WO2016070611A1 - Method for processing data, server and terminal - Google Patents

Method for processing data, server and terminal Download PDF

Info

Publication number
WO2016070611A1
WO2016070611A1 PCT/CN2015/079971 CN2015079971W WO2016070611A1 WO 2016070611 A1 WO2016070611 A1 WO 2016070611A1 CN 2015079971 W CN2015079971 W CN 2015079971W WO 2016070611 A1 WO2016070611 A1 WO 2016070611A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
terminal
server
copy
lock network
Prior art date
Application number
PCT/CN2015/079971
Other languages
French (fr)
Chinese (zh)
Inventor
李伟
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016070611A1 publication Critical patent/WO2016070611A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity

Definitions

  • the present invention relates to communication technologies, and in particular, to a data processing method, a server, and a terminal.
  • wireless data service terminals such as smart phones
  • data processing can be performed by means of a wireless local area network such as WIFI or a network constructed by a mobile data network provided by various major operators.
  • a scenario of data processing may be: considering that each operator in order to maintain its own interests, the control requirements of the mobile data networks provided by the operators are also higher and higher, which is mainly reflected in the operators' low competitiveness in order to improve their own competitiveness. Selling or distributing a medium containing specific identification information at a price to provide a uniquely-identified terminal with a special low-cost or subsidized service provided by the operator, and other terminals cannot enjoy the preferential service. There is a need to ensure a security issue, that is, to ensure that the carrier's specific terminal is only allowed to operate under the carrier's network to enjoy this preferential service and prohibit the use of other networks.
  • the prior art is implemented by using different lock network tools corresponding to different operator platforms or corresponding different terminal chips (such as MediaTek or Qualcomm chips), that is, using a plurality of dedicated specific lock network tools.
  • the terminal performs lock network processing to avoid being illegally cracked. Therefore, it is necessary to maintain too many dedicated specific lock network tools.
  • Different platforms or chips need to adopt different lock network policies and parameters for processing, which is inconvenient to manage; After the processing is completed, it has already reached the user's hand. If there is a problem, it needs to be returned to the factory to be re-processed. The cost of returning to the factory for maintenance is high. low efficiency. There are no effective solutions to these problems in the prior art.
  • the embodiments of the present invention are intended to provide a data processing method, a server, and a terminal, which at least solve the problems existing in the prior art.
  • a data processing method includes:
  • the server obtains first information for uniquely identifying the identity of the terminal
  • the server generates second information for performing security authentication on the terminal according to the first information.
  • the server locally saves the first information and the second information, and sends a second information copy obtained based on the second information to the terminal;
  • the server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, and when the authentication succeeds, the license confirmation is issued and sent for The fourth information of the lock network is given to the terminal.
  • the server locally stores the first information and the second information, including:
  • the server establishes and saves the first file information related to the first information by using the first information as an index;
  • the first file information includes at least the second information and the fourth information
  • the fourth information is used to perform initial lock network use on the terminal.
  • the server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, including:
  • the server acquires a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
  • the server parses the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity;
  • the server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, including:
  • the server acquires a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
  • the server parses the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity;
  • the license confirmation is issued and the fourth information for the lock network is sent to the terminal, including:
  • the first information is used as the index key information for searching, and the fourth information corresponding to the first information is extracted from the first file information. And sent to the terminal.
  • the server locally saves the first information and the second information, and sends a second information copy obtained based on the second information to the terminal, and further includes:
  • the fifth information is used to perform initial lock network use on the terminal.
  • the server before the server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, the server further includes:
  • the server acquires a second data processing request, where the second data processing request carries at least the third information submitted by the terminal, the second information copy, and the updated identification letter interest;
  • the fourth information is used to perform parameter update after the initial lock network on the terminal.
  • the server before the server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, the server further includes:
  • the server actively initiates a third data processing request, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
  • the fourth information is used to perform parameter update after the initial lock network on the terminal.
  • a data processing method includes:
  • the terminal sends a third information and a second information copy for uniquely identifying the identity of the terminal to the server, requesting authentication for obtaining fourth information for locking the network from the server.
  • the terminal sends a third information and a second information copy for uniquely identifying the identity of the terminal to the server, including:
  • the terminal When the terminal detects that there is no information for the lock network locally, the terminal encapsulates the third information and the second information copy into a first data processing request and sends the information to the server;
  • the second information copy is identical to the second information, or
  • the second copy of information is the same as the second information portion.
  • the method further includes:
  • the terminal performs an initial lock network on the medium containing the specified identification information according to the fourth information.
  • the method further includes:
  • the terminal performs an initial lock network on the medium containing the specified identification information according to the fifth information.
  • the method further includes:
  • the terminal When the terminal detects that the lock threshold information needs to be updated according to the second information copy, the terminal encapsulates the third information, the second information copy, and the updated update request information into a second data processing request. Give the server;
  • the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  • the method further includes:
  • the terminal Receiving, by the terminal, a third data processing request initiated by the server, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
  • the terminal receives the fourth information after the server is successfully authenticated, and the fourth information is further used to perform parameter update after the initial lock network on the terminal;
  • the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  • the server includes:
  • a first acquiring unit configured to acquire first information for uniquely identifying a terminal identity
  • An information generating unit configured to generate second information for performing security authentication on the terminal according to the first information
  • a storage unit configured to locally save the first information and the second information
  • a first sending unit configured to send a second information copy obtained based on the second information to the terminal
  • the authentication unit is configured to compare the third information and the second information copy obtained from the terminal with the locally saved first information and the second information for authentication of the security authentication, and issue the license when the authentication succeeds Confirming and transmitting the fourth information for the lock network to the terminal.
  • the storage unit is further configured to establish, by using the first information as an index, first file information related to the first information and save the information;
  • the first file information includes at least the second information and the fourth information
  • the fourth information is used to perform initial lock network use on the terminal.
  • the authentication unit includes:
  • the first processing sub-unit is configured to acquire a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
  • a parsing subunit configured to parse the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity
  • the comparison subunit is configured to compare that the second information copy is identical to the second information, and the third information is the same as the first information, and the authentication of the security authentication is successful.
  • the authentication unit further includes:
  • the first processing sub-unit is configured to acquire a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
  • a parsing subunit configured to parse the first data request by the server to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity
  • Comparing the sub-units configured to compare the second information copy with the second information part, and perform operations on the second information copy and the second information according to a preset rule, if the operation result is a match And the third information is the same as the first information, and the authentication of the security authentication is successful.
  • the authentication unit further includes:
  • the first information is used as index key information for searching to extract fourth information corresponding to the first information from the first file information, and is sent to the terminal.
  • the first sending unit is further configured to send the fifth information for locking the network to the terminal before or at the same time of transmitting the second information copy;
  • the fifth information is used to perform initial lock network use on the terminal.
  • the server further includes:
  • a second acquiring unit configured to acquire a second data processing request, where the second data processing request carries at least the third information submitted by the terminal, the second information copy, and the identifier information that is requested to be updated;
  • the fourth information is further used to perform parameter update after the initial lock network on the terminal.
  • the server further includes:
  • a second sending unit configured to actively initiate a third data processing request, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
  • the fourth information is further used to perform parameter update after the initial lock network on the terminal.
  • the unit, the license issuance subunit, the second acquisition unit, and the second sending unit may use a central processing unit (CPU), a digital signal processor (DSP, Digital Singnal Processor) when performing processing. ) or programmable logic array (FPGA, Field-Programmable Gate Array) implementation.
  • CPU central processing unit
  • DSP digital signal processor
  • FPGA Field-Programmable Gate Array
  • a first receiving unit configured to receive a second information copy obtained based on the second information
  • a third sending unit configured to send a third information and a second information copy for uniquely identifying the identity of the terminal to the server, requesting authentication for acquiring fourth information for locking the network from the server.
  • the terminal further includes:
  • the first detecting unit is configured to detect whether there is local information for locking the network, obtain a first detection result, and send the result to the third sending unit;
  • the third sending unit is further configured to: when the first detection result is that there is no information for locking the network locally, the third information and the second information copy are encapsulated and sent to the first data processing request. Give the server;
  • the second information copy is identical to the second information, or
  • the second copy of information is the same as the second information portion.
  • the terminal further includes:
  • a second receiving unit configured to receive the fourth information after receiving the second information copy, where the fourth information is used to perform initial lock network use on the terminal;
  • the lock network unit is configured to perform an initial lock network on the medium containing the specified identification information according to the fourth information.
  • the first receiving unit is further configured to receive the fifth information for locking the network before or at the same time receiving the copy of the second information
  • the terminal further includes:
  • the lock network unit is configured to: the terminal performs an initial lock network on the medium containing the specified identification information according to the fifth information.
  • the terminal further includes:
  • the second detecting unit is configured to: according to the second information copy detecting whether the effective threshold is reached, the lock network information needs to be updated, and the second detection result is obtained and sent to the third sending unit;
  • the third sending unit is further configured to: when the second detection result is that the lock network information needs to be updated to reach the effective threshold, the third information, the second information copy, and the update information of the request update are encapsulated into the second The data processing request is sent to the server;
  • the second receiving unit is further configured to receive the fourth information, where the fourth information is further used to perform parameter update after the initial locking of the terminal;
  • the lock network unit is further configured to: the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  • the second receiving unit is further configured to receive a third data processing request initiated by the server, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated; After the success of the right, the fourth information is received, and the fourth information is further used to perform parameter update after the initial lock network on the terminal;
  • the lock network unit is further configured to perform a lock network update on the medium containing the specified identification information according to the fourth information.
  • the first receiving unit, the third sending unit, the first detecting unit, the second receiving unit, the lock net unit, and the second detecting unit may adopt a central processing unit when performing processing (CPU, Central Processing Unit), digital signal processor (DSP, Digital Singnal Processor) or Programmable Array Array (FPGA).
  • CPU Central Processing Unit
  • DSP Digital Singnal Processor
  • FPGA Programmable Array Array
  • the method of the embodiment of the present invention includes: the server acquires first information for uniquely identifying the identity of the terminal; the server generates second information for performing security authentication on the terminal according to the first information; and the server locally saves the first information and the Transmitting the second information, sending a second information copy obtained based on the second information to the terminal; the server compares the third information and the second information copy acquired from the terminal with the locally saved first information and the second information For the authentication for security authentication, when the authentication succeeds, a license confirmation is issued and the fourth information for the lock network is sent to the terminal.
  • the network locking tool is not needed in the scenario of the lock network. Therefore, for a plurality of platforms, multiple chips, etc., a plurality of dedicated specific lock network tools are used to terminate the terminal.
  • the limitation of the lock network processing is achieved, thereby achieving the effect of not requiring maintenance of a dedicated dedicated lock network tool, and improving the convenience of management; and, through such remote management, even if the terminal processing has reached the user's hand, there is a problem. It also does not need to be returned to the factory for re-processing, and can be remotely managed through the server, thus reducing the maintenance of returning to the factory. This also improves processing efficiency.
  • FIG. 3 is a schematic structural diagram of a server embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a terminal embodiment of the present invention.
  • FIG. 5 is a schematic diagram of establishing a file by a production line terminal of an application scenario according to an embodiment of the present invention
  • FIG. 6 is a flow chart of implementing a lock network for applying the file created in FIG. 5.
  • the embodiment of the invention provides a data processing method. As shown in FIG. 1 , the method includes:
  • Step 101 The server acquires first information for uniquely identifying the identity of the terminal.
  • the first information may be a hardware ID.
  • Step 102 The server generates second information for performing security authentication on the terminal according to the first information.
  • the second information may be various certificate information for digital encryption and digital signature.
  • Step 103 The server locally saves the first information and the second information, and sends a second information copy obtained based on the second information to the terminal.
  • the second information copy may be identical to the second information; or may be the same as the second information part, for example, the second information copy may include at least the second information, as long as security authentication can be achieved. .
  • Step 104 The server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, and issues a license confirmation when the authentication succeeds. Sending fourth information for the lock network to the terminal.
  • the fourth information may be a lock network parameter for locking a SIM card, so that the uniquely-identified terminal provides a preferential service such as a specific low price or subsidy provided by the operator, and other terminals cannot enjoy the same.
  • the preferential service that is, to ensure that the specific terminal of the operator is only allowed to operate under the network of the operator, to enjoy the preferential service, prohibiting the use of other networks.
  • the limitation of using a plurality of dedicated specific lock network tools to lock the network of the terminal is eliminated, thereby achieving a dedicated lock that does not require excessive maintenance.
  • the effect of the network tool improves the convenience of management; Moreover, through this remote management, even if the terminal has finished processing, it has reached the user's hand, and there is a problem that it does not need to be returned to the factory to be reprocessed, and the remote management can be performed through the server. Reduced the cost of returning to the factory and increased processing efficiency.
  • the server locally saves the first information and the second information, including: the server establishes, by using the first information as an index, a first information related to the first information. And storing the file information; the first file information includes at least the second information and the fourth information.
  • the fourth information is used for initial lock network use of the terminal.
  • the server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, including :
  • A1 The server acquires a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal.
  • the first data processing request may be to issue a prototype usage permission request to obtain a lock network parameter for performing subsequent lock network processing, and the permission request may also be referred to as a lock network request.
  • the server parses the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity.
  • the third information is similar to the first information, and is also information of a hardware ID class. As with the first information, it may be different, and the authentication is performed by subsequent authentication.
  • the second information is identical to the second information, and the third information is the same as the first information, and the authentication of the security authentication is successful.
  • the server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, including :
  • the server acquires a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal.
  • the first data processing request may be to issue a prototype usage permission request to obtain a lock network parameter for performing subsequent lock network processing, and the permission request may also be referred to as a lock network request.
  • the server parses the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity.
  • the third information is similar to the first information, and is also information of a hardware ID class, which may be the same as or different from the first information, and is authenticated by subsequent authentication.
  • the implementation of the above A1-A3 is that the second information copy is identical to the second information, and no operation is required, and the implementation of the B1-B3 is that the second information copy is the same as the second information part, and the operation is required. If the operation result is a match, and the third information is the same as the first information, the authentication of the security authentication is successful.
  • a license confirmation is issued and the fourth information for the network is sent to the terminal, including:
  • the server After the server successfully authenticates the security authentication of the terminal, extracting, by using the first information as index key information for searching, the first information pair from the first file information.
  • the fourth information should be sent to the terminal.
  • the server locally saves the first information and the second information, and sends a second information copy obtained based on the second information to the terminal, further comprising: sending, by the server The fifth information for the lock network is also sent to the terminal before or at the same time as the second information copy.
  • the fifth information is used for initial lock network use of the terminal.
  • a scenario is to initially send only a certificate, that is, if the terminal is a mobile phone, the mobile phone does not have a lock network parameter when it is sold, and then sends a hardware ID to the server to request a lock network parameter.
  • the server will send the terminal to the terminal;
  • another scenario is to send the certificate and the lock network parameters initially, that is to say, for the terminal to be the mobile phone, the mobile phone has the lock network parameter when it is sold, and then sends the hardware ID to the server. This is done in order to update the lock network parameters.
  • the server will send the updated lock network parameters to the terminal. This is a different remote management of the two server-to-terminal.
  • the server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication.
  • the method further includes: the server acquiring a second data processing request, where the second data processing request carries at least the third information submitted by the terminal, the second information copy, and identifier information that is requested to be updated.
  • the fourth information is used to perform parameter update after the initial lock on the terminal.
  • the server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication.
  • the method further includes: the server actively initiating a third data processing request, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated.
  • the fourth information is used to perform parameter update after the initial lock on the terminal.
  • the embodiment of the invention provides a data processing method. As shown in FIG. 2, the method includes:
  • Step 201 The terminal receives a second information copy obtained based on the second information.
  • Step 202 The terminal sends a third information and a second information copy for uniquely identifying the identity of the terminal to the server, and requests authentication for obtaining fourth information for locking the network from the server.
