CN115767516A

CN115767516A - Security verification method and device, electronic equipment and storage medium

Info

Publication number: CN115767516A
Application number: CN202211362480.7A
Authority: CN
Inventors: 郭永林; 金杰; 韩峰; 王刚; 刘祎
Original assignee: China Telecom Corp Ltd
Current assignee: China Telecom Corp Ltd
Priority date: 2022-11-02
Filing date: 2022-11-02
Publication date: 2023-03-07

Abstract

The embodiment of the invention provides a security verification method, a security verification device, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring a UUID identifier, an IMSI identifier and an identifier length corresponding to the IMSI identifier corresponding to the intelligent equipment; extracting encryption information for encrypting data from the UUID according to the identifier length, and encrypting the IMSI identifier by adopting the encryption information to obtain a target IMSI identifier; encrypting the UUID identifier, the target IMSI identifier and the identifier length by a private key to obtain encryption request data, and sending the encryption request data to a server, wherein the private key is a key returned by the server after the intelligent equipment successfully registers in the server; receiving verification passing information which is returned by the server and aims at the encrypted request data, wherein the verification passing information comprises identity information; and completing the identity authentication of the intelligent equipment based on the identity information.

Description

Security verification method and device, electronic equipment and storage medium

Technical Field

The present invention relates to the field of security verification technologies, and in particular, to a security verification method, a security verification apparatus, an electronic device, and a computer-readable storage medium.

Background

The development of the Internet of things enables life to be more intelligent and convenient, and a user can realize remote control of various intelligent devices through an intelligent terminal. Along with the increase of the types and the number of the intelligent devices, the method is particularly important for the authentication of the user identity, otherwise, the intelligent devices are easily falsely identified by lawless persons to maliciously control the intelligent devices, and accidents are caused. For example, the intelligent terminal mostly operates the intelligent device through an application program on the terminal, and the server side needs to verify the identity of the user side (the identity of the intelligent terminal) first, and generally, the verification process adopts an interactive process involving multiple data. In the related data interaction process, a user requests a verification code from the platform, the platform sends the verification code to the user, the user feeds back the verification code to the platform for checking, and the platform confirms the identity of the user. This method requires the user to manually input the verification code, and the operation is complicated; more importantly, the user does not adopt encryption measures in the interaction process of applying and feeding back the verification code and feeding back and verifying the verification code by the server, so that the fed-back verification code is easy to intercept, and the identity can be stolen after a lawbreaker simulates a mobile phone number.

Disclosure of Invention

The embodiment of the invention provides a security verification method, a security verification device, electronic equipment and a computer readable storage medium, which are used for solving or partially solving the problems that a user has low security and is easy to cause data leakage in the process of identity authentication.

The embodiment of the invention discloses a safety verification method, which is applied to intelligent equipment and comprises the following steps:

acquiring a UUID identifier, an IMSI identifier and an identifier length corresponding to the IMSI identifier corresponding to the intelligent equipment;

extracting encryption information for encrypting data from the UUID according to the identifier length, and encrypting the IMSI identifier by adopting the encryption information to obtain a target IMSI identifier;

encrypting the UUID identifier, the target IMSI identifier and the identifier length by a private key to obtain encryption request data, and sending the encryption request data to a server, wherein the private key is a key returned by the server after the intelligent equipment successfully registers in the server;

receiving verification passing information which is returned by the server and aims at the encryption request data, wherein the verification passing information is information generated by the server decrypting the first encryption data according to a public key corresponding to the private key to obtain the UUID, the target IMSI and the identification length, successfully verifying the intelligent equipment according to the UUID, the target IMSI and the identification length, and encrypting the identity information inquired based on the UUID and the target IMSI by adopting the UUID;

and completing the identity authentication of the intelligent equipment based on the identity information.

Optionally, the extracting, according to the identifier length, encryption information used for encrypting data from the UUID identifier includes:

and extracting information corresponding to the identifier length from the last bit of the UUID identifier to serve as encryption information for encrypting the IMSI identifier.

Optionally, the method further comprises:

sending the UUID identifier and the IMSI identifier to the server, and receiving registration encrypted data and a decryption program returned by the server, wherein the registration encrypted data is data generated by the server by generating a corresponding private key and a public key by adopting an asymmetric encryption algorithm and encrypting the private key by adopting the UUID identifier;

and operating the decryption program to decrypt the registered encrypted data by adopting the UUID identifier to obtain the private key.

Optionally, the receiving verification passing information for the encrypted request data returned by the server includes:

and operating the decryption program to decrypt the verification passing information by adopting the UUID identification to obtain the identity information corresponding to the intelligent equipment, wherein the identity information at least comprises an MSISDN identification and a user identification.

Optionally, the method further comprises:

receiving verification failure information which is returned by the server and aims at the encrypted request data, wherein the verification failure information is generated after the server decrypts the first encrypted data according to a public key corresponding to the private key to obtain the UUID and the target IMSI, and verifies the intelligent equipment according to the UUID and the target IMSI;

and outputting prompt information corresponding to the verification failure information.

The embodiment of the invention also discloses a safety verification method which is applied to a server side and comprises the following steps:

acquiring encryption request data sent by intelligent equipment;

encrypting the encryption request data through a public key to obtain a UUID identifier, a target IMSI identifier and an identifier length aiming at the target IMSI identifier corresponding to the intelligent equipment;

extracting corresponding encryption information from the UUID according to the identifier length, and decrypting the target IMSI identifier through the encryption information to obtain an IMSI identifier corresponding to the intelligent equipment;

and if the identity information matched with the intelligent equipment is inquired according to the UUID identification and the IMSI identification, operating a corresponding encryption program to encrypt the identity information through the UUID identification, generating corresponding test passing information, and sending the test passing information to the intelligent equipment, wherein the identity information is used for carrying out identity authentication on the intelligent equipment.

Optionally, the extracting, according to the identifier length, corresponding encryption information from the UUID identifier includes:

Optionally, if the identity information matched with the smart device is queried according to the UUID identifier and the IMSI identifier, running a corresponding encryption program to encrypt the identity information through the UUID identifier, and generating corresponding test passing information, where the method includes:

inquiring a target MSISDN identifier and a target user identifier corresponding to the UUID identifier and the IMSI identifier, and acquiring a preset MSISDN identifier and a preset user identifier when the intelligent equipment is registered at the server;

and if the target MSISDN identification is the same as the preset MSISDN identification and/or the target user identification is the same as the preset user identification, operating a corresponding encryption program to encrypt the identity information through the UUID identification to generate corresponding test passing information.

Optionally, the method further comprises:

and if the target MSISDN identification is different from the preset MSISDN identification and the target user identification is different from the preset user identification, generating verification failure information corresponding to the encryption request data and sending the verification failure information to the intelligent equipment.

Optionally, the method further comprises:

acquiring the UUID identifier and the IMSI identifier sent by the intelligent equipment;

querying a preset MSISDN identifier and a preset user identifier corresponding to the UUID identifier and the IMSI identifier, and establishing a corresponding association relation among the UUID identifier, the IMSI identifier, the preset MSISDN identifier and the preset user identifier so as to register the intelligent device;

generating a corresponding private key and a public key by adopting an asymmetric encryption algorithm, encrypting the private key by adopting the UUID identifier, and generating corresponding registration decryption data;

and sending the registered encrypted data and a decryption program corresponding to the encryption program to the intelligent equipment.

The embodiment of the invention also discloses a safety verification device, which is applied to intelligent equipment, and the device comprises:

an identifier obtaining module, configured to obtain a UUID identifier, an IMSI identifier, and an identifier length corresponding to the IMSI identifier that correspond to the smart device;

the identifier encryption module is used for extracting encryption information for encrypting data from the UUID identifier according to the identifier length, and encrypting the IMSI identifier by adopting the encryption information to obtain a target IMSI identifier;

the data encryption module is used for encrypting the UUID identifier, the target IMSI identifier and the identifier length through a private key to obtain encryption request data and sending the encryption request data to a server, wherein the private key is a key returned by the server after the intelligent equipment successfully registers in the server;

the information receiving module is used for receiving verification passing information which is returned by the server and aims at the encrypted request data, the verification passing information is information which is generated by the server decrypting the first encrypted data according to a public key corresponding to the private key to obtain the UUID, the target IMSI and the identification length, successfully verifying the intelligent equipment according to the UUID, the target IMSI and the identification length, and encrypting the identity information inquired based on the UUID and the target IMSI by adopting the UUID;

and the identity authentication module is used for finishing identity authentication of the intelligent equipment based on the identity information.

Optionally, the identifier encryption module is specifically configured to:

and extracting information corresponding to the identifier length from the last bit of the UUID identifier to be used as encryption information for encrypting the IMSI identifier.

Optionally, the method further comprises:

the identifier sending module is used for sending the UUID identifier and the IMSI identifier to the server and receiving registration encrypted data and a decryption program returned by the server, wherein the registration encrypted data is data generated by the server by adopting an asymmetric encryption algorithm to generate a corresponding private key and a public key and encrypting the private key by adopting the UUID identifier;

and the key acquisition module is used for operating the decryption program to decrypt the registered encrypted data by adopting the UUID identifier to acquire the private key.

Optionally, the information receiving module is specifically configured to:

and operating the decryption program to decrypt the verification passing information by adopting the UUID identifier to obtain the identity information corresponding to the intelligent equipment, wherein the identity information at least comprises an MSISDN identifier and a user identifier.

Optionally, the method further comprises:

a failure information receiving module, configured to receive verification failure information for the encrypted request data, where the verification failure information is information that is generated after the server decrypts the first encrypted data according to a public key corresponding to the private key to obtain the UUID and the target IMSI, and fails to verify the smart device according to the UUID and the target IMSI;

and the prompt information output module is used for outputting prompt information corresponding to the verification failure information.

The embodiment of the invention also discloses a safety verification device which is applied to a server side, and the device comprises:

the data acquisition module is used for acquiring the encrypted request data sent by the intelligent equipment;

the data decryption module is used for encrypting the encryption request data through a public key to obtain a UUID (user identifier) corresponding to the intelligent equipment, a target IMSI (International Mobile subscriber identity) identifier and an identifier length aiming at the target IMSI identifier;

the identifier decryption module is used for extracting corresponding encryption information from the UUID identifier according to the identifier length and decrypting the target IMSI identifier through the encryption information to obtain the IMSI identifier corresponding to the intelligent equipment;

and the information sending module is used for running a corresponding encryption program to encrypt the identity information through the UUID identifier if the identity information matched with the intelligent equipment is inquired according to the UUID identifier and the IMSI identifier, generating corresponding test passing information, and sending the test passing information to the intelligent equipment, wherein the identity information is used for carrying out identity authentication on the intelligent equipment.

Optionally, the identifier decryption module is specifically configured to:

Optionally, the information sending module is specifically configured to:

Optionally, the method further comprises:

and the failure information sending module is used for generating verification failure information corresponding to the encryption request data and sending the verification failure information to the intelligent equipment if the target MSISDN identifier is different from the preset MSISDN identifier and the target user identifier is different from the preset user identifier.

Optionally, the method further comprises:

the identifier acquisition module is used for acquiring the UUID identifier and the IMSI identifier sent by the intelligent equipment;

a registration module, configured to query a preset MSISDN identifier and a preset user identifier corresponding to the UUID identifier and the IMSI identifier, and establish a corresponding association relationship among the UUID identifier, the IMSI identifier, the preset MSISDN identifier, and the preset user identifier, so as to register the smart device;

the key generation module is used for generating a corresponding private key and a public key by adopting an asymmetric encryption algorithm, encrypting the private key by adopting the UUID identifier and generating corresponding registration decryption data;

and the data sending module is used for sending the registered encrypted data and the decryption program corresponding to the encryption program to the intelligent equipment.

The embodiment of the invention also discloses electronic equipment which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory finish mutual communication through the communication bus;

the memory is used for storing a computer program;

the processor is configured to implement the method according to the embodiment of the present invention when executing the program stored in the memory.

Also disclosed is a computer-readable storage medium having instructions stored thereon, which, when executed by one or more processors, cause the processors to perform a method according to an embodiment of the invention.

The embodiment of the invention has the following advantages:

in the embodiment of the invention, when the intelligent equipment needs to perform identity authentication to complete corresponding operation, the intelligent equipment can obtain the UUID corresponding to the intelligent equipment, the IMSI and the identifier length corresponding to the IMSI, then extract encryption information used for data encryption from the UUID according to the identifier length, encrypt the IMSI by using the encryption information to obtain the target IMSI, encrypt the UUID, the target IMSI and the identifier length by using a private key to obtain encryption request data, send the encryption request data to a server, use the private key as a key returned by the server after the intelligent equipment successfully registers in the server, receive verification passing information aiming at the encryption request data returned by the server, decrypt the first encryption data by using the private key to obtain the UUID, the target IMSI and the identifier length according to the public key corresponding to the private key, successfully verify the intelligent equipment according to the UUID, the target IMSI and the identifier length, and use the UUID to verify the intelligent equipment after the identity information inquired based on the UUID and the target IMSI to obtain information, and then verify the security of the encrypted identifier of the intelligent equipment based on the UUID and the IMSI, thereby effectively realizing the security correlation of the encrypted identifier in the UUID and IMSI.

Drawings

FIG. 1 is a flow chart of the steps of a security authentication method provided in an embodiment of the present invention;

FIG. 2 is a schematic flow chart of security authentication provided in an embodiment of the present invention;

FIG. 3 is a flow chart of the steps of a security authentication method provided in an embodiment of the present invention;

fig. 4 is a block diagram of a security authentication apparatus provided in an embodiment of the present invention;

fig. 5 is a block diagram of a security authentication apparatus provided in an embodiment of the present invention;

fig. 6 is a block diagram of an electronic device provided in an embodiment of the present invention.

Detailed Description

In order to make the aforementioned objects, features and advantages of the present invention more comprehensible, the present invention is described in detail with reference to the accompanying drawings and the detailed description thereof.

As an example, the smart device is operated by an application program on the device, and the server needs to authenticate the identity of the user (the identity of the smart device) first, and this authentication process usually employs an interactive process involving multiple data. In the related data interaction process, a user requests a verification code from the platform, the platform sends the verification code to the user, the user feeds back the verification code to the platform for checking, and the platform confirms the identity of the user. This method requires the user to manually input the verification code, and the operation is complicated; more importantly, the user does not adopt encryption measures in the interaction process of applying and feeding back the verification code and feeding back and verifying the verification code by the server, the fed-back verification code is easy to intercept, and identity can be stolen after lawless persons simulate the mobile phone number.

One of the core invention points in the invention is that when the intelligent device needs to perform identity authentication to complete corresponding operation, the intelligent device can obtain a UUID, an IMSI and an identifier length corresponding to the intelligent device, then extract encryption information for data encryption from the UUID according to the identifier length, encrypt the IMSI identifier by using the encryption information to obtain a target IMSI identifier, encrypt the UUID, the target IMSI and the identifier length by using a private key to obtain encryption request data, send the encryption request data to a server, successfully verify the intelligent device according to the UUID, the target IMSI and the identifier length by using the UUID as a public key corresponding to the private key to obtain the UUID, the target IMSI and the identifier length, and perform encryption based on the UUID identifier and the public key corresponding to the private key to verify the intelligent device, and perform encryption to the intelligent device according to the UUID and the target IMSI, thereby effectively verify the security of the UUID and the IMSI based on the encryption information of the encrypted IMSI, thereby achieving the security verification of the encrypted UUID and the security of the intelligent device.

It should be noted that, for the smart device, the smart device may include a mobile terminal, a personal computer, a digital key, and the like, when the user needs to perform the identity authentication, the smart device may perform corresponding data interaction with the server to complete the identity authentication, so that the user can realize a corresponding function through the smart device, and then the smart device may be regarded as an application program. Optionally, in the embodiment of the present invention, an example is given by taking an intelligent device as a mobile terminal, and for the mobile terminal, corresponding functions may be implemented through corresponding application programs, it should be understood that the present invention is not limited thereto.

Referring to fig. 1, a flowchart illustrating steps of a security verification method provided in an embodiment of the present invention is shown, and applied to an intelligent device, the method may specifically include the following steps:

step 101, acquiring a UUID identifier, an IMSI identifier and an identifier length corresponding to the IMSI identifier corresponding to the intelligent device;

optionally, the present invention may be applied to the internet of things, in which for a mobile terminal, it may relate to a mobile operator, a USIM card, and the like. When a user accesses the network, the user needs to register related real name information to a Mobile operator system, and the Mobile operator allocates a Universal Subscriber Identity Module (USIM card) to the user when the user accesses the network, wherein an International Mobile Subscriber Identity (IMSI), a corresponding relationship between the IMSI and an MSISDN (Mobile Subscriber Integrated Services Digital Number) and the corresponding real name information of the user are stored in a customer relationship management system of the operator. It should be noted that the MSISDN and the real name information of the user are only examples of the security data, and these two information may be replaced by other data that needs to be secured as long as there is a correspondence relationship with the IMSI.

In the embodiment of the present invention, before the intelligent device implements the related functions (access, unlock, query, etc.), the intelligent device may register with the server first and obtain the authorization of the server to implement the corresponding functions. Specifically, the intelligent device can obtain the UUID and the IMSI, and then send the UUID and the IMSI to the server, after receiving the UUID and the IMSI sent by the intelligent device, the server can first query a preset MSISDN and a preset user corresponding to the UUID and the IMSI, establish a corresponding association relationship between the UUID, the IMSI, the preset MSISDN and the preset user, to register the intelligent device, and simultaneously generate a corresponding private key and a public key by using an asymmetric encryption algorithm, encrypt the private key by using the UUID, generate corresponding registration decryption data, and then send the registration encryption data and a decryption program corresponding to the encryption program to the intelligent device, after receiving the registration encryption data and the decryption program, the intelligent device can run the decryption program to decrypt the registration encryption data by using the UUID, and obtain a private key, so that after successfully registering with the server, the intelligent device can obtain the private key returned by the server for data encryption, so that data encryption can be performed based on the private key in a subsequent data interaction process, and the security of data interaction is ensured.

In the specific implementation, for the registration and authorization process of the intelligent device, the IMSI query service may be first opened on the server, the server is opened and authorizes the intelligent device to access the service for querying the IMSI, the MSISDN, and the corresponding user real name information through encrypted transmission through a certain security mechanism, and then, for the authorization process, the intelligent device may report the UUID identifier and the collected IMSI identifier to the server interface for registration. The server receives the registration information reported by the intelligent equipment, generates a pair of keys by adopting an asymmetric encryption algorithm aiming at the UUID identifier, locally associates the UUID identifier and the IMSI identifier with the MSISDN identifier and the user identifier respectively, simultaneously creates a corresponding encryption program to encrypt the private key through encryption of the UUID identifier according to the encryption program, and feeds back the encrypted private key and the encrypted decryption program to the intelligent equipment to finish authorization. The intelligent equipment receives the issued data, the decryption program automatically acquires the UUID identification of the intelligent equipment, then decryption of the encrypted data is automatically executed, the decryption program is not released at the moment, and intercepted data intercepted by lawless persons cannot be decrypted due to mismatching of the UUID identification, so that the safety of the data is ensured, and the security of the data is improved. And the decryption program, namely a configured section of automatically executed code statement, occupies little resources, the decryption program is configured in an automatically executed mode, the data is automatically acquired, and the decryption operation is executed, and the pre-configured decryption algorithm corresponds to the encryption method.

After the registration and authorization of the intelligent device on the server are completed through the above processes, the intelligent device can realize corresponding functions such as data access, device unlocking, data query and the like after executing corresponding identity authentication in the subsequent process.

In a specific implementation, in a scenario that identity authentication is required, the intelligent device may first obtain a UUID, an IMSI, and an identifier length corresponding to the IMSI, where the UUID and the IMSI may be used to perform identity authentication on the intelligent device, and the identifier length corresponding to the IMSI is used to perform data encryption, so as to ensure security in a data interaction process.

102, extracting encryption information for data encryption from the UUID according to the identifier length, and encrypting the IMSI identifier by adopting the encryption information to obtain a target IMSI identifier;

in the embodiment of the invention, in the identity authentication process, after the intelligent device acquires the IMSI identity, since the IMSI identity can be a string of numbers, the intelligent device can identify the string of numbers to obtain the identity length corresponding to the IMSI identity, namely, the number of digits contained, and assuming that n is the number, further, the intelligent device can extract corresponding encryption information from the UUID identity according to n and encrypt the IMSI identity according to the encryption information to obtain the encrypted target IMSI identity, so that the IMSI identity is encrypted through the length corresponding to the IMSI identity and the uniqueness of the UUID identity, and the security of data encryption is effectively ensured.

In a specific implementation, the intelligent device may extract information corresponding to the identifier length from the last digit of the UUID as encryption information for encrypting the IMSI identifier, for example, if n is 10, the intelligent device may extract a 10-digit value from the last digit of the UUID as encryption information for encrypting the IMSI identifier, and then perform an exclusive or operation with the unencrypted IMSI identifier based on the 10-digit value to obtain an encrypted target IMSI identifier, so that the IMSI identifier is encrypted by uniqueness of the length corresponding to the IMSI identifier and the UUID identifier, thereby effectively ensuring security of data encryption.

103, encrypting the UUID, the target IMSI and the identifier length by using a private key to obtain encryption request data, and sending the encryption request data to a server, wherein the private key is a key returned by the server after the intelligent device successfully registers in the server;

in the process, after the terminal encrypts the IMSI identity through the UUID identity, the terminal can encrypt related data through a private key returned by the server, specifically, the intelligent device can encrypt the UUID identity required to be sent to the server, the encrypted target IMSI identity and the corresponding identity length through the private key to obtain encryption request data, and then send the encryption request data to the server, so that the server can perform identity authentication on the intelligent device according to the encryption request data sent by the intelligent device.

104, receiving verification passing information for the encrypted request data returned by the server, wherein the verification passing information is information generated by the server decrypting the first encrypted data according to a public key corresponding to the private key to obtain the UUID, the target IMSI and the identifier length, successfully verifying the intelligent device according to the UUID, the target IMSI and the identifier length, and encrypting the identity information queried based on the UUID and the target IMSI by using the UUID;

for a server, after receiving encryption request data sent by intelligent equipment, the server can encrypt the encryption request data through a public key generated in a registration process to obtain a UUID (user identifier), a target IMSI (international mobile subscriber identity) identifier and an identifier length aiming at the target IMSI identifier corresponding to the intelligent equipment, then extract corresponding encryption information from the UUID identifier according to the identifier length, decrypt the target IMSI identifier through the encryption information to obtain an IMSI identifier corresponding to the intelligent equipment, then query identity information based on the UUID identifier and the IMSI identifier, if the identity information matched with the intelligent equipment is queried according to the UUID identifier and the IMSI identifier, operate a corresponding encryption program to encrypt the identity information through the UUID identifier to generate corresponding test passing information, and send the test passing information to the intelligent equipment so that the intelligent equipment completes identity authentication based on the identity information in the test passing information.

In specific implementation, for decryption of the target IMSI identity, the server may extract, from the last digit of the UUID identity, information corresponding to the length of the identity as encryption information for encrypting the IMSI identity, for example, if n is 10, the server may extract, from the last digit of the UUID identity, a 10-digit value as encryption information for decrypting the target IMSI identity, and then perform an exclusive or operation on the 10-digit value and the encrypted target IMSI identity to obtain an IMSI identity corresponding to the smart device, so that the IMSI identity is decrypted by the length corresponding to the IMSI identity and the uniqueness of the UUID identity, thereby effectively ensuring security of data encryption.

After the identity information may include the MSISDN identifier and the user identifier (e.g., real name information of the user) completes decryption of the IMSI identifier, the server may query a target MSISDN identifier and a target user identifier corresponding to the UUID identifier and the IMSI identifier, and obtain a preset MSISDN identifier and a preset user identifier of the intelligent device when the server registers, and if the target MSISDN identifier is the same as the preset MSISDN identifier and/or the target user identifier is the same as the preset user identifier, run a corresponding encryption program to encrypt the identity information through the UUID identifier, and generate corresponding test passing information; and if the target MSISDN identification is different from the preset MSISDN identification and the target user identification is different from the preset user identification, generating verification failure information corresponding to the encryption request data and sending the verification failure information to the intelligent equipment.

In one example, the service end authenticates the information of the intelligent device and confirms the validity of the information submitted by the intelligent device. The authentication process of the server on the intelligent equipment comprises the following steps: decrypting encrypted data in the request by adopting a public key to obtain a UUID identifier and an encrypted IMSI identifier, then firstly carrying out XOR operation on the last n bits of the UUID identifier and the encrypted IMSI identifier obtained by decryption to recover and obtain an IMSI identifier to be detected (the IMSI identifier to be detected is called as before because validity identification is not carried out yet), respectively looking up the UUID identifier and a target MSISDN identifier and target user real name information associated with the IMSI identifier to be detected, judging whether the target MSISDN identifier is the same as a preset MSISDN identifier when the intelligent equipment is registered (whether user real name information (namely user identifiers) is the same or not or whether two data are the same), and identifying the target MSISDN identifier and the target MSISDN identifier as legal requests if the target MSISDN identifier is the same as the preset MSISDN identifier when the intelligent equipment is registered. For the intelligent equipment passing the authentication, authorizing to inquire the MSISDN identification and the user real name information corresponding to the IMSI identification, and returning the corresponding MSISDN identification and the user real name information to the intelligent equipment by the server; for the intelligent device with failed authentication, the server may return corresponding verification failure information to the intelligent device to inform the intelligent device that the identity authentication of the intelligent device fails.

For the intelligent device, after receiving the test passing information returned by the server, the intelligent device may run a decryption program to decrypt the verification passing information by using the UUID, and obtain the identity information corresponding to the intelligent device, where the identity information at least includes the MSISDN identifier and the user identifier. Correspondingly, if verification failure information aiming at the encryption request data returned by the server is received, the verification failure information is information generated after the server decrypts the first encrypted data according to a public key corresponding to the private key to obtain a UUID identifier and a target IMSI identifier, and the intelligent equipment fails to verify according to the UUID identifier and the target IMSI identifier, the intelligent equipment can output prompt information corresponding to the verification failure information, so that in the process of safety verification, corresponding encryption information is extracted from the UUID identifier based on the length of the IMSI identifier to realize encryption, the safety of data encryption is effectively guaranteed, and meanwhile, the accuracy of safety authentication is improved by associating the private information with the UUID identifier and the IMSI identifier.

In a specific implementation, the service end returns the MSISDN identifier corresponding to the IMSI identifier and the user identifier queried to the intelligent device through a TCP protocol packet. For the data message, further, the server may encrypt through an encryption program, and encrypt the data (MSISDN id and user id) by using the UUID. In the foregoing embodiment, when the smart device registers, the server feeds back a decryption program, and already obtains the UUID identifier, at this time, the decryption program may directly decrypt the encrypted data to obtain the MSISDN identifier and the user identifier, and automatically release the decryption program itself after decryption is completed, so as to reduce the performance overhead of the smart device.

And 105, finishing the identity authentication of the intelligent equipment based on the identity information.

When the server successfully authenticates the intelligent device and returns the corresponding MSISDN identifier and the user identifier, the intelligent device can perform identity authentication, such as login and the like, based on the MSISDN identifier and the user identifier, so that corresponding functions provided by the intelligent device can be used after the identity authentication is successful, and therefore, in the process of performing security verification, corresponding encryption information is extracted from the UUID identifier based on the length of the IMSI identifier to realize encryption, the security of data encryption is effectively ensured, and meanwhile, the accuracy of security authentication is improved by associating private information with the UUID identifier and the IMSI identifier.

In an example, referring to fig. 2, a schematic flow chart of security authentication provided in the embodiment of the present invention is shown, and assuming that a corresponding function is implemented by an APP (APPlication program), and identity authentication is required in a process of implementing the corresponding function, the APP may implement corresponding data interaction with an operator (service end). Specifically, the APP may send the UUID and the IMSI to the operator to perform corresponding registration on the operator, after receiving the UUID and the IMSI, the operator may generate a pair of keys based on an asymmetric algorithm, associate and store secret information (MSISDN identifier, user real name information, and the like) of the UUID and the IMSI respectively, encrypt a private key in the keys through the UUID, and return the encrypted private key and a corresponding decryption program to the APP. The APP obtains the UUID through a decryption program, obtains a corresponding private key based on decryption of the UUID, when the APP initiates an inquiry request to an operator, the APP can encrypt the IMSI based on the UUID to obtain the encrypted IMSI, then encrypts the UUID and the encrypted IMSI based on the private key, and then sends an encryption result to the operator. After receiving the encryption result, an operator can decrypt through a public key to obtain a UUID and an encrypted IMSI, then decrypt the encrypted IMSI through the UUID to obtain an IMSI to be detected, check corresponding confidential information through the UUID and a table of the IMSI to be detected, encrypt the confidential information through the UUID based on an encryption program under the condition of checking, and return the encrypted confidential information to an APP, the APP can decrypt the encrypted confidential information through a decryption program to obtain corresponding confidential information, and release the decryption program, so that in the process of safety verification, the corresponding encrypted information is extracted from the UUID based on the length of the IMSI identifier to realize encryption, the safety of data encryption is effectively ensured, and meanwhile, the accuracy of safety certification is improved through associating the private information between the UUID identifier and the IMSI identifier.

Referring to fig. 3, a flowchart illustrating steps of a security verification method provided in the embodiment of the present invention is shown, and applied to a server, the method specifically includes the following steps:

step 301, acquiring encryption request data sent by intelligent equipment;

step 302, encrypting the encryption request data through a public key to obtain a UUID identifier corresponding to the intelligent device, a target IMSI identifier and an identifier length for the target IMSI identifier;

step 303, extracting corresponding encryption information from the UUID according to the identifier length, and decrypting the target IMSI identifier through the encryption information to obtain an IMSI identifier corresponding to the intelligent device;

step 304, if the identity information matched with the intelligent device is inquired according to the UUID identifier and the IMSI identifier, operating a corresponding encryption program to encrypt the identity information through the UUID identifier, generating corresponding test passing information, and sending the test passing information to the intelligent device, wherein the identity information is used for identity authentication of the intelligent device.

In an optional embodiment, the extracting, according to the identifier length, the corresponding encryption information from the UUID identifier includes:

In an optional embodiment, if the identity information matched with the smart device is queried according to the UUID and the IMSI, running a corresponding encryption program to encrypt the identity information through the UUID to generate corresponding test-passing information includes:

In an alternative embodiment, further comprising:

In the embodiment of the invention, when the intelligent equipment needs identity authentication to complete corresponding operation, the server can acquire the encryption request data sent by the intelligent equipment; encrypting the encryption request data through a public key to obtain a UUID identifier, a target IMSI identifier and an identifier length aiming at the target IMSI identifier corresponding to the intelligent equipment; extracting corresponding encryption information from the UUID identifier according to the identifier length, and decrypting the target IMSI identifier through the encryption information to obtain an IMSI identifier corresponding to the intelligent equipment; if the identity information matched with the intelligent equipment is inquired according to the UUID identifier and the IMSI identifier, a corresponding encryption program is operated to encrypt the identity information through the UUID identifier, corresponding test passing information is generated, the test passing information is sent to the intelligent equipment, and the identity information is used for authenticating the identity of the intelligent equipment, so that in the process of safety verification, the corresponding encryption information is extracted from the UUID identifier based on the length of the IMSI identifier to realize encryption, the safety of data encryption is effectively guaranteed, and meanwhile, the accuracy of safety authentication is improved through the association of the UUID identifier and the IMSI identifier.

It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.

Referring to fig. 4, a block diagram of a security verification apparatus provided in the embodiment of the present invention is shown, and is applied to an intelligent device, and specifically includes the following modules:

an identifier obtaining module 401, configured to obtain a UUID identifier, an IMSI identifier, and an identifier length corresponding to the IMSI identifier corresponding to the smart device;

an identifier encryption module 402, configured to extract encryption information used for data encryption from the UUID identifier according to the identifier length, and encrypt the IMSI identifier by using the encryption information, to obtain a target IMSI identifier;

a data encryption module 403, configured to encrypt the UUID, the target IMSI, and the identifier length by using a private key, obtain encryption request data, and send the encryption request data to a server, where the private key is a key returned by the server after the intelligent device successfully registers in the server;

an information receiving module 404, configured to receive verification passing information, which is returned by the server and is for the encrypted request data, where the verification passing information is information that the server decrypts the first encrypted data according to a public key corresponding to the private key to obtain the UUID, the target IMSI, and the identifier length, successfully verifies the smart device according to the UUID, the target IMSI, and the identifier length, and encrypts, by using the UUID, identity information queried based on the UUID and the target IMSI;

and an identity authentication module 405, configured to complete identity authentication on the smart device based on the identity information.

In an optional embodiment, the identifier encryption module 402 is specifically configured to:

In an alternative embodiment, further comprising:

In an optional embodiment, the information receiving module 404 is specifically configured to:

In an alternative embodiment, further comprising:

a failure information receiving module 404, configured to receive verification failure information for the encrypted request data, where the verification failure information is information that is generated after the server decrypts the first encrypted data according to a public key corresponding to the private key to obtain the UUID and the target IMSI, and fails to verify the smart device according to the UUID and the target IMSI;

Referring to fig. 5, a block diagram of a security verification apparatus provided in the embodiment of the present invention is shown, and the security verification apparatus is applied to a server, and specifically includes the following modules:

a data obtaining module 501, configured to obtain encrypted request data sent by an intelligent device;

a data decryption module 502, configured to encrypt the encrypted request data by using a public key, so as to obtain a UUID identifier, a target IMSI identifier, and an identifier length for the target IMSI identifier corresponding to the smart device;

the identifier decryption module 503 is configured to extract corresponding encrypted information from the UUID identifier according to the identifier length, and decrypt the target IMSI identifier through the encrypted information to obtain an IMSI identifier corresponding to the smart device;

an information sending module 504, configured to run a corresponding encryption program to encrypt the identity information through the UUID identifier if identity information matched with the smart device is queried according to the UUID identifier and the IMSI identifier, generate corresponding test passing information, and send the test passing information to the smart device, where the identity information is used to perform identity authentication on the smart device.

In an optional embodiment, the identifier decryption module 503 is specifically configured to:

In an optional embodiment, the information sending module 504 is specifically configured to:

In an alternative embodiment, further comprising:

a failure information sending module 504, configured to generate verification failure information corresponding to the encryption request data if the target MSISDN identifier is different from the preset MSISDN identifier and the target user identifier is different from the preset user identifier, and send the verification failure information to the intelligent device.

In an alternative embodiment, further comprising:

a registration module, configured to query a preset MSISDN identifier and a preset user identifier corresponding to the UUID identifier and the IMSI identifier, and establish a corresponding association relationship between the UUID identifier, the IMSI identifier, the preset MSISDN identifier, and the preset user identifier, so as to register the smart device;

For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.

In addition, an embodiment of the present invention further provides an electronic device, including: the processor, the memory, and the computer program stored in the memory and capable of running on the processor, when executed by the processor, implement the processes of the above-mentioned security verification method embodiment, and can achieve the same technical effects, and for avoiding repetition, details are not described here.

The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when being executed by a processor, the computer program implements each process of the above-mentioned safety verification method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.

Fig. 6 is a schematic diagram of a hardware structure of an electronic device implementing various embodiments of the present invention.

The electronic device 600 includes, but is not limited to: a radio frequency unit 601, a network module 602, an audio output unit 603, an input unit 604, a sensor 605, a display unit 606, a user input unit 607, an interface unit 608, a memory 609, a processor 610, and a power supply 611. It will be understood by those skilled in the art that the electronic device configurations involved in the embodiments of the present invention are not intended to be limiting, and that an electronic device may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components may be used. In the embodiment of the present invention, the electronic device includes, but is not limited to, a mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted terminal, a wearable device, a pedometer, and the like.

It should be understood that, in the embodiment of the present invention, the radio frequency unit 601 may be used to receive and transmit signals during a message transmission or call process, and specifically, receive downlink data from a base station and then process the received downlink data to the processor 610; in addition, the uplink data is transmitted to the base station. Generally, radio frequency unit 601 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier, a duplexer, and the like. Further, the radio frequency unit 601 may also communicate with a network and other devices through a wireless communication system.

The electronic device provides wireless broadband internet access to the user via the network module 602, such as assisting the user in sending and receiving e-mails, browsing web pages, and accessing streaming media.

The audio output unit 603 may convert audio data received by the radio frequency unit 601 or the network module 602 or stored in the memory 609 into an audio signal and output as sound. Also, the audio output unit 603 may also provide audio output related to a specific function performed by the electronic apparatus 600 (e.g., a call signal reception sound, a message reception sound, etc.). The audio output unit 603 includes a speaker, a buzzer, a receiver, and the like.

The input unit 604 is used to receive audio or video signals. The input Unit 604 may include a Graphics Processing Unit (GPU) 6041 and a microphone 6042, and the Graphics processor 6041 processes image data of a still picture or video obtained by an image capturing apparatus (such as a camera) in a video capture mode or an image capture mode. The processed image frames may be displayed on the display unit 606. The image frames processed by the graphic processor 6041 may be stored in the memory 609 (or other storage medium) or transmitted via the radio frequency unit 601 or the network module 602. The microphone 6042 can receive sound, and can process such sound into audio data. The processed audio data may be converted into a format output transmittable to a mobile communication base station via the radio frequency unit 601 in case of the phone call mode.

The electronic device 600 also includes at least one sensor 605, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor includes an ambient light sensor that can adjust the luminance of the display panel 6061 according to the brightness of ambient light, and a proximity sensor that can turn off the display panel 6061 and/or the backlight when the electronic apparatus 600 is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally three axes), detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of the electronic device (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration identification related functions (such as pedometer, tapping), and the like; the sensors 605 may also include fingerprint sensors, pressure sensors, iris sensors, molecular sensors, gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc., which are not described in detail herein.

The display unit 606 is used to display information input by the user or information provided to the user. The Display unit 606 may include a Display panel 6061, and the Display panel 6061 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.

The user input unit 607 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the electronic device. Specifically, the user input unit 607 includes a touch panel 6071 and other input devices 6072. Touch panel 6071, also referred to as a touch screen, may collect touch operations by a user on or near it (e.g., operations by a user on or near touch panel 6071 using a finger, stylus, or any other suitable object or attachment). The touch panel 6071 may include two portions of a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 610, receives a command from the processor 610, and executes the command. In addition, the touch panel 6071 can be implemented by various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. The user input unit 607 may include other input devices 6072 in addition to the touch panel 6071. Specifically, the other input devices 6072 may include, but are not limited to, a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which are not described herein again.

Further, the touch panel 6071 can be overlaid on the display panel 6061, and when the touch panel 6071 detects a touch operation on or near the touch panel 6071, the touch operation is transmitted to the processor 610 to determine the type of the touch event, and then the processor 610 provides a corresponding visual output on the display panel 6061 according to the type of the touch event. It is understood that in one embodiment, the touch panel 6071 and the display panel 6061 are two independent components to realize the input and output functions of the electronic device, but in some embodiments, the touch panel 6071 and the display panel 6061 may be integrated to realize the input and output functions of the electronic device, and are not limited herein.

The interface unit 608 is an interface for connecting an external device to the electronic apparatus 600. For example, the external device may include a wired or wireless headset port, an external power supply (or battery charger) port, a wired or wireless data port, a memory card port, a port for connecting a device having an identification module, an audio input/output (I/O) port, a video I/O port, an earphone port, and the like. The interface unit 608 may be used to receive input (e.g., data information, power, etc.) from an external device and transmit the received input to one or more elements within the electronic apparatus 600 or may be used to transmit data between the electronic apparatus 600 and an external device.

The memory 609 may be used to store software programs as well as various data. The memory 609 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, etc. Further, the memory 609 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

The processor 610 is a control center of the electronic device, connects various parts of the whole electronic device by using various interfaces and lines, performs various functions of the electronic device and processes data by running or executing software programs and/or modules stored in the memory 609, and calling data stored in the memory 609, thereby performing overall monitoring of the electronic device. Processor 610 may include one or more processing units; preferably, the processor 610 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 610.

The electronic device 600 may further comprise a power supply 611 (e.g., a battery) for supplying power to the various components, and preferably, the power supply 611 is logically connected to the processor 610 via a power management system, so that functions of managing charging, discharging, and power consumption are performed via the power management system.

In addition, the electronic device 600 includes some functional modules that are not shown, and are not described in detail here.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one of 8230, and" comprising 8230does not exclude the presence of additional like elements in a process, method, article, or apparatus comprising the element.

Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.

While the present invention has been described with reference to the particular illustrative embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but is intended to cover various modifications, equivalent arrangements, and equivalents thereof, which may be made by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one type of logical functional division, and other divisions may be realized in practice, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.

The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims

1. A security verification method is applied to intelligent equipment and comprises the following steps:

receiving verification passing information which is returned by the server and aims at the encryption request data, wherein the verification passing information is information which is generated by the server decrypting the first encryption data according to a public key corresponding to the private key to obtain the UUID, the target IMSI and the identification length, successfully verifying the intelligent equipment according to the UUID, the target IMSI and the identification length, and encrypting the identity information inquired based on the UUID and the target IMSI by adopting the UUID;

2. The method of claim 1, wherein the extracting encryption information for data encryption from the UUID according to the identifier length comprises:

3. The method of claim 1, further comprising:

4. The method according to claim 3, wherein the receiving the verification passing information for the encrypted request data returned by the server side comprises:

5. The method according to any one of claims 1-4, further comprising:

receiving verification failure information which is returned by the server and aims at the encrypted request data, wherein the verification failure information is information which is generated after the server decrypts the first encrypted data according to a public key corresponding to the private key to obtain the UUID and the target IMSI, and verifies the intelligent equipment unsuccessfully according to the UUID and the target IMSI;

6. A security verification method is applied to a server side, and comprises the following steps:

acquiring encryption request data sent by intelligent equipment;

7. The method of claim 6, wherein the extracting corresponding encryption information from the UUID according to the identifier length comprises:

8. The method of claim 6, wherein if the identity information matching with the smart device is queried according to the UUID identifier and the IMSI identifier, operating a corresponding encryption program to encrypt the identity information through the UUID identifier to generate corresponding test passing information, comprising:

9. The method of claim 8, further comprising:

10. The method of claim 6, further comprising:

inquiring a preset MSISDN identifier and a preset user identifier corresponding to the UUID identifier and the IMSI identifier, and establishing a corresponding association relation among the UUID identifier, the IMSI identifier, the preset MSISDN identifier and the preset user identifier so as to register the intelligent equipment;

11. A safety verification device is applied to intelligent equipment and comprises:

the identifier acquisition module is used for acquiring the UUID identifier, the IMSI identifier and the identifier length corresponding to the IMSI identifier corresponding to the intelligent equipment;

the information receiving module is used for receiving verification passing information which is returned by the server and aims at the encryption request data, wherein the verification passing information is information which is generated by the server decrypting the first encryption data according to a public key corresponding to the private key to obtain the UUID identifier, the target IMSI identifier and the identifier length, successfully verifying the intelligent equipment according to the UUID identifier, the target IMSI identifier and the identifier length, and encrypting the identity information inquired based on the UUID identifier and the target IMSI identifier by adopting the UUID identifier;

12. A security verification apparatus, applied to a server, the apparatus comprising:

13. An electronic device, comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory communicate with each other via the communication bus;

the memory is used for storing a computer program;

the processor, when executing a program stored on the memory, implementing the method of any of claims 1-10.

14. A computer-readable storage medium having instructions stored thereon, which when executed by one or more processors, cause the processors to perform the method recited by any of claims 1-10.