CN115604716A

CN115604716A - Method, device storage medium and equipment for service binding and service execution

Info

Publication number: CN115604716A
Application number: CN202211080658.9A
Authority: CN
Inventors: 孟飞; 李军汲
Original assignee: Alipay Hangzhou Information Technology Co Ltd
Current assignee: AlipayCom Co ltd
Priority date: 2022-09-05
Filing date: 2022-09-05
Publication date: 2023-01-13

Abstract

The specification discloses a method, a device storage medium and equipment for service binding and service execution. The service binding method comprises the following steps: the wearable device responds to binding operation of a user, acquires authentication information stored in advance, generates a binding request carrying the authentication information according to the authentication information, sends the binding request to the terminal device, so that the terminal device sends the binding request to a service server through a service client logged in by the user through the user account, so that the service server authenticates the wearable device according to the authentication information carried in the binding request, sends service credential information corresponding to the user account to the wearable device through the terminal device after the wearable device passes authentication, receives and stores the service credential information, and binds the wearable device with the user account.

Description

Method, device storage medium and equipment for service binding and service execution

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to a method, an apparatus, a storage medium, and a device for service binding and service execution

Background

Along with the development of science and technology, wearable equipment such as intelligent bracelet, intelligent wrist-watch has also obtained extensive application, however, these wearable equipment also cause certain hidden danger to user's privacy data and property safety when facilitating people's work and life, therefore wearable equipment's security problem also obtains more and more concerns.

Especially, when a user executes some services (such as payment services, access services and the like) related to sensitive information such as own property and privacy through the wearable device, the security of the wearable device determines whether the information security of the user can be sufficiently guaranteed, and once the security of the wearable device does not reach the standard or potential safety hazards exist, the information security of the user is possibly damaged in the process that the user executes the services by using the wearable device.

Disclosure of Invention

The present specification provides a method, an apparatus storage medium, and a device for service binding and service execution, so as to implement service binding on the premise of authenticating security of a wearable device.

The technical scheme adopted by the specification is as follows:

the present specification provides a method for service binding, in which a wearable device establishes a communication connection with a terminal device, and a service client is installed in the terminal device, including:

the wearable equipment responds to the binding operation of a user, acquires authentication information pre-stored by the wearable equipment, and generates a binding request carrying the authentication information according to the authentication information;

sending the binding request to the terminal equipment so that the terminal equipment sends the binding request to the service server through a service client which is logged in by the user through a user account, so that the service server can authenticate the wearable equipment according to the authentication information carried in the binding request, and after the wearable equipment passes authentication, sending service credential information corresponding to the user account to the wearable equipment through the terminal equipment;

and receiving and storing the service credential information so as to bind the wearable device with the user account.

Optionally, the receiving and storing the service credential information specifically includes:

receiving encrypted service certificate information, wherein the encrypted service certificate information is obtained by encrypting the service server according to an equipment public key corresponding to the wearable equipment;

and decrypting the encrypted service certificate information through a stored device private key corresponding to the wearable device to obtain the service certificate information, and storing the service certificate information.

Optionally, decrypting the encrypted service credential information by using a stored device private key corresponding to the wearable device to obtain the service credential information specifically includes:

decrypting the encrypted service certificate information through a stored device private key corresponding to the wearable device to obtain a secret key and the service certificate information encrypted by the secret key, wherein the secret key is generated by the service server;

and decrypting the service certificate information encrypted by the secret key to obtain the service certificate information.

Optionally, the pre-storing the authentication information specifically includes:

the wearable device responds to an authentication operation of a user and determines device information of the wearable device;

sending the equipment information to the terminal equipment so that the terminal equipment sends the equipment information to the service server, so that the service server can verify the wearable equipment, and after the wearable equipment passes the verification of the service server, generating authentication information according to the equipment information so as to send the authentication information to the terminal equipment;

and receiving and storing the authentication information sent by the terminal equipment.

Optionally, the sending the device information to the terminal device, so that the terminal device sends the device information to the service server, so that the service server verifies the wearable device, and after the wearable device passes the verification of the service server, generates authentication information according to the device information, so as to send the authentication information to the terminal device, specifically including:

and sending the equipment information to the terminal equipment so that the terminal equipment sends the equipment information to a manufacturer server of a manufacturer corresponding to the wearable equipment, so that the manufacturer server sends the manufacturer information of the manufacturer and the equipment information to the service server after the wearable equipment is verified by the manufacturer server according to the equipment information, and the service server generates authentication information according to the equipment information after the wearable equipment is verified by the manufacturer server according to the manufacturer information so as to send the authentication information to the terminal equipment.

Optionally, the wearable device, in response to the binding operation of the user, acquires authentication information pre-stored in the wearable device itself, and specifically includes:

the wearable device responds to the binding operation of a user and accesses a security chip installed in the wearable device;

acquiring pre-stored authentication information from the security chip;

receiving and storing the service certificate information, specifically comprising:

and receiving the service certificate information and storing the service certificate information in the security chip.

Optionally, the secure chip includes: the system comprises a safety Micro Control Unit (MCU) and a chip configured with a trusted environment TEE;

the safety MCU encrypts and stores the authentication information and the service certificate information in an encryption mode of a software algorithm; or, the authentication information and the service certificate information are encrypted and stored through an internal hardware structure in the safety MCU; or, the authentication information and the service certificate information are encrypted and stored through a secure storage unit in the secure MCU.

The present specification provides a service binding method, in which a wearable device establishes a communication connection with a terminal device, and the terminal device is installed with a service client, including:

a service server corresponding to a service client receives a binding request sent by the service client, wherein the service client is logged in by the terminal equipment through a user account, the binding request carries authentication information stored in the wearable equipment, and the binding request is generated according to the authentication information after the wearable equipment responds to binding operation with a user and is sent to the terminal equipment;

authenticating the wearable device according to the authentication information carried in the binding request;

and after the wearable device passes the authentication, sending service credential information to the terminal device, so that the terminal device sends the service credential information to the wearable device, and the wearable device stores the received service credential information so as to bind the wearable device with the user account.

Optionally, the sending the service credential information to the terminal device specifically includes:

encrypting the service certificate information according to the device public key corresponding to the wearable device to obtain encrypted service certificate information;

and sending the encrypted service certificate information to the terminal equipment.

Optionally, the encrypting the service credential information according to the device public key corresponding to the wearable device to obtain the encrypted service credential information specifically includes:

encrypting the business certificate information through a pre-generated secret key to obtain business certificate information encrypted by the secret key;

and encrypting the service certificate information encrypted by the secret key through the equipment public key corresponding to the wearable equipment to obtain the encrypted service certificate information.

Optionally, authenticating the wearable device according to the authentication information carried in the binding request specifically includes:

determining whether a manufacturer producing each part in the wearable equipment is an authorized specified manufacturer according to manufacturer information of manufacturers producing each part in the wearable equipment, wherein the manufacturer information is contained in the authentication information;

if yes, the wearable device passes the authentication, and if not, the wearable device is determined not to pass the authentication.

Optionally, the method further comprises:

the service server receives equipment information of the wearable equipment sent by the terminal equipment, wherein the equipment information is determined by the wearable equipment after responding to authentication operation of a user and is sent to the terminal equipment;

verifying the wearable equipment, and generating authentication information according to the equipment information after the wearable equipment passes the verification of the service server;

and sending the authentication information to the terminal equipment so that the terminal equipment sends the authentication information to the wearable equipment, so that the wearable equipment can receive and store the authentication information.

Optionally, the receiving, by the service server, the device information of the wearable device sent by the terminal device specifically includes:

receiving the equipment information and manufacturer information of a manufacturer sent by a manufacturer server of a manufacturer corresponding to the wearable equipment, wherein the manufacturer information is sent to the service server after the manufacturer server determines that the wearable equipment passes the verification of the manufacturer according to the equipment information, and the equipment information is sent to the manufacturer server by the terminal equipment;

verifying the wearable device, specifically comprising:

and verifying the wearable equipment according to the manufacturer information.

Optionally, the vendor information includes: and the corresponding validity period of the manufacturer.

The present specification provides a method for service execution, including:

the wearable equipment responds to the business operation of the user and acquires pre-stored business voucher information;

the wearable device sends the service voucher information to a service server corresponding to a service client through a designated device, so that the service server judges whether the wearable device is authorized to execute a target service through a user account corresponding to the service voucher information according to the service voucher information, and executes the target service through the user account after the wearable device is determined to be authorized.

Optionally, the wearable device sends the service credential information to a service server corresponding to a service client through a designated device, which specifically includes:

and the wearable equipment generates and displays a graphic code carrying the business voucher information so that the designated equipment collects the image information of the graphic code, analyzes the graphic code contained in the image information to obtain the business voucher information and sends the business voucher information to the business server.

Optionally, the wearable device, in response to the service operation of the user, acquires pre-stored service credential information, which specifically includes:

responding to business operation of a user by the wearable equipment, and accessing a security chip installed on the wearable equipment;

and acquiring pre-stored service certificate information from the security chip.

The present specification provides a method for service execution, including:

a service server corresponding to a service client receives service credential information sent by a designated device, wherein the service credential information is obtained from the wearable device locally in response to a service operation of a user by the wearable device;

judging whether the wearable equipment is authorized to execute the target service by logging in a user account of the service client through the user bound with the service voucher information according to the service voucher information;

and after determining that the wearable device is authorized to execute the target service by the user account which is bound with the service credential information and used for logging in the service client, executing the target service.

This specification provides a device for service binding, including:

the generating module is used for responding to the binding operation of a user, acquiring authentication information pre-stored by the wearable device, and generating a binding request carrying the authentication information according to the authentication information;

the sending module is used for sending the binding request to the terminal equipment so that the terminal equipment sends the binding request to the service server through a service client which is logged in by the user through a user account, so that the service server can authenticate the wearable equipment according to the authentication information carried in the binding request, and after the wearable equipment passes the authentication, the service certificate information corresponding to the user account is sent to the wearable equipment through the terminal equipment;

and the binding module is used for receiving and storing the service certificate information so as to bind the wearable equipment with the user account.

The present specification provides a service binding apparatus, including:

the receiving module is used for receiving a binding request sent by the terminal equipment through the service client which is logged in by the user through the user account, wherein the binding request carries authentication information stored in the wearable equipment, and the binding request is generated according to the authentication information after the wearable equipment responds to the binding operation with the user and is sent to the terminal equipment;

the authentication module authenticates the wearable device according to the authentication information carried in the binding request;

and the sending module is used for sending the service certificate information to the terminal equipment after the wearable equipment passes the authentication so that the terminal equipment sends the service certificate information to the wearable equipment, and the wearable equipment stores the received service certificate information so as to bind the wearable equipment with the user account.

The present specification provides a service execution apparatus, including:

the acquisition module is used for responding to the business operation of the user and acquiring pre-stored business voucher information;

and the sending module is used for sending the service certificate information to a service server corresponding to a service client through designated equipment so as to enable the service server to judge whether the wearable equipment is authorized to execute the target service through a user account corresponding to the service certificate information according to the service certificate information, and after the wearable equipment is determined to be authorized, the target service is executed through the user account.

The present specification provides a service execution apparatus, including:

the receiving module is used for receiving service credential information sent by a designated device, wherein the service credential information is acquired locally from the wearable device by the wearable device in response to a service operation of a user;

the judging module is used for judging whether the wearable equipment is authorized to execute the target service by logging in a user account of the service client through the user bound with the service voucher information according to the service voucher information;

and the execution module executes the target service after determining that the wearable device is authorized to execute the target service by the user account which is bound with the service credential information and used for logging in the service client by the user.

The present specification provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the above-described method of service binding or service execution.

The present specification provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the program to implement the method for service binding or service execution.

The technical scheme adopted by the specification can achieve the following beneficial effects:

in the service binding method provided in this specification, a wearable device responds to a binding operation of a user, acquires authentication information stored in advance, generates a binding request carrying the authentication information according to the authentication information, and sends the binding request to a terminal device, so that the terminal device sends the binding request to a service server through a service client that the user logs in by using a user account, so that the service server authenticates the wearable device according to the authentication information carried in the binding request, and sends service credential information corresponding to the user account to the wearable device through the terminal device after the wearable device passes authentication, receives and stores the service credential information, so that the wearable device is bound to the user account.

According to the method, in the binding process of the wearable device and the user account, the authentication information pre-stored locally is sent to the server of the service client, so that the server of the service client authenticates the wearable device according to the authentication information, and then the generated service certificate information is stored in the wearable device in the safety information, so that the wearable device is bound with the user account. Therefore, the wearable device can be guaranteed to be the appointed device authorized in advance by the service platform, and sufficient guarantee is provided for the privacy data and property safety of the user in the process that the user uses the wearable device.

Drawings

The accompanying drawings, which are included to provide a further understanding of the specification and are incorporated in and constitute a part of this specification, illustrate embodiments of the specification and together with the description serve to explain the specification and not to limit the specification in a non-limiting sense. In the drawings:

fig. 1 is a schematic flow chart of a method for service binding provided in this specification;

fig. 2 is a flowchart illustrating a method for service binding provided in this specification;

fig. 3 is a schematic diagram of a service binding process provided in this specification;

FIG. 4 is a flow diagram illustrating a method for performing a service provided herein;

FIG. 5 is a flow diagram illustrating a method for performing a service provided herein;

fig. 6 is a schematic device diagram of a service binding method provided in this specification;

fig. 7 is a schematic device diagram of a service binding method provided in this specification;

fig. 8 is a schematic diagram of an apparatus for performing a method of service provided in the present specification;

fig. 9 is a schematic diagram of an apparatus for performing a method of service provided in the present specification;

fig. 10 is a schematic diagram of an electronic device corresponding to fig. 1, fig. 2, fig. 5, or fig. 6 provided in this specification.

Detailed Description

In order to make the objects, technical solutions and advantages of the present disclosure more clear, the technical solutions of the present disclosure will be clearly and completely described below with reference to the specific embodiments of the present disclosure and the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present disclosure, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present specification without making any creative effort belong to the protection scope of the present specification.

The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.

Fig. 1 is a flowchart of a service binding method provided in this specification, including the following steps:

s100: the wearable device responds to the binding operation of a user, acquires authentication information pre-stored by the wearable device, and generates a binding request carrying the authentication information according to the authentication information.

At present, wearable devices such as smart bracelets and smart watches are widely applied to daily life and work of people, so that great convenience is provided for users, but while the wearable devices provide convenience for the users, the security of the wearable devices also becomes a problem which cannot be ignored, and particularly when the users perform services (such as payment services, collection services, access services and the like) related to sensitive information of the users through the wearable devices, in order to ensure that the wearable devices can provide sufficient guarantee for the privacy and property security of the users, a service platform needs to authenticate the wearable devices first, so as to judge whether the devices meet security requirements, or determine whether the devices are authorized by the service platform in advance, and once the devices are monitored to fail to meet corresponding requirements or reach security standards, the devices have certain potential safety hazards and are likely to be utilized by others, so that the privacy and property security of the users are damaged. Therefore, in this case, the service platform can refuse the device to use the service client to execute the corresponding service, thereby ensuring the privacy and property security of the user.

Based on this, the present specification provides a method for service binding, so as to implement service binding between a wearable device and a user account in a secure environment on the premise that it is determined that the wearable device meets security requirements. The wearable device responds to the binding operation of the user, acquires authentication information pre-stored in the wearable device, and generates a binding request carrying the authentication information according to the authentication information.

In this specification, the wearable device may establish a communication connection with a terminal device through a communication means such as bluetooth, infrared, and the like, and a corresponding service client is installed in the terminal device. The terminal device may be an electronic device such as a mobile phone and a tablet computer, which is not limited in this specification.

The wearable device may respond to a binding operation of a user, for example, the user may open the wearable device and then click a service binding button therein, so as to obtain authentication information pre-stored in the wearable device.

In this specification, the authentication information may be pre-stored in a security chip installed on the wearable device, and when a user performs a binding operation, the wearable device may be triggered to access the security chip, where the security chip may include a secure Micro Control Unit (MCU), a chip configured with a Trusted Execution Environment (TEE), and the like. It should be noted that the security chip in this specification may be only a security MCU chip, or only a TEE chip, or may be a security chip formed by a security MCU chip and a TEE chip in a plug-in or integrated manner.

The secure MCU may encrypt and store the authentication information and the service credential information in an encryption manner using a software algorithm, may encrypt and store the authentication information and the service credential information using an internal hardware structure, or may encrypt and store the authentication information and the service credential information using a secure storage unit in the secure MCU. The secure storage unit mentioned herein may refer to a secure flash (secure flash) or a secure hardware technology (PUF).

Of course, the authentication information may also be stored in other storage locations, such as a local memory, in the wearable device in advance, which is not specifically limited in this specification.

After acquiring the authentication information, the wearable device may generate a binding request carrying the authentication information according to the authentication information, where the authentication information is used for the service platform to authenticate the wearable device through a service server of the service client, and the authentication information may include: the authentication information may also include other information, for example, in the device production process, a vendor signature device certificate chain determined by the device vendor according to the device information and the vendor information, which is not specifically limited in this specification.

It should be noted that the authentication information may be determined between the service platform and the device in the device production process, and issued by the service server corresponding to the service client, and the device manufacturer and the service platform may use an online subscription or offline subscription mode, and the service server of the service client generates the authentication information according to the device information of the wearable device after signing, where the service server of the service client generates and stores a device public key of the device according to the device information (such as a device serial number) of the device, so as to encrypt the information sent to the device, and the device private key corresponding to the authentication information is sent to the wearable device along with the authentication information, so as to decrypt the information sent by the server of the service client by the wearable device.

Furthermore, the authentication information may be generated and issued by a service server of a service client after a manufacturer of the wearable device signs a contract with a service platform, and stored in the security chip in a burning manner in a production process of the wearable device. Of course, the authentication information may also be stored in other local components of the wearable device in a burning manner during the production process of the wearable device.

In addition, the authentication information may not be burned in the wearable device in the production process of the device, but before the wearable device is bound, after the user performs an authentication operation, the service server authenticates the wearable device, and after the authentication is passed, the authentication information can be issued to the wearable device, so that the wearable device stores the authentication information.

Specifically, a user may perform an authentication operation on the wearable device, and then the wearable device may determine device information of the wearable device in response to the authentication operation, and then send the device information to the terminal device, so that the terminal device sends the device information to the service server, so that the service server verifies the wearable device, and after the wearable device passes the verification of the service server, generate authentication information according to the device information, and send the authentication information to the terminal device.

In this specification, the authentication information may be service server information (such as an equipment private key, an equipment serial number, etc.) and equipment manufacturer information, or may be a manufacturer signature equipment certificate chain determined by an equipment manufacturer according to the equipment information and manufacturer information in an equipment production process. Of course, the authentication information may also be determined by the service server according to other information, which is not specifically limited in this specification.

In the process, the wearable device may first send the locally stored device information to the terminal device, and then the terminal device forwards the device information to the service server through the service client, so that the service server verifies the wearable device according to the device information stored in the device itself (i.e., determines whether the device information is device information corresponding to an authorized designated device), and if the device information passes the verification, corresponding authentication information may be generated and sent.

In addition, the service client can also send the device information to the terminal device, so that the terminal device sends the device information to a manufacturer server of a manufacturer corresponding to the wearable device, and the manufacturer server verifies the wearable device first to determine whether the wearable device is a device produced by the manufacturer.

After the manufacturer server verifies the wearable device, the manufacturer server can send manufacturer information of the manufacturer and the device information to a service server, so that the service server can verify the wearable device according to the manufacturer information to determine whether a manufacturer of the wearable device is an appointed manufacturer authorized by a service platform, and if the wearable device passes the verification of the service server, authentication information can be generated according to the device information, sent to a terminal device, and then sent to the wearable device by the terminal device.

In addition, the manufacturer information may further include a validity period corresponding to the manufacturer, where the manufacturer validity period may be a validity period agreed in advance between the manufacturer and the service platform, and on the premise that the manufacturer is an authorized specified manufacturer, if the validity period exceeds the preset validity period, it is determined that the wearable device does not pass the verification of the service server, and if the validity period does not exceed the preset validity period, the wearable device may pass the verification of the service server. Of course, the validity period may also be a default validity period preset by the manufacturer.

In addition, the manufacturer information may also include other information, such as a company number, and this specification is not particularly limited thereto.

Further, in order to ensure that the information security of the vendor information and the device information during the sending process can be fully guaranteed, the vendor server may first perform digital signature on the device information and the vendor information through a corresponding vendor private key when sending the information. If the service server authorizes the manufacturer in advance, a manufacturer public key corresponding to the manufacturer private key is stored in the service server, after the service server receives the equipment information signed by the manufacturer private key and the manufacturer information, once the manufacturer public key corresponding to the manufacturer identification is matched, the information can be checked and signed through the corresponding manufacturer public key, then the wearable equipment is verified according to the checked and signed manufacturer information, and after the verification is passed, corresponding authentication information can be generated according to the equipment information.

The vendor private key can be stored in the vendor server, and after receiving the device information, the vendor server can sign the device information through the local device private key stored in the vendor server.

And if the matched manufacturer private key cannot be found, the service server can directly think that the wearable device fails the verification of the service server.

It should be noted that the authentication operation of the user and the verification process of the service server may be a pre-operation of service binding, that is, before service binding, the wearable device needs to be verified first, and after the verification is passed, the authentication information may be stored in the security chip of the wearable device, so as to complete authentication and activation of the wearable device.

S102: and sending the binding request to the terminal equipment so that the terminal equipment sends the binding request to the service server through a service client which is logged in by the user through the user account, so that the service server authenticates the wearable equipment according to the authentication information carried in the binding request, and after the wearable equipment passes the authentication, sending service credential information corresponding to the user account to the wearable equipment through the terminal equipment.

After the binding request is generated, the wearable device may first send the binding request to a terminal device that establishes a communication connection with the wearable device, and then send the binding request to a service server of the service client through a service client that is installed on the terminal device and that a user logs in through a user account, so that the service server authenticates the wearable device according to authentication information carried in the binding request.

In this specification, the wearable device may also produce a graphic code (such as a two-dimensional code, a barcode, and the like) carrying the binding request, and display the graphic code on the wearable device, instead of directly sending the authentication information included in the binding request to the service server of the service client through the terminal device, and after the terminal device collects the image information of the two-dimensional code and resolves the binding request, the authentication information included in the binding request may be sent to the service server of the service client. In addition, the binding request can also be sent to the terminal device by means of corresponding links or information prompt, and the authentication information contained in the binding request can be sent to the service server of the service client after the user clicks the received binding connection or the corresponding prompt control on the terminal device. Certainly, the wearable device may also directly send the authentication information included in the binding request to the service server of the service client through the terminal device.

And after receiving the authentication information, the service server can authenticate the wearable equipment according to the authentication information and judge whether the wearable equipment is authorized by the service platform.

Specifically, the service server of the service client may determine, through a pre-stored device public key, whether the wearable device is an authorized designated device, so as to authenticate the device, where the authentication information received by the service server may be encrypted by the wearable device through the device private key, and the device private key and the device public key stored in the service server are both generated according to device information (such as a device serial number) of the wearable device, and after the service server receives the authentication information, if the authentication information can be decrypted by matching with a corresponding device public key, it is determined that the device is an authorized device, and at this time, it may be determined that the wearable device passes device authentication. And if the service server does not match the corresponding device public key to decrypt the authentication information, it is indicated that the device is not an authorized device, and thus the wearable device fails to pass the authentication.

In addition, after the service client decrypts the authentication information through the device public key, manufacturer information of manufacturers of various parts of the wearable device for producing corresponding device information can be obtained, and at the moment, the service server can further determine whether the wearable device is an authorized device or not through the device information. Of course, since the wearable device can be considered to be authorized after the service server decrypts the authentication information through the device public key, the wearable device may not be further authenticated at this time, but the manufacturer information is directly authenticated.

After the device passes the device authentication, the server can determine whether manufacturers for producing various components in the wearable device are authorized appointed manufacturers according to manufacturer information of manufacturers for producing various components in the wearable device, if so, the wearable device passes the authentication, otherwise, the wearable device does not pass the authentication.

It should be noted that, in this specification, the wearable device may be authenticated only according to any one of the private key of the device and the vendor information of the device, and of course, the wearable device may also be authenticated by combining the two pieces of information, that is, only when the two pieces of information satisfy the condition at the same time, the wearable device may pass the authentication, and if the manufacturer that produces one or more components in the wearable device is not an authorized specified manufacturer, or the wearable device is not an authorized specified device, the wearable device may be considered not to pass the authentication.

After the wearable device passes the authentication, the server may send the service credential information to the wearable device through the terminal device, where the service credential information may include authorization identification information of the service (e.g., a service token), identification information of the device (e.g., a device token), and the like, and after the wearable device receives and stores the service credential information, it may determine whether the wearable device is authorized for the service according to the authorization identification information of the service, and at this time, it may be considered that the wearable device and the user account are bound. The identification information of the device may determine how many wearable devices the user account is bound to in subsequent services.

Specifically, in order to sufficiently ensure the information security of the service credential information in the sending process, the server of the service client may encrypt the service credential information through a pre-generated key (e.g., a pre-generated random number) to obtain the service credential information encrypted by the key, and then send the service credential information encrypted by the key to the wearable device through the terminal device.

In order to further ensure the information security of the service credential information in the sending process, the service client may further encrypt the service credential information encrypted by the key through an equipment public key corresponding to the wearable equipment to obtain the encrypted service credential information, and then send the encrypted service credential information to the wearable equipment through the terminal equipment.

Of course, the server of the service client may also directly send the unencrypted service credential information to the wearable device through the terminal device without encrypting the service credential information.

S104: and receiving and storing the service voucher information, and storing the service voucher information in the security chip so as to bind the wearable device with the user account.

After the wearable device receives the encrypted service certificate information, the service certificate information can be obtained by decrypting the encrypted service certificate information through a device private key corresponding to the wearable device which is stored locally in advance.

Further, after the device private key stored in advance is used for decryption, a secret key generated by the server and the service credential information encrypted by the secret key are obtained, and then the wearable device can decrypt the service credential information encrypted by the secret key through the secret key to obtain the service credential information. And after the service certificate information is obtained, the service certificate information can be stored, so that service binding between the wearable equipment and the service client is completed.

The wearable device can bind and store the service credential information and the user account of the user login service client, and meanwhile, the service server can also bind and store the user account of the user and the service credential information, so that service binding of the wearable device can be realized after the user logs in the user account.

Of course, the service server may not bind the user account and the service credential information of the user, but may default to correspond the service credential information to the user account of the user in the process of generating the service credential information, so that the service binding of the wearable device is realized after the user logs in the user account.

In addition, after the wearable device receives the encrypted service credential information, the encrypted service credential information can be written into the security chip, so that the service credential information is obtained by decrypting the encrypted service credential information through a pre-stored device private key corresponding to the wearable device in a security environment provided by the security chip.

After the device private key corresponding to the wearable device stored in the security chip is decrypted, a secret key generated by the server and service certificate information encrypted by the secret key are obtained, and then the security chip can decrypt the service certificate information encrypted by the secret key through the secret key to obtain the service certificate information. After the service voucher information is obtained, the service voucher information can be stored in the security chip, so that service binding between the wearable device and the service client is completed. The wearable device can bind and store the service credential information and the user account of the user login service client in the security chip, and meanwhile, the service server can also bind and store the user account of the user and the service credential information, so that service binding of the wearable device can be achieved after the user logs in the user account.

After the wearable device is bound with the service client, when the service client runs the target service, the server of the service client can determine whether the wearable device is authorized to execute the target service according to the service credential information, and the server can continue to execute the service after determining that the wearable device is authorized. The method for executing the service will be described in detail below, and this description will not be repeated here.

For the above description, from the perspective of the wearable device, for convenience of understanding, the method for service binding provided in this specification will be described below from the perspective of a service server corresponding to a service client.

Fig. 2 is a flowchart of a service binding method provided in this specification, including the following steps:

s200: and a service server corresponding to the service client receives a binding request sent by the service client, which is logged in by the terminal equipment through the user account by using the user, wherein the binding request carries authentication information stored in the wearable equipment, and the binding request is generated according to the authentication information after the wearable equipment responds to the binding operation with the user and is sent to the terminal equipment.

The wearable device responds to the binding operation of the user, generates a binding request carrying the authentication information according to the pre-stored authentication information, and then sends the binding request to a service server corresponding to the service client through the service client which is logged in by the user through the user account.

In this specification, the authentication information may be stored in advance in a security chip mounted on the wearable device.

S202: and authenticating the wearable equipment according to the authentication information carried in the binding request.

After receiving the authentication information, the service server can authenticate the wearable device according to the authentication information, namely, whether the wearable device is an appointed device authorized by the service platform and whether a manufacturer producing each component of the wearable device is an appointed manufacturer authorized by the service platform.

S204: and after the wearable device passes the authentication, sending service credential information to the terminal device, so that the terminal device sends the service credential information to the wearable device, and the wearable device stores the received service credential information so as to bind the wearable device with the user account.

After the wearable device passes authentication, the server of the service client may send the service credential information to the wearable device through the terminal device, where the service credential information may be encrypted by using a corresponding secret key and a public key (as described in step S102), and after receiving the service credential information, the wearable device may send the service credential information to the wearable device and decrypt the service credential information by the wearable device (as described in step S104), and then store the decrypted service credential information, so that the wearable device is bound to the user account.

Furthermore, after the wearable device receives the service credential information, the service credential information can be decrypted through the security chip, so that the decrypted service credential information is stored in the security chip.

For the convenience of understanding, the present specification also provides a schematic diagram of a service binding process, as shown in fig. 3.

the device manufacturer and the service platform authorize the device in advance in an online signing mode, so that the service client server generates corresponding authentication information according to the device information and the manufacturer information, the authentication information is stored in a security chip in a burning mode in the production process of the device, the security chip can be a security MCU chip or a security chip configured with TEE, in the actual use process, the wearable device can send the authentication information contained in the binding request to the service server of the service client through the terminal device, the service server can successively authenticate the device information of the device and the merchant information after receiving the authentication information, and after the authentication is passed, the service voucher information can be issued to the wearable device through the terminal device and stored in the security chip by the wearable device so as to bind the wearable device and the user account in a service mode.

In the above description of the method for service binding provided in this specification, a method for actually executing service execution in a service process after the wearable device completes service binding is described below, as shown in fig. 4 or fig. 5.

Fig. 4 is a flowchart of a service execution method provided in this specification, including the following steps:

s400: the wearable device responds to the business operation of the user and obtains pre-stored business certificate information.

In the process that the user executes the service through the wearable device bound with the user account, the user may execute a designated service operation on the wearable device (for example, when the user executes a payment service, the user clicks a corresponding payment button), so as to obtain service credential information pre-stored locally.

When the service credential information is stored in the security chip installed in the wearable device, the wearable device can access the security chip in response to the service operation of the user, and the service credential information is stored in the security chip in advance, so that the wearable device can acquire the pre-stored service credential information from the security chip after accessing the security chip. The process of the service credential information has been described in detail in steps S100 to S104, and this description is not repeated here.

S402: the wearable device sends the service credential information to a service server corresponding to a service client through a designated device, so that the service server judges whether the wearable device is authorized to execute a target service through a user account corresponding to the service credential information according to the service credential information, and executes the target service through the user account after the wearable device is determined to be authorized.

Specifically, the wearable device may generate and display a graphic code (such as a two-dimensional code, a barcode, and the like) carrying the service credential information, so that the designated device collects image information of the graphic code, analyzes the graphic code included in the image information, obtains the service credential information, and sends the service credential information to the service server.

In this specification, the specific device may be a code scanning device such as a code scanning gun, and certainly, may also be a terminal device that is installed with a service client and is connected to the wearable device, where when the specific device is the code scanning device, the code scanning device may analyze image information of the acquired graphic code, and after obtaining service credential information, send the service credential information to the service server, so that the service server determines whether the wearable device is authorized to execute a target service through a user account corresponding to the service credential information, and if it is determined that the wearable device is authorized, the service server may continue to execute the target service through the user account.

When the designated device is a terminal device in communication connection with the wearable device, the terminal device may directly acquire the service credential information from the security chip of the wearable device through communication methods such as bluetooth and infrared, and send the service credential information to the service server.

Further, in the process that the service server determines whether the wearable device is authorized to execute the target service through the user account corresponding to the service credential information, the service server determines whether the service credential information includes authorization identification information (e.g., a service token) of the target service, if so, it indicates that the wearable device is authorized to execute the target service through the user account corresponding to the service credential information, and if not, it indicates that the wearable device is not authorized, and at this time, the server may terminate or reject the wearable device to execute the target service through the user account.

Fig. 5 is a flowchart of a service execution method provided in this specification, including the following steps:

s500: and a service server corresponding to the service client receives service credential information sent by a designated device, wherein the service credential information is obtained locally from the wearable device in response to the service operation of the user by the wearable device.

After a user executes a designated service operation on the wearable device, the wearable device may respond to the service operation to obtain locally stored service credential information, and of course, the wearable device may also access a security chip installed in the wearable device, thereby obtaining the service credential information stored in the security chip, and sending the service credential information to a service server corresponding to a service client.

S502: and judging whether the wearable equipment is authorized to execute the target service by logging in a user account of the service client through the user bound with the service voucher information or not according to the service voucher information.

S504: and executing the target service after determining that the wearable device is authorized to execute the target service by logging in a user account of the service client by the user bound with the service credential information.

After receiving the service credential information, the service server may determine, according to the service credential information, whether the wearable device is authorized to execute a target service through a user account of a user login service client bound to the service credential information, and if it is determined that the wearable device is authorized (i.e., whether the service credential information includes authorization identification information of the target service), the service server may execute the target service, and if it is determined that the wearable device is not authorized, the service server may terminate or refuse the wearable device to execute the service through the user account.

According to the method, in the binding process of the wearable device and the user account, the authentication information pre-stored in the security chip is sent to the server of the service client, so that the server of the service client authenticates the wearable device according to the authentication information, and then the generated service credential information is stored in the security environment provided by the security chip in the security information, so that the wearable device and the user account are bound. Therefore, the wearable device can be guaranteed to be the appointed device authorized in advance by the service platform, and sufficient guarantee is provided for the privacy data and property safety of the user in the process that the user uses the wearable device.

In addition, in the process of executing the target service through the wearable device which completes service binding, the service server can determine whether the wearable device is authorized to execute the service through the user account bound with the wearable device according to the acquired service certificate information pre-stored in the security environment of the security chip, and once the wearable device is not authorized, the service server can terminate the execution of the service, so that the information security of the user is further guaranteed.

It should be noted that, in this specification, the wearable device itself may also be installed with a service client, and the above-mentioned security chip may also be pre-solidified with a part of the service code of the service client and sensitive data required for running the part of the service code, so that the wearable device may also perform operations such as payment and identity verification by running the part of the service code and the sensitive data in the security chip. For a main control chip installed in the wearable device (the main control chip is used for loading and running an operating system of the wearable device, and can perform operations such as decoding and data conversion), the main control chip cannot acquire a service code related to sensitive data, so that the security isolation of a service client on a code level can be realized. Similarly, since sensitive data is also isolated in the security chip, the wearable device cannot acquire the sensitive data, and data security is protected.

Based on the same idea, the present specification also provides a device for performing service binding or service execution, as shown in fig. 6 or fig. 7.

Fig. 6 is a schematic diagram of a service binding apparatus provided in this specification, including:

the generating module 600 is configured to, in response to a binding operation of a user, obtain authentication information pre-stored in the wearable device, and generate a binding request carrying the authentication information according to the authentication information;

a sending module 602, configured to send the binding request to the terminal device, so that the terminal device sends the binding request to the service server through a service client that the user logs in using a user account, so that the service server authenticates the wearable device according to the authentication information carried in the binding request, and sends service credential information corresponding to the user account to the wearable device through the terminal device after the wearable device passes authentication;

a binding module 604, configured to receive and store the service credential information, so that the wearable device is bound to the user account.

Optionally, the binding module 604 is specifically configured to receive encrypted service credential information, where the encrypted service credential information is obtained by encrypting, by the service server, according to an equipment public key corresponding to the wearable equipment; and decrypting the encrypted service certificate information through a stored device private key corresponding to the wearable device to obtain the service certificate information, and storing.

Optionally, the binding module 604 is specifically configured to decrypt the encrypted service credential information through a stored device private key corresponding to the wearable device, so as to obtain a key and the service credential information encrypted by the key, where the key is generated by the service server; and decrypting the service certificate information encrypted by the secret key to obtain the service certificate information.

Optionally, the apparatus further comprises:

a storage module 606 for determining device information of the wearable device in response to an authentication operation of a user; sending the equipment information to the terminal equipment so that the terminal equipment sends the equipment information to the service server so that the service server can verify the wearable equipment, and generating authentication information according to the equipment information after the wearable equipment passes the verification of the service server so as to send the authentication information to the terminal equipment; and receiving and storing the authentication information sent by the terminal equipment.

Optionally, the storage module 606 is specifically configured to send the device information to the terminal device, so that the terminal device sends the device information to a manufacturer server of a manufacturer corresponding to the wearable device, so that the manufacturer server sends the manufacturer information of the manufacturer and the device information to the service server after the wearable device is verified by the manufacturer server according to the device information, so that the service server generates authentication information according to the device information after the wearable device is verified by the manufacturer server according to the manufacturer information, and sends the authentication information to the terminal device.

Optionally, the generating module 600 is specifically configured to, in response to a binding operation of a user, the wearable device accesses a security chip installed in the wearable device; acquiring pre-stored authentication information from the security chip;

the binding module 604 is specifically configured to receive the service credential information and store the service credential information in the security chip.

Optionally, the secure chip includes: the system comprises a safety Micro Control Unit (MCU) and a chip configured with a trusted environment (TEE);

Fig. 7 is a schematic diagram of a service binding apparatus provided in this specification, including:

a receiving module 700, configured to receive a binding request sent by the terminal device through the service client that the user logs in through a user account, where the binding request carries authentication information stored in the wearable device, and the binding request is generated according to the authentication information after the wearable device responds to a binding operation with the user, and is sent to the terminal device;

an authentication module 702, configured to authenticate the wearable device according to the authentication information carried in the binding request;

a sending module 704, configured to send service credential information to the terminal device after the wearable device passes authentication, so that the terminal device sends the service credential information to the wearable device, so that the wearable device stores the received service credential information, and the wearable device is bound to the user account.

Optionally, the sending module 704 is specifically configured to encrypt the service credential information according to an equipment public key corresponding to the wearable equipment, so as to obtain encrypted service credential information; and sending the encrypted service certificate information to the terminal equipment.

Optionally, the sending module 704 is specifically configured to encrypt the service credential information by using a pre-generated key, so as to obtain service credential information encrypted by using the key; and encrypting the service certificate information encrypted by the secret key through the equipment public key corresponding to the wearable equipment to obtain the encrypted service certificate information.

Optionally, the authentication module 702 is specifically configured to determine, according to vendor information of vendors that produce each component in the wearable device included in the authentication information, whether the vendors that produce each component in the wearable device are authorized specified vendors; if yes, the wearable device passes the authentication, and if not, the wearable device is determined not to pass the authentication.

Optionally, the apparatus further comprises:

a verification module 706, configured to receive device information of the wearable device sent by the terminal device, where the device information is determined after the wearable device responds to an authentication operation of a user, and is sent to the terminal device; verifying the wearable equipment, and generating authentication information according to the equipment information after the wearable equipment passes the verification of the service server; and sending the authentication information to the terminal equipment so that the terminal equipment sends the authentication information to the wearable equipment, so that the wearable equipment can receive and store the authentication information.

Optionally, the verification module 706 is specifically configured to receive the device information and vendor information of the vendor, which are sent by a vendor server of a vendor corresponding to the wearable device, where the vendor information is sent to the service server after the vendor server determines that the wearable device passes verification of the vendor according to the device information, and the device information is sent to the vendor server by the terminal device;

the verification module 706 is specifically configured to verify the wearable device according to the vendor information.

Optionally, the vendor information includes: the manufacturer's corresponding expiration date.

The present specification also provides a corresponding service execution device, as shown in fig. 8 or fig. 9.

Fig. 8 is a schematic diagram of a service execution apparatus provided in this specification, including:

an obtaining module 800, configured to obtain pre-stored service credential information in response to a service operation of a user;

a sending module 802, configured to send the service credential information to a service server corresponding to a service client through a designated device, so that the service server determines, according to the service credential information, whether the wearable device is authorized to execute a target service through a user account corresponding to the service credential information, and after determining that the wearable device is authorized, executes the target service through the user account. Optionally, the wearable device generates and displays a graphic code carrying the service credential information, so that the designated device collects image information of the graphic code, and analyzes the graphic code contained in the image information to obtain the service credential information, so as to send the service credential information to the service server.

Optionally, the sending module 802 is specifically configured to generate and display a graphic code carrying the service credential information by the wearable device, so that the designated device collects image information of the graphic code, and analyzes the graphic code included in the image information to obtain the service credential information, so as to send the service credential information to the service server.

Optionally, the obtaining module 800 is specifically configured to, in response to a service operation of a user, the wearable device access a security chip installed on the wearable device; and acquiring pre-stored service certificate information from the security chip.

Fig. 9 is a schematic diagram of a service execution apparatus provided in this specification, including:

a receiving module 900, configured to receive service credential information sent by a specific device, where the service credential information is obtained locally by the wearable device from the wearable device in response to a service operation of a user;

a determining module 902, configured to determine, according to the service credential information, whether the wearable device is authorized to execute the target service by logging in a user account of the service client through the user bound to the service credential information;

an executing module 904, configured to execute the target service after determining that the wearable device is authorized to execute the target service by using the user account, bound to the service credential information, of the user logging in the service client.

The present specification also provides a computer readable storage medium storing a computer program, which can be used to execute a method of service binding provided in fig. 1 or fig. 2 and a method of service execution provided in fig. 4 or fig. 5.

This specification also provides a schematic block diagram of an electronic device corresponding to fig. 1, fig. 2, fig. 4, or fig. 5 shown in fig. 10. As shown in fig. 10, at the hardware level, the electronic device includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, but may also include hardware required for other services. The processor reads the corresponding computer program from the non-volatile memory into the memory and then runs the computer program to implement the method for service binding provided in fig. 1 or fig. 2 and the method for service execution provided in fig. 4 or fig. 5. Of course, besides the software implementation, the present specification does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may be hardware or logic devices.

In the 90's of the 20 th century, improvements to a technology could clearly distinguish between improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements to process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as ABEL (Advanced Boolean Expression Language), AHDL (alternate Hardware Description Language), traffic, CUPL (core universal Programming Language), HDCal, jhddl (Java Hardware Description Language), lava, lola, HDL, PALASM, rhyd (Hardware Description Language), and vhigh-Language (Hardware Description Language), which is currently used in most popular applications. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be regarded as a hardware component and the means for performing the various functions included therein may also be regarded as structures within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more pieces of software and/or hardware in the practice of this description.

As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The description has been presented with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or apparatus comprising the element.

This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the system embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.

The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.

Claims

1. A service binding method is provided, wearable equipment establishes communication connection with terminal equipment, and a service client is installed in the terminal equipment, and the method comprises the following steps:

sending the binding request to the terminal device, so that the terminal device sends the binding request to the service server through a service client which is logged in by the user through a user account, so that the service server authenticates the wearable device according to the authentication information carried in the binding request, and after the wearable device passes the authentication, sending service credential information corresponding to the user account to the wearable device through the terminal device;

2. The method according to claim 1, wherein receiving and storing the service credential information specifically comprises:

3. The method according to claim 2, wherein the encrypted service credential information is decrypted by using the stored device private key corresponding to the wearable device to obtain the service credential information, and specifically includes:

4. The method according to claim 1 or 2, wherein the pre-storing of the authentication information specifically comprises:

sending the equipment information to the terminal equipment so that the terminal equipment sends the equipment information to the service server so that the service server can verify the wearable equipment, and generating authentication information according to the equipment information after the wearable equipment passes the verification of the service server so as to send the authentication information to the terminal equipment;

5. The method according to claim 4, wherein the sending the device information to the terminal device, so that the terminal device sends the device information to the service server, so that the service server verifies the wearable device, and after the wearable device passes the verification of the service server, generates authentication information according to the device information, so as to send the authentication information to the terminal device, specifically includes:

6. The method according to any one of claims 1 to 5, wherein the wearable device, in response to the binding operation of the user, acquires authentication information pre-stored in the wearable device, specifically including:

acquiring pre-stored authentication information from the security chip;

7. The method of claim 6, the secure chip comprising: the system comprises a safety Micro Control Unit (MCU) and a chip configured with a trusted environment (TEE);

8. A service binding method is provided, a wearable device establishes communication connection with a terminal device, and the terminal device is installed with a service client, and the method comprises the following steps:

a service server corresponding to a service client receives a binding request sent by the service client, wherein the binding request carries authentication information stored by the wearable device, and the binding request is generated by the wearable device according to the authentication information after responding to the binding operation of the user and is sent to the terminal device;

9. The method according to claim 8, wherein the sending the service credential information to the terminal device specifically includes:

10. The method according to claim 9, wherein the encrypting the service credential information according to the device public key corresponding to the wearable device to obtain the encrypted service credential information specifically includes:

encrypting the service certificate information through a pre-generated secret key to obtain service certificate information encrypted by the secret key;

11. The method according to claim 8, authenticating the wearable device according to the authentication information carried in the binding request, specifically including:

12. The method of claim 8, further comprising:

13. The method according to claim 12, wherein the receiving, by the service server, the device information of the wearable device sent by the terminal device specifically includes:

verifying the wearable device, specifically comprising:

and verifying the wearable equipment according to the manufacturer information.

14. The method of claim 13, the vendor information comprising: the manufacturer's corresponding expiration date.

15. A method of service execution, comprising:

the wearable device responds to the business operation of the user and acquires pre-stored business certificate information;

the wearable device sends the service credential information to a service server corresponding to a service client through a designated device, so that the service server judges whether the wearable device is authorized to execute a target service through a user account corresponding to the service credential information according to the service credential information, and executes the target service through the user account after the wearable device is determined to be authorized.

16. The method according to claim 15, wherein the wearable device sends the service credential information to a service server corresponding to a service client through a specific device, specifically including:

the wearable device generates and displays a graphic code carrying the service certificate information, so that the designated device collects image information of the graphic code, analyzes the graphic code contained in the image information to obtain the service certificate information, and sends the service certificate information to the service server.

17. The method according to claim 15 or 16, wherein the wearable device, in response to the service operation of the user, acquires pre-stored service credential information, specifically comprising:

responding to business operation of a user by wearable equipment, and accessing a security chip installed on the wearable equipment;

18. A method of service execution, comprising:

a service server corresponding to a service client receives service credential information sent by a designated device, wherein the service credential information is obtained locally from a wearable device by responding to a service operation of a user by the wearable device;

judging whether the wearable equipment is authorized to execute target business by logging in a user account of the business client through the user bound with the business voucher information according to the business voucher information;

19. An apparatus for service binding, comprising:

the generation module is used for responding to the binding operation of a user, acquiring authentication information prestored by the wearable device, and generating a binding request carrying the authentication information according to the authentication information;

the sending module is used for sending the binding request to terminal equipment so that the terminal equipment sends the binding request to the service server through a service client which is logged in by the user through a user account, so that the service server can authenticate the wearable equipment according to the authentication information carried in the binding request, and after the wearable equipment passes the authentication, service certificate information corresponding to the user account is sent to the wearable equipment through the terminal equipment;

20. An apparatus for service binding, comprising:

the system comprises a receiving module, a service client and a binding module, wherein the receiving module is used for receiving a binding request sent by the service client logged in by a terminal device through a user account, the binding request carries authentication information stored in wearable equipment, and the binding request is generated according to the authentication information after the wearable equipment responds to binding operation with the user and is sent to the terminal device;

21. An apparatus of service execution, comprising:

the acquisition module is used for responding to the business operation of the user and acquiring prestored business certificate information;

22. An apparatus of service execution, comprising:

the system comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving service voucher information sent by designated equipment, and the service voucher information is acquired from the wearable equipment locally by responding to service operation of a user by the wearable equipment;

the judging module is used for judging whether the wearable equipment is authorized to execute target business by logging in a user account of the business client through the user bound with the business voucher information or not according to the business voucher information;

and the execution module executes the target service after determining that the wearable device is authorized to execute the target service by the user account which is bound with the service certificate information and used for logging in the service client by the user.

23. A computer-readable storage medium, storing a computer program which, when executed by a processor, implements the method of any of claims 1 to 18.

24. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any of claims 1 to 18 when executing the program.