
the method comprises the steps of,
a memory for storing a computer program, the apparatus executing the method according to any one of the first embodiment, the third embodiment, and the sixth embodiment after the computer program is executed by the processor.
An eighth embodiment of the present application provides a computer storage medium storing a computer program that is executed by a processor to perform the method of any one of the first embodiment, the third embodiment, and the sixth embodiment.
In a first embodiment of the present application, a method for processing a device identifier is provided. In a first embodiment, it is composed from the instance the device has just booted up, thus obtaining the initial device identification sent by the first computing device and the initial seed information used to generate the authentication information. In practice, this process is cycled during operation of the device. A ninth embodiment of the present application provides a data processing method, including a scenario in which a device circularly acquires, during operation of the device, a device identifier sent by a first computing device and seed information for generating authentication information. Since this embodiment is relatively similar to the first embodiment of the present application, the description is relatively simple. For a detailed description, reference is made to the first embodiment of the present application. The method comprises the following steps:
step S801: a first device identification and first seed information corresponding to a first computing device is obtained.
The method includes the steps of obtaining a first device identification and first seed information corresponding to a first computing device.
The third computing device acquires the initial device identifier and the initial seed information for generating verification information, which are transmitted by the first computing device, and then acquires the first device identifier and the first seed information, which are transmitted by the first computing device, again in a certain time period.
Step S802: and generating verification information aiming at the first equipment identifier according to the first seed information.
The step is used for generating verification information aiming at the first equipment identifier according to the first seed information.
Step S803: the authentication information is sent to the first computing device.
This step is for transmitting the authentication information to the first computing device.
Step S804: and acquiring a second device identifier and/or second seed information returned by the first computing device.
The step is used for acquiring a second device identifier and/or second seed information returned by the first computing device.
In this embodiment, the generating verification information for the first device identifier according to the first seed information includes:
and performing hash operation on the first seed information by using a hash message identity verification algorithm to generate verification information for the first equipment identifier.
While the application has been described in terms of preferred embodiments, it is not intended to be limiting, but rather, it will be apparent to those skilled in the art that various changes and modifications can be made herein without departing from the spirit and scope of the application as defined by the appended claims.
In one typical configuration, a computing device includes one or more operators (CPUs), an input/output interface, a network interface, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
1. Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer readable media, as defined herein, does not include non-transitory computer readable media (transmission media), such as modulated data signals and carrier waves.
2. It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

Claims (21)

1. A method for processing a device identifier, applied to a client, the method comprising:
acquiring an initial device identifier sent by a first computing device and initial seed information for generating verification information;
generating verification information aiming at the initial equipment identifier according to the initial seed information;
transmitting the authentication information to the first computing device;
acquiring at least one of updated equipment identification and updated seed information returned by the first computing equipment;
wherein after the sending the verification information to the first computing device, the method further comprises: if the verification is successful, updated seed information returned by the first computing device is obtained; if the verification fails, acquiring updated seed information and updated equipment identification returned by the first computing equipment, or acquiring a request of the first computing equipment for reapplying the equipment identification;
The method further comprises the steps of: taking the updated equipment identifier as the initial equipment identifier; taking the updated seed information as the initial seed information; and returning the step of generating verification information for the initial equipment identifier according to the initial seed information.
2. The method for processing the device identifier according to claim 1, wherein the obtaining the initial device identifier sent by the first computing device and the initial seed information for generating the verification information includes:
sending initialization request information of applying for equipment identification to the first computing equipment;
and acquiring an initial device identifier returned by the first computing device and initial seed information for generating verification information.
3. The method for processing the device identifier according to claim 2, wherein the sending, to the first computing device, initialization request information for applying for the device identifier includes:
judging whether the target position stores the equipment identifier or not;
if yes, setting the state identifier in the initialization request information as a reapplication device identifier; if not, setting the state identifier as a first application device identifier;
The initialization request information is sent to the first computing device.
4. The method for processing a device identifier according to claim 1, wherein generating verification information for the initial device identifier according to the initial seed information includes:
and performing hash operation on the initial seed information by using a hash message identity verification algorithm to generate verification information for the initial equipment identifier.
5. The method of processing device identification of claim 1, wherein the sending the authentication information to the first computing device comprises:
and sending the verification information and the initial equipment identification carried in heartbeat request information to the first computing equipment.
6. The method for processing a device identifier according to claim 3, wherein generating verification information for the initial device identifier according to the initial seed information includes:
when the state identifier is a reapplication equipment identifier, acquiring designated heartbeat time;
and performing hash operation on the initial seed information and the heartbeat time by using a hash message identity verification algorithm to generate verification information of the initial equipment identifier.
7. The method according to claim 1, wherein the initial device identifier is an initial universal unique identifier, and the updated device identifier is an updated universal unique identifier.
8. The method for processing a device identifier according to claim 1, further comprising:
generating service request information according to the updated equipment identifier;
transmitting the service request information to a second computing device;
and acquiring business services provided by the second computing equipment aiming at the business request information.
9. A method for processing a device identifier, applied to a server, the method comprising:
providing the initial device identification and initial seed information for generating authentication information to the third computing device;
acquiring verification information for the initial equipment identifier, which is sent by the third computing equipment;
verifying the verification information, and generating at least one of updated equipment identification and updated seed information according to a verification result;
transmitting at least one of the updated device identifier and the updated seed information to the third computing device;
The verifying the verification information, generating at least one of updated equipment identifier and updated seed information according to a verification result, including: if the verification is successful, generating updated seed information, and sending the updated seed information to third computing equipment; if the verification fails, generating updated seed information and updated equipment identification, and sending the updated seed information and the updated equipment identification to the third computing equipment or requesting the third computing equipment to reapply the equipment identification.
10. The method for processing the device identifier according to claim 9, wherein the providing the initial device identifier and the initial seed information for generating the authentication information to the third computing device includes:
acquiring initialization request information of an application device identifier sent by a third computing device;
acquiring current time information and machine identification information of a first computing device side according to the initialization request information, wherein the first computing device is used for providing an initial device identification and initial seed information for generating verification information for a third computing device;
generating an initial device identification for the third computing device according to the current time information and the machine identification information;
Generating a random number according to the initialization request information;
and obtaining initial seed information for generating verification information according to the random number.
11. The method for processing a device identifier according to claim 9, wherein the verifying the verification information, generating at least one of updated device identifier and updated seed information according to a verification result, includes:
searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment;
performing hash operation on the historical seed information by utilizing a hash message identity verification algorithm to obtain first computing equipment end verification information of equipment identification reported by third computing equipment, wherein the first computing equipment is used for providing initial equipment identification and initial seed information for generating verification information for the third computing equipment;
and verifying the verification information according to the verification information of the first computing equipment end, and generating at least one of updated equipment identification and updated seed information according to a verification result.
12. The method for processing a device identifier according to claim 11, wherein searching for historical seed information sent to the third computing device according to the device identifier reported by the third computing device includes:
Acquiring heartbeat request information sent by the third computing equipment;
according to the heartbeat request information, obtaining the equipment identifier reported by the third computing equipment;
and searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment.
13. The method for processing a device identifier according to claim 11, wherein searching for historical seed information sent to the third computing device according to the device identifier reported by the third computing device includes:
acquiring initialization request information sent by the third computing equipment;
according to the initialization request information, obtaining the device identifier reported by the third computing device;
searching historical seed information sent to the third computing equipment according to the equipment identifier reported by the third computing equipment;
the step of performing hash operation on the history seed information by using a hash message authentication algorithm to obtain first computing device authentication information of a device identifier reported by a third computing device, includes:
searching the historical heartbeat time sent by the third computing equipment according to the equipment identifier reported by the third computing equipment;
And according to the historical seed information, performing hash operation on the historical seed information and the historical heartbeat time by utilizing a hash message identity verification algorithm to obtain first computing equipment verification information of equipment identification reported by third computing equipment.
14. The method according to claim 9, wherein the initial device identifier is an initial universal unique identifier, and the updated device identifier is an updated universal unique identifier.
15. A processing system for device identification, comprising a third computing device applying for device identification and a first computing device providing device identification;
the first computing device is used for providing an initial device identification and initial seed information for generating verification information to the third computing device; acquiring verification information for the initial equipment identifier, which is sent by the third computing equipment; verifying the verification information, and generating at least one of updated equipment identification and updated seed information according to a verification result; transmitting at least one of the updated device identifier and the updated seed information to the third computing device; the verifying the verification information, generating at least one of updated equipment identifier and updated seed information according to a verification result, including: if the verification is successful, generating updated seed information, and sending the updated seed information to third computing equipment; if the verification fails, generating updated seed information and updated equipment identification, and sending the updated seed information and the updated equipment identification to the third computing equipment or requesting the third computing equipment to reapply the equipment identification;
The third computing device is used for acquiring an initial device identifier sent by the first computing device and initial seed information used for generating verification information; generating verification information aiming at the initial equipment identifier according to the initial seed information; transmitting the authentication information to the first computing device; acquiring at least one of updated equipment identification and updated seed information returned by the first computing equipment; wherein after the authentication information is sent to the first computing device, the method further comprises: if the verification is successful, updated seed information returned by the first computing device is obtained; if the verification fails, acquiring updated seed information and updated equipment identification returned by the first computing equipment, or acquiring a request of the first computing equipment for reapplying the equipment identification; further comprises: taking the updated equipment identifier as the initial equipment identifier; taking the updated seed information as the initial seed information; returning the step of generating verification information aiming at the initial equipment identifier according to the initial seed information;
the third computing device is a client, and the first computing device is a server.
16. The device-identified processing system of claim 15, further comprising a second computing device that provides services;
the third computing device is configured to generate service request information according to the initial device identifier or the updated device identifier; transmitting the service request information to a second computing device; acquiring business services provided by the second computing equipment;
the second computing device is used for receiving service request information sent by the third computing device; obtaining the equipment identifier of the third computing equipment according to the service request information; according to the equipment identification, carrying out identity verification on the third computing equipment; and providing the business service corresponding to the business request information for the third computing equipment according to the authentication result.
17. An information processing method, characterized by comprising:
the method according to any of claims 1-8, obtaining an initial device identity or an updated device identity;
generating service request information for the second computing device according to the initial device identifier or the updated device identifier;
and obtaining the service provided by the second computing device and aiming at the service request information.
18. An electronic device, comprising:
a processor;
the method comprises the steps of,
a memory for storing a computer program, which, when executed by the processor, performs the method of any one of claims 1-8 or 9-14 or 17.
19. A computer storage medium storing a computer program to be run by a processor to perform the method of any one of claims 1-8 or 9-14 or 17.
20. A method of data processing, comprising:
acquiring a first device identifier and first seed information corresponding to a first computing device;
generating verification information for the first equipment identifier according to the first seed information;
transmitting the authentication information to the first computing device;
acquiring a second device identifier and/or second seed information returned by the first computing device;
wherein after the sending the verification information to the first computing device, the method further comprises: if the verification is successful, obtaining second seed information returned by the first computing equipment; if the verification fails, acquiring second seed information and a second device identifier returned by the first computing device or acquiring a request of the first computing device for reapplying the device identifier;
The method further comprises the steps of: the second equipment identifier is used as the first equipment identifier; taking the second seed information as the first seed information; and returning the step of generating verification information for the first equipment identifier according to the first seed information.
21. The method of claim 20, wherein generating authentication information for the first device identifier based on the first seed information, comprises:
and performing hash operation on the first seed information by using a hash message identity verification algorithm to generate verification information for the first equipment identifier.
CN201910396047.7A 2019-05-13 2019-05-13 Processing method, device and system for equipment identification Active CN111935059B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910396047.7A CN111935059B (en) 2019-05-13 2019-05-13 Processing method, device and system for equipment identification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910396047.7A CN111935059B (en) 2019-05-13 2019-05-13 Processing method, device and system for equipment identification

Publications (2)

Publication Number Publication Date
CN111935059A CN111935059A (en) 2020-11-13
CN111935059B true CN111935059B (en) 2023-08-25

Family

ID=73282643

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910396047.7A Active CN111935059B (en) 2019-05-13 2019-05-13 Processing method, device and system for equipment identification

Country Status (1)

Country Link
CN (1) CN111935059B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112565479B (en) * 2020-12-07 2023-07-11 北京明略昭辉科技有限公司 Dynamic generation method and system of device ID, computer device and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103297403A (en) * 2012-03-01 2013-09-11 盛大计算机(上海)有限公司 Method and system for achieving dynamic password authentication
CN104767617A (en) * 2015-03-06 2015-07-08 北京石盾科技有限公司 Message processing method, system and related device
CN106487767A (en) * 2015-08-31 2017-03-08 阿里巴巴集团控股有限公司 The update method of checking information and device
CN106789924A (en) * 2016-11-25 2017-05-31 北京天威诚信电子商务服务有限公司 The method and system that a kind of digital certificate protection web site of use mobile terminal is logged in
CN107493264A (en) * 2017-07-17 2017-12-19 深圳市文鼎创数据科技有限公司 OTP Activiation methods, mobile terminal, server, storage medium and system
WO2018108062A1 (en) * 2016-12-15 2018-06-21 腾讯科技(深圳)有限公司 Method and device for identity verification, and storage medium
CN108632213A (en) * 2017-03-20 2018-10-09 腾讯科技(北京)有限公司 Facility information processing method and processing device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103297403A (en) * 2012-03-01 2013-09-11 盛大计算机(上海)有限公司 Method and system for achieving dynamic password authentication
CN104767617A (en) * 2015-03-06 2015-07-08 北京石盾科技有限公司 Message processing method, system and related device
CN106487767A (en) * 2015-08-31 2017-03-08 阿里巴巴集团控股有限公司 The update method of checking information and device
CN106789924A (en) * 2016-11-25 2017-05-31 北京天威诚信电子商务服务有限公司 The method and system that a kind of digital certificate protection web site of use mobile terminal is logged in
WO2018108062A1 (en) * 2016-12-15 2018-06-21 腾讯科技(深圳)有限公司 Method and device for identity verification, and storage medium
CN108632213A (en) * 2017-03-20 2018-10-09 腾讯科技(北京)有限公司 Facility information processing method and processing device
CN107493264A (en) * 2017-07-17 2017-12-19 深圳市文鼎创数据科技有限公司 OTP Activiation methods, mobile terminal, server, storage medium and system

Also Published As

Publication number Publication date
CN111935059A (en) 2020-11-13

Similar Documents

Publication Publication Date Title
US10516666B2 (en) Authentication method, apparatus, and system
CN108540433B (en) User identity verification method and device
CN108880821B (en) Authentication method and equipment of digital certificate
CN108092984B (en) Authorization method, device and equipment for application client
EP3413255A1 (en) Electronic payment service processing method and device, and electronic payment method and device
JP2019525350A (en) Authentication method, apparatus and authentication client
CN104144419A (en) Identity authentication method, device and system
US20200174818A1 (en) Virtual machine management
CA2988434C (en) Automatic recharging system, method and server
CN107733882B (en) SSL certificate automatic deployment method and equipment
CN105763514A (en) Method, device and system for processing authorization
US10728232B2 (en) Method for authenticating client system, client device, and authentication server
CN108449187B (en) Token refreshing method and device
JP2017535870A (en) Two-dimensional code scan interaction method and apparatus
CN110806883A (en) Method and device for safely upgrading firmware and computer readable medium
JP2018532326A (en) Method and device for registering and authenticating information
CN111342964B (en) Single sign-on method, device and system
CN114500119B (en) Method and device for calling block chain service
CN111935059B (en) Processing method, device and system for equipment identification
CN111988262B (en) Authentication method, authentication device, server and storage medium
CN111290884A (en) Data backup method and device for cash register equipment
JP6233846B2 (en) Variable-length nonce generation
CN109739615B (en) Mapping method and device of virtual hard disk and cloud computing platform
CN117795507A (en) Authentication system, authentication module, and authentication program
KR102589438B1 (en) Method for generating non-deterministic data in blockchain-based system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40039490

Country of ref document: HK

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant