CN114039734A - Device resetting method and device - Google Patents

Device resetting method and device Download PDF

Info

Publication number
CN114039734A
CN114039734A CN202111315805.1A CN202111315805A CN114039734A CN 114039734 A CN114039734 A CN 114039734A CN 202111315805 A CN202111315805 A CN 202111315805A CN 114039734 A CN114039734 A CN 114039734A
Authority
CN
China
Prior art keywords
public key
signature
key
application
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111315805.1A
Other languages
Chinese (zh)
Other versions
CN114039734B (en
Inventor
唐小飞
申子熹
王强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202111315805.1A priority Critical patent/CN114039734B/en
Publication of CN114039734A publication Critical patent/CN114039734A/en
Application granted granted Critical
Publication of CN114039734B publication Critical patent/CN114039734B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Abstract

The application relates to a cloud technology, in particular to a device resetting method and a device, wherein the device resetting method comprises the following steps: acquiring a device reset command from a service platform; extracting a device public key and a first device public key signature from the device reset command; the first equipment public key signature is generated by encrypting the equipment public key by adopting a platform private key of the service platform; reading a local preset platform public key corresponding to the platform private key; decrypting the device public key from the first device public key signature according to the preset platform public key; and when the extracted device public key, the local device public key and the decrypted device public key are consistent, executing a device resetting action. The scheme provided by the application can improve the resetting safety of the portable equipment.

Description

Device resetting method and device
The present application is a divisional application entitled "identity authentication request processing method and apparatus, device resetting method and apparatus", filed by the chinese patent office on 16/03/2018 with application number 201810216813.2, the entire contents of which are incorporated herein by reference.
Technical Field
The present application relates to the field of internet security technologies, and in particular, to a method and an apparatus for processing an identity authentication request, and a method and an apparatus for resetting a device.
Background
With the rapid development of the internet and the great popularization of portable devices, when terminal applications face various security problems such as trojan viruses and phishing websites, more and more users often perform auxiliary identity authentication by using the portable devices through wireless connection between the terminals and the portable devices to ensure the security of the operations when performing operations through the terminals, such as login applications, account management, network transactions or resource transfer. In a conventional scheme for performing auxiliary identity authentication through a portable device, in order to improve processing efficiency, the portable device often performs automatic signature directly after receiving an identity authentication request to complete auxiliary identity authentication.
However, in the conventional scheme of performing auxiliary identity authentication through the portable device, there is a potential safety hazard due to situations that signals of the terminal and the portable device are intercepted during communication, a malicious application calls the portable device to automatically complete signature, or the portable device is lost, and the like.
Disclosure of Invention
In view of the above, it is necessary to provide an identity authentication request processing method, an identity authentication request processing apparatus, a computer-readable storage medium, a computer device, a device resetting method, an apparatus, a computer-readable storage medium, and a computer device, for solving the technical problem of potential safety hazard when performing auxiliary identity authentication through a portable device.
An identity authentication request processing method is applied to a portable device, and comprises the following steps:
establishing communication connection with a terminal;
receiving an identity authentication request forwarded by the terminal;
when the communication connection adopts a preset near field communication connection mode, an authentication signature is directly generated according to the identity authentication request;
when the communication connection adopts a non-preset near field communication connection mode, waiting for an input confirmation instruction, and generating an authentication signature according to the identity authentication request when the input confirmation instruction is detected;
sending the authentication signature to the terminal; the authentication signature is used for indicating the terminal to report the authentication signature for identity authentication.
An identity authentication request processing device applied to a portable device, the device comprising:
the establishing module is used for establishing communication connection with the terminal;
a receiving module, configured to receive an identity authentication request forwarded by the terminal;
the generating module is used for directly generating an authentication signature according to the identity authentication request when the communication connection adopts a preset near field communication connection mode;
the generating module is further used for waiting for an input confirmation instruction when the communication connection adopts a non-preset near field communication connection mode, and generating an authentication signature according to the identity authentication request when the input confirmation instruction is detected;
a sending module, configured to send the authentication signature to the terminal; the authentication signature is used for indicating the terminal to report the authentication signature for identity authentication.
A computer-readable storage medium, storing a computer program which, when executed by a processor, causes the processor to perform the steps of the identity authentication request processing method.
A computer device comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of the identity authentication request processing method.
The identity authentication request processing method, the identity authentication request processing device, the computer readable storage medium and the computer device receive the identity authentication request forwarded by the terminal by establishing communication connection with the terminal. And when the communication connection adopts a preset near field communication connection mode, generating an authentication signature directly according to the identity authentication request. The preset near field communication connection can ensure the communication safety of the portable equipment, so that the authentication signature can be directly generated according to the identity authentication request, and the rapid identity authentication is realized. When the communication connection adopts a non-preset near field communication connection mode and potential safety hazards of portable equipment communication exist in the environment, an input confirmation instruction is waited, and an authentication signature is generated according to an identity authentication request when the input confirmation instruction is detected. Under a communication mode with potential safety hazards, a user is required to actively confirm and generate an authentication signature, so that the communication safety of the terminal and the portable equipment can be guaranteed. After the portable equipment generates the authentication signature, the authentication signature is sent to the terminal through communication connection, and the terminal reports the authentication signature for identity authentication. Therefore, the communication connection modes of the terminal and the portable equipment are distinguished, and the authentication signatures are generated by adopting different authentication processes, so that the safety of the portable equipment for assisting identity authentication can be greatly improved.
A device resetting method applied to a portable device, the method comprising:
acquiring a device reset command from a service platform;
extracting a device public key and a first device public key signature from the device reset command; the first equipment public key signature is generated by encrypting the equipment public key by adopting a platform private key of the service platform;
reading a local preset platform public key corresponding to the platform private key;
decrypting the device public key from the first device public key signature according to the preset platform public key;
and when the extracted device public key, the local device public key and the decrypted device public key are consistent, executing a device resetting action.
A device resetting apparatus applied to a portable device, the apparatus comprising:
the acquisition module is used for acquiring a device reset command from the service platform;
an extraction module for extracting a device public key and a first device public key signature from the device reset command; the first equipment public key signature is generated by encrypting the equipment public key by adopting a platform private key of the service platform;
the reading module is used for reading a local preset platform public key corresponding to the platform private key;
the decryption module is used for decrypting an equipment public key from the first equipment public key signature according to the preset platform public key;
and the execution module is used for executing the equipment resetting action when the extracted equipment public key, the local equipment public key and the decrypted equipment public key are consistent.
A computer-readable storage medium, storing a computer program which, when executed by a processor, causes the processor to perform the steps of the device resetting method.
A computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of the device reset method.
According to the device resetting method, the device resetting apparatus, the computer-readable storage medium and the computer device, when the device resetting command from the service platform is acquired, the device public key and the first device public key signature generated by encrypting the platform private key of the service platform are extracted from the device resetting name. And then, decrypting the device public key from the first device public key signature according to the locally preset platform public key, and when the extracted device public key, the local device public key and the decrypted device public key are consistent, judging that the obtained device reset name is legal, and executing the device reset action at the moment. Therefore, the equipment resetting command can be simply and efficiently authenticated through the preset platform public key, and the problem that the key is stored through the terminal and is unsafe is avoided. In addition, the reset action of the portable equipment can be finished under the condition that the portable equipment needs to be transferred or lost, and the potential safety hazard of the portable equipment is solved.
Drawings
FIG. 1 is a diagram of an application environment of a method for processing an authentication request in one embodiment;
FIG. 2 is a flowchart illustrating a method for processing an identity authentication request according to an embodiment;
FIG. 3 is a diagram illustrating an exemplary manner in which an identity authentication request may be obtained;
FIG. 4 is a flowchart illustrating steps for generating an authentication signature based on an identity authentication request in one embodiment;
FIG. 5 is a flowchart illustrating steps in the generation of application key pairs in one embodiment;
FIG. 6 is a diagram that illustrates a correspondence of application identifications and key indices to application key pairs, in one embodiment;
FIG. 7 is a flowchart illustrating steps of waiting for an input confirmation instruction when the communication connection is a non-default short-range communication connection, and generating an authentication signature according to the identity authentication request when the input confirmation instruction is detected, according to an embodiment;
FIG. 8 is a flow diagram illustrating steps for device reset in one embodiment;
FIG. 9 is a flowchart illustrating steps of device activation in one embodiment;
FIG. 10 is a flowchart illustrating a method for processing an authentication request according to another embodiment;
FIG. 11 is a diagram illustrating an interface through which a user logs into an application via a mobile terminal using a device under an embodiment;
FIG. 12 is a timing diagram illustrating a method for processing an authentication request in one embodiment;
FIG. 13 is a flowchart illustrating processing of an identity authentication request by a portable device in one embodiment;
FIG. 14 is a flow diagram that illustrates a standard signature in one embodiment;
FIG. 15 is a diagram illustrating an interface for waiting for user authorization in one embodiment;
FIG. 16 is a diagram of an application environment for a device reset method in one embodiment;
FIG. 17 is a flow diagram illustrating a method for resetting a device, according to an embodiment;
FIG. 18 is a diagram illustrating an interface for a user to initiate a device reset request via a mobile terminal in one embodiment;
FIG. 19 is a flow chart illustrating a method for resetting a device according to another embodiment;
FIG. 20 is a block diagram showing the structure of an authentication request processing apparatus according to an embodiment;
fig. 21 is a block diagram showing the structure of an authentication request processing apparatus according to another embodiment;
FIG. 22 is a block diagram showing the structure of a device resetting apparatus according to an embodiment;
fig. 23 is a block diagram showing the structure of a device resetting apparatus in another embodiment;
FIG. 24 is a block diagram showing a configuration of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Fig. 1 is a diagram of an application environment of a method for processing an authentication request according to an embodiment. Referring to fig. 1, the identity authentication request processing method is applied to an identity authentication system. The identity authentication system includes a terminal 110, a server 120, and a portable device 130. The terminal 110 and the server 120 are connected through a network. The terminal 110 and the portable device 130 are connected by a preset close-range communication connection method or a non-preset close-range communication connection method. The terminal 110 may specifically be a desktop terminal or a mobile terminal, and the mobile terminal may specifically be at least one of a mobile phone, a tablet computer, a notebook computer, and the like. The server 120 may be implemented as a stand-alone server or a server cluster composed of a plurality of servers. The portable device 130 may specifically be a smart bracelet, smart glasses, smart headphones, or a smart watch, etc.
As shown in fig. 2, in one embodiment, an identity authentication request processing method is provided. The present embodiment is mainly illustrated by applying the method to the portable device 130 in fig. 1. Referring to fig. 2, the identity authentication request processing method specifically includes the following steps:
and S202, establishing communication connection with the terminal.
The communication connection is used for establishing a data transmission channel for data transmission, and comprises a wired communication connection and a wireless communication connection. Wherein, the wired communication connection is, for example, wired network connection or USB (Universal Serial Bus) interface communication connection; a wireless communication connection such as a wireless network connection, a bluetooth communication connection, or a near field communication connection, etc. The bluetooth communication is UHF (Ultra High Frequency) radio wave communication using an ISM Band (Industrial Scientific Medical Band) of 2.4 to 2.485 GHz. Near Field Communication (NFC) is short-range high-frequency wireless Communication, and the operating frequency is 13.56 MHz.
Specifically, the portable device may receive a communication request from the terminal, and establish a communication connection with the terminal according to the communication request. In one embodiment, the terminal may actively initiate a request to connect to the portable device, and the portable device may respond to the request, whereupon the portable device may establish a link connection to communicate with the terminal. Taking a bluetooth connection as an example, a terminal (master, i.e., a device initiating the connection) may turn on a bluetooth paging slave (slave, i.e., a device receiving the connection), and the portable device may scan for external pages at regular intervals. The portable device responds to a terminal-initiated page when it scans for the page. Thus, a communication connection is established between the terminal and the portable device.
In one embodiment, the terminal may initiate an operation request to the server, and the server feeds back an authentication request to the terminal after receiving the operation request. After receiving the authentication request, the terminal can display characters such as 'Bluetooth communication connection' or 'card pasting communication connection' on a display screen for a user to select. When the user selects the bluetooth communication connection, the terminal can turn on the bluetooth device to page the portable device. When the user selects the card-sticking communication connection, the terminal can turn on a radio frequency field, such as a built-in card reader detection mode, and when the user brings the portable device close to the terminal, the terminal detects the portable device and establishes a communication connection with the portable device.
In one embodiment, the portable device may also turn on a network communication mode to establish a communication connection with the terminal through a wireless network or a limited network. Alternatively, the portable device may also establish a communication connection with the terminal through the USB interface.
And S204, receiving the identity authentication request forwarded by the terminal.
The identity authentication request is a request for authenticating an identity, and may be a transmitted identity authentication instruction or an identity authentication message, and generally carries identity authentication information.
In one embodiment, the user may trigger the operation instruction through the terminal. The operation instruction includes, for example, that the user logs in an application account through a terminal or performs a network transaction through an application. The terminal sends the operation instruction to the server through network connection, and the server generates a corresponding identity authentication request after receiving the operation instruction and feeds the identity authentication request back to the terminal. The identity authentication request carries identity authentication information. After receiving the identity authentication request, the terminal forwards the identity authentication request to the portable equipment through communication connection with the portable equipment.
In one embodiment, the user may trigger the operating instruction through the portable device. The portable equipment transmits the operation instruction to the terminal through communication connection with the terminal, and the terminal transmits the operation instruction to the server. And the server generates a corresponding identity authentication request after receiving the operation instruction and returns the identity authentication request to the terminal. The identity authentication request carries identity authentication information. After receiving the identity authentication request, the terminal forwards the identity authentication request to the portable equipment through communication connection with the portable equipment.
In one embodiment, the server generates a corresponding identity authentication request after receiving the operation instruction, and when the server returns the identity authentication request to the terminal, the server may send a request message to the responder based on a request-response mechanism, that is, the requester returns a response message to the requester.
For example, the server may send an identity authentication request to the terminal based on 7816-4:2005APDU (Application Protocol Data Unit) format. The identity authentication request is also a request message, and the message format of the request message is as follows:
CLA INS P1 P2 Lc<request-data> Le
the CLA is a command class indication, and the general command bit may be preset to "00" and the special command bit may be preset to "80". The INS represents the secure chip command. P1, P2 correspond to the first parameter and the second parameter of each command, respectively. Lc is the length of the request-data (request message), and if the request-data does not exist, Lc is omitted, and the request-data is the specific content of the request message. Le is the maximum expected length of response-data (response message), and Le is omitted if there is no expected response-data.
Accordingly, when the portable device responds to the identity authentication request forwarded by the terminal, the format of the response message is as follows:
Le<response-data> SW1 SW2
where Le is the length of response-data (response message), and response-data is the specific response message content. SW1 and SW2 are two byte state codes.
And S206, when the communication connection adopts a preset near field communication connection mode, generating an authentication signature directly according to the identity authentication request.
When the preset near field communication connection mode is adopted for communication, the identities of two parties of communication and the content of communication are safe, and potential safety hazards such as information interception or impersonation cannot be generated. A short-distance communication connection mode is preset, such as a USB interface communication connection mode or a near field communication connection mode. Specifically, the portable device establishes a communication connection with the terminal, and when receiving an identity authentication request forwarded by the terminal, the portable device can determine a specific transmission mode of the identity authentication request. When the identity authentication request is transmitted to the portable device through a preset near field communication connection mode, the portable device directly generates an authentication signature according to the identity authentication request.
In one embodiment, the portable device may locally preset a determination condition for determining whether the communication connection mode is a preset near field communication connection mode. The determination condition, for example, the communication distance is less than or equal to the preset distance, the communication channel is a preset channel, or the data receiving device is a preset device. And when the communication connection of the portable equipment receiving the identity authentication request meets the judgment condition, determining that the communication connection between the portable equipment and the terminal is a preset near field communication connection mode. And when the communication connection of the portable equipment receiving the identity authentication request does not meet the judgment condition, determining that the communication connection between the portable equipment and the terminal is in a non-preset near field communication connection mode.
For example, the portable device may preset the near field communication connection mode and/or the USB interface communication connection mode as a preset near field communication connection mode. And when the portable equipment is communicated with the non-contact reader-writer of the terminal, judging that the communication connection mode is a preset near field communication connection mode. Or, when the portable device and the terminal communicate through the USB interface, it may be determined that the communication connection between the portable device and the terminal is in the preset near field communication connection manner.
In one embodiment, the portable device has an NFC antenna, a security chip, a bluetooth MCU (micro controller Unit) and a master MCU built in. As shown in fig. 3, fig. 3 is a schematic diagram illustrating an obtaining manner of an authentication request in an embodiment. When the identity authentication request is received through the NFC antenna and forwarded to the security chip, the fact that the communication connection between the portable device and the terminal is near field communication can be determined, and the portable device belongs to a preset near field communication connection mode. When the identity authentication request is received through the Bluetooth MCU and forwarded to the security chip through the main control MCU, the portable device and the terminal can be determined to be in Bluetooth communication, and the Bluetooth communication belongs to a non-preset near field communication connection mode due to potential safety hazards such as information interception.
In one embodiment, the authentication request carries authentication information, such as authentication parameters. The authentication parameters are generated by the server to ensure that each identity authentication request is unique and valid for a certain time or is invalid immediately after use. And the authentication parameters, such as a random number randomly generated by the server, or a ciphertext generated by the server according to the current time, the terminal identifier and the random number. The portable device may encrypt the authentication parameter in a local encryption manner to generate an authentication signature, for example, encrypt the authentication information in the authentication request with a local application private key to generate the authentication signature.
S208, when the communication connection adopts a non-preset near field communication connection mode, waiting for an input confirmation instruction, and generating an authentication signature according to the identity authentication request when detecting the input confirmation instruction.
The confirmation instruction is an instruction which represents the meaning of confirmation and can be generated by triggering a preset operation. The preset operation may be a preset trigger operation, a Personal Identification Number (PIN) of the input terminal, biometric authentication, or the like. The trigger operation may specifically be a touch operation, a cursor operation, or a key operation. The touch operation can be touch click operation, touch press operation or touch slide operation, and the touch operation can be single-point touch operation or multi-point touch operation; the cursor operation can be an operation of controlling a cursor to click or an operation of controlling the cursor to press; the key operation may be a virtual key operation or a physical key operation, etc.
Specifically, the portable device establishes a communication connection with the terminal, and when the portable device receives an identity authentication request forwarded by the terminal, the specific transmission mode of the identity authentication request can be determined. When the identity authentication request is transmitted to the portable device through the non-preset near field communication connection mode, the portable device enters a state of waiting for an input confirmation instruction to wait for the input confirmation instruction. After the user inputs the confirmation instruction through the portable device or the terminal, the portable device can detect the confirmation instruction of the portable device or the confirmation instruction sent by the terminal, and then the portable device generates an authentication signature according to the identity authentication request.
