WO2016070611A1 - Procédé de traitement de données, serveur et terminal - Google Patents

Procédé de traitement de données, serveur et terminal Download PDF

Info

Publication number
WO2016070611A1
WO2016070611A1 PCT/CN2015/079971 CN2015079971W WO2016070611A1 WO 2016070611 A1 WO2016070611 A1 WO 2016070611A1 CN 2015079971 W CN2015079971 W CN 2015079971W WO 2016070611 A1 WO2016070611 A1 WO 2016070611A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
terminal
server
copy
lock network
Prior art date
Application number
PCT/CN2015/079971
Other languages
English (en)
Chinese (zh)
Inventor
李伟
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016070611A1 publication Critical patent/WO2016070611A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity

Definitions

  • the present invention relates to communication technologies, and in particular, to a data processing method, a server, and a terminal.
  • wireless data service terminals such as smart phones
  • data processing can be performed by means of a wireless local area network such as WIFI or a network constructed by a mobile data network provided by various major operators.
  • a scenario of data processing may be: considering that each operator in order to maintain its own interests, the control requirements of the mobile data networks provided by the operators are also higher and higher, which is mainly reflected in the operators' low competitiveness in order to improve their own competitiveness. Selling or distributing a medium containing specific identification information at a price to provide a uniquely-identified terminal with a special low-cost or subsidized service provided by the operator, and other terminals cannot enjoy the preferential service. There is a need to ensure a security issue, that is, to ensure that the carrier's specific terminal is only allowed to operate under the carrier's network to enjoy this preferential service and prohibit the use of other networks.
  • the prior art is implemented by using different lock network tools corresponding to different operator platforms or corresponding different terminal chips (such as MediaTek or Qualcomm chips), that is, using a plurality of dedicated specific lock network tools.
  • the terminal performs lock network processing to avoid being illegally cracked. Therefore, it is necessary to maintain too many dedicated specific lock network tools.
  • Different platforms or chips need to adopt different lock network policies and parameters for processing, which is inconvenient to manage; After the processing is completed, it has already reached the user's hand. If there is a problem, it needs to be returned to the factory to be re-processed. The cost of returning to the factory for maintenance is high. low efficiency. There are no effective solutions to these problems in the prior art.
  • the embodiments of the present invention are intended to provide a data processing method, a server, and a terminal, which at least solve the problems existing in the prior art.
  • a data processing method includes:
  • the server obtains first information for uniquely identifying the identity of the terminal
  • the server generates second information for performing security authentication on the terminal according to the first information.
  • the server locally saves the first information and the second information, and sends a second information copy obtained based on the second information to the terminal;
  • the server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, and when the authentication succeeds, the license confirmation is issued and sent for The fourth information of the lock network is given to the terminal.
  • the server locally stores the first information and the second information, including:
  • the server establishes and saves the first file information related to the first information by using the first information as an index;
  • the first file information includes at least the second information and the fourth information
  • the fourth information is used to perform initial lock network use on the terminal.
  • the server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, including:
  • the server acquires a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
  • the server parses the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity;
  • the server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, including:
  • the server acquires a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
  • the server parses the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity;
  • the license confirmation is issued and the fourth information for the lock network is sent to the terminal, including:
  • the first information is used as the index key information for searching, and the fourth information corresponding to the first information is extracted from the first file information. And sent to the terminal.
  • the server locally saves the first information and the second information, and sends a second information copy obtained based on the second information to the terminal, and further includes:
  • the fifth information is used to perform initial lock network use on the terminal.
  • the server before the server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, the server further includes:
  • the server acquires a second data processing request, where the second data processing request carries at least the third information submitted by the terminal, the second information copy, and the updated identification letter interest;
  • the fourth information is used to perform parameter update after the initial lock network on the terminal.
  • the server before the server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, the server further includes:
  • the server actively initiates a third data processing request, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
  • the fourth information is used to perform parameter update after the initial lock network on the terminal.
  • a data processing method includes:
  • the terminal sends a third information and a second information copy for uniquely identifying the identity of the terminal to the server, requesting authentication for obtaining fourth information for locking the network from the server.
  • the terminal sends a third information and a second information copy for uniquely identifying the identity of the terminal to the server, including:
  • the terminal When the terminal detects that there is no information for the lock network locally, the terminal encapsulates the third information and the second information copy into a first data processing request and sends the information to the server;
  • the second information copy is identical to the second information, or
  • the second copy of information is the same as the second information portion.
  • the method further includes:
  • the terminal performs an initial lock network on the medium containing the specified identification information according to the fourth information.
  • the method further includes:
  • the terminal performs an initial lock network on the medium containing the specified identification information according to the fifth information.
  • the method further includes:
  • the terminal When the terminal detects that the lock threshold information needs to be updated according to the second information copy, the terminal encapsulates the third information, the second information copy, and the updated update request information into a second data processing request. Give the server;
  • the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  • the method further includes:
  • the terminal Receiving, by the terminal, a third data processing request initiated by the server, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
  • the terminal receives the fourth information after the server is successfully authenticated, and the fourth information is further used to perform parameter update after the initial lock network on the terminal;
  • the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  • the server includes:
  • a first acquiring unit configured to acquire first information for uniquely identifying a terminal identity
  • An information generating unit configured to generate second information for performing security authentication on the terminal according to the first information
  • a storage unit configured to locally save the first information and the second information
  • a first sending unit configured to send a second information copy obtained based on the second information to the terminal
  • the authentication unit is configured to compare the third information and the second information copy obtained from the terminal with the locally saved first information and the second information for authentication of the security authentication, and issue the license when the authentication succeeds Confirming and transmitting the fourth information for the lock network to the terminal.
  • the storage unit is further configured to establish, by using the first information as an index, first file information related to the first information and save the information;
  • the first file information includes at least the second information and the fourth information
  • the fourth information is used to perform initial lock network use on the terminal.
  • the authentication unit includes:
  • the first processing sub-unit is configured to acquire a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
  • a parsing subunit configured to parse the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity
  • the comparison subunit is configured to compare that the second information copy is identical to the second information, and the third information is the same as the first information, and the authentication of the security authentication is successful.
  • the authentication unit further includes:
  • the first processing sub-unit is configured to acquire a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
  • a parsing subunit configured to parse the first data request by the server to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity
  • Comparing the sub-units configured to compare the second information copy with the second information part, and perform operations on the second information copy and the second information according to a preset rule, if the operation result is a match And the third information is the same as the first information, and the authentication of the security authentication is successful.
  • the authentication unit further includes:
  • the first information is used as index key information for searching to extract fourth information corresponding to the first information from the first file information, and is sent to the terminal.
  • the first sending unit is further configured to send the fifth information for locking the network to the terminal before or at the same time of transmitting the second information copy;
  • the fifth information is used to perform initial lock network use on the terminal.
  • the server further includes:
  • a second acquiring unit configured to acquire a second data processing request, where the second data processing request carries at least the third information submitted by the terminal, the second information copy, and the identifier information that is requested to be updated;
  • the fourth information is further used to perform parameter update after the initial lock network on the terminal.
  • the server further includes:
  • a second sending unit configured to actively initiate a third data processing request, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
  • the fourth information is further used to perform parameter update after the initial lock network on the terminal.
  • the unit, the license issuance subunit, the second acquisition unit, and the second sending unit may use a central processing unit (CPU), a digital signal processor (DSP, Digital Singnal Processor) when performing processing. ) or programmable logic array (FPGA, Field-Programmable Gate Array) implementation.
  • CPU central processing unit
  • DSP digital signal processor
  • FPGA Field-Programmable Gate Array
  • a first receiving unit configured to receive a second information copy obtained based on the second information
  • a third sending unit configured to send a third information and a second information copy for uniquely identifying the identity of the terminal to the server, requesting authentication for acquiring fourth information for locking the network from the server.
  • the terminal further includes:
  • the first detecting unit is configured to detect whether there is local information for locking the network, obtain a first detection result, and send the result to the third sending unit;
  • the third sending unit is further configured to: when the first detection result is that there is no information for locking the network locally, the third information and the second information copy are encapsulated and sent to the first data processing request. Give the server;
  • the second information copy is identical to the second information, or
  • the second copy of information is the same as the second information portion.
  • the terminal further includes:
  • a second receiving unit configured to receive the fourth information after receiving the second information copy, where the fourth information is used to perform initial lock network use on the terminal;
  • the lock network unit is configured to perform an initial lock network on the medium containing the specified identification information according to the fourth information.
  • the first receiving unit is further configured to receive the fifth information for locking the network before or at the same time receiving the copy of the second information
  • the terminal further includes:
  • the lock network unit is configured to: the terminal performs an initial lock network on the medium containing the specified identification information according to the fifth information.
  • the terminal further includes:
  • the second detecting unit is configured to: according to the second information copy detecting whether the effective threshold is reached, the lock network information needs to be updated, and the second detection result is obtained and sent to the third sending unit;
  • the third sending unit is further configured to: when the second detection result is that the lock network information needs to be updated to reach the effective threshold, the third information, the second information copy, and the update information of the request update are encapsulated into the second The data processing request is sent to the server;
  • the second receiving unit is further configured to receive the fourth information, where the fourth information is further used to perform parameter update after the initial locking of the terminal;
  • the lock network unit is further configured to: the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  • the second receiving unit is further configured to receive a third data processing request initiated by the server, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated; After the success of the right, the fourth information is received, and the fourth information is further used to perform parameter update after the initial lock network on the terminal;
  • the lock network unit is further configured to perform a lock network update on the medium containing the specified identification information according to the fourth information.
  • the first receiving unit, the third sending unit, the first detecting unit, the second receiving unit, the lock net unit, and the second detecting unit may adopt a central processing unit when performing processing (CPU, Central Processing Unit), digital signal processor (DSP, Digital Singnal Processor) or Programmable Array Array (FPGA).
  • CPU Central Processing Unit
  • DSP Digital Singnal Processor
  • FPGA Programmable Array Array
  • the method of the embodiment of the present invention includes: the server acquires first information for uniquely identifying the identity of the terminal; the server generates second information for performing security authentication on the terminal according to the first information; and the server locally saves the first information and the Transmitting the second information, sending a second information copy obtained based on the second information to the terminal; the server compares the third information and the second information copy acquired from the terminal with the locally saved first information and the second information For the authentication for security authentication, when the authentication succeeds, a license confirmation is issued and the fourth information for the lock network is sent to the terminal.
  • the network locking tool is not needed in the scenario of the lock network. Therefore, for a plurality of platforms, multiple chips, etc., a plurality of dedicated specific lock network tools are used to terminate the terminal.
  • the limitation of the lock network processing is achieved, thereby achieving the effect of not requiring maintenance of a dedicated dedicated lock network tool, and improving the convenience of management; and, through such remote management, even if the terminal processing has reached the user's hand, there is a problem. It also does not need to be returned to the factory for re-processing, and can be remotely managed through the server, thus reducing the maintenance of returning to the factory. This also improves processing efficiency.
  • FIG. 3 is a schematic structural diagram of a server embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a terminal embodiment of the present invention.
  • FIG. 5 is a schematic diagram of establishing a file by a production line terminal of an application scenario according to an embodiment of the present invention
  • FIG. 6 is a flow chart of implementing a lock network for applying the file created in FIG. 5.
  • the embodiment of the invention provides a data processing method. As shown in FIG. 1 , the method includes:
  • Step 101 The server acquires first information for uniquely identifying the identity of the terminal.
  • the first information may be a hardware ID.
  • Step 102 The server generates second information for performing security authentication on the terminal according to the first information.
  • the second information may be various certificate information for digital encryption and digital signature.
  • Step 103 The server locally saves the first information and the second information, and sends a second information copy obtained based on the second information to the terminal.
  • the second information copy may be identical to the second information; or may be the same as the second information part, for example, the second information copy may include at least the second information, as long as security authentication can be achieved. .
  • Step 104 The server compares the third information and the second information copy obtained by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, and issues a license confirmation when the authentication succeeds. Sending fourth information for the lock network to the terminal.
  • the fourth information may be a lock network parameter for locking a SIM card, so that the uniquely-identified terminal provides a preferential service such as a specific low price or subsidy provided by the operator, and other terminals cannot enjoy the same.
  • the preferential service that is, to ensure that the specific terminal of the operator is only allowed to operate under the network of the operator, to enjoy the preferential service, prohibiting the use of other networks.
  • the limitation of using a plurality of dedicated specific lock network tools to lock the network of the terminal is eliminated, thereby achieving a dedicated lock that does not require excessive maintenance.
  • the effect of the network tool improves the convenience of management; Moreover, through this remote management, even if the terminal has finished processing, it has reached the user's hand, and there is a problem that it does not need to be returned to the factory to be reprocessed, and the remote management can be performed through the server. Reduced the cost of returning to the factory and increased processing efficiency.
  • the server locally saves the first information and the second information, including: the server establishes, by using the first information as an index, a first information related to the first information. And storing the file information; the first file information includes at least the second information and the fourth information.
  • the fourth information is used for initial lock network use of the terminal.
  • the server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, including :
  • A1 The server acquires a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal.
  • the first data processing request may be to issue a prototype usage permission request to obtain a lock network parameter for performing subsequent lock network processing, and the permission request may also be referred to as a lock network request.
  • the server parses the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity.
  • the third information is similar to the first information, and is also information of a hardware ID class. As with the first information, it may be different, and the authentication is performed by subsequent authentication.
  • the second information is identical to the second information, and the third information is the same as the first information, and the authentication of the security authentication is successful.
  • the server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication, including :
  • the server acquires a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal.
  • the first data processing request may be to issue a prototype usage permission request to obtain a lock network parameter for performing subsequent lock network processing, and the permission request may also be referred to as a lock network request.
  • the server parses the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity.
  • the third information is similar to the first information, and is also information of a hardware ID class, which may be the same as or different from the first information, and is authenticated by subsequent authentication.
  • the implementation of the above A1-A3 is that the second information copy is identical to the second information, and no operation is required, and the implementation of the B1-B3 is that the second information copy is the same as the second information part, and the operation is required. If the operation result is a match, and the third information is the same as the first information, the authentication of the security authentication is successful.
  • a license confirmation is issued and the fourth information for the network is sent to the terminal, including:
  • the server After the server successfully authenticates the security authentication of the terminal, extracting, by using the first information as index key information for searching, the first information pair from the first file information.
  • the fourth information should be sent to the terminal.
  • the server locally saves the first information and the second information, and sends a second information copy obtained based on the second information to the terminal, further comprising: sending, by the server The fifth information for the lock network is also sent to the terminal before or at the same time as the second information copy.
  • the fifth information is used for initial lock network use of the terminal.
  • a scenario is to initially send only a certificate, that is, if the terminal is a mobile phone, the mobile phone does not have a lock network parameter when it is sold, and then sends a hardware ID to the server to request a lock network parameter.
  • the server will send the terminal to the terminal;
  • another scenario is to send the certificate and the lock network parameters initially, that is to say, for the terminal to be the mobile phone, the mobile phone has the lock network parameter when it is sold, and then sends the hardware ID to the server. This is done in order to update the lock network parameters.
  • the server will send the updated lock network parameters to the terminal. This is a different remote management of the two server-to-terminal.
  • the server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication.
  • the method further includes: the server acquiring a second data processing request, where the second data processing request carries at least the third information submitted by the terminal, the second information copy, and identifier information that is requested to be updated.
  • the fourth information is used to perform parameter update after the initial lock on the terminal.
  • the server compares the third information and the second information copy acquired by the terminal with the locally saved first information and the second information to perform authentication of the security authentication.
  • the method further includes: the server actively initiating a third data processing request, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated.
  • the fourth information is used to perform parameter update after the initial lock on the terminal.
  • the embodiment of the invention provides a data processing method. As shown in FIG. 2, the method includes:
  • Step 201 The terminal receives a second information copy obtained based on the second information.
  • Step 202 The terminal sends a third information and a second information copy for uniquely identifying the identity of the terminal to the server, and requests authentication for obtaining fourth information for locking the network from the server.
  • the terminal sends a third information and a second information copy for uniquely identifying the identity of the terminal to the server, including: when the terminal detects that there is no information for the network to be locked locally, The terminal encapsulates the third information and the second information copy into a first data processing request and sends the copy to the server.
  • the second information copy is identical to the second information, or the second information copy is identical to the second information portion.
  • the method further includes:
  • the terminal receives the fourth information after receiving the second information copy, where the fourth information is used to perform initial lock network use on the terminal.
  • the terminal performs initial lock network on the medium containing the specified identification information according to the fourth information.
  • the medium containing the specified identification information may be a SIM card or a USIM card.
  • a scenario in which the embodiment of the present invention is used is: the terminal finds that there is no lock network data, and can request data such as lock network parameters from an authorized server through the Internet or other connection path.
  • Each operation uses data such as lock network parameters issued by the server, such as a lock network list to determine whether the SIM card inserted by the user is a legitimate card.
  • the server can only write important certificate information on the production line terminal.
  • the network accesses the authorized server to obtain data such as the lock network parameters. In this case, any shipping prototype can wait. After the sales are given to the user, the network is locked. For the unsold inventory, because the network is not locked, it is not necessary to increase the huge maintenance caused by the re-locking rework caused by the traditional prototype shipment. cost.
  • the method further includes:
  • the terminal receives the lock for the network before or at the same time receiving the copy of the second information. Fifth message.
  • the terminal performs initial lock network on the medium containing the specified identification information according to the fifth information.
  • the terminal when the second information replica detects that the valid threshold is reached, needs to update the lock network information, and encapsulates the third information, the second information replica, and the identifier information that is requested to be updated into the second data processing request. Sent to the server.
  • the certificate information can be used for 2 years, and after 2 years, the lock network information needs to be re-applied, and the threshold is 2 years.
  • the terminal receives the fourth information, where the fourth information is further used to perform parameter update after initial locking of the terminal.
  • the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  • an application scenario may be: the server issues a certificate at the time of production, and the authorized center locks the network, and then directly delivers the product. In this case, if the rework is re-locked in the later stage, only the need is needed. Erase the important data such as the lock network parameters of the prototype, and then obtain the important parameters for the first time or the lock network information is issued by the authorization center.
  • the method further includes:
  • the terminal Receiving, by the terminal, a third data processing request initiated by the server, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
  • the terminal receives the fourth information after the server is successfully authenticated, and the fourth information is further used to perform parameter update after the initial lock network on the terminal;
  • the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  • the server includes:
  • the first obtaining unit 11 is configured to acquire first information for uniquely identifying the identity of the terminal;
  • the information generating unit 12 is configured to generate second information for performing security authentication on the terminal according to the first information.
  • the storage unit 13 is configured to locally save the first information and the second information
  • the first sending unit 14 is configured to send a second information copy obtained based on the second information to the terminal;
  • the authentication unit 15 is configured to compare the third information and the second information copy obtained from the terminal with the locally saved first information and the second information to perform authentication of the security authentication, and issue the authentication when the authentication succeeds.
  • the license confirms and sends the fourth information for the lock to the terminal.
  • the storage unit is configured to establish, by using the first information as an index, first file information related to the first information, and save the information;
  • the first file information includes at least the second information and the fourth information
  • the fourth information is used to perform initial lock network use on the terminal.
  • the authentication unit includes:
  • the first processing sub-unit is configured to acquire a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
  • a parsing subunit configured to parse the first data request to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity
  • the comparison subunit is configured to compare that the second information copy is identical to the second information, and the third information is the same as the first information, and the authentication of the security authentication is successful.
  • the authentication unit includes:
  • the first processing sub-unit is configured to acquire a first data processing request, where the first data processing request carries at least the third information and the second information copy submitted by the terminal;
  • a parsing subunit configured to parse the first data request by the server to obtain the third information and the second information copy, where the third information is used to uniquely identify the terminal identity
  • Comparing the sub-units configured to compare the second information copy with the second information part, and perform operations on the second information copy and the second information according to a preset rule, if the operation result is a match And the third information is the same as the first information, and the authentication of the security authentication is successful.
  • the authentication unit further includes:
  • a license issuance sub-unit configured to: after the authentication of the security authentication of the terminal is successful, extract the first information as index key information for searching, and extract, from the first file information, the first information The fourth information is sent to the terminal.
  • the first sending unit is configured to send a fifth information for locking the network to the terminal before or at the same time of transmitting the second information copy;
  • the fifth information is used to perform initial lock network use on the terminal.
  • the server further includes:
  • a second acquiring unit configured to acquire a second data processing request, where the second data processing request carries at least the third information submitted by the terminal, the second information copy, and the identifier information that is requested to be updated;
  • the fourth information is used to perform parameter update after the initial lock network on the terminal.
  • the server further includes:
  • a second sending unit configured to actively initiate a third data processing request, where the third data processing request carries at least the first information, and the identifier information that is requested to be updated;
  • the fourth information is used to perform parameter update after the initial lock network on the terminal.
  • the terminal includes:
  • the first receiving unit 21 is configured to receive a second information copy obtained based on the second information
  • the third sending unit 22 is configured to send third information and a third identifier for uniquely identifying the identity of the terminal. A copy of the information is sent to the server, requesting authentication for obtaining the fourth information for the lock network from the server.
  • the terminal further includes:
  • the first detecting unit is configured to detect whether there is local information for locking the network, obtain a first detection result, and send the result to the third sending unit;
  • the third sending unit is configured to: when the first detection result is that there is no information for the network lock, the third information and the second information copy are encapsulated into the first data processing request and sent to server;
  • the second information copy is identical to the second information, or
  • the second copy of information is the same as the second information portion.
  • the terminal further includes:
  • a second receiving unit configured to receive the fourth information after receiving the second information copy, where the fourth information is used to perform initial lock network use on the terminal;
  • the lock network unit is configured to perform an initial lock network on the medium containing the specified identification information according to the fourth information.
  • the first receiving unit is configured to receive, after receiving the second information copy, or the fifth information for locking the network
  • the terminal further includes:
  • the lock network unit is configured to: the terminal performs an initial lock network on the medium containing the specified identification information according to the fifth information.
  • the terminal further includes:
  • the second detecting unit is configured to: according to the second information copy detecting whether the effective threshold is reached, the lock network information needs to be updated, and the second detection result is obtained and sent to the third sending unit;
  • the third sending unit is configured to: when the second detection result is that the lock network information needs to be updated when the effective threshold is reached, the third information, the second information copy, and the identifier information that is requested to be updated are encapsulated into the second data. Send the request to the server;
  • the second receiving unit is configured to receive the fourth information, where the fourth information is further used to perform parameter update after the initial locking of the terminal;
  • the lock network unit is configured to: the terminal performs a lock network update on the medium containing the specified identification information according to the fourth information.
  • the second receiving unit is configured to receive a third data processing request initiated by the server, where the third data processing request carries at least the first information, and the request is updated. Identification information; after the server is successfully authenticated, the fourth information is received, and the fourth information is further used to update the parameter after the initial lock network of the terminal;
  • the lock network unit is configured to perform a lock network update on the medium containing the specified identification information according to the fourth information.
  • the application scenario of the embodiment of the present invention is directed to a wireless network-based lock network technology for a wireless data terminal device.
  • each operator has a control requirement for the operator network in order to maintain its interests.
  • Increasingly high mainly reflected in the operators to sell their infinite number of terminal equipment at low prices in order to improve their competitiveness; the same number of data service terminals in the form of subsidies, the security requirements are also the highest, security is reflected in
  • the operator's terminal is only allowed to operate under the operator's network, and other networks are prohibited.
  • the control of the network is controlled by important parameters such as MCC/MNC of the SIM card of the mobile phone.
  • the user can only use it.
  • the SIM card that matches the terminal device is used, and the SIM card that does not match the MCC/MNC of the competing card is refused to be used for the purpose of protecting the interests of the operator.
  • lock network The control, protection and maintenance of the SIM card parameter information written by the data terminal are collectively referred to as lock network; in addition to the traditional lock network (compared to MCC, MNC), the lock network usually has a lock subnet (compared to MCC, MNC, 6 digits of IMSI and 7 digits of IMSI), lock company (comparing SIM card MCC, MCC and GID1), etc., such as MCC, MNC, GID1 and other parameters, collectively referred to as lock network Parameters, which are sensitive and are also the focus of protection.
  • the lock network parameters can be written to the data terminal by a tool called a lock network tool.
  • the wireless data terminal is networked, it is controlled by the network for the server for the lock network authorization (such as the server embodiment 1 and various specific implementation manners described in the foregoing embodiments), thereby
  • the advantages are: it can improve production efficiency, reduce production cost and post-maintenance cost of terminal equipment, and can also uniformly manage all equipments through the server authorized by the lock network, such as remote management such as locking, re-locking or unlocking.
  • the application scenario is directed to the above-mentioned problems of the prior art, and aims to reduce the production and maintenance cost for the terminal manufacturer's lock network related solution, and realize convenient remote management through the server authorized by the lock network.
  • An authorized server can also be called a lock network authorization center server or an authorization center server.
  • the specific name is not limited.
  • a server to describe as follows:
  • the server writes the certificate information to the prototype (the certificate information includes the unique hardware ID information of the prototype, and the form thereof may be various, for example, using the root private key of the lock network authorization center server, its hardware ID and some important information. Signature data, etc.), and establish file information (including operator information, product type, shipping area, expecting important information such as MCC/MNC of the lock network, etc.) on the server.
  • the file is created.
  • the prototype request or the server license is issued by the server (that is, important data such as lock network parameters, such important data. Contains the encrypted or signed data of the unique hardware ID or other unique information of the prototype), that is, the user can use it after authorization; when the service life reaches 2 years or a specified number of years, the user can also apply for a server unlock request, and the server can decide whether to request according to the demand. Unlock the user or issue a new certificate.
  • the function of the server is not limited to the above functions, and may also have functions: for example, the form can only write important certificate information on the production line, and the user joins the server after first inserting the SIM card. Important data such as lock network parameters, in this case, any one of the shipping prototypes can be sold to the user to get the hand and then lock the net. For the unsold inventory prototype, because the net is not locked, it is not necessary to increase the shipment due to the traditional prototype. The net reason for the increase in re-locking network rework brings huge maintenance costs.
  • the function of the server can also have functions: for example, the form can also be issued at the time of production, and the authorized center locks the network, and then directly delivers the goods. In this case, if the rework is re-locked in the later stage, only the prototype is needed. Important data such as lock network parameters are erased, and then important data such as lock network parameters are obtained online for the first time or important data such as lock network parameters are uniformly issued by the server.
  • the function of the server can also have functions: for example, the form also includes unified management of the test prototype, such as the test prototype can issue a certificate, assign a management right of the test prototype, can reduce the front or the test staff because of the frequent need to test multiple Projects, while the risk of leaking the lock-net tool required by repeated locks can also reduce or add extra costs due to frequent mailing of prototypes.
  • the form also includes unified management of the test prototype, such as the test prototype can issue a certificate, assign a management right of the test prototype, can reduce the front or the test staff because of the frequent need to test multiple Projects, while the risk of leaking the lock-net tool required by repeated locks can also reduce or add extra costs due to frequent mailing of prototypes.
  • Message 1 During the production process, the production line interacts with the terminal through the lock network tool to obtain the message flow for writing the hardware ID permission. Only if the return is successful, the lock network tool has permission to write data to The terminal cannot obtain this permission for illegal users and cannot write information such as hardware ID.
  • the lock network tool randomly generates a hardware ID, and sends the hardware ID to the terminal.
  • the terminal first checks whether there is a hardware ID. If the hardware ID already exists, the test returns the existing hardware ID to the lock network tool; if the hardware ID does not exist, Then write the hardware ID, and then return the written hardware ID to the lock network tool.
  • This message can also contain other important information and additional information in addition to the hardware ID.
  • the lock network tool is connected to the server for the lock network authorization through the network or other connection mode, or the connection to the server for the lock network authorization is updated after the temporary server is connected.
  • the information for applying for permission includes important identity information such as the ID of the lock network tool, so that the server used for the lock network authorization can determine its identity. Only the authorized lock network tool can apply for the permission of the server for the lock network authorization, which greatly improves the data security.
  • the lock network tool obtains the root public key rPb of the server from the server for the lock network authorization and the unique certificate issued by the server to the terminal, and a pair of random public and private keys Pb and Pi are used for interaction in the data communication process or Encrypted and decrypted.
  • the lock network tool returns the result obtained from the message 4 to the terminal, so that the terminal saves the public and private key and the data information such as the signature, so as to be used for subsequent lock network or re-locking.
  • the lock network tool requests the server for the lock network authorization to create a file for the terminal with the hardware ID "Id”.
  • the terminal requests the server for the lock network authorization to lock the network according to its own hardware ID and certificate information and requests to establish a connection. After the server for the lock network authorization verifies the identity of the terminal, the terminal establishes a connection of the terminal. And query the operator information corresponding to the hardware ID from the operator list, and then obtain important data such as the lock network of the prototype from the information.
  • the terminal requests important information such as lock network parameters from the server used for the lock network authorization.
  • Service The device obtains data such as a lock network according to the hardware ID, and then encrypts the data and the hardware ID according to the server root private key, and then sends the information to the terminal.
  • the terminal device verifies and saves the lock network information. When it is found that the lock network information has been saved during the next development, it is no longer necessary to request the server lock network for the lock network authorization.
  • Each operation uses the lock net list issued by the center to determine whether the SIM card inserted by the user is a legal card.
  • the server of the application scenario may be used to store the hardware ID of the data terminal, the certificate information, and the necessary carrier information, the communication public and private key, and the lock data parameter information expected by the operator.
  • the lock network data can be requested from the server through the Internet or other connection means.
  • the server can also modify the lock parameters or other important parameters of the specified prototype in some cases.
  • the lock network tool of this application scenario is not required, but the lock network tool can be used when writing data to the terminal to create a file.
  • the lock network tool interacts with the server and writes the hardware ID (uniquely identifies the serial number of the device) to The non-erasable partition of the terminal.
  • the terminal of this application scenario writes the hardware ID through the lock network tool during the production line production.
  • it can interact with the server and request the lock network parameters from the server. Once the lock network parameters are successful, there is no need to request them later. Similarly, the operator can delete the lock network parameters by instruction, and then request the lock network from the server again, that is, grant the function of relocking the network.
  • the server is not limited to the operation of a certain platform prototype, it can realize unified lock network of multiple platforms, no longer distinguish whether the prototype is Qualcomm platform, MediaTek (MTK) platform, Marvell platform, etc., as long as it meets the requirements.
  • Data transmission mode or interface can be unified management; it is not limited to a specific connection mode, and can be wireless communication mode or direct connection mode supported by any device, as long as it conforms to the specified data transmission mode or interface.
  • the terminal is remotely managed by the server for the lock network authorization, such as the lock network processing, and the terminal file is established by the prototype before the lock network processing, and the subsequent use is performed.
  • the file is locked and processed, and this is done on the terminal device.
  • the method of remote maintenance not only reduces the risk of using the wrong lock network tool on the production line, but also reduces the after-sales maintenance cost. For the action of relocking the net, it is not necessary to return to the factory for maintenance, which greatly reduces the after-sales maintenance cost.
  • the integrated modules described in the embodiments of the present invention may also be stored in a computer readable storage medium if they are implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions.
  • a computer device (which may be a personal computer, server, or network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
  • embodiments of the invention are not limited to any specific combination of hardware and software.
  • the embodiment of the present invention further provides a computer storage medium, wherein a computer program is stored, and the computer program is used to execute the data processing method of the embodiment of the present invention.
  • the network locking tool is not needed in the scenario of the lock network. Therefore, for a plurality of platforms, multiple chips, etc., a plurality of dedicated specific lock network tools are used to terminate the terminal.
  • the limitation of the lock network processing is achieved, thereby achieving the effect of not requiring maintenance of a dedicated dedicated lock network tool, and improving the convenience of management; and, through such remote management, even if the terminal processing has reached the user's hand, there is a problem. It also does not need to be returned to the factory for reprocessing. It can be remotely managed through the server, which reduces the cost of returning to the factory and improves the processing efficiency.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

La présente invention concerne un procédé de traitement de données, un serveur et un terminal, le procédé comprenant un procédé de traitement de données, et le procédé consistant : en l'acquisition par le serveur de premières informations pour identifier de manière unique l'identité du terminal; en la génération par le serveur de deuxièmes informations d'authentification de sécurité du terminal selon les premières informations; en la mémorisation local par le serveur des premières informations et des deuxièmes informations, et en l'envoi au terminal, par le serveur, d'une copie des deuxièmes informations obtenues sur la base des deuxièmes informations; en l'authentification de sécurité, par le serveur, par comparaisons des troisièmes informations et de la copie des deuxièmes informations toutes deux obtenues à partir du terminal avec les premières informations et les deuxièmes informations mémorisées localement, et lorsque l'authentification est réussie, en l'émission par le serveur d'une confirmation de permission et en l'envoi au terminal par le serveur des quatrièmes informations pour verrouiller le réseau.
PCT/CN2015/079971 2014-11-05 2015-05-27 Procédé de traitement de données, serveur et terminal WO2016070611A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410620996.6 2014-11-05
CN201410620996.6A CN104469736B (zh) 2014-11-05 2014-11-05 一种数据处理方法、服务器及终端

Publications (1)

Publication Number Publication Date
WO2016070611A1 true WO2016070611A1 (fr) 2016-05-12

Family

ID=52914951

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/079971 WO2016070611A1 (fr) 2014-11-05 2015-05-27 Procédé de traitement de données, serveur et terminal

Country Status (2)

Country Link
CN (1) CN104469736B (fr)
WO (1) WO2016070611A1 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104469736B (zh) * 2014-11-05 2018-01-19 中兴通讯股份有限公司 一种数据处理方法、服务器及终端
CN106815734B (zh) * 2015-11-27 2022-02-08 方正国际软件(北京)有限公司 一种信息传输方法及装置
CN108959906B (zh) * 2018-07-13 2020-08-21 Oppo广东移动通信有限公司 数据获取方法、移动终端、电子设备、产线标定系统、可读存储介质及计算机设备
CN110414248B (zh) * 2019-07-11 2021-03-12 珠海格力电器股份有限公司 一种调试微处理器的方法及微处理器
CN110505225B (zh) * 2019-08-21 2022-05-17 Oppo(重庆)智能科技有限公司 一种终端锁卡方法、装置及计算机可读存储介质
CN113938873B (zh) * 2020-07-14 2024-04-16 宇龙计算机通信科技(深圳)有限公司 网络锁卡方法、装置、存储介质及终端

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018125A (zh) * 2007-03-02 2007-08-15 中兴通讯股份有限公司 一种基于椭圆曲线公钥密码的无线终端安全锁网锁卡方法
CN101521886A (zh) * 2009-01-21 2009-09-02 北京握奇数据系统有限公司 一种对终端和电信智能卡进行认证的方法和设备
CN102113358A (zh) * 2008-12-31 2011-06-29 中兴通讯股份有限公司 实现终端设备锁网的方法、系统及终端设备
CN104469736A (zh) * 2014-11-05 2015-03-25 中兴通讯股份有限公司 一种数据处理方法、服务器及终端

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026834A (zh) * 2007-01-17 2007-08-29 中兴通讯股份有限公司 锁定方法和解锁方法
CN101141731B (zh) * 2007-08-08 2010-06-02 中兴通讯股份有限公司 一种实现终端锁网的方法及装置
CN101616401B (zh) * 2009-07-21 2011-12-07 中兴通讯股份有限公司 实现无线终端设备锁定用户号码的方法、解锁方法及装置
CN101742483B (zh) * 2009-12-16 2013-07-03 中兴通讯股份有限公司 一种终端解除锁网的方法及系统
CN102118737A (zh) * 2011-03-23 2011-07-06 中兴通讯股份有限公司 一种远程获取锁网信息的方法及终端

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018125A (zh) * 2007-03-02 2007-08-15 中兴通讯股份有限公司 一种基于椭圆曲线公钥密码的无线终端安全锁网锁卡方法
CN102113358A (zh) * 2008-12-31 2011-06-29 中兴通讯股份有限公司 实现终端设备锁网的方法、系统及终端设备
CN101521886A (zh) * 2009-01-21 2009-09-02 北京握奇数据系统有限公司 一种对终端和电信智能卡进行认证的方法和设备
CN104469736A (zh) * 2014-11-05 2015-03-25 中兴通讯股份有限公司 一种数据处理方法、服务器及终端

Also Published As

Publication number Publication date
CN104469736A (zh) 2015-03-25
CN104469736B (zh) 2018-01-19

Similar Documents

Publication Publication Date Title
EP3550783B1 (fr) Procédé et appareil de vérification de combustion de dispositif de l'internet des objets
WO2016070611A1 (fr) Procédé de traitement de données, serveur et terminal
CN110149328B (zh) 接口鉴权方法、装置、设备及计算机可读存储介质
CN102104869B (zh) 安全用户识别模块服务
US9306954B2 (en) Apparatus, systems and method for virtual desktop access and management
JP6337642B2 (ja) パーソナルデバイスからネットワークに安全にアクセスする方法、パーソナルデバイス、ネットワークサーバ、およびアクセスポイント
TW201741922A (zh) 一種基於生物特徵的安全認證方法及裝置
EP3099090B1 (fr) Procédé de verrouillage réseau ou de verrouillage de carte et dispositif pour terminal mobile, terminal, carte sim, support d'enregistrement
WO2019079928A1 (fr) Procédé de gestion de jeton d'accès, terminal et serveur
US20150296377A1 (en) Sharing security keys with headless devices
CN109756446B (zh) 一种车载设备的访问方法和系统
EP2924944B1 (fr) Authentification de réseau
CN109067881B (zh) 远程授权方法及其装置、设备和存储介质
KR20150124868A (ko) 개인정보 유출과 스미싱을 방지할 수 있는 사용자 이중 인증 방법
WO2016188335A1 (fr) Procédé, appareil, et système de contrôle d'accès pour des données utilisateur
US7693675B2 (en) Method for protection of sensor node's data, a systems for secure transportation of a sensor node and a sensor node that achieves these
JP2017152880A (ja) 認証システム、鍵処理連携方法、および、鍵処理連携プログラム
AU2017285865A1 (en) Mobile authentication method and system therefor
KR20240023589A (ko) 온라인 서비스 서버와 클라이언트 간의 상호 인증 방법 및 시스템
CN105357224A (zh) 一种智能家居网关注册、移除方法及系统
CN107818255B (zh) 一种基于指纹识别加密增强系统安全的方法
CN112514323A (zh) 用于处理数字密钥的电子设备及其操作方法
KR101879843B1 (ko) Ip 주소와 sms를 이용한 인증 방법 및 시스템
US9977907B2 (en) Encryption processing method and device for application, and terminal
KR101676846B1 (ko) 상호 검증 시스템 및 이의 실행 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15857831

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15857831

Country of ref document: EP

Kind code of ref document: A1