  • the terminal sends a third information and a second information copy for uniquely identifying the identity of the terminal to the server, including: when the terminal detects that there is no information for the network to be locked locally, The terminal encapsulates the third information and the second information copy into a first data processing request and sends the copy to the server.
  • the second information copy is identical to the second information, or the second information copy is identical to the second information portion.
  • the method further includes:
  • the terminal receives the fourth information after receiving the second information copy, where the fourth information is used to perform initial lock network use on the terminal.
  • the terminal performs initial lock network on the medium containing the specified identification information according to the fourth information.
  • the medium containing the specified identification information may be a SIM card or a USIM card.
  • a scenario in which the embodiment of the present invention is used is: the terminal finds that there is no lock network data, and can request data such as lock network parameters from an authorized server through the Internet or other connection path.
  • Each operation uses data such as lock network parameters issued by the server, such as a lock network list to determine whether the SIM card inserted by the user is a legitimate card.
  • the server can only write important certificate information on the production line terminal.
  • the network accesses the authorized server to obtain data such as the lock network parameters. In this case, any shipping prototype can wait. After the sales are given to the user, the network is locked. For the unsold inventory, because the network is not locked, it is not necessary to increase the huge maintenance caused by the re-locking rework caused by the traditional prototype shipment. cost.
  • the method further includes:
  • the terminal receives the lock for the network before or at the same time receiving the copy of the second information. Fifth message.
  • the terminal performs initial lock network on the medium containing the specified identification information according to the fifth information.
  • the terminal when the second information replica detects that the valid threshold is reached, needs to update the lock network information, and encapsulates the third information, the second information replica, and the identifier information that is requested to be updated into the second data processing request. Sent to the server.
  • the certificate information can be used for 2 years, and after 2 years, the lock network information needs to be re-applied, and the threshold is 2 years.
  • the terminal receives the fourth information, where the fourth information is further used to perform parameter update after initial locking of the terminal.
  • the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  • an application scenario may be: the server issues a certificate at the time of production, and the authorized center locks the network, and then directly delivers the product. In this case, if the rework is re-locked in the later stage, only the need is needed. Erase the important data such as the lock network parameters of the prototype, and then obtain the important parameters for the first time or the lock network information is issued by the authorization center.
  • the method further includes:
  • the terminal Receiving, by the terminal, a third data processing request initiated by the server, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
  • the terminal receives the fourth information after the server is successfully authenticated, and the fourth information is further used to perform parameter update after the initial lock network on the terminal;
  • the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  • the server includes:
  • the first obtaining unit 11 is configured to acquire first information for uniquely identifying the identity of the terminal;
  • the information generating unit 12 is configured to generate second information for performing security authentication on the terminal according to the first information.
  • the storage unit 13 is configured to locally save the first information and the second information
  • the first sending unit 14 is configured to send a second information copy obtained based on the second information to the terminal;
  • the authentication unit 15 is configured to compare the third information and the second information copy obtained from the terminal with the locally saved first information and the second information to perform authentication of the security authentication, and issue the authentication when the authentication succeeds.
  • the license confirms and sends the fourth information for the lock to the terminal.
  • the storage unit is configured to establish, by using the first information as an index, first file information related to the first information, and save the information;
  • the first file information includes at least the second information and the fourth information
  • the fourth information is used to perform initial lock network use on the terminal.
  • the authentication unit includes:
  • the first processing sub-unit is configured to acquire a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
  • a parsing subunit configured to parse the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity
  • the comparison subunit is configured to compare that the second information copy is identical to the second information, and the third information is the same as the first information, and the authentication of the security authentication is successful.
  • the authentication unit includes:
  • the first processing sub-unit is configured to acquire a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
  • a parsing subunit configured to parse the first data request by the server to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity
  • Comparing the sub-units configured to compare the second information copy with the second information part, and perform operations on the second information copy and the second information according to a preset rule, if the operation result is a match And the third information is the same as the first information, and the authentication of the security authentication is successful.
  • the authentication unit further includes:
  • a license issuance sub-unit configured to: after the authentication of the security authentication of the terminal is successful, extract the first information as index key information for searching, and extract, from the first file information, the first information The fourth information is sent to the terminal.
  • the first sending unit is configured to send a fifth information for locking the network to the terminal before or at the same time of transmitting the second information copy;
  • the fifth information is used to perform initial lock network use on the terminal.
  • the server further includes:
  • a second acquiring unit configured to acquire a second data processing request, where the second data processing request carries at least the third information submitted by the terminal, the second information copy, and the identifier information that is requested to be updated;
  • the fourth information is used to perform parameter update after the initial lock network on the terminal.
  • the server further includes:
  • a second sending unit configured to actively initiate a third data processing request, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
  • the fourth information is used to perform parameter update after the initial lock network on the terminal.
  • the terminal includes:
  • the first receiving unit 21 is configured to receive a second information copy obtained based on the second information
  • the third sending unit 22 is configured to send third information and a third identifier for uniquely identifying the identity of the terminal. A copy of the information is sent to the server, requesting authentication for obtaining the fourth information for the lock network from the server.
  • the terminal further includes:
  • the first detecting unit is configured to detect whether there is local information for locking the network, obtain a first detection result, and send the result to the third sending unit;
  • the third sending unit is configured to: when the first detection result is that there is no information for the network lock, the third information and the second information copy are encapsulated into the first data processing request and sent to server;
  • the second information copy is identical to the second information, or
  • the second copy of information is the same as the second information portion.
  • the terminal further includes:
  • a second receiving unit configured to receive the fourth information after receiving the second information copy, where the fourth information is used to perform initial lock network use on the terminal;
  • the lock network unit is configured to perform an initial lock network on the medium containing the specified identification information according to the fourth information.
  • the first receiving unit is configured to receive, after receiving the second information copy, or the fifth information for locking the network
  • the terminal further includes:
  • the lock network unit is configured to: the terminal performs an initial lock network on the medium containing the specified identification information according to the fifth information.
  • the terminal further includes:
  • the second detecting unit is configured to: according to the second information copy detecting whether the effective threshold is reached, the lock network information needs to be updated, and the second detection result is obtained and sent to the third sending unit;
  • the third sending unit is configured to: when the second detection result is that the lock network information needs to be updated when the effective threshold is reached, the third information, the second information copy, and the identifier information that is requested to be updated are encapsulated into the second data. Send the request to the server;
  • the second receiving unit is configured to receive the fourth information, where the fourth information is further used to perform parameter update after the initial locking of the terminal;
  • the lock network unit is configured to: the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  • the second receiving unit is configured to receive a third data processing request initiated by the server, where the third data processing request carries at least the first information, and the request is updated. Identification information; after the server is successfully authenticated, the fourth information is received, and the fourth information is further used to update the parameter after the initial lock network of the terminal;
  • the lock network unit is configured to perform a lock network update on the medium containing the specified identification information according to the fourth information.
  • the application scenario of the embodiment of the present invention is directed to a wireless network-based lock network technology for a wireless data terminal device.
  • each operator has a control requirement for the operator network in order to maintain its interests.
  • Increasingly high mainly reflected in the operators to sell their infinite number of terminal equipment at low prices in order to improve their competitiveness; the same number of data service terminals in the form of subsidies, the security requirements are also the highest, security is reflected in
  • the operator's terminal is only allowed to operate under the operator's network, and other networks are prohibited.
  • the control of the network is controlled by important parameters such as MCC/MNC of the SIM card of the mobile phone.
  • the user can only use it.
  • the SIM card that matches the terminal device is used, and the SIM card that does not match the MCC/MNC of the competing card is refused to be used for the purpose of protecting the interests of the operator.
  • lock network The control, protection and maintenance of the SIM card parameter information written by the data terminal are collectively referred to as lock network; in addition to the traditional lock network (compared to MCC, MNC), the lock network usually has a lock subnet (compared to MCC, MNC, 6 digits of IMSI and 7 digits of IMSI), lock company (comparing SIM card MCC, MCC and GID1), etc., such as MCC, MNC, GID1 and other parameters, collectively referred to as lock network Parameters, which are sensitive and are also the focus of protection.
  • the lock network parameters can be written to the data terminal by a tool called a lock network tool.
  • the wireless data terminal is networked, it is controlled by the network for the server for the lock network authorization (such as the server embodiment 1 and various specific implementation manners described in the foregoing embodiments), thereby
  • the advantages are: it can improve production efficiency, reduce production cost and post-maintenance cost of terminal equipment, and can also uniformly manage all equipments through the server authorized by the lock network, such as remote management such as locking, re-locking or unlocking.
  • the application scenario is directed to the above-mentioned problems of the prior art, and aims to reduce the production and maintenance cost for the terminal manufacturer's lock network related solution, and realize convenient remote management through the server authorized by the lock network.
  • An authorized server can also be called a lock network authorization center server or an authorization center server.
  • the specific name is not limited.
  • a server to describe as follows:
  • the server writes the certificate information to the prototype (the certificate information includes the unique hardware ID information of the prototype, and the form thereof may be various, for example, using the root private key of the lock network authorization center server, its hardware ID and some important information. Signature data, etc.), and establish file information (including operator information, product type, shipping area, expecting important information such as MCC/MNC of the lock network, etc.) on the server.
  • the file is created.
  • the prototype request or the server license is issued by the server (that is, important data such as lock network parameters, such important data. Contains the encrypted or signed data of the unique hardware ID or other unique information of the prototype), that is, the user can use it after authorization; when the service life reaches 2 years or a specified number of years, the user can also apply for a server unlock request, and the server can decide whether to request according to the demand. Unlock the user or issue a new certificate.
  • the function of the server is not limited to the above functions, and may also have functions: for example, the form can only write important certificate information on the production line, and the user joins the server after first inserting the SIM card. Important data such as lock network parameters, in this case, any one of the shipping prototypes can be sold to the user to get the hand and then lock the net. For the unsold inventory prototype, because the net is not locked, it is not necessary to increase the shipment due to the traditional prototype. The net reason for the increase in re-locking network rework brings huge maintenance costs.
  • the function of the server can also have functions: for example, the form can also be issued at the time of production, and the authorized center locks the network, and then directly delivers the goods. In this case, if the rework is re-locked in the later stage, only the prototype is needed. Important data such as lock network parameters are erased, and then important data such as lock network parameters are obtained online for the first time or important data such as lock network parameters are uniformly issued by the server.
  • the function of the server can also have functions: for example, the form also includes unified management of the test prototype, such as the test prototype can issue a certificate, assign a management right of the test prototype, can reduce the front or the test staff because of the frequent need to test multiple Projects, while the risk of leaking the lock-net tool required by repeated locks can also reduce or add extra costs due to frequent mailing of prototypes.
  • the form also includes unified management of the test prototype, such as the test prototype can issue a certificate, assign a management right of the test prototype, can reduce the front or the test staff because of the frequent need to test multiple Projects, while the risk of leaking the lock-net tool required by repeated locks can also reduce or add extra costs due to frequent mailing of prototypes.
  • Message 1 During the production process, the production line interacts with the terminal through the lock network tool to obtain the message flow for writing the hardware ID permission. Only if the return is successful, the lock network tool has permission to write data to The terminal cannot obtain this permission for illegal users and cannot write information such as hardware ID.
  • the lock network tool randomly generates a hardware ID, and sends the hardware ID to the terminal.
  • the terminal first checks whether there is a hardware ID. If the hardware ID already exists, the test returns the existing hardware ID to the lock network tool; if the hardware ID does not exist, Then write the hardware ID, and then return the written hardware ID to the lock network tool.
  • This message can also contain other important information and additional information in addition to the hardware ID.
  • the lock network tool is connected to the server for the lock network authorization through the network or other connection mode, or the connection to the server for the lock network authorization is updated after the temporary server is connected.
  • the information for applying for permission includes important identity information such as the ID of the lock network tool, so that the server used for the lock network authorization can determine its identity. Only the authorized lock network tool can apply for the permission of the server for the lock network authorization, which greatly improves the data security.
  • the lock network tool obtains the root public key rPb of the server from the server for the lock network authorization and the unique certificate issued by the server to the terminal, and a pair of random public and private keys Pb and Pi are used for interaction in the data communication process or Encrypted and decrypted.
  • the lock network tool returns the result obtained from the message 4 to the terminal, so that the terminal saves the public and private key and the data information such as the signature, so as to be used for subsequent lock network or re-locking.
  • the lock network tool requests the server for the lock network authorization to create a file for the terminal with the hardware ID "Id”.
  • the terminal requests the server for the lock network authorization to lock the network according to its own hardware ID and certificate information and requests to establish a connection. After the server for the lock network authorization verifies the identity of the terminal, the terminal establishes a connection of the terminal. And query the operator information corresponding to the hardware ID from the operator list, and then obtain important data such as the lock network of the prototype from the information.
  • the terminal requests important information such as lock network parameters from the server used for the lock network authorization.
  • Service The device obtains data such as a lock network according to the hardware ID, and then encrypts the data and the hardware ID according to the server root private key, and then sends the information to the terminal.
  • the terminal device verifies and saves the lock network information. When it is found that the lock network information has been saved during the next development, it is no longer necessary to request the server lock network for the lock network authorization.
  • Each operation uses the lock net list issued by the center to determine whether the SIM card inserted by the user is a legal card.
  • the server of the application scenario may be used to store the hardware ID of the data terminal, the certificate information, and the necessary carrier information, the communication public and private key, and the lock data parameter information expected by the operator.
  • the lock network data can be requested from the server through the Internet or other connection means.
  • the server can also modify the lock parameters or other important parameters of the specified prototype in some cases.
  • the lock network tool of this application scenario is not required, but the lock network tool can be used when writing data to the terminal to create a file.
  • the lock network tool interacts with the server and writes the hardware ID (uniquely identifies the serial number of the device) to The non-erasable partition of the terminal.
  • the terminal of this application scenario writes the hardware ID through the lock network tool during the production line production.
  • it can interact with the server and request the lock network parameters from the server. Once the lock network parameters are successful, there is no need to request them later. Similarly, the operator can delete the lock network parameters by instruction, and then request the lock network from the server again, that is, grant the function of relocking the network.
  • the server is not limited to the operation of a certain platform prototype, it can realize unified lock network of multiple platforms, no longer distinguish whether the prototype is Qualcomm platform, MediaTek (MTK) platform, Marvell platform, etc., as long as it meets the requirements.
  • Data transmission mode or interface can be unified management; it is not limited to a specific connection mode, and can be wireless communication mode or direct connection mode supported by any device, as long as it conforms to the specified data transmission mode or interface.
  • the terminal is remotely managed by the server for the lock network authorization, such as the lock network processing, and the terminal file is established by the prototype before the lock network processing, and the subsequent use is performed.
  • the file is locked and processed, and this is done on the terminal device.
  • the method of remote maintenance not only reduces the risk of using the wrong lock network tool on the production line, but also reduces the after-sales maintenance cost. For the action of relocking the net, it is not necessary to return to the factory for maintenance, which greatly reduces the after-sales maintenance cost.
  • the integrated modules described in the embodiments of the present invention may also be stored in a computer readable storage medium if they are implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions.
  • a computer device (which may be a personal computer, server, or network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
  • embodiments of the invention are not limited to any specific combination of hardware and software.
  • the embodiment of the present invention further provides a computer storage medium, wherein a computer program is stored, and the computer program is used to execute the data processing method of the embodiment of the present invention.
  • the network locking tool is not needed in the scenario of the lock network. Therefore, for a plurality of platforms, multiple chips, etc., a plurality of dedicated specific lock network tools are used to terminate the terminal.
  • the limitation of the lock network processing is achieved, thereby achieving the effect of not requiring maintenance of a dedicated dedicated lock network tool, and improving the convenience of management; and, through such remote management, even if the terminal processing has reached the user's hand, there is a problem. It also does not need to be returned to the factory for reprocessing. It can be remotely managed through the server, which reduces the cost of returning to the factory and improves the processing efficiency.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Disclosed in the present invention are a method for processing data, a server and a terminal, wherein the method includes a method for processing data, and the method includes: the server acquires first information for uniquely identifying the identity of the terminal; the server generates second information for security authentication of the terminal according to the first information; the server stores the first information and the second information locally, and sends to the terminal a copy of the second information obtained on the basis of the second information; the server performs security authentication by comparing third information and the copy of second information both obtained from the terminal with the first information and the second information stored locally, and when the authentication is passed, issues a permission confirmation and sends to the terminal fourth information for locking network.

Description

一种数据处理方法、服务器及终端Data processing method, server and terminal 技术领域Technical field
本发明涉及通信技术,尤其涉及一种数据处理方法、服务器及终端。The present invention relates to communication technologies, and in particular, to a data processing method, a server, and a terminal.
背景技术Background technique
本申请发明人在实现本申请实施例技术方案的过程中,至少发现相关技术中存在如下技术问题:In the process of implementing the technical solutions of the embodiments of the present application, at least the following technical problems exist in the related technologies:
无线数据业务终端如智能手机的日益普及化和更加智能化,使得采用例如智能手机这种终端进行大量的数据处理成为可能,随着2G/3G,甚至是4G时代的到来,对于现今的大数据时代,可以借助WIFI这种无线局域网络,或者各大运营商提供的移动数据网络构建的网络来进行数据处理。The increasing popularity and intelligence of wireless data service terminals, such as smart phones, makes it possible to use a terminal such as a smart phone for a large amount of data processing, with the arrival of 2G/3G and even the 4G era, for today's big data. In the era, data processing can be performed by means of a wireless local area network such as WIFI or a network constructed by a mobile data network provided by various major operators.
数据处理的一个场景可以是:考虑到各运营商为了维护其自身利益,对运营商各自提供的移动数据网络的控制要求也越来越高,主要体现在运营商为了提高自身竞争力,而低价售出或以补贴形式销售含有特定识别信息的介质,以对唯一标识的终端提供该运营商所提供的特定低价或补贴等优惠服务,其他终端不能享受这种优惠服务,这种特定性就需要确保一个安全性的问题,即需要确保该运营商的特定终端只允许在该运营商的网络下运行,以享受这种优惠服务,禁止使用其它网络。A scenario of data processing may be: considering that each operator in order to maintain its own interests, the control requirements of the mobile data networks provided by the operators are also higher and higher, which is mainly reflected in the operators' low competitiveness in order to improve their own competitiveness. Selling or distributing a medium containing specific identification information at a price to provide a uniquely-identified terminal with a special low-cost or subsidized service provided by the operator, and other terminals cannot enjoy the preferential service. There is a need to ensure a security issue, that is, to ensure that the carrier's specific terminal is only allowed to operate under the carrier's network to enjoy this preferential service and prohibit the use of other networks.
目前为了确保安全性,现有技术是采用对应不同运营商平台或对应不同终端芯片(如联发科或高通的芯片)的不同锁网工具进行,也就是说,采用多种专用的特定锁网工具对终端进行锁网处理,避免被非法破解,那么,需要维护过多的专用的特定锁网工具,不同平台或芯片需采取不同的锁网策略及参数进行处理,管理起来很不方便;如果对终端处理完毕已经到了用户手里,有问题需要返厂才能重新处理,返厂维护的成本高,处理 效率低。对于现有技术存在的这些问题,并未存在有效的解决方案。At present, in order to ensure security, the prior art is implemented by using different lock network tools corresponding to different operator platforms or corresponding different terminal chips (such as MediaTek or Qualcomm chips), that is, using a plurality of dedicated specific lock network tools. The terminal performs lock network processing to avoid being illegally cracked. Therefore, it is necessary to maintain too many dedicated specific lock network tools. Different platforms or chips need to adopt different lock network policies and parameters for processing, which is inconvenient to manage; After the processing is completed, it has already reached the user's hand. If there is a problem, it needs to be returned to the factory to be re-processed. The cost of returning to the factory for maintenance is high. low efficiency. There are no effective solutions to these problems in the prior art.
发明内容Summary of the invention
有鉴于此,本发明实施例希望提供一种数据处理方法、服务器及终端,至少解决了现有技术存在的问题。In view of this, the embodiments of the present invention are intended to provide a data processing method, a server, and a terminal, which at least solve the problems existing in the prior art.
本发明实施例的技术方案是这样实现的:The technical solution of the embodiment of the present invention is implemented as follows:
本发明实施例的一种数据处理方法,所述方法包括:A data processing method according to an embodiment of the present invention, the method includes:
服务器获取用于唯一标识终端身份的第一信息;The server obtains first information for uniquely identifying the identity of the terminal;
服务器根据所述第一信息生成对终端进行安全性认证的第二信息;The server generates second information for performing security authentication on the terminal according to the first information.
服务器本地保存所述第一信息和所述第二信息,发送基于所述第二信息得到的第二信息副本给终端;The server locally saves the first information and the second information, and sends a second information copy obtained based on the second information to the terminal;
服务器将从所述终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权,鉴权成功时颁发许可确认并发送用于锁网的第四信息给所述终端。The server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, and when the authentication succeeds, the license confirmation is issued and sent for The fourth information of the lock network is given to the terminal.
上述方案中,所述服务器本地保存第一信息和第二信息,包括:In the above solution, the server locally stores the first information and the second information, including:
所述服务器以所述第一信息为索引建立与所述第一信息相关的第一档案信息并保存;The server establishes and saves the first file information related to the first information by using the first information as an index;
所述第一档案信息中至少包括所述第二信息和所述第四信息;The first file information includes at least the second information and the fourth information;
所述第四信息用于对所述终端进行初始锁网使用。The fourth information is used to perform initial lock network use on the terminal.
上述方案中,所述服务器将从终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权,包括:In the above solution, the server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, including:
所述服务器获取第一数据处理请求,所述第一数据处理请求中至少携带所述终端提交的所述第三信息和所述第二信息副本;The server acquires a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
所述服务器解析所述第一数据请求,得到所述第三信息和第二信息副本,所述第三信息用于唯一标识终端身份;The server parses the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity;
比对出所述第二信息副本与所述第二信息完全相同,且所述第三信息 与所述第一信息相同,则安全性认证的鉴权成功。Comparing the second information copy with the second information, and the third information The same as the first information, the authentication of the security authentication is successful.
上述方案中,所述服务器将从终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权,包括:In the above solution, the server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, including:
所述服务器获取第一数据处理请求,所述第一数据处理请求中至少携带所述终端提交的所述第三信息和所述第二信息副本;The server acquires a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
所述服务器解析所述第一数据请求,得到所述第三信息和第二信息副本,所述第三信息用于唯一标识终端身份;The server parses the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity;
比对出所述第二信息副本与所述第二信息部分相同,按照预设规则对所述第二信息副本与所述第二信息进行运算,若运算结果为匹配,且所述第三信息与所述第一信息相同,则安全性认证的鉴权成功。Comparing the second information copy with the second information part, performing operations on the second information copy and the second information according to a preset rule, if the operation result is a match, and the third information The same as the first information, the authentication of the security authentication is successful.
上述方案中,所述鉴权成功时颁发许可确认并发送用于锁网的第四信息给所述终端,包括:In the above solution, when the authentication succeeds, the license confirmation is issued and the fourth information for the lock network is sent to the terminal, including:
所述服务器对所述终端的安全性认证鉴权成功后,将所述第一信息作为用于搜索的索引关键信息从所述第一档案信息中提取与所述第一信息对应的第四信息,并发送给所述终端。After the server successfully authenticates the security authentication of the terminal, the first information is used as the index key information for searching, and the fourth information corresponding to the first information is extracted from the first file information. And sent to the terminal.
上述方案中,所述服务器本地保存所述第一信息和所述第二信息,发送基于所述第二信息得到的第二信息副本给终端,还包括:In the above solution, the server locally saves the first information and the second information, and sends a second information copy obtained based on the second information to the terminal, and further includes:
所述服务器发送第二信息副本之前或同时,还发送用于锁网的第五信息给所述终端;Before the server sends the second information copy or at the same time, sending the fifth information for locking the network to the terminal;
所述第五信息用于对所述终端进行初始锁网使用。The fifth information is used to perform initial lock network use on the terminal.
上述方案中,所述服务器将从所述终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权之前,还包括:In the foregoing solution, before the server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, the server further includes:
所述服务器获取第二数据处理请求,所述第二数据处理请求中至少携带所述终端提交的所述第三信息、所述第二信息副本、请求更新的标识信 息;The server acquires a second data processing request, where the second data processing request carries at least the third information submitted by the terminal, the second information copy, and the updated identification letter interest;
所述第四信息用于对所述终端进行初始锁网后的参数更新使用。The fourth information is used to perform parameter update after the initial lock network on the terminal.
上述方案中,所述服务器将从所述终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权之前,还包括:In the foregoing solution, before the server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, the server further includes:
所述服务器主动发起第三数据处理请求,所述第三数据处理请求中至少携带所述第一信息、请求更新的标识信息;The server actively initiates a third data processing request, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
所述第四信息用于对所述终端进行初始锁网后的参数更新使用。The fourth information is used to perform parameter update after the initial lock network on the terminal.
本发明实施例的一种数据处理方法,所述方法包括:A data processing method according to an embodiment of the present invention, the method includes:
终端收到基于所述第二信息得到的第二信息副本;Receiving, by the terminal, a second information copy obtained based on the second information;
终端发送用于唯一标识终端身份的第三信息和第二信息副本给服务器,请求鉴权以用于从服务器获取用于锁网的第四信息。The terminal sends a third information and a second information copy for uniquely identifying the identity of the terminal to the server, requesting authentication for obtaining fourth information for locking the network from the server.
上述方案中,所述终端发送用于唯一标识终端身份的第三信息和第二信息副本给服务器,包括:In the above solution, the terminal sends a third information and a second information copy for uniquely identifying the identity of the terminal to the server, including:
所述终端检测到本地不存在用于锁网的信息时,则所述终端将所述第三信息和所述第二信息副本封装到第一数据处理请求中发送给服务器;When the terminal detects that there is no information for the lock network locally, the terminal encapsulates the third information and the second information copy into a first data processing request and sends the information to the server;
所述第二信息副本与所述第二信息完全相同,或者,The second information copy is identical to the second information, or
所述第二信息副本与所述第二信息部分相同。The second copy of information is the same as the second information portion.
上述方案中,所述方法还包括:In the above solution, the method further includes:
所述终端在收到所述第二信息副本之后接收到所述第四信息,所述第四信息用于对所述终端进行初始锁网使用;Receiving, by the terminal, the fourth information after receiving the second information copy, where the fourth information is used to perform initial lock network use on the terminal;
所述终端根据所述第四信息对含有指定识别信息的介质进行初始锁网。The terminal performs an initial lock network on the medium containing the specified identification information according to the fourth information.
上述方案中,所述方法还包括:In the above solution, the method further includes:
所述终端在收到所述第二信息副本之前或同时接收到用于锁网的第五 信息;Receiving, by the terminal, the fifth for locking the network before or at the same time receiving the copy of the second information information;
所述终端根据所述第五信息对含有指定识别信息的介质进行初始锁网。The terminal performs an initial lock network on the medium containing the specified identification information according to the fifth information.
上述方案中,所述方法还包括:In the above solution, the method further includes:
所述终端根据所述第二信息副本检测到达到有效阈值需要更新锁网信息时,将所述第三信息、所述第二信息副本、请求更新的标识信息封装到第二数据处理请求中发送给服务器;When the terminal detects that the lock threshold information needs to be updated according to the second information copy, the terminal encapsulates the third information, the second information copy, and the updated update request information into a second data processing request. Give the server;
所述终端接收到所述第四信息,所述第四信息还用于对所述终端进行初始锁网后的参数更新使用;Receiving, by the terminal, the fourth information, where the fourth information is further used to perform parameter update after initial locking of the terminal;
所述终端根据所述第四信息对含有指定识别信息的介质进行锁网更新。The terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
上述方案中,所述方法还包括:In the above solution, the method further includes:
所述终端收到服务器主动发起的第三数据处理请求,所述第三数据处理请求中至少携带所述第一信息、请求更新的标识信息;Receiving, by the terminal, a third data processing request initiated by the server, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
所述终端在服务器鉴权成功后接收到所述第四信息,所述第四信息还用于对所述终端进行初始锁网后的参数更新使用;The terminal receives the fourth information after the server is successfully authenticated, and the fourth information is further used to perform parameter update after the initial lock network on the terminal;
所述终端根据所述第四信息对含有指定识别信息的介质进行锁网更新。The terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
本发明实施例的一种服务器,所述服务器包括:A server according to an embodiment of the present invention, the server includes:
第一获取单元,配置为获取用于唯一标识终端身份的第一信息;a first acquiring unit, configured to acquire first information for uniquely identifying a terminal identity;
信息生成单元,配置为根据所述第一信息生成对终端进行安全性认证的第二信息;An information generating unit, configured to generate second information for performing security authentication on the terminal according to the first information;
存储单元,配置为本地保存所述第一信息和所述第二信息;a storage unit configured to locally save the first information and the second information;
第一发送单元,配置为发送基于所述第二信息得到的第二信息副本给终端; a first sending unit, configured to send a second information copy obtained based on the second information to the terminal;
鉴权单元,配置为将从所述终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权,鉴权成功时颁发许可确认并发送用于锁网的第四信息给所述终端。The authentication unit is configured to compare the third information and the second information copy obtained from the terminal with the locally saved first information and the second information for authentication of the security authentication, and issue the license when the authentication succeeds Confirming and transmitting the fourth information for the lock network to the terminal.
上述方案中,所述存储单元,还配置为以所述第一信息为索引建立与所述第一信息相关的第一档案信息并保存;In the above solution, the storage unit is further configured to establish, by using the first information as an index, first file information related to the first information and save the information;
所述第一档案信息中至少包括所述第二信息和所述第四信息;The first file information includes at least the second information and the fourth information;
所述第四信息用于对所述终端进行初始锁网使用。The fourth information is used to perform initial lock network use on the terminal.
上述方案中,所述鉴权单元,包括:In the above solution, the authentication unit includes:
第一处理子单元,配置为获取第一数据处理请求,所述第一数据处理请求中至少携带所述终端提交的所述第三信息和所述第二信息副本;The first processing sub-unit is configured to acquire a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
解析子单元,配置为解析所述第一数据请求,得到所述第三信息和第二信息副本,所述第三信息用于唯一标识终端身份;a parsing subunit configured to parse the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity;
比对子单元,配置为比对出所述第二信息副本与所述第二信息完全相同,且所述第三信息与所述第一信息相同,则安全性认证的鉴权成功。The comparison subunit is configured to compare that the second information copy is identical to the second information, and the third information is the same as the first information, and the authentication of the security authentication is successful.
上述方案中,所述鉴权单元,还包括:In the above solution, the authentication unit further includes:
第一处理子单元,配置为获取第一数据处理请求,所述第一数据处理请求中至少携带所述终端提交的所述第三信息和所述第二信息副本;The first processing sub-unit is configured to acquire a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
解析子单元,配置为所述服务器解析所述第一数据请求,得到所述第三信息和第二信息副本,所述第三信息用于唯一标识终端身份;a parsing subunit configured to parse the first data request by the server to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity;
比对子单元,配置为比对出所述第二信息副本与所述第二信息部分相同,按照预设规则对所述第二信息副本与所述第二信息进行运算,若运算结果为匹配,且所述第三信息与所述第一信息相同,则安全性认证的鉴权成功。Comparing the sub-units, configured to compare the second information copy with the second information part, and perform operations on the second information copy and the second information according to a preset rule, if the operation result is a match And the third information is the same as the first information, and the authentication of the security authentication is successful.
上述方案中,所述鉴权单元,还还包括:In the above solution, the authentication unit further includes:
许可颁发子单元,配置为对所述终端的安全性认证鉴权成功后,将所 述第一信息作为用于搜索的索引关键信息从所述第一档案信息中提取与所述第一信息对应的第四信息,并发送给所述终端。a license issuance sub-unit configured to authenticate the security authentication of the terminal after the authentication is successful. The first information is used as index key information for searching to extract fourth information corresponding to the first information from the first file information, and is sent to the terminal.
上述方案中,所述第一发送单元,还配置为发送第二信息副本之前或同时,还发送用于锁网的第五信息给所述终端;In the above solution, the first sending unit is further configured to send the fifth information for locking the network to the terminal before or at the same time of transmitting the second information copy;
所述第五信息用于对所述终端进行初始锁网使用。The fifth information is used to perform initial lock network use on the terminal.
上述方案中,所述服务器还包括:In the above solution, the server further includes:
第二获取单元,配置为获取第二数据处理请求,所述第二数据处理请求中至少携带所述终端提交的所述第三信息、所述第二信息副本、请求更新的标识信息;a second acquiring unit, configured to acquire a second data processing request, where the second data processing request carries at least the third information submitted by the terminal, the second information copy, and the identifier information that is requested to be updated;
所述第四信息还用于对所述终端进行初始锁网后的参数更新使用。The fourth information is further used to perform parameter update after the initial lock network on the terminal.
上述方案中,所述服务器还包括:In the above solution, the server further includes:
第二发送单元,配置为主动发起第三数据处理请求,所述第三数据处理请求中至少携带所述第一信息、请求更新的标识信息;a second sending unit, configured to actively initiate a third data processing request, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
所述第四信息还用于对所述终端进行初始锁网后的参数更新使用。The fourth information is further used to perform parameter update after the initial lock network on the terminal.
所述第一获取单元、所述信息生成单元、所述存储单元、所述第一发送单元、所述鉴权单元、所述第一处理子单元、所述解析子单元、所述比对子单元、所述许可颁发子单元、所述第二获取单元、所述第二发送单元在执行处理时,可以采用中央处理器(CPU,Central Processing Unit)、数字信号处理器(DSP,Digital Singnal Processor)或可编程逻辑阵列(FPGA,Field-Programmable Gate Array)实现。The first obtaining unit, the information generating unit, the storage unit, the first sending unit, the authentication unit, the first processing subunit, the parsing subunit, and the comparison pair The unit, the license issuance subunit, the second acquisition unit, and the second sending unit may use a central processing unit (CPU), a digital signal processor (DSP, Digital Singnal Processor) when performing processing. ) or programmable logic array (FPGA, Field-Programmable Gate Array) implementation.
本发明实施例的一种终端,所述终端包括:A terminal according to an embodiment of the present invention, where the terminal includes:
第一接收单元,配置为收到基于所述第二信息得到的第二信息副本;a first receiving unit, configured to receive a second information copy obtained based on the second information;
第三发送单元,配置为发送用于唯一标识终端身份的第三信息和第二信息副本给服务器,请求鉴权以用于从服务器获取用于锁网的第四信息。And a third sending unit, configured to send a third information and a second information copy for uniquely identifying the identity of the terminal to the server, requesting authentication for acquiring fourth information for locking the network from the server.
上述方案中,所述终端还包括: In the above solution, the terminal further includes:
第一检测单元,配置为检测本地是否存在用于锁网的信息,得到第一检测结果并发送给所述第三发送单元;The first detecting unit is configured to detect whether there is local information for locking the network, obtain a first detection result, and send the result to the third sending unit;
所述第三发送单元,还配置为所述第一检测结果为本地不存在用于锁网的信息时,将所述第三信息和所述第二信息副本封装到第一数据处理请求中发送给服务器;The third sending unit is further configured to: when the first detection result is that there is no information for locking the network locally, the third information and the second information copy are encapsulated and sent to the first data processing request. Give the server;
所述第二信息副本与所述第二信息完全相同,或者,The second information copy is identical to the second information, or
所述第二信息副本与所述第二信息部分相同。The second copy of information is the same as the second information portion.
上述方案中,所述终端还包括:In the above solution, the terminal further includes:
第二接收单元,配置为在收到所述第二信息副本之后接收到所述第四信息,所述第四信息用于对所述终端进行初始锁网使用;a second receiving unit, configured to receive the fourth information after receiving the second information copy, where the fourth information is used to perform initial lock network use on the terminal;
锁网单元,配置为根据所述第四信息对含有指定识别信息的介质进行初始锁网。The lock network unit is configured to perform an initial lock network on the medium containing the specified identification information according to the fourth information.
上述方案中,所述第一接收单元,还配置为在收到所述第二信息副本之前或同时接收到用于锁网的第五信息;In the above solution, the first receiving unit is further configured to receive the fifth information for locking the network before or at the same time receiving the copy of the second information;
所述终端还包括:The terminal further includes:
锁网单元,配置为所述终端根据所述第五信息对含有指定识别信息的介质进行初始锁网。The lock network unit is configured to: the terminal performs an initial lock network on the medium containing the specified identification information according to the fifth information.
上述方案中,所述终端还包括:In the above solution, the terminal further includes:
第二检测单元,配置为根据所述第二信息副本检测是否达到有效阈值需要更新锁网信息,得到第二检测结果并发送给所述第三发送单元;The second detecting unit is configured to: according to the second information copy detecting whether the effective threshold is reached, the lock network information needs to be updated, and the second detection result is obtained and sent to the third sending unit;
所述第三发送单元,还配置为所述第二检测结果为达到有效阈值需要更新锁网信息时,将所述第三信息、所述第二信息副本、请求更新的标识信息封装到第二数据处理请求中发送给服务器;The third sending unit is further configured to: when the second detection result is that the lock network information needs to be updated to reach the effective threshold, the third information, the second information copy, and the update information of the request update are encapsulated into the second The data processing request is sent to the server;
所述第二接收单元,还配置为接收到所述第四信息,所述第四信息还用于对所述终端进行初始锁网后的参数更新使用; The second receiving unit is further configured to receive the fourth information, where the fourth information is further used to perform parameter update after the initial locking of the terminal;
所述锁网单元,还配置为所述终端根据所述第四信息对含有指定识别信息的介质进行锁网更新。The lock network unit is further configured to: the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
上述方案中,所述第二接收单元,还配置为收到服务器主动发起的第三数据处理请求,所述第三数据处理请求中至少携带所述第一信息、请求更新的标识信息;服务器鉴权成功后接收到所述第四信息,所述第四信息还用于对所述终端进行初始锁网后的参数更新使用;In the above solution, the second receiving unit is further configured to receive a third data processing request initiated by the server, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated; After the success of the right, the fourth information is received, and the fourth information is further used to perform parameter update after the initial lock network on the terminal;
所述锁网单元,还配置为根据所述第四信息对含有指定识别信息的介质进行锁网更新。The lock network unit is further configured to perform a lock network update on the medium containing the specified identification information according to the fourth information.
所述第一接收单元、所述第三发送单元、所述第一检测单元、所述第二接收单元、所述锁网单元、所述第二检测单元在执行处理时,可以采用中央处理器(CPU,Central Processing Unit)、数字信号处理器(DSP,Digital Singnal Processor)或可编程逻辑阵列(FPGA,Field-Programmable Gate Array)实现。The first receiving unit, the third sending unit, the first detecting unit, the second receiving unit, the lock net unit, and the second detecting unit may adopt a central processing unit when performing processing (CPU, Central Processing Unit), digital signal processor (DSP, Digital Singnal Processor) or Programmable Array Array (FPGA).
本发明实施例的方法包括:服务器获取用于唯一标识终端身份的第一信息;服务器根据所述第一信息生成对终端进行安全性认证的第二信息;服务器本地保存所述第一信息和所述第二信息,发送基于所述第二信息得到的第二信息副本给终端;服务器将从所述终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权,鉴权成功时颁发许可确认并发送用于锁网的第四信息给所述终端。The method of the embodiment of the present invention includes: the server acquires first information for uniquely identifying the identity of the terminal; the server generates second information for performing security authentication on the terminal according to the first information; and the server locally saves the first information and the Transmitting the second information, sending a second information copy obtained based on the second information to the terminal; the server compares the third information and the second information copy acquired from the terminal with the locally saved first information and the second information For the authentication for security authentication, when the authentication succeeds, a license confirmation is issued and the fourth information for the lock network is sent to the terminal.
采用本发明实施例,由于是通过服务器对终端进行远程管理,在锁网的场景下无需锁网工具,因此,对于多平台,多芯片等情况排除了采用多种专用的特定锁网工具对终端进行锁网处理的限制,从而达到无需维护过多的专用的特定锁网工具的效果,提高了管理的便捷性;而且,通过这种远程管理,即便终端处理完毕已经到了用户手里,有问题也不需要返厂才能重新处理,都可以通过服务器进行远程管理,从而降低了返厂维护的成 本,也提高了处理效率。According to the embodiment of the present invention, since the terminal is remotely managed by the server, the network locking tool is not needed in the scenario of the lock network. Therefore, for a plurality of platforms, multiple chips, etc., a plurality of dedicated specific lock network tools are used to terminate the terminal. The limitation of the lock network processing is achieved, thereby achieving the effect of not requiring maintenance of a dedicated dedicated lock network tool, and improving the convenience of management; and, through such remote management, even if the terminal processing has reached the user's hand, there is a problem. It also does not need to be returned to the factory for re-processing, and can be remotely managed through the server, thus reducing the maintenance of returning to the factory. This also improves processing efficiency.
附图说明DRAWINGS
图1为本发明一方法实施例的实现流程图;1 is a flowchart of an implementation of a method according to an embodiment of the present invention;
图2为本发明另一方法实施例的实现流程图;2 is a flowchart of an implementation of another method embodiment of the present invention;
图3为本发明一服务器实施例的组成结构示意图;3 is a schematic structural diagram of a server embodiment of the present invention;
图4为本发明一终端实施例的组成结构示意图;4 is a schematic structural diagram of a terminal embodiment of the present invention;
图5为应用本发明实施例的一应用场景的产线终端建立档案的示意图;FIG. 5 is a schematic diagram of establishing a file by a production line terminal of an application scenario according to an embodiment of the present invention; FIG.
图6为应用图5所建立档案的锁网实现流程图。FIG. 6 is a flow chart of implementing a lock network for applying the file created in FIG. 5.
具体实施方式detailed description
下面结合附图对技术方案的实施作进一步的详细描述。The implementation of the technical solution will be further described in detail below with reference to the accompanying drawings.
本发明实施例提供了一种数据处理方法,如图1所示,所述方法包括:The embodiment of the invention provides a data processing method. As shown in FIG. 1 , the method includes:
步骤101、服务器获取用于唯一标识终端身份的第一信息。Step 101: The server acquires first information for uniquely identifying the identity of the terminal.
这里,所述第一信息可以为硬件ID。Here, the first information may be a hardware ID.
步骤102、服务器根据所述第一信息生成对终端进行安全性认证的第二信息。Step 102: The server generates second information for performing security authentication on the terminal according to the first information.
这里,所述第二信息可以为用于数字加密和数字签名的各种证书信息。Here, the second information may be various certificate information for digital encryption and digital signature.
步骤103、服务器本地保存所述第一信息和所述第二信息,发送基于所述第二信息得到的第二信息副本给终端。Step 103: The server locally saves the first information and the second information, and sends a second information copy obtained based on the second information to the terminal.
这里,所述第二信息副本可以与第二信息完全一样;也可以与第二信息部分一样,比如,所述第二信息副本可以至少包括第二信息,只要能达到进行安全性鉴权就可以。Here, the second information copy may be identical to the second information; or may be the same as the second information part, for example, the second information copy may include at least the second information, as long as security authentication can be achieved. .
步骤104、服务器将从所述终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权,鉴权成功时颁发许可确认并发送用于锁网的第四信息给所述终端。 Step 104: The server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, and issues a license confirmation when the authentication succeeds. Sending fourth information for the lock network to the terminal.
这里,所述第四信息可以为用于对SIM卡进行锁网的锁网参数,使得对唯一标识的终端提供该运营商所提供的特定低价或补贴等优惠服务,其他终端不能享受这种优惠服务,即确保该运营商的特定终端只允许在该运营商的网络下运行,以享受这种优惠服务,禁止使用其它网络。Here, the fourth information may be a lock network parameter for locking a SIM card, so that the uniquely-identified terminal provides a preferential service such as a specific low price or subsidy provided by the operator, and other terminals cannot enjoy the same. The preferential service, that is, to ensure that the specific terminal of the operator is only allowed to operate under the network of the operator, to enjoy the preferential service, prohibiting the use of other networks.
采用本发明实施例的步骤101-104,对于多平台,多芯片等情况排除了采用多种专用的特定锁网工具对终端进行锁网处理的限制,从而达到无需维护过多的专用的特定锁网工具的效果,提高了管理的便捷性;而且,通过这种远程管理,即便终端处理完毕已经到了用户手里,有问题也不需要返厂才能重新处理,都可以通过服务器进行远程管理,从而降低了返厂维护的成本,也提高了处理效率。With the steps 101-104 of the embodiment of the present invention, for a multi-platform, multi-chip, etc., the limitation of using a plurality of dedicated specific lock network tools to lock the network of the terminal is eliminated, thereby achieving a dedicated lock that does not require excessive maintenance. The effect of the network tool improves the convenience of management; Moreover, through this remote management, even if the terminal has finished processing, it has reached the user's hand, and there is a problem that it does not need to be returned to the factory to be reprocessed, and the remote management can be performed through the server. Reduced the cost of returning to the factory and increased processing efficiency.
在本发明实施例一实现方式中,所述服务器本地保存所述第一信息和所述第二信息,包括:所述服务器以所述第一信息为索引建立与所述第一信息相关的第一档案信息并保存;所述第一档案信息中至少包括所述第二信息和所述第四信息。In an implementation manner of the first embodiment of the present invention, the server locally saves the first information and the second information, including: the server establishes, by using the first information as an index, a first information related to the first information. And storing the file information; the first file information includes at least the second information and the fourth information.
这里,所述第四信息用于对所述终端进行初始锁网使用。Here, the fourth information is used for initial lock network use of the terminal.
在本发明实施例一实现方式中,所述服务器将从终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权,包括:In an implementation manner of the first embodiment of the present invention, the server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, including :
A1、所述服务器获取第一数据处理请求,所述第一数据处理请求中至少携带所述终端提交的所述第三信息和所述第二信息副本。A1: The server acquires a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal.
这里,所述第一数据处理请求可以为颁发样机使用许可请求,以得到锁网参数用于进行后续的锁网处理,该许可请求也可以称为锁网请求。Here, the first data processing request may be to issue a prototype usage permission request to obtain a lock network parameter for performing subsequent lock network processing, and the permission request may also be referred to as a lock network request.
A2、所述服务器解析所述第一数据请求,得到所述第三信息和第二信息副本,所述第三信息用于唯一标识终端身份。A2. The server parses the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity.
这里,所述第三信息与所述第一信息类似,也是硬件ID类的信息,可 以与第一信息一样,也可以不一样,通过后续鉴权来认证。Here, the third information is similar to the first information, and is also information of a hardware ID class. As with the first information, it may be different, and the authentication is performed by subsequent authentication.
A3、比对出所述第二信息副本与所述第二信息完全相同,且所述第三信息与所述第一信息相同,则安全性认证的鉴权成功。A3. The second information is identical to the second information, and the third information is the same as the first information, and the authentication of the security authentication is successful.
在本发明实施例一实现方式中,所述服务器将从终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权,包括:In an implementation manner of the first embodiment of the present invention, the server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, including :
B1、所述服务器获取第一数据处理请求,所述第一数据处理请求中至少携带所述终端提交的所述第三信息和所述第二信息副本。B1: The server acquires a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal.
这里,所述第一数据处理请求可以为颁发样机使用许可请求,以得到锁网参数用于进行后续的锁网处理,该许可请求也可以称为锁网请求。Here, the first data processing request may be to issue a prototype usage permission request to obtain a lock network parameter for performing subsequent lock network processing, and the permission request may also be referred to as a lock network request.
B2、所述服务器解析所述第一数据请求,得到所述第三信息和第二信息副本,所述第三信息用于唯一标识终端身份。B2. The server parses the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity.
这里,所述第三信息与所述第一信息类似,也是硬件ID类的信息,可以与第一信息一样,也可以不一样,通过后续鉴权来认证。Here, the third information is similar to the first information, and is also information of a hardware ID class, which may be the same as or different from the first information, and is authenticated by subsequent authentication.
B3、比对出所述第二信息副本与所述第二信息部分相同,按照预设规则对所述第二信息副本与所述第二信息进行运算,若运算结果为匹配,且所述第三信息与所述第一信息相同,则安全性认证的鉴权成功。B3, comparing the second information copy with the second information part, performing operations on the second information copy and the second information according to a preset rule, if the operation result is a match, and the The third information is the same as the first information, and the authentication of the security authentication is successful.
上述A1-A3构成的实现方式为第二信息副本与第二信息完全相同,无需运算,而本B1-B3构成的实现方式是第二信息副本与第二信息部分相同,需要运算才可以,在运算结果为匹配,且所述第三信息与所述第一信息相同,则安全性认证的鉴权成功。The implementation of the above A1-A3 is that the second information copy is identical to the second information, and no operation is required, and the implementation of the B1-B3 is that the second information copy is the same as the second information part, and the operation is required. If the operation result is a match, and the third information is the same as the first information, the authentication of the security authentication is successful.
在本发明实施例一实现方式中,所述鉴权成功时颁发许可确认并发送用于锁网的第四信息给所述终端,包括:In an implementation manner of the embodiment of the present invention, when the authentication succeeds, a license confirmation is issued and the fourth information for the network is sent to the terminal, including:
所述服务器对所述终端的安全性认证鉴权成功后,将所述第一信息作为用于搜索的索引关键信息从所述第一档案信息中提取与所述第一信息对 应的第四信息,并发送给所述终端。After the server successfully authenticates the security authentication of the terminal, extracting, by using the first information as index key information for searching, the first information pair from the first file information. The fourth information should be sent to the terminal.
在本发明实施例一实现方式中,所述服务器本地保存所述第一信息和所述第二信息,发送基于所述第二信息得到的第二信息副本给终端,还包括:所述服务器发送第二信息副本之前或同时,还发送用于锁网的第五信息给所述终端。In an implementation manner of the first embodiment of the present invention, the server locally saves the first information and the second information, and sends a second information copy obtained based on the second information to the terminal, further comprising: sending, by the server The fifth information for the lock network is also sent to the terminal before or at the same time as the second information copy.
这里,所述第五信息用于对所述终端进行初始锁网使用。Here, the fifth information is used for initial lock network use of the terminal.
采用上述本发明实施例,举例来说,例如,一种场景是初始只发送证书,也就是说对于终端为手机,手机在出售时没有锁网参数,后续向服务器发送硬件ID进行请求锁网参数,在鉴权成功后服务器会发给终端;另一种场景为初始就发送证书和锁网参数,也就是说对于终端为手机,手机在出售时已经存在锁网参数,后续向服务器发送硬件ID进行是为了更新锁网参数可以使用,这个操作在鉴权成功后服务器会将更新的锁网参数发给终端。这是两种服务器对终端的不同远程管理方式。In the embodiment of the present invention, for example, a scenario is to initially send only a certificate, that is, if the terminal is a mobile phone, the mobile phone does not have a lock network parameter when it is sold, and then sends a hardware ID to the server to request a lock network parameter. After the authentication succeeds, the server will send the terminal to the terminal; another scenario is to send the certificate and the lock network parameters initially, that is to say, for the terminal to be the mobile phone, the mobile phone has the lock network parameter when it is sold, and then sends the hardware ID to the server. This is done in order to update the lock network parameters. After the authentication is successful, the server will send the updated lock network parameters to the terminal. This is a different remote management of the two server-to-terminal.
在本发明实施例一实现方式中,所述服务器将从所述终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权之前,还包括:所述服务器获取第二数据处理请求,所述第二数据处理请求中至少携带所述终端提交的所述第三信息、所述第二信息副本、请求更新的标识信息。In an implementation manner of the embodiment of the present invention, the server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication. The method further includes: the server acquiring a second data processing request, where the second data processing request carries at least the third information submitted by the terminal, the second information copy, and identifier information that is requested to be updated.
这里,所述第四信息用于对所述终端进行初始锁网后的参数更新使用。Here, the fourth information is used to perform parameter update after the initial lock on the terminal.
在本发明实施例一实现方式中,所述服务器将从所述终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权之前,还包括:所述服务器主动发起第三数据处理请求,所述第三数据处理请求中至少携带所述第一信息、请求更新的标识信息。In an implementation manner of the embodiment of the present invention, the server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication. The method further includes: the server actively initiating a third data processing request, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated.
这里,所述第四信息用于对所述终端进行初始锁网后的参数更新使用。Here, the fourth information is used to perform parameter update after the initial lock on the terminal.
本发明实施例提供了一种数据处理方法,如图2所示,所述方法包括: The embodiment of the invention provides a data processing method. As shown in FIG. 2, the method includes:
步骤201、终端收到基于所述第二信息得到的第二信息副本。Step 201: The terminal receives a second information copy obtained based on the second information.
步骤202、终端发送用于唯一标识终端身份的第三信息和第二信息副本给服务器,请求鉴权以用于从服务器获取用于锁网的第四信息。Step 202: The terminal sends a third information and a second information copy for uniquely identifying the identity of the terminal to the server, and requests authentication for obtaining fourth information for locking the network from the server.
在本发明实施例一实现方式中,所述终端发送用于唯一标识终端身份的第三信息和第二信息副本给服务器,包括:终端检测到本地不存在用于锁网的信息时,则将所述终端将所述第三信息和所述第二信息副本封装到第一数据处理请求中发送给服务器。In an implementation manner of the embodiment of the present invention, the terminal sends a third information and a second information copy for uniquely identifying the identity of the terminal to the server, including: when the terminal detects that there is no information for the network to be locked locally, The terminal encapsulates the third information and the second information copy into a first data processing request and sends the copy to the server.
这里,所述第二信息副本与所述第二信息完全相同,或者,所述第二信息副本与所述第二信息部分相同。Here, the second information copy is identical to the second information, or the second information copy is identical to the second information portion.
在本发明实施例一实现方式中,所述方法还包括:In an implementation manner of the embodiment of the present invention, the method further includes:
C1、所述终端在收到所述第二信息副本之后接收到所述第四信息,所述第四信息用于对所述终端进行初始锁网使用;C1. The terminal receives the fourth information after receiving the second information copy, where the fourth information is used to perform initial lock network use on the terminal.
C2、所述终端根据所述第四信息对含有指定识别信息的介质进行初始锁网。C2. The terminal performs initial lock network on the medium containing the specified identification information according to the fourth information.
这里,所述含有指定识别信息的介质可以为SIM卡或USIM卡。Here, the medium containing the specified identification information may be a SIM card or a USIM card.
采用本发明实施例的一个场景为:终端发现没有锁网数据,可以通过互联网或者其它连接途径,从授权的服务器上请求锁网参数等数据。每次运营使用服务器颁发的锁网参数等数据,比如锁网列表来判断用户插入的SIM卡是否是合法卡。服务器可以在产线终端上只写入重要的证书信息,等用户第一次插入SIM卡后,联网接入授权的服务器来获取锁网参数等数据,此种情况,任何一个发货样机可以等销售给用户拿到手之后再进行锁网,对于未售出的库存样机,因为未锁网,从而不必增加因传统样机发货即已经锁网的原因而增加的重新锁网返工带来的巨额维护费用。A scenario in which the embodiment of the present invention is used is: the terminal finds that there is no lock network data, and can request data such as lock network parameters from an authorized server through the Internet or other connection path. Each operation uses data such as lock network parameters issued by the server, such as a lock network list to determine whether the SIM card inserted by the user is a legitimate card. The server can only write important certificate information on the production line terminal. After the user inserts the SIM card for the first time, the network accesses the authorized server to obtain data such as the lock network parameters. In this case, any shipping prototype can wait. After the sales are given to the user, the network is locked. For the unsold inventory, because the network is not locked, it is not necessary to increase the huge maintenance caused by the re-locking rework caused by the traditional prototype shipment. cost.
在本发明实施例一实现方式中,所述方法还包括:In an implementation manner of the embodiment of the present invention, the method further includes:
D1、所述终端在收到所述第二信息副本之前或同时接收到用于锁网的 第五信息。D1. The terminal receives the lock for the network before or at the same time receiving the copy of the second information. Fifth message.
D2、所述终端根据所述第五信息对含有指定识别信息的介质进行初始锁网。D2. The terminal performs initial lock network on the medium containing the specified identification information according to the fifth information.
D3、所述终端根据所述第二信息副本检测到达到有效阈值需要更新锁网信息时,将所述第三信息、所述第二信息副本、请求更新的标识信息封装到第二数据处理请求中发送给服务器。D3. The terminal, when the second information replica detects that the valid threshold is reached, needs to update the lock network information, and encapsulates the third information, the second information replica, and the identifier information that is requested to be updated into the second data processing request. Sent to the server.
这里,比如证书信息是可以用2年的,2年后需要重新申请锁网信息,阈值就为2年等等。Here, for example, the certificate information can be used for 2 years, and after 2 years, the lock network information needs to be re-applied, and the threshold is 2 years.
D4、所述终端接收到所述第四信息,所述第四信息还用于对所述终端进行初始锁网后的参数更新使用。D4. The terminal receives the fourth information, where the fourth information is further used to perform parameter update after initial locking of the terminal.
D5、所述终端根据所述第四信息对含有指定识别信息的介质进行锁网更新。D5. The terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
采用本发明实施例一实现方式中,一个应用场景可以为:服务器是在生产时既颁发证书又经授权中心锁网,然后直接发货,此情况若遇到后期返工重新加锁情况,只需要把样机的锁网参数等重要数据擦除,然后第一次联网获取重要参数或由授权中心统一颁发锁网信息。In an implementation manner of the first embodiment of the present invention, an application scenario may be: the server issues a certificate at the time of production, and the authorized center locks the network, and then directly delivers the product. In this case, if the rework is re-locked in the later stage, only the need is needed. Erase the important data such as the lock network parameters of the prototype, and then obtain the important parameters for the first time or the lock network information is issued by the authorization center.
在本发明实施例一实现方式中,所述方法还包括:In an implementation manner of the embodiment of the present invention, the method further includes:
所述终端收到服务器主动发起的第三数据处理请求,所述第三数据处理请求中至少携带所述第一信息、请求更新的标识信息;Receiving, by the terminal, a third data processing request initiated by the server, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
所述终端在服务器鉴权成功后接收到所述第四信息,所述第四信息还用于对所述终端进行初始锁网后的参数更新使用;The terminal receives the fourth information after the server is successfully authenticated, and the fourth information is further used to perform parameter update after the initial lock network on the terminal;
所述终端根据所述第四信息对含有指定识别信息的介质进行锁网更新。The terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
这里需要指出的是:以下服务器及终端项的描述,与上述方法项的描述是类似的,同方法项的有益效果描述,不做赘述。对于本发明服务器及 终端实施例中未披露的技术细节,请参照本发明方法实施例的描述。It should be noted here that the descriptions of the following server and terminal items are similar to the descriptions of the above method items, and the beneficial effects of the same method items are described without further description. For the server of the present invention For technical details not disclosed in the terminal embodiment, please refer to the description of the method embodiment of the present invention.
本发明实施例的一种服务器,如图3所示,所述服务器包括:A server according to an embodiment of the present invention, as shown in FIG. 3, the server includes:
第一获取单元11,配置为获取用于唯一标识终端身份的第一信息;The first obtaining unit 11 is configured to acquire first information for uniquely identifying the identity of the terminal;
信息生成单元12,配置为根据所述第一信息生成对终端进行安全性认证的第二信息;The information generating unit 12 is configured to generate second information for performing security authentication on the terminal according to the first information.
存储单元13,配置为本地保存所述第一信息和所述第二信息;The storage unit 13 is configured to locally save the first information and the second information;
第一发送单元14,配置为发送基于所述第二信息得到的第二信息副本给终端;The first sending unit 14 is configured to send a second information copy obtained based on the second information to the terminal;
鉴权单元15,配置为将从所述终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权,鉴权成功时颁发许可确认并发送用于锁网的第四信息给所述终端。The authentication unit 15 is configured to compare the third information and the second information copy obtained from the terminal with the locally saved first information and the second information to perform authentication of the security authentication, and issue the authentication when the authentication succeeds. The license confirms and sends the fourth information for the lock to the terminal.
在本发明实施例一实现方式中,所述存储单元,配置为以所述第一信息为索引建立与所述第一信息相关的第一档案信息并保存;In an implementation manner of the embodiment of the present invention, the storage unit is configured to establish, by using the first information as an index, first file information related to the first information, and save the information;
所述第一档案信息中至少包括所述第二信息和所述第四信息;The first file information includes at least the second information and the fourth information;
所述第四信息用于对所述终端进行初始锁网使用。The fourth information is used to perform initial lock network use on the terminal.
在本发明实施例一实现方式中,所述鉴权单元,包括:In an implementation manner of the embodiment of the present invention, the authentication unit includes:
第一处理子单元,配置为获取第一数据处理请求,所述第一数据处理请求中至少携带所述终端提交的所述第三信息和所述第二信息副本;The first processing sub-unit is configured to acquire a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
解析子单元,配置为解析所述第一数据请求,得到所述第三信息和第二信息副本,所述第三信息用于唯一标识终端身份;a parsing subunit configured to parse the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity;
比对子单元,配置为比对出所述第二信息副本与所述第二信息完全相同,且所述第三信息与所述第一信息相同,则安全性认证的鉴权成功。The comparison subunit is configured to compare that the second information copy is identical to the second information, and the third information is the same as the first information, and the authentication of the security authentication is successful.
在本发明实施例一实现方式中,所述鉴权单元,包括:In an implementation manner of the embodiment of the present invention, the authentication unit includes:
第一处理子单元,配置为获取第一数据处理请求,所述第一数据处理请求中至少携带所述终端提交的所述第三信息和所述第二信息副本; The first processing sub-unit is configured to acquire a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
解析子单元,配置为所述服务器解析所述第一数据请求,得到所述第三信息和第二信息副本,所述第三信息用于唯一标识终端身份;a parsing subunit configured to parse the first data request by the server to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity;
比对子单元,配置为比对出所述第二信息副本与所述第二信息部分相同,按照预设规则对所述第二信息副本与所述第二信息进行运算,若运算结果为匹配,且所述第三信息与所述第一信息相同,则安全性认证的鉴权成功。Comparing the sub-units, configured to compare the second information copy with the second information part, and perform operations on the second information copy and the second information according to a preset rule, if the operation result is a match And the third information is the same as the first information, and the authentication of the security authentication is successful.
在本发明实施例一实现方式中,所述鉴权单元,还包括:In an implementation manner of the embodiment of the present invention, the authentication unit further includes:
许可颁发子单元,配置为对所述终端的安全性认证鉴权成功后,将所述第一信息作为用于搜索的索引关键信息从所述第一档案信息中提取与所述第一信息对应的第四信息,并发送给所述终端。a license issuance sub-unit configured to: after the authentication of the security authentication of the terminal is successful, extract the first information as index key information for searching, and extract, from the first file information, the first information The fourth information is sent to the terminal.
在本发明实施例一实现方式中,所述第一发送单元,配置为发送第二信息副本之前或同时,还发送用于锁网的第五信息给所述终端;In an implementation manner of the first embodiment of the present invention, the first sending unit is configured to send a fifth information for locking the network to the terminal before or at the same time of transmitting the second information copy;
所述第五信息用于对所述终端进行初始锁网使用。The fifth information is used to perform initial lock network use on the terminal.
在本发明实施例一实现方式中,所述服务器还包括:In an implementation manner of the embodiment of the present invention, the server further includes:
第二获取单元,配置为获取第二数据处理请求,所述第二数据处理请求中至少携带所述终端提交的所述第三信息、所述第二信息副本、请求更新的标识信息;a second acquiring unit, configured to acquire a second data processing request, where the second data processing request carries at least the third information submitted by the terminal, the second information copy, and the identifier information that is requested to be updated;
所述第四信息用于对所述终端进行初始锁网后的参数更新使用。The fourth information is used to perform parameter update after the initial lock network on the terminal.
在本发明实施例一实现方式中,所述服务器还包括:In an implementation manner of the embodiment of the present invention, the server further includes:
第二发送单元,配置为主动发起第三数据处理请求,所述第三数据处理请求中至少携带所述第一信息、请求更新的标识信息;a second sending unit, configured to actively initiate a third data processing request, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
所述第四信息用于对所述终端进行初始锁网后的参数更新使用。The fourth information is used to perform parameter update after the initial lock network on the terminal.
本发明实施例的一种终端,如图4所示,所述终端包括:A terminal according to an embodiment of the present invention, as shown in FIG. 4, the terminal includes:
第一接收单元21,配置为收到基于所述第二信息得到的第二信息副本;The first receiving unit 21 is configured to receive a second information copy obtained based on the second information;
第三发送单元22,配置为发送用于唯一标识终端身份的第三信息和第 二信息副本给服务器,请求鉴权以用于从服务器获取用于锁网的第四信息。The third sending unit 22 is configured to send third information and a third identifier for uniquely identifying the identity of the terminal. A copy of the information is sent to the server, requesting authentication for obtaining the fourth information for the lock network from the server.
在本发明实施例一实现方式中,所述终端还包括:In an implementation manner of the embodiment of the present invention, the terminal further includes:
第一检测单元,配置为检测本地是否存在用于锁网的信息,得到第一检测结果并发送给所述第三发送单元;The first detecting unit is configured to detect whether there is local information for locking the network, obtain a first detection result, and send the result to the third sending unit;
所述第三发送单元,配置为所述第一检测结果为本地不存在用于锁网的信息时,将所述第三信息和所述第二信息副本封装到第一数据处理请求中发送给服务器;The third sending unit is configured to: when the first detection result is that there is no information for the network lock, the third information and the second information copy are encapsulated into the first data processing request and sent to server;
所述第二信息副本与所述第二信息完全相同,或者,The second information copy is identical to the second information, or
所述第二信息副本与所述第二信息部分相同。The second copy of information is the same as the second information portion.
在本发明实施例一实现方式中,所述终端还包括:In an implementation manner of the embodiment of the present invention, the terminal further includes:
第二接收单元,配置为在收到所述第二信息副本之后接收到所述第四信息,所述第四信息用于对所述终端进行初始锁网使用;a second receiving unit, configured to receive the fourth information after receiving the second information copy, where the fourth information is used to perform initial lock network use on the terminal;
锁网单元,配置为根据所述第四信息对含有指定识别信息的介质进行初始锁网。The lock network unit is configured to perform an initial lock network on the medium containing the specified identification information according to the fourth information.
在本发明实施例一实现方式中,所述第一接收单元,配置为在收到所述第二信息副本之前或同时接收到用于锁网的第五信息;In an implementation manner of the first embodiment of the present invention, the first receiving unit is configured to receive, after receiving the second information copy, or the fifth information for locking the network;
所述终端还包括:The terminal further includes:
锁网单元,配置为所述终端根据所述第五信息对含有指定识别信息的介质进行初始锁网。The lock network unit is configured to: the terminal performs an initial lock network on the medium containing the specified identification information according to the fifth information.
在本发明实施例一实现方式中,所述终端还包括:In an implementation manner of the embodiment of the present invention, the terminal further includes:
第二检测单元,配置为根据所述第二信息副本检测是否达到有效阈值需要更新锁网信息,得到第二检测结果并发送给所述第三发送单元;The second detecting unit is configured to: according to the second information copy detecting whether the effective threshold is reached, the lock network information needs to be updated, and the second detection result is obtained and sent to the third sending unit;
所述第三发送单元,配置为所述第二检测结果为达到有效阈值需要更新锁网信息时,将所述第三信息、所述第二信息副本、请求更新的标识信息封装到第二数据处理请求中发送给服务器; The third sending unit is configured to: when the second detection result is that the lock network information needs to be updated when the effective threshold is reached, the third information, the second information copy, and the identifier information that is requested to be updated are encapsulated into the second data. Send the request to the server;
所述第二接收单元,配置为接收到所述第四信息,所述第四信息还用于对所述终端进行初始锁网后的参数更新使用;The second receiving unit is configured to receive the fourth information, where the fourth information is further used to perform parameter update after the initial locking of the terminal;
所述锁网单元,配置为所述终端根据所述第四信息对含有指定识别信息的介质进行锁网更新。The lock network unit is configured to: the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
在本发明实施例一实现方式中,所述第二接收单元,配置为收到服务器主动发起的第三数据处理请求,所述第三数据处理请求中至少携带所述第一信息、请求更新的标识信息;服务器鉴权成功后接收到所述第四信息,所述第四信息还用于对所述终端进行初始锁网后的参数更新使用;In an implementation manner of the first embodiment of the present invention, the second receiving unit is configured to receive a third data processing request initiated by the server, where the third data processing request carries at least the first information, and the request is updated. Identification information; after the server is successfully authenticated, the fourth information is received, and the fourth information is further used to update the parameter after the initial lock network of the terminal;
所述锁网单元,配置为根据所述第四信息对含有指定识别信息的介质进行锁网更新。The lock network unit is configured to perform a lock network update on the medium containing the specified identification information according to the fourth information.
以下以一个具体应用场景的描述来描述:The following is described in the description of a specific application scenario:
应用本发明实施例的本应用场景,是针对面向无线数据终端设备的基于无线网络的锁网技术而言,在现有技术中,各运营商为了维护其利益,对运营商网络的控制要求也越来越高,主要体现在运营商为了提高自身竞争力,而低价售出或以补贴形式销售无数终端设备;同样补贴形式的无数数据业务终端,安全性要求也是最高的,安全性体现在该运营商的终端只允许在该运营商的网络下运行,而禁止使用其它网络。通常对于网络的控制是通过对手机SIM卡的MCC/MNC等重要参数的控制,一般在数据终端生产时,通过将运营商MCC/MNC数据写入终端设备的方式,用户使用的时候,只能使用与终端设备相匹配的SIM卡,对于竞品卡MCC/MNC不匹配的SIM卡,拒绝使用以达到保护运营商利益的目的。The application scenario of the embodiment of the present invention is directed to a wireless network-based lock network technology for a wireless data terminal device. In the prior art, each operator has a control requirement for the operator network in order to maintain its interests. Increasingly high, mainly reflected in the operators to sell their infinite number of terminal equipment at low prices in order to improve their competitiveness; the same number of data service terminals in the form of subsidies, the security requirements are also the highest, security is reflected in The operator's terminal is only allowed to operate under the operator's network, and other networks are prohibited. Generally, the control of the network is controlled by important parameters such as MCC/MNC of the SIM card of the mobile phone. Generally, when the data of the operator is written into the terminal device by the operator MCC/MNC data, the user can only use it. The SIM card that matches the terminal device is used, and the SIM card that does not match the MCC/MNC of the competing card is refused to be used for the purpose of protecting the interests of the operator.
对数据终端写入的SIM卡参数信息的控制、保护和维护措拖,统称为锁网;锁网除了传统的锁网(比较MCC、MNC)之外,通常还有锁子网(比较MCC、MNC、IMSI的6位和IMSI的7位)、锁公司(比较SIM卡的MCC,MCC和GID1)等等,像MCC,MNC,GID1等参数,统称为锁网 参数,这种参数比较敏感,也是保护的重点。通过一种工具可以将锁网参数写入数据终端,此工具称之为锁网工具。The control, protection and maintenance of the SIM card parameter information written by the data terminal are collectively referred to as lock network; in addition to the traditional lock network (compared to MCC, MNC), the lock network usually has a lock subnet (compared to MCC, MNC, 6 digits of IMSI and 7 digits of IMSI), lock company (comparing SIM card MCC, MCC and GID1), etc., such as MCC, MNC, GID1 and other parameters, collectively referred to as lock network Parameters, which are sensitive and are also the focus of protection. The lock network parameters can be written to the data terminal by a tool called a lock network tool.
对于终端生产商,针对不同运营商定制,可能需要定制的锁网类型和锁网方式不同,而需要维护多种锁网工具,在产线生产时,对于发货量大,生产工期短的紧急项目,经常遇到用错工具而返工带来极大的经济损失。运营商后期产品未必全部卖出,库存样机往往期望通过重新修改锁网参数的方式将剩作库存量产品往给其它地区,这样,同样要求返工生产而增加终端生产商的后期维护成本,总之,锁网工具的锁网处理,太受限于平台和芯片等因素,就导致了返工维护成本的提高,使得管理和锁网处理效率也很低下。For terminal manufacturers, customized for different operators, it may be necessary to customize the lock type and lock network differently, but need to maintain a variety of lock network tools, in the production line production, for the delivery of large, short production period of emergency Projects often encounter rework with the wrong tools and bring great economic losses. The latter products of the operators may not all be sold. The inventory prototypes often expect to transfer the remaining inventory products to other regions by re-modifying the lock network parameters. In this way, rework production is also required to increase the post-maintenance cost of the terminal manufacturers. In short, The lock network processing of the lock network tool is too limited by factors such as the platform and the chip, which leads to an increase in the cost of rework and maintenance, and the management and lock network processing efficiency is also very low.
本发明应用场景中,一旦无线数据终端联网,那么就会通过网络而受控于用于锁网授权的服务器(如上述实施例所述的服务器实施例一及其各种具体实现方式),从而好处是:可以提高生产效率、降低生产成本和终端设备的后期维护成本之外,也可以统一经锁网授权的服务器对所有设备进行统一管理,如加锁、重新加锁或解锁等远程管理。In the application scenario of the present invention, once the wireless data terminal is networked, it is controlled by the network for the server for the lock network authorization (such as the server embodiment 1 and various specific implementation manners described in the foregoing embodiments), thereby The advantages are: it can improve production efficiency, reduce production cost and post-maintenance cost of terminal equipment, and can also uniformly manage all equipments through the server authorized by the lock network, such as remote management such as locking, re-locking or unlocking.
具体来说,本应用场景是针对上述现有技术的问题着手,针对终端生产商的锁网相关的方案来力求降低生产维护成本,通过锁网授权的服务器来实现便捷的远程管理,该锁网授权的服务器也可以称为锁网授权中心服务器或授权中心服务器,具体名称不受限制,只要能通过一个服务器实现以下功能即可,以下简称为服务器来描述如下:Specifically, the application scenario is directed to the above-mentioned problems of the prior art, and aims to reduce the production and maintenance cost for the terminal manufacturer's lock network related solution, and realize convenient remote management through the server authorized by the lock network. An authorized server can also be called a lock network authorization center server or an authorization center server. The specific name is not limited. As long as the following functions can be implemented through one server, the following is referred to as a server to describe as follows:
一、终端生产时,服务器给样机写入证书信息(该证书信息包含样机的唯一硬件ID信息,其形式可以多样,例如使用锁网授权中心服务器的根私钥对其硬件ID和一些重要信息的签名数据等等),并且在服务器建立档案信息(包括运营商信息,产品类型,发货地区,期待锁网的MCC/MNC等重要信息等)。如图5的产线终端建立档案的示意图所示。 1. When the terminal is produced, the server writes the certificate information to the prototype (the certificate information includes the unique hardware ID information of the prototype, and the form thereof may be various, for example, using the root private key of the lock network authorization center server, its hardware ID and some important information. Signature data, etc.), and establish file information (including operator information, product type, shipping area, expecting important information such as MCC/MNC of the lock network, etc.) on the server. As shown in the schematic diagram of the line creation terminal of Figure 5, the file is created.
二、用户第一次联网注册后,如图6的应用图5所建立档案的锁网实现流程图所示,样机请求或由服务器颁发样机使用许可(即锁网参数等重要数据,这些重要数据包含对样机唯一硬件ID或其它唯一信息的加密或签名数据),即授权后用户才可以正常使用;当使用年限达到2年或指定年限,用户同样可以申请服务器解锁请求,服务器可以根据需求裁决是否给用户解锁或者颁发新的证书。2. After the user registers for the first time, as shown in the flowchart of the lock network implementation of the file created in Figure 5, the prototype request or the server license is issued by the server (that is, important data such as lock network parameters, such important data. Contains the encrypted or signed data of the unique hardware ID or other unique information of the prototype), that is, the user can use it after authorization; when the service life reaches 2 years or a specified number of years, the user can also apply for a server unlock request, and the server can decide whether to request according to the demand. Unlock the user or issue a new certificate.
这里需要指出的是,服务器的功能不局限于以上功能,还可以具有功能:例如,其形式可以在产线上只写入重要证书信息,等用户第一次插入SIM卡后,联入服务器获取锁网参数等重要数据,此种情况,任何一个发货样机可以等销售给用户拿到手之后再锁网,对于未售出的库存样机,因为未锁网而不必增加因传统样机发货已经锁网的原因而增加的重新锁网返工带来的巨额维护费用。It should be pointed out here that the function of the server is not limited to the above functions, and may also have functions: for example, the form can only write important certificate information on the production line, and the user joins the server after first inserting the SIM card. Important data such as lock network parameters, in this case, any one of the shipping prototypes can be sold to the user to get the hand and then lock the net. For the unsold inventory prototype, because the net is not locked, it is not necessary to increase the shipment due to the traditional prototype. The net reason for the increase in re-locking network rework brings huge maintenance costs.
服务器的功能还可以具有功能:例如,其形式同样可以是在生产时既颁发证书又经授权中心锁网,然后直接发货,此情况若遇到后期返工重新加锁情况,只需要把样机的锁网参数等重要数据擦除,然后第一次联网获取锁网参数等重要数据或由服务器统一颁发锁网参数等重要数据。The function of the server can also have functions: for example, the form can also be issued at the time of production, and the authorized center locks the network, and then directly delivers the goods. In this case, if the rework is re-locked in the later stage, only the prototype is needed. Important data such as lock network parameters are erased, and then important data such as lock network parameters are obtained online for the first time or important data such as lock network parameters are uniformly issued by the server.
服务器的功能还可以具有功能:例如,其形式还包括对测试样机的统一管理,比如测试样机可以颁发证书,分配一个测试样机的管理权限,可以减少前方或局方测试员工因为频频需要测试多个项目,而需要反复锁网带来的锁网工具泄露的风险,同样可以减少或因为频繁邮寄样机带来的额外成本。The function of the server can also have functions: for example, the form also includes unified management of the test prototype, such as the test prototype can issue a certificate, assign a management right of the test prototype, can reduce the front or the test staff because of the frequent need to test multiple Projects, while the risk of leaking the lock-net tool required by repeated locks can also reduce or add extra costs due to frequent mailing of prototypes.
如图5的产线终端建立档案的示意图所示,指出了产线生产时如何写入ID等重要信息以建立档案的流程,包括以下往返的消息:As shown in the schematic diagram of the file establishment file of the production line terminal in Fig. 5, it is pointed out how to write important information such as IDs during production line production to establish a file, including the following round-trip messages:
消息1:产线在生产过程中,通过锁网工具和终端进行权限交互,获取写入硬件ID权限的消息流。只有返回成功,锁网工具才有权限写入数据到 终端,对于非法用户,无法获取该权限,无法写硬件ID等信息。Message 1: During the production process, the production line interacts with the terminal through the lock network tool to obtain the message flow for writing the hardware ID permission. Only if the return is successful, the lock network tool has permission to write data to The terminal cannot obtain this permission for illegal users and cannot write information such as hardware ID.
消息2:锁网工具随机生成硬件ID,将硬件ID发给终端,终端先检查有没有存在硬件ID,如果已存在硬件ID,测返回已存在硬件ID给锁网工具;如果不存在硬件ID,则写入硬件ID,然后将写入的硬件ID返回给锁网工具。此消息同样可以包含除硬件ID之外的其它等要信息和附加信息。Message 2: The lock network tool randomly generates a hardware ID, and sends the hardware ID to the terminal. The terminal first checks whether there is a hardware ID. If the hardware ID already exists, the test returns the existing hardware ID to the lock network tool; if the hardware ID does not exist, Then write the hardware ID, and then return the written hardware ID to the lock network tool. This message can also contain other important information and additional information in addition to the hardware ID.
消息3:锁网工具通过网络或者其它连接方式连接到用于锁网授权的服务器,或者先连接临时服务器等结束后再更新连接到用于锁网授权的服务器。其中申请权限的信息,包含锁网工具自身的ID等重要身份信息,以便用于锁网授权的服务器可以判断其身份。只有被授权的锁网工具,才可以申请到用于锁网授权的服务器的权限,这样极大提高了数据安全性。Message 3: The lock network tool is connected to the server for the lock network authorization through the network or other connection mode, or the connection to the server for the lock network authorization is updated after the temporary server is connected. The information for applying for permission includes important identity information such as the ID of the lock network tool, so that the server used for the lock network authorization can determine its identity. Only the authorized lock network tool can apply for the permission of the server for the lock network authorization, which greatly improves the data security.
消息4:锁网工具从用于锁网授权的服务器获取该服务器的根公钥rPb和申请该服务器颁发给终端的唯一证书,以及一对随机公私钥Pb和Pi用于数据通讯过程中交互或加密解密使用。Message 4: The lock network tool obtains the root public key rPb of the server from the server for the lock network authorization and the unique certificate issued by the server to the terminal, and a pair of random public and private keys Pb and Pi are used for interaction in the data communication process or Encrypted and decrypted.
消息5:锁网工具将从消息4中得到的结果返回终端,使得终端保存公私钥以及签名等数据信息,以备后续锁网或重新锁网使用。Message 5: The lock network tool returns the result obtained from the message 4 to the terminal, so that the terminal saves the public and private key and the data information such as the signature, so as to be used for subsequent lock network or re-locking.
消息6:锁网工具请求用于锁网授权的服务器为硬件ID为“Id”的终端建立档案。Message 6: The lock network tool requests the server for the lock network authorization to create a file for the terminal with the hardware ID "Id".
后续,如图6的应用图5所建立档案的锁网实现流程图所示,指出了终端首次运行,从服务器获取锁网参数等重要信息的流程,包括以下往返的消息:Subsequently, as shown in the flow chart of the lock network implementation of the file created in FIG. 5, the process of obtaining the important information such as the lock network parameters from the server for the first time, including the following round-trip message:
消息7:终端根据自己的硬件ID及证书信息,请求用于锁网授权的服务器锁网并请求建立连接,用于锁网授权的服务器核实终端身份后,建立终端的连接。并从运营商表里查询硬件ID对应的运营商信息,然后从信息中获取该样机的锁网等重要数据。Message 7: The terminal requests the server for the lock network authorization to lock the network according to its own hardware ID and certificate information and requests to establish a connection. After the server for the lock network authorization verifies the identity of the terminal, the terminal establishes a connection of the terminal. And query the operator information corresponding to the hardware ID from the operator list, and then obtain important data such as the lock network of the prototype from the information.
消息8:终端向用于锁网授权的服务器请求锁网参数等重要信息。服务 器根据硬件ID取得锁网等数据,再根据服务器根私钥对数据和硬件ID等信息做加密操作,然后发给终端。终端设备验证并保存锁网信息,等下次开发时,发现已经保存有锁网信息,则不必再去请求用于锁网授权的服务器锁网。每次运营使用中心颁发的锁网列表,判断用户插入的SIM卡是否是合法卡。Message 8: The terminal requests important information such as lock network parameters from the server used for the lock network authorization. Service The device obtains data such as a lock network according to the hardware ID, and then encrypts the data and the hardware ID according to the server root private key, and then sends the information to the terminal. The terminal device verifies and saves the lock network information. When it is found that the lock network information has been saved during the next development, it is no longer necessary to request the server lock network for the lock network authorization. Each operation uses the lock net list issued by the center to determine whether the SIM card inserted by the user is a legal card.
综上所述,本应用场景的服务器,可以用于负责保存数据终端的硬件ID、证书信息、以及必要的运营商信息、通讯公私钥以及运营商期待的锁网参数信息等等重要数据的一种或多种,且在终端第一次运行时,如果发现没有锁网数据,可以通过互联网或者其它连接途径,从服务器上请求锁网数据。同样的,服务器也可以在某些情况下或可以主动修改指定样机的锁网参数或其它重要参数。本应用场景的锁网工具不是必须的,但是在写入数据到终端中以建立档案时可以采用锁网工具,锁网工具通过和服务器交互,写入硬件ID(唯一标识设备的序列号)到终端的不可擦除的分区。本应用场景的终端,在产线生产时通过锁网工具写入硬件ID,第一次运行时,可以与服务器进行交互,从服务器请求锁网参数。一旦锁网参数成功,后期不必再请求。同样的,运营商可以通过指令删除锁网参数,然后再次从服务器请求锁网,即授受重新锁网的功能。In summary, the server of the application scenario may be used to store the hardware ID of the data terminal, the certificate information, and the necessary carrier information, the communication public and private key, and the lock data parameter information expected by the operator. One or more kinds, and when the terminal is running for the first time, if it is found that there is no lock network data, the lock network data can be requested from the server through the Internet or other connection means. Similarly, the server can also modify the lock parameters or other important parameters of the specified prototype in some cases. The lock network tool of this application scenario is not required, but the lock network tool can be used when writing data to the terminal to create a file. The lock network tool interacts with the server and writes the hardware ID (uniquely identifies the serial number of the device) to The non-erasable partition of the terminal. The terminal of this application scenario writes the hardware ID through the lock network tool during the production line production. When the first run, it can interact with the server and request the lock network parameters from the server. Once the lock network parameters are successful, there is no need to request them later. Similarly, the operator can delete the lock network parameters by instruction, and then request the lock network from the server again, that is, grant the function of relocking the network.
由于,服务器不局限于对某指定平台样机的操作,因此,可以实现多种平台的统一锁网,不再区分样机是否是高通平台、联发科(MTK)平台、Marvell平台等等,只要符合规定的数据传输方式或接口,均可以实现统一化管理;也不局限于特定的联接方式,可以通过任何设备支持的无线通讯方式或直连方式,只要符合规定的数据传输方式或接口即可。Because the server is not limited to the operation of a certain platform prototype, it can realize unified lock network of multiple platforms, no longer distinguish whether the prototype is Qualcomm platform, MediaTek (MTK) platform, Marvell platform, etc., as long as it meets the requirements. Data transmission mode or interface can be unified management; it is not limited to a specific connection mode, and can be wireless communication mode or direct connection mode supported by any device, as long as it conforms to the specified data transmission mode or interface.
可见:采用本发明实施例及其应用场景,是通过用于锁网授权的服务器对终端进行远程管理,比如锁网处理,在锁网处理时先期通过给样机建立终端档案的方式,后续利用该档案进行锁网处理,这种对终端设备进行 远程维护的方式,既降低产线用错锁网工具的风险,又可以降低售后维护成本。对于重新锁网的动作,不必返厂维护,极大的减少售后维护成本。It can be seen that, by using the embodiment of the present invention and its application scenario, the terminal is remotely managed by the server for the lock network authorization, such as the lock network processing, and the terminal file is established by the prototype before the lock network processing, and the subsequent use is performed. The file is locked and processed, and this is done on the terminal device. The method of remote maintenance not only reduces the risk of using the wrong lock network tool on the production line, but also reduces the after-sales maintenance cost. For the action of relocking the net, it is not necessary to return to the factory for maintenance, which greatly reduces the after-sales maintenance cost.
本发明实施例所述集成的模块如果以软件功能模块的形式实现并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明实施例的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机、服务器、或者网络设备等)执行本发明各个实施例所述方法的全部或部分。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。这样,本发明实施例不限制于任何特定的硬件和软件结合。The integrated modules described in the embodiments of the present invention may also be stored in a computer readable storage medium if they are implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions. A computer device (which may be a personal computer, server, or network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. . Thus, embodiments of the invention are not limited to any specific combination of hardware and software.
相应的,本发明实施例还提供一种计算机存储介质,其中存储有计算机程序,该计算机程序用于执行本发明实施例的数据处理方法。Correspondingly, the embodiment of the present invention further provides a computer storage medium, wherein a computer program is stored, and the computer program is used to execute the data processing method of the embodiment of the present invention.
以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.
工业实用性Industrial applicability
采用本发明实施例,由于是通过服务器对终端进行远程管理,在锁网的场景下无需锁网工具,因此,对于多平台,多芯片等情况排除了采用多种专用的特定锁网工具对终端进行锁网处理的限制,从而达到无需维护过多的专用的特定锁网工具的效果,提高了管理的便捷性;而且,通过这种远程管理,即便终端处理完毕已经到了用户手里,有问题也不需要返厂才能重新处理,都可以通过服务器进行远程管理,从而降低了返厂维护的成本,也提高了处理效率。 According to the embodiment of the present invention, since the terminal is remotely managed by the server, the network locking tool is not needed in the scenario of the lock network. Therefore, for a plurality of platforms, multiple chips, etc., a plurality of dedicated specific lock network tools are used to terminate the terminal. The limitation of the lock network processing is achieved, thereby achieving the effect of not requiring maintenance of a dedicated dedicated lock network tool, and improving the convenience of management; and, through such remote management, even if the terminal processing has reached the user's hand, there is a problem. It also does not need to be returned to the factory for reprocessing. It can be remotely managed through the server, which reduces the cost of returning to the factory and improves the processing efficiency.

Claims (28)

  1. 一种数据处理方法,所述方法包括:A data processing method, the method comprising:
    服务器获取用于唯一标识终端身份的第一信息;The server obtains first information for uniquely identifying the identity of the terminal;
    服务器根据所述第一信息生成对终端进行安全性认证的第二信息;The server generates second information for performing security authentication on the terminal according to the first information.
    服务器本地保存所述第一信息和所述第二信息,发送基于所述第二信息得到的第二信息副本给终端;The server locally saves the first information and the second information, and sends a second information copy obtained based on the second information to the terminal;
    服务器将从所述终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权,鉴权成功时颁发许可确认并发送用于锁网的第四信息给所述终端。The server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, and when the authentication succeeds, the license confirmation is issued and sent for The fourth information of the lock network is given to the terminal.
  2. 根据权利要求1所述的方法,其中,所述服务器本地保存所述第一信息和所述第二信息,包括:The method of claim 1, wherein the server locally saving the first information and the second information comprises:
    所述服务器以所述第一信息为索引建立与所述第一信息相关的第一档案信息并保存;The server establishes and saves the first file information related to the first information by using the first information as an index;
    所述第一档案信息中至少包括所述第二信息和所述第四信息;The first file information includes at least the second information and the fourth information;
    所述第四信息用于对所述终端进行初始锁网使用。The fourth information is used to perform initial lock network use on the terminal.
  3. 根据权利要求2所述的方法,其中,所述服务器将从终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权,包括:The method according to claim 2, wherein the server compares the third information and the second information copy acquired from the terminal with the locally saved first information and the second information for authentication of the security authentication, include:
    所述服务器获取第一数据处理请求,所述第一数据处理请求中至少携带所述终端提交的所述第三信息和所述第二信息副本;The server acquires a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
    所述服务器解析所述第一数据请求,得到所述第三信息和第二信息副本,所述第三信息用于唯一标识终端身份;The server parses the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity;
    比对出所述第二信息副本与所述第二信息完全相同,且所述第三信息与所述第一信息相同,则安全性认证的鉴权成功。If the second information copy is identical to the second information, and the third information is the same as the first information, the authentication of the security authentication is successful.
  4. 根据权利要求2所述的方法,其中,所述服务器将从终端获取的第 三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权,包括:The method of claim 2, wherein the server obtains the number from the terminal The third information and the second information copy are compared with the locally saved first information and the second information for authentication of the security authentication, including:
    所述服务器获取第一数据处理请求,所述第一数据处理请求中至少携带所述终端提交的所述第三信息和所述第二信息副本;The server acquires a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
    所述服务器解析所述第一数据请求,得到所述第三信息和第二信息副本,所述第三信息用于唯一标识终端身份;The server parses the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity;
    比对出所述第二信息副本与所述第二信息部分相同,按照预设规则对所述第二信息副本与所述第二信息进行运算,若运算结果为匹配,且所述第三信息与所述第一信息相同,则安全性认证的鉴权成功。Comparing the second information copy with the second information part, performing operations on the second information copy and the second information according to a preset rule, if the operation result is a match, and the third information The same as the first information, the authentication of the security authentication is successful.
  5. 根据权利要求3或4所述的方法,其中,所述鉴权成功时颁发许可确认并发送用于锁网的第四信息给所述终端,包括:The method according to claim 3 or 4, wherein, when the authentication succeeds, a license confirmation is issued and the fourth information for the lock network is sent to the terminal, including:
    所述服务器对所述终端的安全性认证鉴权成功后,将所述第一信息作为用于搜索的索引关键信息从所述第一档案信息中提取与所述第一信息对应的第四信息,并发送给所述终端。After the server successfully authenticates the security authentication of the terminal, the first information is used as the index key information for searching, and the fourth information corresponding to the first information is extracted from the first file information. And sent to the terminal.
  6. 根据权利要求1所述的方法,其中,所述服务器本地保存所述第一信息和所述第二信息,发送基于所述第二信息得到的第二信息副本给终端,还包括:The method of claim 1, wherein the server locally saves the first information and the second information, and sends a second copy of the information obtained based on the second information to the terminal, further comprising:
    所述服务器发送第二信息副本之前或同时,还发送用于锁网的第五信息给所述终端;Before the server sends the second information copy or at the same time, sending the fifth information for locking the network to the terminal;
    所述第五信息用于对所述终端进行初始锁网使用。The fifth information is used to perform initial lock network use on the terminal.
  7. 根据权利要求6所述的方法,其中,所述服务器将从所述终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权之前,还包括:The method according to claim 6, wherein said server compares the third information and the second information copy acquired from said terminal with locally saved first information and second information for security authentication Before the right, it also includes:
    所述服务器获取第二数据处理请求,所述第二数据处理请求中至少携带所述终端提交的所述第三信息、所述第二信息副本、请求更新的标识信 息;The server acquires a second data processing request, where the second data processing request carries at least the third information submitted by the terminal, the second information copy, and the updated identification letter interest;
    所述第四信息用于对所述终端进行初始锁网后的参数更新使用。The fourth information is used to perform parameter update after the initial lock network on the terminal.
  8. 根据权利要求6所述的方法,其中,所述服务器将从所述终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权之前,还包括:The method according to claim 6, wherein said server compares the third information and the second information copy acquired from said terminal with locally saved first information and second information for security authentication Before the right, it also includes:
    所述服务器主动发起第三数据处理请求,所述第三数据处理请求中至少携带所述第一信息、请求更新的标识信息;The server actively initiates a third data processing request, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
    所述第四信息用于对所述终端进行初始锁网后的参数更新使用。The fourth information is used to perform parameter update after the initial lock network on the terminal.
  9. 一种数据处理方法,所述方法包括:A data processing method, the method comprising:
    终端收到基于所述第二信息得到的第二信息副本;Receiving, by the terminal, a second information copy obtained based on the second information;
    终端发送用于唯一标识终端身份的第三信息和第二信息副本给服务器,请求鉴权以用于从服务器获取用于锁网的第四信息。The terminal sends a third information and a second information copy for uniquely identifying the identity of the terminal to the server, requesting authentication for obtaining fourth information for locking the network from the server.
  10. 根据权利要求9所述的方法,其中,所述终端发送用于唯一标识终端身份的第三信息和第二信息副本给服务器,包括:The method according to claim 9, wherein the terminal sends a third information and a second information copy for uniquely identifying the identity of the terminal to the server, including:
    所述终端检测到本地不存在用于锁网的信息时,则所述终端将所述第三信息和所述第二信息副本封装到第一数据处理请求中发送给服务器;When the terminal detects that there is no information for the lock network locally, the terminal encapsulates the third information and the second information copy into a first data processing request and sends the information to the server;
    所述第二信息副本与所述第二信息完全相同,或者,The second information copy is identical to the second information, or
    所述第二信息副本与所述第二信息部分相同。The second copy of information is the same as the second information portion.
  11. 根据权利要求9或10所述的方法,其中,所述方法还包括:The method of claim 9 or 10, wherein the method further comprises:
    所述终端在收到所述第二信息副本之后接收到所述第四信息,所述第四信息用于对所述终端进行初始锁网使用;Receiving, by the terminal, the fourth information after receiving the second information copy, where the fourth information is used to perform initial lock network use on the terminal;
    所述终端根据所述第四信息对含有指定识别信息的介质进行初始锁网。The terminal performs an initial lock network on the medium containing the specified identification information according to the fourth information.
  12. 根据权利要求9所述的方法,其中,所述方法还包括:The method of claim 9 wherein the method further comprises:
    所述终端在收到所述第二信息副本之前或同时接收到用于锁网的第五 信息;Receiving, by the terminal, the fifth for locking the network before or at the same time receiving the copy of the second information information;
    所述终端根据所述第五信息对含有指定识别信息的介质进行初始锁网。The terminal performs an initial lock network on the medium containing the specified identification information according to the fifth information.
  13. 根据权利要求12所述的方法,其中,所述方法还包括:The method of claim 12, wherein the method further comprises:
    所述终端根据所述第二信息副本检测到达到有效阈值需要更新锁网信息时,将所述第三信息、所述第二信息副本、请求更新的标识信息封装到第二数据处理请求中发送给服务器;When the terminal detects that the lock threshold information needs to be updated according to the second information copy, the terminal encapsulates the third information, the second information copy, and the updated update request information into a second data processing request. Give the server;
    所述终端接收到所述第四信息,所述第四信息还用于对所述终端进行初始锁网后的参数更新使用;Receiving, by the terminal, the fourth information, where the fourth information is further used to perform parameter update after initial locking of the terminal;
    所述终端根据所述第四信息对含有指定识别信息的介质进行锁网更新。The terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  14. 根据权利要求12所述的方法,其中,所述方法还包括:The method of claim 12, wherein the method further comprises:
    所述终端收到服务器主动发起的第三数据处理请求,所述第三数据处理请求中至少携带所述第一信息、请求更新的标识信息;Receiving, by the terminal, a third data processing request initiated by the server, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
    所述终端在服务器鉴权成功后接收到所述第四信息,所述第四信息还用于对所述终端进行初始锁网后的参数更新使用;The terminal receives the fourth information after the server is successfully authenticated, and the fourth information is further used to perform parameter update after the initial lock network on the terminal;
    所述终端根据所述第四信息对含有指定识别信息的介质进行锁网更新。The terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  15. 一种服务器,所述服务器包括:A server, the server comprising:
    第一获取单元,配置为获取用于唯一标识终端身份的第一信息;a first acquiring unit, configured to acquire first information for uniquely identifying a terminal identity;
    信息生成单元,配置为根据所述第一信息生成对终端进行安全性认证的第二信息;An information generating unit, configured to generate second information for performing security authentication on the terminal according to the first information;
    存储单元,配置为本地保存所述第一信息和所述第二信息;a storage unit configured to locally save the first information and the second information;
    第一发送单元,配置为发送基于所述第二信息得到的第二信息副本给终端; a first sending unit, configured to send a second information copy obtained based on the second information to the terminal;
    鉴权单元,配置为将从所述终端获取的第三信息和第二信息副本与本地保存的第一信息和第二信息进行比对以进行安全性认证的鉴权,鉴权成功时颁发许可确认并发送用于锁网的第四信息给所述终端。The authentication unit is configured to compare the third information and the second information copy obtained from the terminal with the locally saved first information and the second information for authentication of the security authentication, and issue the license when the authentication succeeds Confirming and transmitting the fourth information for the lock network to the terminal.
  16. 根据权利要求15所述的服务器,其中,所述存储单元,还配置为以所述第一信息为索引建立与所述第一信息相关的第一档案信息并保存;The server according to claim 15, wherein the storage unit is further configured to establish and save the first file information related to the first information by using the first information as an index;
    所述第一档案信息中至少包括所述第二信息和所述第四信息;The first file information includes at least the second information and the fourth information;
    所述第四信息用于对所述终端进行初始锁网使用。The fourth information is used to perform initial lock network use on the terminal.
  17. 根据权利要求16所述的服务器,其中,所述鉴权单元,还包括:The server according to claim 16, wherein the authentication unit further comprises:
    第一处理子单元,配置为获取第一数据处理请求,所述第一数据处理请求中至少携带所述终端提交的所述第三信息和所述第二信息副本;The first processing sub-unit is configured to acquire a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
    解析子单元,配置为解析所述第一数据请求,得到所述第三信息和第二信息副本,所述第三信息用于唯一标识终端身份;a parsing subunit configured to parse the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity;
    比对子单元,配置为比对出所述第二信息副本与所述第二信息完全相同,且所述第三信息与所述第一信息相同,则安全性认证的鉴权成功。The comparison subunit is configured to compare that the second information copy is identical to the second information, and the third information is the same as the first information, and the authentication of the security authentication is successful.
  18. 根据权利要求16所述的服务器,其中,所述鉴权单元,还包括:The server according to claim 16, wherein the authentication unit further comprises:
    第一处理子单元,配置为获取第一数据处理请求,所述第一数据处理请求中至少携带所述终端提交的所述第三信息和所述第二信息副本;The first processing sub-unit is configured to acquire a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
    解析子单元,配置为所述服务器解析所述第一数据请求,得到所述第三信息和第二信息副本,所述第三信息用于唯一标识终端身份;a parsing subunit configured to parse the first data request by the server to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity;
    比对子单元,配置为比对出所述第二信息副本与所述第二信息部分相同,按照预设规则对所述第二信息副本与所述第二信息进行运算,若运算结果为匹配,且所述第三信息与所述第一信息相同,则安全性认证的鉴权成功。Comparing the sub-units, configured to compare the second information copy with the second information part, and perform operations on the second information copy and the second information according to a preset rule, if the operation result is a match And the third information is the same as the first information, and the authentication of the security authentication is successful.
  19. 根据权利要求17或18所述的服务器,其中,所述鉴权单元,还包括: The server according to claim 17 or 18, wherein the authentication unit further comprises:
    许可颁发子单元,配置为对所述终端的安全性认证鉴权成功后,将所述第一信息作为用于搜索的索引关键信息从所述第一档案信息中提取与所述第一信息对应的第四信息,并发送给所述终端。a license issuance sub-unit configured to: after the authentication of the security authentication of the terminal is successful, extract the first information as index key information for searching, and extract, from the first file information, the first information The fourth information is sent to the terminal.
  20. 根据权利要求15所述的服务器,其中,所述第一发送单元,还配置为发送第二信息副本之前或同时,还发送用于锁网的第五信息给所述终端;The server according to claim 15, wherein the first sending unit is further configured to send a fifth information for locking the network to the terminal before or at the same time of transmitting the second information copy;
    所述第五信息用于对所述终端进行初始锁网使用。The fifth information is used to perform initial lock network use on the terminal.
  21. 根据权利要求20所述的服务器,其中,所述服务器还包括:The server of claim 20, wherein the server further comprises:
    第二获取单元,配置为获取第二数据处理请求,所述第二数据处理请求中至少携带所述终端提交的所述第三信息、所述第二信息副本、请求更新的标识信息;a second acquiring unit, configured to acquire a second data processing request, where the second data processing request carries at least the third information submitted by the terminal, the second information copy, and the identifier information that is requested to be updated;
    所述第四信息还用于对所述终端进行初始锁网后的参数更新使用。The fourth information is further used to perform parameter update after the initial lock network on the terminal.
  22. 根据权利要求20所述的服务器,其中,所述服务器还包括:The server of claim 20, wherein the server further comprises:
    第二发送单元,配置为主动发起第三数据处理请求,所述第三数据处理请求中至少携带所述第一信息、请求更新的标识信息;a second sending unit, configured to actively initiate a third data processing request, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
    所述第四信息还用于对所述终端进行初始锁网后的参数更新使用。The fourth information is further used to perform parameter update after the initial lock network on the terminal.
  23. 一种终端,所述终端包括:A terminal, the terminal comprising:
    第一接收单元,配置为收到基于所述第二信息得到的第二信息副本;a first receiving unit, configured to receive a second information copy obtained based on the second information;
    第三发送单元,配置为发送用于唯一标识终端身份的第三信息和第二信息副本给服务器,请求鉴权以用于从服务器获取用于锁网的第四信息。And a third sending unit, configured to send a third information and a second information copy for uniquely identifying the identity of the terminal to the server, requesting authentication for acquiring fourth information for locking the network from the server.
  24. 根据权利要求23所述的终端,其中,所述终端还包括:The terminal of claim 23, wherein the terminal further comprises:
    第一检测单元,配置为检测本地是否存在用于锁网的信息,得到第一检测结果并发送给所述第三发送单元;The first detecting unit is configured to detect whether there is local information for locking the network, obtain a first detection result, and send the result to the third sending unit;
    所述第三发送单元,还配置为所述第一检测结果为本地不存在用于锁网的信息时,将所述第三信息和所述第二信息副本封装到第一数据处理请 求中发送给服务器;The third sending unit is further configured to: when the first detection result is that there is no information for the network lock, the third information and the second information copy are encapsulated into the first data processing request. Request to send to the server;
    所述第二信息副本与所述第二信息完全相同,或者,The second information copy is identical to the second information, or
    所述第二信息副本与所述第二信息部分相同。The second copy of information is the same as the second information portion.
  25. 根据权利要求23或24所述的终端,其中,所述终端还包括:The terminal according to claim 23 or 24, wherein the terminal further comprises:
    第二接收单元,配置为在收到所述第二信息副本之后接收到所述第四信息,所述第四信息用于对所述终端进行初始锁网使用;a second receiving unit, configured to receive the fourth information after receiving the second information copy, where the fourth information is used to perform initial lock network use on the terminal;
    锁网单元,配置为根据所述第四信息对含有指定识别信息的介质进行初始锁网。The lock network unit is configured to perform an initial lock network on the medium containing the specified identification information according to the fourth information.
  26. 根据权利要求23所述的终端,其中,所述第一接收单元,还配置为在收到所述第二信息副本之前或同时接收到用于锁网的第五信息;The terminal according to claim 23, wherein the first receiving unit is further configured to receive the fifth information for locking the network before or at the same time receiving the copy of the second information;
    所述终端还包括:The terminal further includes:
    锁网单元,配置为所述终端根据所述第五信息对含有指定识别信息的介质进行初始锁网。The lock network unit is configured to: the terminal performs an initial lock network on the medium containing the specified identification information according to the fifth information.
  27. 根据权利要求26所述的终端,其中,所述终端还包括:The terminal of claim 26, wherein the terminal further comprises:
    第二检测单元,配置为根据所述第二信息副本检测是否达到有效阈值需要更新锁网信息,得到第二检测结果并发送给所述第三发送单元;The second detecting unit is configured to: according to the second information copy detecting whether the effective threshold is reached, the lock network information needs to be updated, and the second detection result is obtained and sent to the third sending unit;
    所述第三发送单元,还配置为所述第二检测结果为达到有效阈值需要更新锁网信息时,将所述第三信息、所述第二信息副本、请求更新的标识信息封装到第二数据处理请求中发送给服务器;The third sending unit is further configured to: when the second detection result is that the lock network information needs to be updated to reach the effective threshold, the third information, the second information copy, and the update information of the request update are encapsulated into the second The data processing request is sent to the server;
    所述第二接收单元,还配置为接收到所述第四信息,所述第四信息还用于对所述终端进行初始锁网后的参数更新使用;The second receiving unit is further configured to receive the fourth information, where the fourth information is further used to perform parameter update after the initial locking of the terminal;
    所述锁网单元,还配置为所述终端根据所述第四信息对含有指定识别信息的介质进行锁网更新。The lock network unit is further configured to: the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  28. 根据权利要求26所述的终端,其中,所述第二接收单元,还配置为收到服务器主动发起的第三数据处理请求,所述第三数据处理请求中至 少携带所述第一信息、请求更新的标识信息;服务器鉴权成功后接收到所述第四信息,所述第四信息还用于对所述终端进行初始锁网后的参数更新使用;The terminal according to claim 26, wherein the second receiving unit is further configured to receive a third data processing request initiated by the server, and the third data processing request is The first information is requested to be updated, and the updated information is requested to be updated; after the server is successfully authenticated, the fourth information is received, and the fourth information is further used to update the parameter after the initial lock network is performed on the terminal;
    所述锁网单元,还配置为根据所述第四信息对含有指定识别信息的介质进行锁网更新。 The lock network unit is further configured to perform a lock network update on the medium containing the specified identification information according to the fourth information.
PCT/CN2015/079971 2014-11-05 2015-05-27 Method for processing data, server and terminal WO2016070611A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410620996.6 2014-11-05
CN201410620996.6A CN104469736B (en) 2014-11-05 2014-11-05 A kind of data processing method, server and terminal

Publications (1)

Publication Number Publication Date
WO2016070611A1 true WO2016070611A1 (en) 2016-05-12

Family

ID=52914951

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/079971 WO2016070611A1 (en) 2014-11-05 2015-05-27 Method for processing data, server and terminal

Country Status (2)

Country Link
CN (1) CN104469736B (en)
WO (1) WO2016070611A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104469736B (en) * 2014-11-05 2018-01-19 中兴通讯股份有限公司 A kind of data processing method, server and terminal
CN106815734B (en) * 2015-11-27 2022-02-08 方正国际软件(北京)有限公司 Information transmission method and device
CN108959906B (en) * 2018-07-13 2020-08-21 Oppo广东移动通信有限公司 Data acquisition method, mobile terminal, electronic device, production line calibration system, readable storage medium and computer device
CN110414248B (en) * 2019-07-11 2021-03-12 珠海格力电器股份有限公司 Method for debugging microprocessor and microprocessor
CN110505225B (en) * 2019-08-21 2022-05-17 Oppo(重庆)智能科技有限公司 Terminal card locking method and device and computer readable storage medium
CN113938873B (en) * 2020-07-14 2024-04-16 宇龙计算机通信科技(深圳)有限公司 Network card locking method and device, storage medium and terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018125A (en) * 2007-03-02 2007-08-15 中兴通讯股份有限公司 Radio terminal security network and card locking method based on the ellipse curve public key cipher
CN101521886A (en) * 2009-01-21 2009-09-02 北京握奇数据系统有限公司 Method and device for authenticating terminal and telecommunication smart card
CN102113358A (en) * 2008-12-31 2011-06-29 中兴通讯股份有限公司 Method, system and terminal device for realizing locking network by terminal device
CN104469736A (en) * 2014-11-05 2015-03-25 中兴通讯股份有限公司 Data processing method, server and terminal

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026834A (en) * 2007-01-17 2007-08-29 中兴通讯股份有限公司 Locking method and unlocking method
CN101141731B (en) * 2007-08-08 2010-06-02 中兴通讯股份有限公司 Method and apparatus for implementing terminal network locking
CN101616401B (en) * 2009-07-21 2011-12-07 中兴通讯股份有限公司 Method for realizing locking of user number by wireless terminal device, unlocking method and device
CN101742483B (en) * 2009-12-16 2013-07-03 中兴通讯股份有限公司 Method and system for unlocking locked network of terminal
CN102118737A (en) * 2011-03-23 2011-07-06 中兴通讯股份有限公司 Method for remotely acquiring network locking information and terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018125A (en) * 2007-03-02 2007-08-15 中兴通讯股份有限公司 Radio terminal security network and card locking method based on the ellipse curve public key cipher
CN102113358A (en) * 2008-12-31 2011-06-29 中兴通讯股份有限公司 Method, system and terminal device for realizing locking network by terminal device
CN101521886A (en) * 2009-01-21 2009-09-02 北京握奇数据系统有限公司 Method and device for authenticating terminal and telecommunication smart card
CN104469736A (en) * 2014-11-05 2015-03-25 中兴通讯股份有限公司 Data processing method, server and terminal

Also Published As

Publication number Publication date
CN104469736A (en) 2015-03-25
CN104469736B (en) 2018-01-19

Similar Documents

Publication Publication Date Title
EP3550783B1 (en) Internet of things device burning verification method and apparatus
WO2016070611A1 (en) Method for processing data, server and terminal
CN110149328B (en) Interface authentication method, device, equipment and computer readable storage medium
CN102104869B (en) Secure subscriber identity module service
US9306954B2 (en) Apparatus, systems and method for virtual desktop access and management
JP6337642B2 (en) Method for securely accessing a network from a personal device, personal device, network server, and access point
TW201741922A (en) Biological feature based safety certification method and device
EP3099090B1 (en) Network locking or card locking method and device for a mobile terminal, terminal, sim card, storage media
WO2019079928A1 (en) Access token management method, terminal and server
US20150296377A1 (en) Sharing security keys with headless devices
CN109756446B (en) Access method and system for vehicle-mounted equipment
EP2924944B1 (en) Network authentication
CN109067881B (en) Remote authorization method, device, equipment and storage medium thereof
KR20150124868A (en) Secure user two factor authentication method and system from Personal infomation leaking and smishing
WO2016188335A1 (en) Access control method, apparatus and system for user data
US7693675B2 (en) Method for protection of sensor node's data, a systems for secure transportation of a sensor node and a sensor node that achieves these
JP2017152880A (en) Authentication system, key processing coordination method, and key processing coordination program
AU2017285865A1 (en) Mobile authentication method and system therefor
US20110154436A1 (en) Provider Management Methods and Systems for a Portable Device Running Android Platform
KR20240023589A (en) Cross authentication method and system between online service server and client
CN105357224A (en) Intelligent household gateway register, remove method and system
CN107818255B (en) Method for enhancing system security based on fingerprint identification encryption
CN112514323A (en) Electronic device for processing digital key and operation method thereof
KR101879843B1 (en) Authentication mehtod and system using ip address and short message service
EP2985712B1 (en) Application encryption processing method, apparatus, and terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15857831

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15857831

Country of ref document: EP

Kind code of ref document: A1