In one embodiment, the portable device may locally preset a determination condition for determining whether the communication connection mode is a preset near field communication connection mode. And when the communication connection of the portable equipment receiving the identity authentication request does not meet the judgment condition, determining that the communication connection between the portable equipment and the terminal is in a non-preset near field communication connection mode. For example, the portable device may preset the near field communication connection mode and/or the USB interface communication connection mode as a preset near field communication connection mode. And when the portable equipment and the terminal are communicated through Bluetooth communication or a wireless network, judging that the communication connection mode is a non-preset close-range communication connection mode.
S210, sending the authentication signature to the terminal; the authentication signature is used for indicating the terminal to report the authentication signature for identity authentication.
In one embodiment, the portable device sends the authentication signature to the terminal through a communication connection with the terminal. And after receiving the authentication signature, the terminal reports the authentication signature to the server. And the server decrypts the authentication signature by adopting a decryption mode corresponding to the encryption mode of the authentication signature to obtain decrypted data. The server can compare the data decrypted by the authentication signature through the local data to perform identity authentication.
In one embodiment, after the authentication signature reported by the terminal is verified, the server may execute an operation instruction triggered by the terminal. And when the authentication signature reported by the terminal is not verified by the server, the server refuses to execute the operation instruction triggered by the terminal.
In one embodiment, the portable device may transmit the authentication signature in a message format corresponding to the message format of the identity authentication request. For example, in the APDU format, the format of the response message is as follows:
Le<response-data> SW1 SW2
wherein, the response-data is also the content of the authentication signature. SW1 and SW2 are two byte state codes. For example, if SW1 and SW2 are encoded as "9000" indicating successful execution of the command. Still other response codes are illustrated below:
Figure BDA0003343600320000101
Figure BDA0003343600320000111
the identity authentication request processing method receives the identity authentication request forwarded by the terminal by establishing communication connection with the terminal. And when the communication connection adopts a preset near field communication connection mode, generating an authentication signature directly according to the identity authentication request. The preset near field communication connection can ensure the communication safety of the portable equipment, so that the authentication signature can be directly generated according to the identity authentication request, and the rapid identity authentication is realized. When the communication connection adopts a non-preset near field communication connection mode and potential safety hazards of portable equipment communication exist in the environment, an input confirmation instruction is waited, and an authentication signature is generated according to an identity authentication request when the input confirmation instruction is detected. Under a communication mode with potential safety hazards, a user is required to actively confirm and generate an authentication signature, so that the communication safety of the terminal and the portable equipment can be guaranteed. After the portable equipment generates the authentication signature, the authentication signature is sent to the terminal through communication connection, and the terminal reports the authentication signature for identity authentication. Therefore, the communication connection modes of the terminal and the portable equipment are distinguished, and the authentication signatures are generated by adopting different authentication processes, so that the safety of the portable equipment for assisting identity authentication can be greatly improved.
In one embodiment, the step of generating the authentication signature according to the identity authentication request specifically includes:
s402, extracting the application key identification information and the authentication parameters from the identity authentication request.
The application key is a key corresponding to the application, and the key comprises a private key and a public key. An application may correspond to multiple groups of keys, and different keys may be used for different purposes, such as a key a for identity authentication of application login, a key B for identity authentication of transaction payment, and the like. The application key identification information is identification information of the application key, and is used to uniquely identify the application key. And determining an application public key and an application private key corresponding to the application key identification information according to the application key identification information. The application key identification information may be one of a number, a letter, a symbol, or the like. The application key identification information may further include an application identification and a key index, and the application key is uniquely determined by the application identification and the key index, that is, the corresponding application public key and application private key may be uniquely determined by the application identification and the key index.
Specifically, the identity authentication request received by the portable device carries identity authentication information, where the identity authentication information includes application key identification information and authentication parameters. The application key identification information can be used for determining a corresponding application public key and an application private key. The portable device may determine a corresponding locally stored application private key according to the application key identification information, and the server may determine a corresponding application public key according to the application key identification information. The authentication parameter is a parameter generated by the server, and is used to ensure that each identity authentication request is unique and valid for a certain time, and may be a random number.
In one embodiment, the authentication parameters are invalidated after the identity authentication request is processed, so as to prevent the potential safety hazard that the application private key is stolen to generate the authentication signature. The authentication parameter may be a random number generated by the server after receiving an operation instruction sent by the terminal.
S404, inquiring an application private key corresponding to the application key identification information.
Specifically, the portable device may query a locally pre-stored application private key corresponding to the application key identification information according to the application key identification information.
S406, the authentication parameters are encrypted according to the application private key to obtain an authentication signature.
Specifically, the portable device encrypts the extracted authentication parameters according to the queried application private key to obtain an authentication signature. The encryption algorithm may adopt ECC (Elliptic Cryptography) or SM2 (Elliptic Curve public key Cryptography), and the like.
In one embodiment, the portable device may encrypt the extracted authentication parameters, the application identifier, and the like according to the queried application private key to obtain an authentication signature.
In one embodiment, the portable device transmits the authentication signature to the terminal via a communication connection with the terminal. And after receiving the authentication signature, the terminal feeds the authentication signature back to the server. And the server decrypts the authentication signature by adopting the application public key corresponding to the application key identification information according to the received authentication signature to obtain the authentication parameters. The server compares the decrypted authentication parameters with the authentication parameters generated by the server, and if the comparison result is consistent, the operation instruction triggered by the terminal is executed; and if the comparison result is inconsistent, refusing to execute.
In the above embodiment, the application key identification information and the authentication parameters are extracted from the identity authentication request, the corresponding application private key is queried according to the application key identification information, and the authentication parameters are encrypted by the queried application private key to obtain the authentication signature. Therefore, the authentication signature is related to the identity authentication information in the identity authentication request and is also related to the local corresponding application private key of the portable equipment, so that the identities and the corresponding information of the two parties can be verified, and the safety of the portable equipment for assisting the identity authentication is greatly improved.
In one embodiment, the identity authentication request processing method further includes: and after receiving the identity authentication request, self-increasing the locally stored count value to obtain the current count value. Step S406 includes: and encrypting the authentication parameters and the current count value according to the application private key to obtain an authentication signature. Step S210 includes: the authentication signature and the current count value are sent to the terminal over a communication connection.
Specifically, the portable device may have a built-in counter or other counting device, and the counter may obtain the current count value from the count value and store the current count value locally each time an authentication request is received. The portable device may obtain a locally stored current count value, encrypt the authentication parameter and the current count value according to the application private key, and obtain an authentication signature. And then the authentication signature and the current count value are sent to the terminal through the communication connection with the terminal.
In one embodiment, the terminal forwards the authentication signature and the current count value sent by the portable device to the server. The server decrypts the authentication signature by adopting an application public key corresponding to the application private key to obtain an authentication parameter and a current count value, compares the authentication parameter and the current count value obtained by decryption with the authentication parameter stored in the server and the current count value reported by the portable device respectively, and executes an operation instruction triggered by the terminal when the comparison results are consistent; and if the comparison result is inconsistent, the server refuses to execute the operation.
In one embodiment, each time the portable device receives an authentication request, the counter value of the counter is incremented accordingly. The count value of the counter can be represented by a big end method, for example, the initial value of the counter is 0x00, and when the count value is increased to the maximum value, the counter starts to count again from 0x 00.
In the above embodiment, after receiving the identity authentication request, the current count value is obtained by incrementing the locally stored count value, and the authentication parameter and the current count value are encrypted according to the application private key, so as to obtain the authentication signature. Therefore, the authentication signatures in each authentication process are different, replay attack to the server can be prevented, and the safety of auxiliary authentication of the portable equipment is further improved.
In one embodiment, the identity authentication request is forwarded by the terminal after being sent to the terminal by the server; after the authentication signature and the current count value are sent to the terminal, the authentication signature and the current count value are reported to a server by the terminal; and the authentication signature is used for indicating the terminal to report the authentication signature to the server, decrypting the authentication signature by the server by adopting the application public key corresponding to the application key identification information to obtain an authentication parameter and a current count value, and comparing the authentication parameter and the current count value obtained by decryption with the authentication parameter stored in the server and the reported current count value respectively to perform identity authentication.
In one embodiment, the user may trigger the operation instruction through a terminal, and the terminal sends the operation instruction to the server through a network connection. And after receiving the operation instruction, the server generates a corresponding identity authentication request, returns the identity authentication request to the terminal, and forwards the identity authentication request to the portable equipment. After receiving the identity authentication request, the portable device increments the locally stored count value to obtain the current count value. And encrypting the authentication parameters and the current count value according to the application private key to obtain an authentication signature. And after the authentication signature and the current count value are sent to the terminal, the terminal reports the authentication signature and the current count value to the server. The server decrypts the authentication signature by using the application public key corresponding to the application key identification information to obtain an authentication parameter and a current count value, and compares the authentication parameter and the current count value obtained by decryption with the authentication parameter stored in the server and the current count value reported by the server respectively to perform identity authentication. When the comparison results are consistent, the server executes an operation instruction triggered by the terminal; and if the comparison result is inconsistent, the server refuses to execute the operation.
In the above embodiment, the server sends the identity authentication request and then forwards the identity authentication request to the portable device, and the portable device generates the authentication signature according to the identity authentication request, sends the authentication signature and the current count value to the terminal, and reports the authentication signature and the current count value to the server. The server then decrypts the authentication signature by using the corresponding application public key and checks the signature to authenticate the identity. Therefore, the separation of the terminal as an operation end and the portable equipment as an authentication end can be realized, and the operation safety can be ensured.
In one embodiment, the identity authentication request processing method further includes a step of generating an application key pair, where the step specifically includes:
s502, acquiring an application registration instruction.
In one embodiment, an application may be installed in the portable device. The user can trigger the application registration instruction through the portable equipment, and the portable equipment acquires the application registration instruction triggered by the user. For example, the user may select the application registration identifier through a touch screen or a key of the portable device, and trigger a corresponding application registration instruction.
In one embodiment, a user can trigger an application registration instruction through a terminal, and the terminal forwards the application registration instruction to the portable device through communication connection with the portable device, so that the portable device acquires the application registration instruction.
S504, generating an application key pair according to the application registration instruction; the application key pair includes an application private key and a corresponding application public key.
Specifically, after acquiring the application registration instruction, the portable device generates a corresponding application key pair according to the application registration instruction. The application key pair corresponds to the application identification. Wherein, the application key pair comprises an application private key and an application public key. The portable device may locally store the generated application key pair and report the application public key to the public.
In one embodiment, after generating the application key pair, the portable device maintains the key index according to the generated application key pair, stores the key index locally, and reports the key index to the server. In this way, the portable device or the server can find the corresponding application private key or application public key according to the application identifier and the key index.
S506, the application public key is encrypted according to the local device private key to obtain an application public key signature.
Specifically, the portable device has a device private key stored locally. Wherein one portable device has and only one device private key. The device private key is different for different portable devices. And the portable equipment encrypts the generated application public key according to the local equipment private key to obtain an application public key signature.
In one embodiment, the portable device generates a device key pair when activated. Wherein the device key pair comprises a device public key and a device private key. The portable device can store the private key of the device locally and report and disclose the public key of the device.
In one embodiment, the portable device may have a device key pair built in during the manufacturing process. The device key pair includes a device public key and a device private key. The portable device can store the private key of the device locally and report and disclose the public key of the device.
And S508, reporting the application public key and the application public key signature to the server, wherein the application public key signature is used for indicating the server to decrypt the application public key signature according to the stored equipment public key, and storing the reported application public key when the decrypted application public key is consistent with the reported application public key.
Specifically, the portable device may report the application public key and the application public key signature to the server through network connection, or the portable device may send the application public key and the application public key signature to the terminal through communication connection with the terminal, and then forward the application public key and the application public key signature to the server through the terminal. And after receiving the application public key and the application public key signature, the server decrypts the application public key signature according to the device public key corresponding to the device private key stored in the server, and stores the reported application public key when the decrypted application public key is consistent with the reported application public key.
In the above embodiment, the application key pair is generated by the application registration instruction, and the application public key is encrypted by the device private key to generate the application public key signature and report the signature to the server. The server verifies whether the application public key signature is correct through a pre-stored device public key, and if the application public key signature is correct, the reported application public key is stored. Therefore, the application public key is encrypted to generate the application public key signature to transmit the application public key, so that the source side of the application public key signature can be guaranteed to be legal, and the application public key stored by the server is guaranteed to be legal and correct.
In one embodiment, the application key identification information includes an application identification and a key index; and/or the preset near field communication connection mode comprises a near field communication connection mode.
Specifically, the application identification information may include an application identification and a key index, and a corresponding application public key or application private key may be uniquely determined according to the application identification and the key index. For example, as shown in fig. 6, fig. 6 is a schematic diagram illustrating a correspondence relationship between an application identifier and a key index and an application key pair in one embodiment. Corresponding application public key 1 and application private key 1 can be determined according to application identifier 1 and key index 1; corresponding application public key 2 and application private key 2 can be determined according to the application identifier 2 and the key index 2; the corresponding application public key 3 and application private key 3 can be determined from the application identification 3 and key index 3. The portable device may find the corresponding application private key according to the application identifier and the key index. The server can find out the corresponding application public key according to the application identifier and the key index.
In one embodiment, the predetermined near field communication connection mode includes a near field communication connection mode, where the near field communication connection mode refers to an NFC communication connection mode.
In one embodiment, step S208 specifically includes the following steps:
and S702, when the communication connection adopts a non-preset near field communication connection mode, triggering a reminding action for indicating to input a confirmation instruction.
Specifically, when the communication connection adopts a non-preset near field communication connection mode, the portable device triggers a reminding action for indicating to input a confirmation instruction. Wherein, the reminding action comprises turning on a breathing lamp, turning on a screen display or turning on vibration and the like.
In one embodiment, when the communication connection adopts a non-preset near field communication connection mode, the terminal may also synchronously trigger a prompt action for indicating an input confirmation instruction, such as displaying an input confirmation prompt on a screen of the terminal, turning on a breathing lamp, or turning on a vibration.
S704, the local state is set to the state of detecting the input confirmation instruction.
Specifically, when the communication connection adopts a non-preset near field communication connection mode, the portable device can set the local position as a confirmation instruction state for detecting input, and at the moment, the portable device can detect the input confirmation instruction and wait for user authorization. The portable device may be in this state for a long period of time before an entered confirmation instruction is detected. Or, when the portable device does not detect the input confirmation instruction state all the time within the preset time period, the portable device will end the flow of the auxiliary identity authentication, and the execution is not continued, and words such as "confirmation of the user is not detected" can be displayed.
S706, when the input confirmation instruction is detected, the state is exited, and an authentication signature is generated according to the identity authentication request.
In one embodiment, the user may enter the confirmation instruction directly in the portable device or on a terminal that forwards the entered confirmation instruction to the portable device. The portable device may exit this state upon detecting an entered confirmation instruction and generate an authentication signature based on the received authentication request.
In the above embodiment, when the communication connection adopts the non-preset near field communication connection mode, the reminding action for instructing to input the confirmation instruction is triggered, so that the user can be reminded of authorization. The local place is set to be in a state of detecting an input confirmation instruction, and an authentication signature is generated according to the identity authentication request after the user authorizes the device, namely the user inputs the confirmation instruction, so that the safety of the portable device for assisting identity authentication can be enhanced in a user participation mode.
In one embodiment, the identity authentication request processing method further includes a step of resetting the device, where the step specifically includes:
s802, a device reset command from the service platform is obtained.
The service platform is a Security management service platform, such as a service platform based on a TUSI (time User Security infrastructure) protocol, a service platform based on an FIDO (Fast Identity authentication on line) Alliance, or a service platform based on an IFAA (Internet financial authentication Alliance), and the like. The device reset instruction is an instruction instructing the portable device to reset. Device reset including clearing user personal data, clearing application key pairs stored in the portable device, device key pairs or formatting the portable device, etc.
In one embodiment, a user may initiate a device reset request through a terminal, the terminal forwards the device reset request to a service platform through network connection, and a server generates a corresponding device reset command after receiving the device reset request and feeds the device reset command back to the terminal. The terminal forwards the device reset command to the portable device through communication with the portable device.
In one embodiment, the user may initiate the device reset request through the portable device, and the portable device may report the device reset request to the service platform through the terminal or directly to the service platform through a network connection. And after receiving the equipment resetting request, the service platform generates a corresponding equipment resetting command, and feeds the equipment resetting command back to the portable equipment through the terminal or directly feeds the equipment resetting command back to the portable equipment through network connection.
S804, extracting a device public key and a first device public key signature from the device reset command; the first device public key signature is generated by encrypting the device public key by adopting a platform private key of the service platform.
In particular, the service platform generated device reset command may include a device public key and a first device public key signature. The device public key may be generated by the portable device after activation and sent to the service platform, or may be pre-stored by the service platform. The first device public key signature is generated by the service platform by encrypting the device public key by using a platform private key, and the encryption algorithm can use an ECC or SM2 encryption algorithm. After the portable device obtains the device reset command from the service platform, the device public key and the first device public key signature may be extracted from the device reset command.
And S806, reading the local preset platform public key corresponding to the platform private key.
Specifically, the portable device may pre-set the platform public key within the portable device during the manufacturing process. When the portable device obtains a device reset command from the service platform, a first device public key signature generated by platform private key encryption is extracted from the device reset command, and then a preset platform public key corresponding to the local platform private key can be read.
And S808, decrypting the device public key from the first device public key signature according to the preset platform public key.
Specifically, after the portable device reads the preset platform public key, the device public key can be decrypted from the first device public key signature by using a corresponding decryption algorithm according to the preset platform public key.
And S810, when the extracted device public key, the local device public key and the decrypted device public key are consistent, executing a device resetting action.
Wherein the device reset action is an action of resetting the portable device, such as clearing user personal data, clearing an application key pair stored in the portable device, a device key pair or formatting the portable device, etc.
In one embodiment, the portable device may compare whether the extracted device public key and the local device public key are consistent, and when consistent, compare the decrypted device public key to the extracted device public key, and when consistent, perform a device reset action.
In one embodiment, the portable device may compare the extracted device public key, the local device public key, and the decrypted device public key two by two to determine whether they are consistent, and perform a device reset action when they are consistent.
In the above embodiment, when the device reset command from the service platform is acquired, the device public key and the first device public key signature generated by encrypting the platform private key of the service platform are extracted from the device reset name. And then, decrypting the device public key from the first device public key signature according to the locally preset platform public key, and when the extracted device public key, the local device public key and the decrypted device public key are consistent, judging that the obtained device reset name is legal, and executing the device reset action at the moment. Therefore, the equipment resetting command can be simply and efficiently authenticated through the preset platform public key, and the problem that the key is stored through the terminal and is unsafe is avoided. In addition, the reset action of the portable equipment can be finished under the condition that the portable equipment needs to be transferred or lost, and the potential safety hazard of the portable equipment is solved.
In one embodiment, the identity authentication request processing method further includes a step of device activation, and the step specifically includes:
and S902, receiving a device activation instruction.
In one embodiment, a corresponding operation on an inactive portable device may generate a device activation instruction. For example, a user may perform a charging operation on an inactive portable device, at which point the portable device itself may generate a device activation instruction.
In one embodiment, a user may generate a device activation instruction by operating at a terminal and transmit the device activation instruction to the terminal through a communication connection of a portable device with the terminal.
S904, generating an equipment key pair according to the equipment activation instruction; the device key pair includes a device private key and a corresponding device public key.
Specifically, after receiving the device activation instruction, the portable device generates a device key pair according to the device activation instruction. The device key pair corresponds to the portable device identification. Wherein the device key pair comprises a device private key and a device public key. The portable device may locally store the generated device key pair and publish the device public key in a report.
S906, reporting the equipment public key to a service platform; the reported device public key is used for generating a first device public key signature.
Specifically, the portable device may directly report the device public key to the service platform through a network connection. Or, the portable device sends the device public key to the terminal through the communication connection with the terminal, and the terminal forwards the device public key to the service platform. The service platform encrypts the reported device public key by adopting a platform private key, and can generate a first device public key signature.
In the above embodiment, the device key pair is generated according to the device activation instruction, where the device key pair includes a device public key and a device private key. By reporting the device public key to the service platform, the service platform can generate a first device public key signature according to the reported device public key, and further generate a device reset command.
In one embodiment, step S906 specifically includes: encrypting the equipment public key according to a preset manufacturer private key to obtain a second equipment public key signature; and transmitting the device public key and the second device public key signature to the service platform, wherein the second device public key signature is used for indicating the service platform to decrypt the second device public key signature according to the manufacturer public key, and storing the transmitted device public key when the decrypted device public key is consistent with the transmitted device public key.
In one embodiment, the vendor private key may be preset during the manufacturing process of the portable device. And the portable equipment encrypts the generated equipment public key according to a preset manufacturer private key to obtain a second equipment public key signature. The portable device passes the device public key and the second device public key signature to the service platform. And the service platform decrypts the signature of the second equipment public key according to the manufacturer public key, and stores the transferred equipment public key when the decrypted equipment public key is consistent with the transferred equipment public key.
In the above embodiment, the device public key is encrypted by the preset vendor private key to generate the second device public key signature, and the second device public key signature is reported to the service platform. The service platform verifies whether the signature of the second device public key is correct through a pre-stored manufacturer public key, and if the signature of the second device public key is correct, the service platform saves the device public key. Therefore, the device public key is encrypted to generate the second device public key signature to transmit the device public key, the source of the second device public key signature can be guaranteed to be legal, and the device public key stored by the service platform is guaranteed to be legal and correct.
As shown in fig. 10, in a specific embodiment, the identity authentication request processing method includes the following steps:
and S1002, receiving a device activation instruction.
S1004, generating a device key pair according to the device activation instruction; the device key pair includes a device private key and a corresponding device public key.
S1006, the device public key is encrypted according to a preset manufacturer private key to obtain a second device public key signature.
And S1008, transmitting the device public key and the second device public key signature to the service platform, wherein the second device public key signature is used for instructing the service platform to decrypt the second device public key signature according to the manufacturer public key, and storing the transmitted device public key when the decrypted device public key is consistent with the transmitted device public key.
S1010, obtaining an application registration instruction.
S1012, generating an application key pair according to the application registration instruction; the application key pair includes an application private key and a corresponding application public key.
S1014, encrypting the application public key according to the local device private key to obtain an application public key signature.
And S1016, reporting the application public key and the application public key signature to the server, wherein the application public key signature is used for indicating the server to decrypt the application public key signature according to the stored device public key, and storing the reported application public key when the decrypted application public key is consistent with the reported application public key.
S1018, establishing communication connection with the terminal;
s1020, receiving the identity authentication request forwarded by the terminal.
And S1022, when the communication connection adopts a preset near field communication connection mode, generating an authentication signature directly according to the identity authentication request.
And S1024, when the communication connection adopts a non-preset near field communication connection mode, triggering a reminding action for indicating to input a confirmation instruction.
S1026, the local state is set to the state of detecting the input confirmation instruction.
S1028, when detecting the input confirmation instruction, exiting the state, and generating an authentication signature according to the identity authentication request.
S1030, sending the authentication signature to the terminal; the authentication signature is used for indicating the terminal to report the authentication signature for identity authentication.
S1032, a device reset command from the service platform is acquired.
S1034, extracting a device public key and a first device public key signature from the device reset command; the first device public key signature is generated by encrypting the device public key by adopting a platform private key of the service platform.
S1036, reading a preset platform public key corresponding to the local platform private key.
And S1038, decrypting the device public key from the first device public key signature according to the preset platform public key.
S1040, when the extracted device public key, the local device public key, and the decrypted device public key are consistent, a device reset action is performed.
The identity authentication request processing method receives the identity authentication request forwarded by the terminal by establishing communication connection with the terminal. And when the communication connection adopts a preset near field communication connection mode, generating an authentication signature directly according to the identity authentication request. The preset near field communication connection can ensure the communication safety of the portable equipment, so that the authentication signature can be directly generated according to the identity authentication request, and the rapid identity authentication is realized. When the communication connection adopts a non-preset near field communication connection mode and potential safety hazards of portable equipment communication exist in the environment, an input confirmation instruction is waited, and an authentication signature is generated according to an identity authentication request when the input confirmation instruction is detected. Under a communication mode with potential safety hazards, a user is required to actively confirm and generate an authentication signature, so that the communication safety of the terminal and the portable equipment can be guaranteed. After the portable equipment generates the authentication signature, the authentication signature is sent to the terminal through communication connection, and the terminal reports the authentication signature for identity authentication. Therefore, the communication connection modes of the terminal and the portable equipment are distinguished, and the authentication signatures are generated by adopting different authentication processes, so that the safety of the portable equipment for assisting identity authentication can be greatly improved.
FIG. 10 is a flowchart illustrating a method for requesting authentication in one embodiment. It should be understood that, although the steps in the flowchart of fig. 10 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 10 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
In a specific application scenario, a user can utilize the portable device to perform auxiliary identity authentication login application through the terminal. For example, as shown in fig. 11, fig. 11 is a schematic interface diagram illustrating a user logging into an application through a mobile terminal using a device login. When the user clicks 'equipment login', the portable equipment performs corresponding operation by adopting the identity authentication request method, and reports an authentication signature for identity authentication. After the authentication is passed, the application running in the terminal can acquire user data, such as data of a user name, a user head portrait and the like.
In one embodiment, as shown in FIG. 12, FIG. 12 illustrates a timing diagram of a method of identity authentication request processing in one embodiment. And the user triggers an operation instruction through the terminal. The terminal sends the operation instruction to the server through network connection, and the server generates a corresponding identity authentication request after receiving the operation instruction and feeds the identity authentication request back to the terminal. After receiving the identity authentication request, the terminal forwards the identity authentication request to the portable equipment through communication connection with the portable equipment. When the communication connection adopts a preset near field communication connection mode, the portable equipment directly generates an authentication signature according to the identity authentication request, sends the authentication signature to the terminal, and then the terminal forwards the authentication signature to the server for identity authentication. When the communication connection adopts a non-preset near field communication connection mode, waiting for confirmation of a user, inputting a confirmation instruction by the user, generating an authentication signature by the portable equipment according to the identity authentication request, sending the authentication signature to the terminal, and forwarding the terminal to the server for identity authentication.
In one embodiment, a portable device includes a security application and a master MCU. The terminal sends the identity authentication request to a main control MCU of the portable device through communication connection, and the main control MCU forwards the identity authentication request to the security application. The security application judges whether the communication connection mode of the portable device and the terminal is a preset near field communication connection mode. If yes, the safety application directly generates an authentication signature according to the identity authentication request, sends the authentication signature to the main control MCU and sends the authentication signature to the terminal through the main control MCU. If not, the security application waits for user confirmation. At this time, the main control MCU can control the screen of the portable device to display a reminding action and detect a confirmation instruction input by the user. And prompting the security application to generate an authentication signature after a confirmation instruction of the user is detected.
Fig. 13 shows the identity authentication request processing method, and fig. 13 shows a flow diagram illustrating the process of the portable device performing the identity authentication request in one embodiment. And after receiving the identity authentication request, the portable equipment judges the communication connection mode with the terminal. And when the short-distance communication connection mode is preset, a quick signature process is carried out, namely, the authentication signature is directly generated. And when the short-distance communication connection mode is a non-preset short-distance communication connection mode, the standard signature process is carried out, and the authentication signature is generated. The standard signature flow is shown in fig. 14, and fig. 14 is a schematic flow diagram of a standard signature in one embodiment. And when the communication connection between the portable equipment and the terminal is in a non-preset near field communication connection mode, the portable equipment waits for the authorization of the user, and generates an authentication signature after the authorization is passed. User authorization interface schematic referring to fig. 15, as shown in fig. 15, fig. 15 shows an interface schematic of waiting for user authorization in one embodiment. Fig. 15 shows a schematic diagram of the display interface on the left side of the terminal prompting the user to confirm on the portable device, and fig. 15 shows a display interface on the right side of the portable terminal waiting for the user to input a confirmation instruction, so that the user can complete the confirmation operation by double-clicking the portable device according to the guidance "double-click confirmation".
Specifically, the request message of the identity authentication request generated by the server according to the APDU format is as follows:
Figure BDA0003343600320000231
Figure BDA0003343600320000241
the content of the request-data may specifically include: reserved field (Control), authentication parameter (Challenge), application identification (AppID), key index Length (KeyIndex Length), and key index (KeyIndex).
In an embodiment, the request message of the identity authentication request may specifically be: 8032000000006403DA009671392A4F83B25CE544E05BCA302549A4CA955BB1EC6E07FEDD57ED036C630DCD2966C4336691125448BBB25B4FF412A49C732DB2C8ABC1B8581BD710DD2242634EA7B39247189166C535CFD03E14BE9940269D22EBDDC61CEA78C0E1B 7930000. Where "80320000" is a command header containing CLA, INS, P1, and P2. "000064" is the length of LC, i.e., request-data. "03" is a reserved field; "DA 009671392A4F83B25CE544E05BCA302549A4CA955BB1EC6E07FEDD57ED 036C" is the authentication parameter Challenge; "630 DCD2966C4336691125448BBB25B4FF412A49C732DB2C8ABC1B8581BD710 DD" is the application identification AppID; "22" is the key index Length KeyIndex Length; "42634 EA7B39247189166C535CFD03E14BE9940269D22EBDDC61CEA78C0E1B 7930000" is the key index KeyIndex.
The content of the response message fed back by the portable equipment according to the identity authentication request is as follows:
Le<response-data> SW1 SW2
the content of response-data of the response packet may include: the User presence identification (User presence), the current count value (Counter) and the authentication Signature (Signature). Wherein the user presence flag is a fixed value of "01". In one embodiment, the authentication signature contains the following: application identification (AppID), User presence identification (User presence), current count value (Counter), and authentication parameter (Challenge).
In an embodiment, the response message fed back by the portable device may specifically be: 01000000013046022100FAF11F21DED8C4117009F655DDFF9D0590F75637DFB8F769460539E888C9E947022100C54A6010F9A294EE6494E3DC352EE57CC0E7607732A2A05C07B0D6044F 0036199000. Where "01" is the User presence identification User presence. "00000001" is the current count value Counter. "3046022100 FAF11F21DED8C4117009F655DDFF9D0590F75637DFB8F769460539E888C9E947022100C54A6010F9A294EE6494E3DC352EE57CC0E7607732A2A05C07B0D6044F 003619" is an authentication Signature. "9000" is the command status, namely SW1 and SW2, indicating that the command executed successfully.
FIG. 16 is a diagram of an application environment for a device reset method in one embodiment. Referring to fig. 16, the device resetting method is applied to a device resetting system. The device resetting system includes a terminal 110, a portable device 130, and a service platform 140. The terminal 110 and the service platform 140 are connected via a network. The service platform 140 may be implemented as a stand-alone server or a server cluster comprised of a plurality of servers.
As shown in fig. 17, in one embodiment, a device reset method is provided. The present embodiment is mainly illustrated by applying the method to the portable device 130 in fig. 16. Referring to fig. 17, the device resetting method specifically includes the following steps:
s1702, a device reset command from the service platform is obtained.
In one embodiment, a user may initiate a device reset request through a terminal, the terminal forwards the device reset request to a service platform through network connection, and a server generates a corresponding device reset command after receiving the device reset request and feeds the device reset command back to the terminal. The terminal forwards the device reset command to the portable device through communication with the portable device.
In one embodiment, the user may initiate the device reset request through the portable device, and the portable device may report the device reset request to the service platform through the terminal or directly to the service platform through a network connection. And after receiving the equipment resetting request, the service platform generates a corresponding equipment resetting command, and feeds the equipment resetting command back to the portable equipment through the terminal or directly feeds the equipment resetting command back to the portable equipment through network connection.
In one embodiment, the service platform generates a corresponding device reset command after receiving the device reset request, and when the service platform feeds back the device reset command to the portable device, the service platform may send a request message to the responder based on a request-response mechanism, that is, the requester sends a request message to the responder, and the responder returns a response message to the requester.
For example, the service platform may send a device reset command to the terminal or portable device based on the APDU format. The device reset command is also a request message, and the message format of the request message is as follows:
CLA INS P1 P2 Lc<request-data> Le
accordingly, when the portable device responds to the device reset command forwarded by the terminal, the format of the response message is as follows:
Le<response-data> SW1 SW2
when the portable device successfully completes the device reset, Le < response-data > is empty, returning only a status code, such as "9000", indicating that the command executed successfully.
S1704, extracting a device public key and a first device public key signature from the device reset command; the first device public key signature is generated by encrypting the device public key by adopting a platform private key of the service platform.
In particular, the service platform generated device reset command may include a device public key and a first device public key signature. The device public key may be generated by the portable device after activation and sent to the service platform, or may be pre-stored by the service platform. The first device public key signature is generated by the service platform by encrypting the device public key by using a platform private key, and the encryption algorithm can use an ECC or SM2 encryption algorithm. After the portable device obtains the device reset command from the service platform, the device public key and the first device public key signature may be extracted from the device reset command.
S1706, the local preset platform public key corresponding to the platform private key is read.
Specifically, the portable device may pre-set the platform public key within the portable device during the manufacturing process. When the portable device obtains a device reset command from the service platform, a first device public key signature generated by platform private key encryption is extracted from the device reset command, and then a preset platform public key corresponding to the local platform private key can be read.
And S1708, decrypting the device public key from the first device public key signature according to the preset platform public key.
Specifically, after the portable device reads the preset platform public key, the device public key can be decrypted from the first device public key signature by using a corresponding decryption algorithm according to the preset platform public key.
S1710, when the extracted device public key, the local device public key, and the decrypted device public key are consistent, performing a device reset action.
In one embodiment, the portable device may compare whether the extracted device public key and the local device public key are consistent, and when consistent, compare the decrypted device public key to the extracted device public key, and when consistent, perform a device reset action.
In one embodiment, the portable device may compare the extracted device public key, the local device public key, and the decrypted device public key two by two to determine whether they are consistent, and perform a device reset action when they are consistent.
According to the device resetting method, when the device resetting command from the service platform is acquired, the device public key and the first device public key signature generated by encrypting the platform private key of the service platform are extracted from the device resetting name. And then, decrypting the device public key from the first device public key signature according to the locally preset platform public key, and when the extracted device public key, the local device public key and the decrypted device public key are consistent, judging that the obtained device reset name is legal, and executing the device reset action at the moment. Therefore, the equipment resetting command can be simply and efficiently authenticated through the preset platform public key, and the problem that the key is stored through the terminal and is unsafe is avoided. In addition, the reset action of the portable equipment can be finished under the condition that the portable equipment needs to be transferred or lost, and the potential safety hazard of the portable equipment is solved.
In one embodiment, the device resetting method further includes a step of activating the device, and the step specifically includes: receiving a device activation instruction; generating a device key pair according to the device activation instruction; the device key pair comprises a device private key and a corresponding device public key; reporting the device public key to a service platform; the reported device public key is used for generating a first device public key signature.
In the above embodiment, the device key pair is generated according to the device activation instruction, where the device key pair includes a device public key and a device private key. By reporting the device public key to the service platform, the service platform can generate a first device public key signature according to the reported device public key, and further generate a device reset command.
In one embodiment, the step of reporting the device public key to the service platform specifically includes: encrypting the equipment public key according to a preset manufacturer private key to obtain a second equipment public key signature; and transmitting the device public key and the second device public key signature to the service platform, wherein the second device public key signature is used for indicating the service platform to decrypt the second device public key signature according to the manufacturer public key, and storing the transmitted device public key when the decrypted device public key is consistent with the transmitted device public key.
In the above embodiment, the device public key is encrypted by the preset vendor private key to generate the second device public key signature, and the second device public key signature is reported to the service platform. The service platform verifies whether the signature of the second device public key is correct through a pre-stored manufacturer public key, and if the signature of the second device public key is correct, the service platform saves the device public key. Therefore, the device public key is encrypted to generate the second device public key signature to transmit the device public key, the source of the second device public key signature can be guaranteed to be legal, and the device public key stored by the service platform is guaranteed to be legal and correct.
In a specific application scenario, a user may initiate a device reset request through a terminal. For example, as shown in fig. 18, fig. 18 shows an interface diagram of a user initiating a device reset request through a mobile terminal. As shown in fig. 18, the user may click the "smart device management V2" flag on the terminal, and may click the "reset" button to trigger a device reset request after bringing the portable device close to the terminal according to the prompt of the "post card" of the terminal.
As shown in FIG. 19, in one particular embodiment, a flow chart of a device reset method is shown in FIG. 19. The portable device presets a platform public key in the production process. And generating an equipment key pair when the equipment is activated, and reporting the equipment public key to the service platform. The terminal initiates a device resetting request, the service platform audits, generates a corresponding device resetting command after the audit is passed, and forwards the device resetting command to the portable device through the terminal. And the portable equipment extracts the equipment public key in the equipment resetting command according to the equipment and compares the equipment public key with the equipment public key generated during activation. And if so, decrypting the first equipment public key signature according to the preset platform public key to obtain a decrypted equipment public key. The portable device verifies whether the decrypted device public key is correct, and if so, the device resetting action is executed. If not, the device reset is terminated.
In one embodiment, the command message received by the portable device when the platform public key is preset is as follows: F00201000000410410C26685D9ECC1A797CB0E15F7BAC987699E83077CBA131A759906D05169476F6C85864CE83AC5490DB16752BF2653EB4ECB09688742DBE1819933F6A01F65F 2. Where "F0020100" is a command identification. "000041" is the length of request-data. "0410C 26685D9ECC1A797CB0E15F7BAC987699E83077CBA131A759906D05169476F6C85864CE83AC5490DB16752BF2653EB4ECB09688742DBE1819933F6A01F65F 2" is a platform public key. After the portable device receives the request message, the platform public key is stored, and a response message is fed back as follows: 9000. where "9000" indicates successful execution of the command.
In one embodiment, in the process of activating the portable device, the message content of the device activation instruction received by the portable device includes: 80200000000000. where "80200000" is the device activation command identification. "000000" is the length of request-data. The portable device generates a device key pair according to the received device activation instruction, and returns a response message as follows: 0492D868371C9648C09FB745BD33DC113574E2BD150644AAEB75B7BF32C24444A70FB00A932964FF781BA434AB7C466CF3FC03DF54CB2A78066342DAEF1A2B2BED 9000. Among them, "0492D 868371C9648C09FB745BD33DC113574E2BD150644AAEB75B7BF32C24444A70FB00A932964FF781BA434AB7C466CF3FC03DF54CB2A78066342DAEF1A2B2 BED" is a device public key. "9000" is a response status.
In one embodiment, the content of the request message of the device reset command received by the portable device is as follows: "802E 00000000880492D868371C9648C09FB745BD33DC113574E2BD150644AAEB75B7BF32C24444A70FB00A932964FF781BA434AB7C466CF3FC03DF54CB2A78066342DAEF1A2B2BED304502203B52FA7C708C4217C18495883EA5082561B7EE142336BB2E0E043DCC8F4A1F2B022100A3E2B656973C0E460D523B2454B 80DA31E21432E2E2F80 EB 508A 1EA3B 4". Where "802E 0000" is the command identification. "000088" is the length of request-data. "0492D 868371C9648C09FB745BD33DC113574E2BD150644AAEB75B7BF32C24444A70FB00A932964FF781BA434AB7C466CF3FC03DF54CB2A78066342DAEF1A2B2 BED" is a device public key. "304502203B 52FA7C708C4217C18495883EA5082561B7EE142336BB2E0E043DCC8F4A1F2B022100A3E2B656973C0E460D523B2454B27B80DA31E21432E 2F80FC508EB6A1EA3B 4" is a first device public key signature obtained after signature by using a platform private key. After receiving the request message, the portable device performs verification according to the local device public key and the preset platform public key, and when the verification is successful, the feedback response message is as follows: 9000. where "9000" indicates successful execution of the command. If not successful, a response message "6 a 80" may be fed back indicating that the parameters were incorrect.
As shown in fig. 20, in one embodiment, there is provided an identity authentication request processing apparatus 2000, including: an establishing module 2001, a receiving module 2002, a generating module 2003, and a sending module 2004.
An establishing module 2001, configured to establish a communication connection with the terminal.
A receiving module 2002, configured to receive the identity authentication request forwarded by the terminal.
The generating module 2003 is configured to generate an authentication signature directly according to the identity authentication request when the communication connection adopts a preset near field communication connection manner.
The generating module 2003 is further configured to wait for an input confirmation instruction when the communication connection adopts a non-preset near field communication connection manner, and generate an authentication signature according to the identity authentication request when the input confirmation instruction is detected.
A sending module 2004 for sending the authentication signature to the terminal; the authentication signature is used for indicating the terminal to report the authentication signature for identity authentication.
The identity authentication request processing device receives the identity authentication request forwarded by the terminal by establishing communication connection with the terminal. And when the communication connection adopts a preset near field communication connection mode, generating an authentication signature directly according to the identity authentication request. The preset near field communication connection can ensure the communication safety of the portable equipment, so that the authentication signature can be directly generated according to the identity authentication request, and the rapid identity authentication is realized. When the communication connection adopts a non-preset near field communication connection mode and potential safety hazards of portable equipment communication exist in the environment, an input confirmation instruction is waited, and an authentication signature is generated according to an identity authentication request when the input confirmation instruction is detected. Under a communication mode with potential safety hazards, a user is required to actively confirm and generate an authentication signature, so that the communication safety of the terminal and the portable equipment can be guaranteed. After the portable equipment generates the authentication signature, the authentication signature is sent to the terminal through communication connection, and the terminal reports the authentication signature for identity authentication. Therefore, the communication connection modes of the terminal and the portable equipment are distinguished, and the authentication signatures are generated by adopting different authentication processes, so that the safety of the portable equipment for assisting identity authentication can be greatly improved.
In one embodiment, the generation module 2003 is further configured to extract application key identification information and authentication parameters from the identity authentication request; inquiring an application private key corresponding to the application key identification information; and encrypting the authentication parameters according to the application private key to obtain an authentication signature.
In the above embodiment, the application key identification information and the authentication parameters are extracted from the identity authentication request, the corresponding application private key is queried according to the application key identification information, and the authentication parameters are encrypted by the queried application private key to obtain the authentication signature. Therefore, the authentication signature is related to the identity authentication information in the identity authentication request and is also related to the local corresponding application private key of the portable equipment, so that the identities and the corresponding information of the two parties can be verified, and the safety of the portable equipment for assisting the identity authentication is greatly improved.
In one embodiment, the identity authentication request processing device 2000 further comprises a counting module 2005. The counting module 2005 is configured to, after receiving the identity authentication request, increment a locally stored count value to obtain a current count value. The generating module 2003 is further configured to encrypt the authentication parameter and the current count value according to the application private key to obtain an authentication signature. The sending module 2004 is further configured to send the authentication signature and the current count value to the terminal over the communication connection.
In the above embodiment, after receiving the identity authentication request, the current count value is obtained by incrementing the locally stored count value, and the authentication parameter and the current count value are encrypted according to the application private key, so as to obtain the authentication signature. Therefore, the authentication signatures in each authentication process are different, replay attack to the server can be prevented, and the safety of auxiliary authentication of the portable equipment is further improved.
In one embodiment, the identity authentication request is forwarded by the terminal after being sent to the terminal by the server; after the authentication signature and the current count value are sent to the terminal, the authentication signature and the current count value are reported to a server by the terminal; and the authentication signature is used for indicating the terminal to report the authentication signature to the server, decrypting the authentication signature by the server by adopting the application public key corresponding to the application key identification information to obtain an authentication parameter and a current count value, and comparing the authentication parameter and the current count value obtained by decryption with the authentication parameter stored in the server and the reported current count value respectively to perform identity authentication.
In the above embodiment, the server sends the identity authentication request and then forwards the identity authentication request to the portable device, and the portable device generates the authentication signature according to the identity authentication request, sends the authentication signature and the current count value to the terminal, and reports the authentication signature and the current count value to the server. The server then decrypts the authentication signature by using the corresponding application public key and checks the signature to authenticate the identity. Therefore, the separation of the terminal as an operation end and the portable equipment as an authentication end can be realized, and the operation safety can be ensured.
In one embodiment, the identity authentication request processing apparatus 2000 further includes an obtaining module 2006, an encrypting module 2007 and a reporting module 2008.
An obtaining module 2006, configured to obtain an application registration instruction.
The generating module 2003 is further configured to generate an application key pair according to the application registration instruction; the application key pair includes an application private key and a corresponding application public key.
The encryption module 2007 is configured to encrypt the application public key according to the local device private key, so as to obtain an application public key signature.
A reporting module 2008, configured to report the application public key and the application public key signature to the server, where the application public key signature is used to instruct the server to decrypt the application public key signature according to the stored device public key, and store the reported application public key when the decrypted application public key is consistent with the reported application public key.
In the above embodiment, the application key pair is generated by the application registration instruction, and the application public key is encrypted by the device private key to generate the application public key signature and report the signature to the server. The server verifies whether the application public key signature is correct through a pre-stored device public key, and if the application public key signature is correct, the reported application public key is stored. Therefore, the application public key is encrypted to generate the application public key signature to transmit the application public key, so that the source side of the application public key signature can be guaranteed to be legal, and the application public key stored by the server is guaranteed to be legal and correct.
In one embodiment, the application key identification information includes an application identification and a key index; and/or the preset near field communication connection mode comprises a near field communication connection mode.
In one embodiment, the generating module 2003 is further configured to trigger a reminding action for instructing to input a confirmation instruction when the communication connection is in a non-preset near field communication connection manner; the local state is a state for detecting an input confirmation instruction; and exiting the state when the input confirmation instruction is detected, and generating an authentication signature according to the identity authentication request.
In the above embodiment, when the communication connection adopts the non-preset near field communication connection mode, the reminding action for instructing to input the confirmation instruction is triggered, so that the user can be reminded of authorization. The local place is set to be in a state of detecting an input confirmation instruction, and an authentication signature is generated according to the identity authentication request after the user authorizes the device, namely the user inputs the confirmation instruction, so that the safety of the portable device for assisting identity authentication can be enhanced in a user participation mode.
As shown in fig. 21, in one embodiment, the identity authentication request processing device 2000 further comprises a reading module 2009, a decryption module 2010 and an execution module 2011.
The obtaining module 2006 is further configured to obtain a device reset command from the service platform.
The obtaining module 2006 is further configured to extract a device public key and a first device public key signature from the device reset command; the first device public key signature is generated by encrypting the device public key by adopting a platform private key of the service platform.
The reading module 2009 is further configured to read a preset platform public key locally corresponding to the platform private key.
The decryption module 2010 is configured to decrypt the device public key from the first device public key signature according to the preset platform public key.
An executing module 2011, configured to execute a device reset action when the extracted device public key, the local device public key, and the decrypted device public key are consistent.
In the above embodiment, when the device reset command from the service platform is acquired, the device public key and the first device public key signature generated by encrypting the platform private key of the service platform are extracted from the device reset name. And then, decrypting the device public key from the first device public key signature according to the locally preset platform public key, and when the extracted device public key, the local device public key and the decrypted device public key are consistent, judging that the obtained device reset name is legal, and executing the device reset action at the moment. Therefore, the equipment resetting command can be simply and efficiently authenticated through the preset platform public key, and the problem that the key is stored through the terminal and is unsafe is avoided. In addition, the reset action of the portable equipment can be finished under the condition that the portable equipment needs to be transferred or lost, and the potential safety hazard of the portable equipment is solved.
In one embodiment, the obtaining module 2006 is further configured to receive a device activation instruction. The generating module 2003 is further configured to generate a device key pair according to the device activation instruction; the device key pair includes a device private key and a corresponding device public key. The reporting module 2008 is further configured to report the device public key to the service platform; the reported device public key is used for generating a first device public key signature.
In the above embodiment, the device key pair is generated according to the device activation instruction, where the device key pair includes a device public key and a device private key. By reporting the device public key to the service platform, the service platform can generate a first device public key signature according to the reported device public key, and further generate a device reset command.
In an embodiment, the reporting module 2008 is further configured to encrypt the device public key according to a preset vendor private key, so as to obtain a second device public key signature; and transmitting the device public key and the second device public key signature to the service platform, wherein the second device public key signature is used for indicating the service platform to decrypt the second device public key signature according to the manufacturer public key, and storing the transmitted device public key when the decrypted device public key is consistent with the transmitted device public key.
In the above embodiment, the device public key is encrypted by the preset vendor private key to generate the second device public key signature, and the second device public key signature is reported to the service platform. The service platform verifies whether the signature of the second device public key is correct through a pre-stored manufacturer public key, and if the signature of the second device public key is correct, the service platform saves the device public key. Therefore, the device public key is encrypted to generate the second device public key signature to transmit the device public key, the source of the second device public key signature can be guaranteed to be legal, and the device public key stored by the service platform is guaranteed to be legal and correct.
As shown in fig. 22, in one embodiment, there is provided a device resetting apparatus 2200 comprising: an acquisition module 2201, an extraction module 2202, a reading module 2203, a decryption module 2204, and an execution module 2205.
An obtaining module 2201, configured to obtain a device reset command from the service platform;
an extraction module 2202 to extract a device public key and a first device public key signature from the device reset command; the first equipment public key signature is generated by encrypting an equipment public key by adopting a platform private key of a service platform;
a reading module 2203, configured to read a local preset platform public key corresponding to the platform private key;
the decryption module 2204 is configured to decrypt the device public key from the first device public key signature according to the preset platform public key;
an executing module 2205, configured to execute a device reset action when the extracted device public key, the local device public key, and the decrypted device public key are consistent.
When the device resetting device obtains a device resetting command from the service platform, the device public key and the first device public key signature generated by encrypting the platform private key of the service platform are extracted from the device resetting name. And then, decrypting the device public key from the first device public key signature according to the locally preset platform public key, and when the extracted device public key, the local device public key and the decrypted device public key are consistent, judging that the obtained device reset name is legal, and executing the device reset action at the moment. Therefore, the equipment resetting command can be simply and efficiently authenticated through the preset platform public key, and the problem that the key is stored through the terminal and is unsafe is avoided. In addition, the reset action of the portable equipment can be finished under the condition that the portable equipment needs to be transferred or lost, and the potential safety hazard of the portable equipment is solved.
As shown in fig. 23, in an embodiment, the device resetting apparatus 2200 further includes a receiving module 2206, a generating module 2207, and a reporting module 2208:
a receiving module 2206, configured to receive a device activation instruction;
a generating module 2207, configured to generate a device key pair according to the device activation instruction; the device key pair comprises a device private key and a corresponding device public key;
a reporting module 2208, configured to report the device public key to the service platform; the reported device public key is used for generating a first device public key signature.
In the above embodiment, the device key pair is generated according to the device activation instruction, where the device key pair includes a device public key and a device private key. By reporting the device public key to the service platform, the service platform can generate a first device public key signature according to the reported device public key, and further generate a device reset command.
In an embodiment, the reporting module 2208 is further configured to encrypt the device public key according to a preset vendor private key to obtain a second device public key signature; and transmitting the device public key and the second device public key signature to the service platform, wherein the second device public key signature is used for indicating the service platform to decrypt the second device public key signature according to the manufacturer public key, and storing the transmitted device public key when the decrypted device public key is consistent with the transmitted device public key.
In the above embodiment, the device public key is encrypted by the preset vendor private key to generate the second device public key signature, and the second device public key signature is reported to the service platform. The service platform verifies whether the signature of the second device public key is correct through a pre-stored manufacturer public key, and if the signature of the second device public key is correct, the service platform saves the device public key. Therefore, the device public key is encrypted to generate the second device public key signature to transmit the device public key, the source of the second device public key signature can be guaranteed to be legal, and the device public key stored by the service platform is guaranteed to be legal and correct.
FIG. 24 is a diagram illustrating an internal structure of a computer device in one embodiment. The computer device may specifically be the portable device 130 of fig. 1 or 16. As shown in fig. 24, the computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the memory includes a non-volatile storage medium and an internal memory. The non-volatile storage medium of the computer device stores an operating system and may also store a computer program that, when executed by the processor, causes the processor to implement an authentication request processing and/or device resetting method. The internal memory may also have stored therein a computer program that, when executed by the processor, causes the processor to perform an authentication request process and/or a device reset method.
Those skilled in the art will appreciate that the architecture shown in fig. 24 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, the identity authentication request processing apparatus provided in the present application may be implemented in the form of a computer program, and the computer program may be run on a computer device as shown in fig. 24. The memory of the computer device may store therein various program modules constituting the authentication request processing means and/or the device resetting means, such as the establishing module, the receiving module, the generating module, and the transmitting module shown in fig. 20. Also for example, the obtaining module, the extracting module, the reading module, the decrypting module and the executing module shown in fig. 22. The program modules constitute computer programs that cause the processor to execute the steps of the method for processing an authentication request according to the embodiments of the present application described in the present specification.
For example, the computer device shown in fig. 24 may execute step S202 by the establishment module in the identity authentication request processing apparatus shown in fig. 20. The receiving module performs step S204. The computer device may perform steps S206 and S208 by the generation module. The computer device may perform step S210 through the transmission module.
For example, the computer device shown in fig. 24 may execute step S1702 by an acquisition module in the identity authentication request processing apparatus shown in fig. 17. The computer device may perform step S1704 through the extraction module. The computer device may perform step S1706 through the reading module. The computer device may perform step S1708 through the decryption module. The computer device may perform step S1710 by executing the module.
In one embodiment, there is provided a computer device comprising a memory and a processor, the memory having stored therein a computer program that, when executed by the processor, causes the processor to perform the steps of: receiving an identity authentication request forwarded by a terminal through communication connection with the terminal; when the communication connection adopts a preset near field communication connection mode, an authentication signature is directly generated according to the identity authentication request; when the communication connection adopts a non-preset near field communication connection mode, waiting for an input confirmation instruction, and generating an authentication signature according to the identity authentication request when detecting the input confirmation instruction; sending the authentication signature to the terminal through the communication connection; the authentication signature is used for indicating the terminal to report the authentication signature for identity authentication.
In one embodiment, the computer program causes the processor in performing the step of generating an authentication signature from the identity authentication request to perform in particular the steps of: extracting application key identification information and authentication parameters from the identity authentication request; inquiring an application private key corresponding to the application key identification information; and encrypting the authentication parameters according to the application private key to obtain an authentication signature.
In one embodiment, the computer program causes the processor to perform the further steps of: after receiving an identity authentication request, self-increasing a locally stored counting value to obtain a current counting value; encrypting the authentication parameters and the current count value according to the application private key to obtain an authentication signature; the authentication signature and the current count value are sent to the terminal over a communication connection.
In one embodiment, the identity authentication request is forwarded by the terminal after being sent to the terminal by the server; after the authentication signature and the current count value are sent to the terminal, the authentication signature and the current count value are reported to a server by the terminal; and the authentication signature is used for indicating the terminal to report the authentication signature to the server, decrypting the authentication signature by the server by adopting the application public key corresponding to the application key identification information to obtain an authentication parameter and a current count value, and comparing the authentication parameter and the current count value obtained by decryption with the authentication parameter stored in the server and the reported current count value respectively to perform identity authentication.
In one embodiment, the computer program causes the processor to perform the further steps of: acquiring an application registration instruction; generating an application key pair according to the application registration instruction; the application key pair comprises an application private key and a corresponding application public key; encrypting the application public key according to a local device private key to obtain an application public key signature; and reporting the application public key and the application public key signature to a server, wherein the application public key signature is used for indicating the server to decrypt the application public key signature according to the stored equipment public key, and storing the reported application public key when the decrypted application public key is consistent with the reported application public key.
In one embodiment, the application key identification information includes an application identification and a key index; and/or the preset near field communication connection mode comprises a near field communication connection mode.
In one embodiment, the computer program causes the processor to wait for an input confirmation instruction when the communication connection adopts a non-preset near field communication connection mode, and specifically executes the following steps when the step of generating an authentication signature according to the identity authentication request when the input confirmation instruction is detected is executed: when the communication connection adopts a non-preset near field communication connection mode, triggering a reminding action for indicating input of a confirmation instruction; the local state is a state for detecting an input confirmation instruction; and exiting the state when the input confirmation instruction is detected, and generating an authentication signature according to the identity authentication request.
In one embodiment, the computer program causes the processor to perform the further steps of: acquiring a device reset command from a service platform; extracting a device public key and a first device public key signature from the device reset command; the first equipment public key signature is generated by encrypting an equipment public key by adopting a platform private key of a service platform; reading a local preset platform public key corresponding to the platform private key; decrypting the device public key from the first device public key signature according to the preset platform public key; and when the extracted device public key, the local device public key and the decrypted device public key are consistent, executing a device resetting action.
In one embodiment, the computer program causes the processor to perform the further steps of: receiving a device activation instruction; generating a device key pair according to the device activation instruction; the device key pair comprises a device private key and a corresponding device public key; reporting the device public key to a service platform; the reported device public key is used for generating a first device public key signature.
In one embodiment, the computer program causes the processor to specifically perform the following steps when performing the step of reporting the device public key to the service platform: encrypting the equipment public key according to a preset manufacturer private key to obtain a second equipment public key signature; and transmitting the device public key and the second device public key signature to the service platform, wherein the second device public key signature is used for indicating the service platform to decrypt the second device public key signature according to the manufacturer public key, and storing the transmitted device public key when the decrypted device public key is consistent with the transmitted device public key.
The computer equipment receives the identity authentication request forwarded by the terminal by establishing communication connection with the terminal. And when the communication connection adopts a preset near field communication connection mode, generating an authentication signature directly according to the identity authentication request. The preset near field communication connection can ensure the communication safety of the portable equipment, so that the authentication signature can be directly generated according to the identity authentication request, and the rapid identity authentication is realized. When the communication connection adopts a non-preset near field communication connection mode and potential safety hazards of portable equipment communication exist in the environment, an input confirmation instruction is waited, and an authentication signature is generated according to an identity authentication request when the input confirmation instruction is detected. Under a communication mode with potential safety hazards, a user is required to actively confirm and generate an authentication signature, so that the communication safety of the terminal and the portable equipment can be guaranteed. After the portable equipment generates the authentication signature, the authentication signature is sent to the terminal through communication connection, and the terminal reports the authentication signature for identity authentication. Therefore, the communication connection modes of the terminal and the portable equipment are distinguished, and the authentication signatures are generated by adopting different authentication processes, so that the safety of the portable equipment for assisting identity authentication can be greatly improved.
In one embodiment, there is provided a computer device comprising a memory and a processor, the memory having stored therein a computer program that, when executed by the processor, causes the processor to perform the steps of: acquiring a device reset command from a service platform; extracting a device public key and a first device public key signature from the device reset command; the first equipment public key signature is generated by encrypting an equipment public key by adopting a platform private key of a service platform; reading a local preset platform public key corresponding to the platform private key; decrypting the device public key from the first device public key signature according to the preset platform public key; and when the extracted device public key, the local device public key and the decrypted device public key are consistent, executing a device resetting action.
In one embodiment, the computer program causes the processor to perform the further steps of: receiving a device activation instruction; generating a device key pair according to the device activation instruction; the device key pair comprises a device private key and a corresponding device public key; reporting the device public key to a service platform; the reported device public key is used for generating a first device public key signature.
In one embodiment, the computer program causes the processor to specifically perform the following steps when performing the step of reporting the device public key to the service platform: encrypting the equipment public key according to a preset manufacturer private key to obtain a second equipment public key signature; and transmitting the device public key and the second device public key signature to the service platform, wherein the second device public key signature is used for indicating the service platform to decrypt the second device public key signature according to the manufacturer public key, and storing the transmitted device public key when the decrypted device public key is consistent with the transmitted device public key.
When the computer device obtains a device reset command from the service platform, the device public key and a first device public key signature generated by encrypting the platform private key of the service platform are extracted from the device reset name. And then, decrypting the device public key from the first device public key signature according to the locally preset platform public key, and when the extracted device public key, the local device public key and the decrypted device public key are consistent, judging that the obtained device reset name is legal, and executing the device reset action at the moment. Therefore, the equipment resetting command can be simply and efficiently authenticated through the preset platform public key, and the problem that the key is stored through the terminal and is unsafe is avoided. In addition, the reset action of the portable equipment can be finished under the condition that the portable equipment needs to be transferred or lost, and the potential safety hazard of the portable equipment is solved.
A computer-readable storage medium storing a computer program which, when executed by a processor, performs the steps of: receiving an identity authentication request forwarded by a terminal through communication connection with the terminal; when the communication connection adopts a preset near field communication connection mode, an authentication signature is directly generated according to the identity authentication request; when the communication connection adopts a non-preset near field communication connection mode, waiting for an input confirmation instruction, and generating an authentication signature according to the identity authentication request when detecting the input confirmation instruction; sending the authentication signature to the terminal through the communication connection; the authentication signature is used for indicating the terminal to report the authentication signature for identity authentication.
In one embodiment, the computer program causes the processor in performing the step of generating an authentication signature from the identity authentication request to perform in particular the steps of: extracting application key identification information and authentication parameters from the identity authentication request; inquiring an application private key corresponding to the application key identification information; and encrypting the authentication parameters according to the application private key to obtain an authentication signature.
In one embodiment, the computer program causes the processor to perform the further steps of: after receiving an identity authentication request, self-increasing a locally stored counting value to obtain a current counting value; encrypting the authentication parameters and the current count value according to the application private key to obtain an authentication signature; the authentication signature and the current count value are sent to the terminal over a communication connection.
In one embodiment, the identity authentication request is forwarded by the terminal after being sent to the terminal by the server; after the authentication signature and the current count value are sent to the terminal, the authentication signature and the current count value are reported to a server by the terminal; and the authentication signature is used for indicating the terminal to report the authentication signature to the server, decrypting the authentication signature by the server by adopting the application public key corresponding to the application key identification information to obtain an authentication parameter and a current count value, and comparing the authentication parameter and the current count value obtained by decryption with the authentication parameter stored in the server and the reported current count value respectively to perform identity authentication.
In one embodiment, the computer program causes the processor to perform the further steps of: acquiring an application registration instruction; generating an application key pair according to the application registration instruction; the application key pair comprises an application private key and a corresponding application public key; encrypting the application public key according to a local device private key to obtain an application public key signature; and reporting the application public key and the application public key signature to a server, wherein the application public key signature is used for indicating the server to decrypt the application public key signature according to the stored equipment public key, and storing the reported application public key when the decrypted application public key is consistent with the reported application public key.
In one embodiment, the application key identification information includes an application identification and a key index; and/or the preset near field communication connection mode comprises a near field communication connection mode.
In one embodiment, the computer program causes the processor to wait for an input confirmation instruction when the communication connection adopts a non-preset near field communication connection mode, and specifically executes the following steps when the step of generating an authentication signature according to the identity authentication request when the input confirmation instruction is detected is executed: when the communication connection adopts a non-preset near field communication connection mode, triggering a reminding action for indicating input of a confirmation instruction; the local state is a state for detecting an input confirmation instruction; and exiting the state when the input confirmation instruction is detected, and generating an authentication signature according to the identity authentication request.
In one embodiment, the computer program causes the processor to perform the further steps of: acquiring a device reset command from a service platform; extracting a device public key and a first device public key signature from the device reset command; the first equipment public key signature is generated by encrypting an equipment public key by adopting a platform private key of a service platform; reading a local preset platform public key corresponding to the platform private key; decrypting the device public key from the first device public key signature according to the preset platform public key; and when the extracted device public key, the local device public key and the decrypted device public key are consistent, executing a device resetting action.
In one embodiment, the computer program causes the processor to perform the further steps of: receiving a device activation instruction; generating a device key pair according to the device activation instruction; the device key pair comprises a device private key and a corresponding device public key; reporting the device public key to a service platform; the reported device public key is used for generating a first device public key signature.
In one embodiment, the computer program causes the processor to specifically perform the following steps when performing the step of reporting the device public key to the service platform: encrypting the equipment public key according to a preset manufacturer private key to obtain a second equipment public key signature;
and transmitting the device public key and the second device public key signature to the service platform, wherein the second device public key signature is used for indicating the service platform to decrypt the second device public key signature according to the manufacturer public key, and storing the transmitted device public key when the decrypted device public key is consistent with the transmitted device public key.
The computer readable storage medium receives the identity authentication request forwarded by the terminal by establishing a communication connection with the terminal. And when the communication connection adopts a preset near field communication connection mode, generating an authentication signature directly according to the identity authentication request. The preset near field communication connection can ensure the communication safety of the portable equipment, so that the authentication signature can be directly generated according to the identity authentication request, and the rapid identity authentication is realized. When the communication connection adopts a non-preset near field communication connection mode and potential safety hazards of portable equipment communication exist in the environment, an input confirmation instruction is waited, and an authentication signature is generated according to an identity authentication request when the input confirmation instruction is detected. Under a communication mode with potential safety hazards, a user is required to actively confirm and generate an authentication signature, so that the communication safety of the terminal and the portable equipment can be guaranteed. After the portable equipment generates the authentication signature, the authentication signature is sent to the terminal through communication connection, and the terminal reports the authentication signature for identity authentication. Therefore, the communication connection modes of the terminal and the portable equipment are distinguished, and the authentication signatures are generated by adopting different authentication processes, so that the safety of the portable equipment for assisting identity authentication can be greatly improved.
A computer-readable storage medium storing a computer program which, when executed by a processor, performs the steps of: acquiring a device reset command from a service platform; extracting a device public key and a first device public key signature from the device reset command; the first equipment public key signature is generated by encrypting an equipment public key by adopting a platform private key of a service platform; reading a local preset platform public key corresponding to the platform private key; decrypting the device public key from the first device public key signature according to the preset platform public key; and when the extracted device public key, the local device public key and the decrypted device public key are consistent, executing a device resetting action.
In one embodiment, the computer program causes the processor to perform the further steps of: receiving a device activation instruction; generating a device key pair according to the device activation instruction; the device key pair comprises a device private key and a corresponding device public key; reporting the device public key to a service platform; the reported device public key is used for generating a first device public key signature.
In one embodiment, the computer program causes the processor to specifically perform the following steps when performing the step of reporting the device public key to the service platform: encrypting the equipment public key according to a preset manufacturer private key to obtain a second equipment public key signature; and transmitting the device public key and the second device public key signature to the service platform, wherein the second device public key signature is used for indicating the service platform to decrypt the second device public key signature according to the manufacturer public key, and storing the transmitted device public key when the decrypted device public key is consistent with the transmitted device public key.
When the device reset command from the service platform is acquired, the device public key and the first device public key signature generated by encrypting the platform private key of the service platform are extracted from the device reset name. And then, decrypting the device public key from the first device public key signature according to the locally preset platform public key, and when the extracted device public key, the local device public key and the decrypted device public key are consistent, judging that the obtained device reset name is legal, and executing the device reset action at the moment. Therefore, the equipment resetting command can be simply and efficiently authenticated through the preset platform public key, and the problem that the key is stored through the terminal and is unsafe is avoided. In addition, the reset action of the portable equipment can be finished under the condition that the portable equipment needs to be transferred or lost, and the potential safety hazard of the portable equipment is solved.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (15)

1. A device resetting method applied to a portable device, the method comprising:
acquiring a device reset command from a service platform;
extracting a device public key and a first device public key signature from the device reset command; the first equipment public key signature is generated by encrypting the equipment public key by adopting a platform private key of the service platform;
reading a local preset platform public key corresponding to the platform private key;
decrypting the device public key from the first device public key signature according to the preset platform public key;
when the extracted device public key, the local device public key and the decrypted device public key are consistent, executing a device resetting action;
the device public key in the service platform is stored when the device public key obtained by the portable device encrypting the device public key according to a preset manufacturer private key obtains a second device public key signature, the device public key and the second device public key signature are transmitted to the service platform, and the device public key obtained by the service platform decrypting the second device public key signature according to the manufacturer public key is consistent with the transmitted device public key.
2. The method of claim 1, wherein obtaining the device reset command from the service platform comprises:
establishing communication connection with a terminal;
receiving a device reset command from the service platform forwarded by the terminal through the communication connection; the device reset command is generated after the service platform receives a device reset request initiated or forwarded by the terminal.
3. The method according to claim 2, wherein the communication connection comprises a preset close-range connection mode or a non-preset close-range connection mode, the preset close-range connection mode is a preset close-range secure communication connection mode and comprises a near field communication connection mode, and the non-preset close-range communication connection mode comprises a bluetooth communication connection mode.
4. The method of claim 1, wherein the device reset command is a request message, the method further comprising:
when the portable device successfully completes the device reset, a corresponding response message is returned in response to the device reset command, wherein the corresponding response message represents that the command is successfully executed.
5. The method of claim 1, further comprising:
receiving a device activation instruction;
generating a device key pair according to the device activation instruction; the device key pair comprises a device private key and a corresponding device public key;
reporting the equipment public key to the service platform; the reported device public key is used for generating a first device public key signature.
6. The method of claim 5, wherein reporting the device public key to the service platform comprises:
encrypting the equipment public key according to a preset manufacturer private key to obtain a second equipment public key signature;
and transmitting the device public key and the second device public key signature to the service platform, wherein the second device public key signature is used for indicating the service platform to decrypt the second device public key signature according to the manufacturer public key, and storing the transmitted device public key when the decrypted device public key is consistent with the transmitted device public key.
7. The method of claim 1, wherein performing a device reset action when the extracted device public key, the local device public key, and the decrypted device public key are consistent comprises:
and comparing whether the extracted equipment public key is consistent with the local equipment public key, if so, comparing whether the decrypted equipment public key is consistent with the extracted equipment public key, and if so, executing equipment resetting action.
8. The method of claim 1, further comprising:
acquiring an application registration instruction;
generating an application key pair according to the application registration instruction; the application key pair comprises an application private key and a corresponding application public key; the application key pair is used for assisting identity authentication of the portable equipment;
encrypting the application public key according to a local device private key to obtain an application public key signature;
and reporting the application public key and the application public key signature to the server, wherein the application public key signature is used for indicating the server to decrypt the application public key signature according to the stored equipment public key, and storing the reported application public key when the decrypted application public key is consistent with the reported application public key.
9. The method of any one of claims 1 to 8, wherein the portable device has a pre-configured platform public key placed in the production process, and wherein the portable device has a vendor private key placed in the production process.
10. The method of any of claims 1 to 8, wherein the device reset comprises at least one of clearing object data, clearing an application key pair stored in the portable device, a device key pair, and formatting the portable device.
11. A device resetting apparatus applied to a portable device, the apparatus comprising:
the acquisition module is used for acquiring a device reset command from the service platform;
an extraction module for extracting a device public key and a first device public key signature from the device reset command; the first equipment public key signature is generated by encrypting the equipment public key by adopting a platform private key of the service platform;
the reading module is used for reading a local preset platform public key corresponding to the platform private key;
the decryption module is used for decrypting an equipment public key from the first equipment public key signature according to the preset platform public key;
the execution module is used for executing the equipment resetting action when the extracted equipment public key, the local equipment public key and the decrypted equipment public key are consistent;
the device public key in the service platform is stored when the device public key obtained by the portable device encrypting the device public key according to a preset manufacturer private key obtains a second device public key signature, the device public key and the second device public key signature are transmitted to the service platform, and the device public key obtained by the service platform decrypting the second device public key signature according to the manufacturer public key is consistent with the transmitted device public key.
12. The apparatus of claim 11, further comprising a receiving module, a generating module, and a reporting module:
the receiving module is used for receiving a device activation instruction;
the generating module is used for generating an equipment key pair according to the equipment activating instruction; the device key pair comprises a device private key and a corresponding device public key;
the reporting module is used for reporting the equipment public key to the service platform; the reported device public key is used for generating a first device public key signature.
13. The apparatus according to claim 12, wherein the reporting module is further configured to encrypt the device public key according to a preset vendor private key to obtain a second device public key signature; and transmitting the device public key and the second device public key signature to the service platform, wherein the second device public key signature is used for indicating the service platform to decrypt the second device public key signature according to the manufacturer public key, and storing the transmitted device public key when the decrypted device public key is consistent with the transmitted device public key.
14. A computer-readable storage medium, storing a computer program which, when executed by a processor, causes the processor to carry out the steps of the method according to any one of claims 1 to 10.
15. A computer device comprising a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of the method according to any one of claims 1 to 10.
CN202111315805.1A 2018-03-16 2018-03-16 Device resetting method and device Active CN114039734B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111315805.1A CN114039734B (en) 2018-03-16 2018-03-16 Device resetting method and device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111315805.1A CN114039734B (en) 2018-03-16 2018-03-16 Device resetting method and device
CN201810216813.2A CN110278083B (en) 2018-03-16 2018-03-16 Identity authentication request processing method and device, and equipment resetting method and device

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201810216813.2A Division CN110278083B (en) 2018-03-16 2018-03-16 Identity authentication request processing method and device, and equipment resetting method and device

Publications (2)

Publication Number Publication Date
CN114039734A true CN114039734A (en) 2022-02-11
CN114039734B CN114039734B (en) 2023-03-24

Family

ID=67957757

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202111315805.1A Active CN114039734B (en) 2018-03-16 2018-03-16 Device resetting method and device
CN201810216813.2A Active CN110278083B (en) 2018-03-16 2018-03-16 Identity authentication request processing method and device, and equipment resetting method and device

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201810216813.2A Active CN110278083B (en) 2018-03-16 2018-03-16 Identity authentication request processing method and device, and equipment resetting method and device

Country Status (1)

Country Link
CN (2) CN114039734B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113872765B (en) * 2020-06-30 2023-02-03 华为技术有限公司 Identity credential application method, identity authentication method, equipment and device
CN114168929A (en) * 2020-09-10 2022-03-11 华为终端有限公司 Identity authentication method, device, equipment and storage medium
CN112887409B (en) * 2021-01-27 2022-05-17 珠海格力电器股份有限公司 Data processing system, method, device, equipment and storage medium
CN113918266A (en) * 2021-11-23 2022-01-11 成都泰盟软件有限公司 Multi-terminal data synchronous response method based on local area network
CN114697956B (en) * 2022-01-26 2023-04-11 深圳市三诺数字科技有限公司 Secure communication method and device based on double links

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281188A (en) * 2013-05-23 2013-09-04 天地融科技股份有限公司 Method and system for backing up private key in electronic signature token
CN103401844A (en) * 2013-07-12 2013-11-20 天地融科技股份有限公司 Operation request processing method and system
US20140219448A1 (en) * 2011-08-24 2014-08-07 Deutsche Telekom Ag Authenticating a telecommunication terminal in a telecommunication network
CN105162605A (en) * 2015-09-28 2015-12-16 东南大学 Digital signature and authentication method
CN105656624A (en) * 2016-02-29 2016-06-08 浪潮(北京)电子信息产业有限公司 Client side, server and data transmission method and system
CN106357679A (en) * 2016-10-24 2017-01-25 北京明华联盟科技有限公司 Method, system and client for password authentication, and server and intelligent equipment
CN106789018A (en) * 2016-12-20 2017-05-31 百富计算机技术(深圳)有限公司 Secret key remote acquisition methods and device
CN107423583A (en) * 2017-07-18 2017-12-01 北京深思数盾科技股份有限公司 A kind of software protecting device remapping method and device
CN107612940A (en) * 2017-10-31 2018-01-19 飞天诚信科技股份有限公司 A kind of identity identifying method and authentication device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104580175A (en) * 2014-12-26 2015-04-29 深圳市兰丁科技有限公司 Equipment authorization method and device
CN106326695A (en) * 2015-06-16 2017-01-11 联想(北京)有限公司 Information processing method and electronic device
KR102429654B1 (en) * 2015-06-30 2022-08-05 삼성전자주식회사 Electronic apparatus and methof for performing authentication
CN105871867B (en) * 2016-04-27 2018-01-16 腾讯科技(深圳)有限公司 Identity identifying method, system and equipment

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140219448A1 (en) * 2011-08-24 2014-08-07 Deutsche Telekom Ag Authenticating a telecommunication terminal in a telecommunication network
CN103281188A (en) * 2013-05-23 2013-09-04 天地融科技股份有限公司 Method and system for backing up private key in electronic signature token
CN103401844A (en) * 2013-07-12 2013-11-20 天地融科技股份有限公司 Operation request processing method and system
CN105162605A (en) * 2015-09-28 2015-12-16 东南大学 Digital signature and authentication method
CN105656624A (en) * 2016-02-29 2016-06-08 浪潮(北京)电子信息产业有限公司 Client side, server and data transmission method and system
CN106357679A (en) * 2016-10-24 2017-01-25 北京明华联盟科技有限公司 Method, system and client for password authentication, and server and intelligent equipment
CN106789018A (en) * 2016-12-20 2017-05-31 百富计算机技术(深圳)有限公司 Secret key remote acquisition methods and device
CN107423583A (en) * 2017-07-18 2017-12-01 北京深思数盾科技股份有限公司 A kind of software protecting device remapping method and device
CN107612940A (en) * 2017-10-31 2018-01-19 飞天诚信科技股份有限公司 A kind of identity identifying method and authentication device

Also Published As

Publication number Publication date
CN114039734B (en) 2023-03-24
CN110278083B (en) 2021-11-30
CN110278083A (en) 2019-09-24

Similar Documents

Publication Publication Date Title
CN110278083B (en) Identity authentication request processing method and device, and equipment resetting method and device
CN108768970B (en) Binding method of intelligent equipment, identity authentication platform and storage medium
US20220191016A1 (en) Methods, apparatuses, and computer program products for frictionless electronic signature management
CA2926206C (en) A system and method for nfc peer-to-peer authentication and secure data transfer
EP3123660B1 (en) Method and apparatus for supporting login through user terminal
CN105408910A (en) Systems and methods for authenticating access to operating system by user before the operating system is booted using wireless communication token
KR20160129839A (en) An authentication apparatus with a bluetooth interface
US10404475B2 (en) Method and system for establishing a secure communication tunnel
US20190385392A1 (en) Digital door lock having unique master key and method of operating the digital door
US9307403B2 (en) System and method for NFC peer-to-peer authentication and secure data transfer
CN110662222B (en) System and method for peer-to-peer wireless communication
US8918844B1 (en) Device presence validation
JP6284088B2 (en) Identity verification and anti-theft system and method using a one-time random key
US11159329B2 (en) Collaborative operating system
CN111131300B (en) Communication method, terminal and server
CN105325021B (en) Method and apparatus for remote portable wireless device authentication
CN104754568A (en) Identity recognition method and device based on NFC (Near Field Communication)
CN112425116B (en) Intelligent door lock wireless communication method, intelligent door lock, gateway and communication equipment
CN106685931B (en) Smart card application management method and system, terminal and smart card
CN109525395B (en) Signature information transmission method and device, storage medium and electronic device
CN113807843A (en) Card binding method, user terminal, server, system and storage medium
CN110602679B (en) Display and transmission method, identity authentication and data transmission device and terminal
CN110443325B (en) Graphic code generation method, graphic code processing method, device and storage medium
KR102575351B1 (en) Mobile Using NFC Function Conducting Certification and Method thereof
CN105722080B (en) Bluetooth pairing method, master intelligent terminal and slave intelligent terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant