WO2020172887A1

WO2020172887A1 - Data processing method, apparatus, smart card, terminal device, and server

Info

Publication number: WO2020172887A1
Application number: PCT/CN2019/076583
Authority: WO
Inventors: 何永德; 谢翔; 傅志敬; 孙立林
Original assignee: 云图有限公司
Priority date: 2019-02-28
Filing date: 2019-02-28
Publication date: 2020-09-03

Abstract

Provided are a data processing method, apparatus, smart card, terminal device, and server. The method comprises: a server, on the basis of a private key it holds, and a terminal device, on the basis of a device private key it holds, and a smart card, on the basis of a private key it holds, collectively perform a multi-party security calculation to obtain an authentication key; on the basis of said authentication key, the server authenticates the terminal device; on the basis of the authentication key, the terminal device authenticates the server.

Description

Data processing method, device, smart card, terminal equipment and server

Technical field

The embodiments of this specification relate to the field of computer technology, and in particular to a data processing method, device, smart card, terminal device, and server.

Background technique

Currently, mobile communication systems have been widely used worldwide.

In related technologies, a mobile communication system may include a smart card, a network server, and terminal equipment. The smart card can be assigned a user identification code IMSI and a secret key ki when signing a contract (registration). The smart card can store the user identification code IMSI and the key ki. Through the signing process, the network server can obtain the user identification code IMSI and the key ki; can generate a random number RAND; can generate a response SRESa according to the key ki and the random number RAND; can identify the user identity The code IMSI is stored correspondingly to the random number RAND and the response SRESa respectively.

Please refer to Figure 1. The smart card may be installed in the terminal device. In this way, the terminal device can send a network access request to the network server. The network access request may carry the user identification code IMSI. The network server can receive the network access request; can read the pre-stored random number RAND according to the user identification code IMSI; and can send an authentication request to the terminal device. The random number RAND may be carried in the authentication request. The terminal device may receive the authentication request; may send the authentication request to the smart card. The smart card can receive the authentication request; can generate a response SRESb according to the random number RAND and the key ki; and can send the generated response SRESb to the terminal device. The terminal device may receive the response SRESb; may send the response SRESb to the network server. The network server can receive the response SRESb; can read the pre-stored response SRESa according to the user identification code IMSI; can compare the response SRESb with the response SRESa; if the two are the same, determine the authentication result of the terminal device If the two are not the same, it is determined that the authentication result of the terminal device is a failure.

In the above related technologies, the network side can authenticate the terminal device, but the terminal device cannot authenticate the network side. Since only one-way authentication can be performed in the above-mentioned related technologies, it is possible for mobile users to access illegal networks (for example, pseudo base stations) and thus to steal private information.

Summary of the invention

The purpose of the embodiments of this specification is to provide a data processing method, device, smart card, terminal equipment, and server to realize two-way authentication between the network side and the terminal equipment.

In order to achieve the foregoing objectives, the technical solutions provided by one or more embodiments in this specification are as follows.

According to a first aspect of one or more embodiments of this specification, a data processing method is provided, including: a terminal device sends a first device identifier to a server; the server receives the first device identifier; and according to the first device identifier Generate a device private key; generate an authentication key according to the device private key, the card private key of the smart card, and its own server private key; use the card public key of the smart card to perform the authentication on the device private key and the authentication key respectively Encryption to obtain the device private key ciphertext and the authentication key ciphertext; send the device private key ciphertext and the authentication key ciphertext to the terminal device; the terminal device receives and sends the device private key ciphertext to the smart card And the authentication key ciphertext; the smart card receives the device private key ciphertext and the authentication key ciphertext; uses the card private key to separately authenticate the device private key ciphertext and the authentication key The key ciphertext is decrypted to obtain the device private key and the authentication key; store the authentication key; send the device private key and the authentication key to the terminal device; the terminal device receives and stores the device The private key and the authentication key.

According to a second aspect of one or more embodiments of this specification, a data processing method is provided, which is applied to a terminal device, including: sending a device identification to a server; receiving a device private key ciphertext and an authentication key sent by the server Ciphertext; the device private key ciphertext is obtained by encrypting the device private key; the authentication key ciphertext is obtained by encrypting the authentication key; the device private key and the authentication The right keys are calculated based on the device identification; send the device private key ciphertext and the authentication key ciphertext to the smart card; receive the device private key and the authentication key sent by the smart card; store the The device private key and the authentication key.

According to a third aspect of one or more embodiments of this specification, there is provided a data processing device, which is applied to a terminal device, and includes: a first sending unit for sending a device identifier to a server; a first receiving unit for receiving The device private key ciphertext and the authentication key ciphertext sent by the server; the device private key ciphertext is obtained by encrypting the device private key; the authentication key ciphertext is obtained by encrypting the authentication key Obtained through encryption; the device private key and the authentication key are both calculated according to the device identification; the second sending unit is used to send the device private key ciphertext and the authentication to the smart card The key ciphertext; the second receiving unit is used to receive the device private key and the authentication key sent by the smart card; the storage unit is used to store the device private key and the authentication key.

According to a fourth aspect of one or more embodiments of this specification, there is provided a terminal device, including: a memory, configured to store computer instructions; and a processor, configured to execute the computer instructions to implement the method described in the second aspect Method steps.

According to the fifth aspect of one or more embodiments of this specification, there is provided a data processing method applied to a server, including: receiving a first device identifier sent by a terminal device; generating a device private key according to the first device identifier Generate an authentication key according to the device private key, the card private key of the smart card and its own server private key; use the card public key of the smart card to respectively encrypt the device private key and the authentication key to obtain the device Private key ciphertext and authentication key ciphertext; sending the device private key ciphertext and the authentication key ciphertext to the terminal device.

According to a sixth aspect of one or more embodiments of the present specification, there is provided a data processing apparatus, applied to a server, including: a receiving unit for receiving a first device identifier sent by a terminal device; a first generating unit for using For generating the device private key according to the first device identification; the second generating unit is used to generate the authentication key according to the device private key, the smart card's private key and its own server private key; the encryption unit is used to use The card public key of the smart card respectively encrypts the device private key and the authentication key to obtain the device private key ciphertext and the authentication key ciphertext; the sending unit is used to send the device private key to the terminal device Ciphertext and the ciphertext of the authentication key.

According to a seventh aspect of one or more embodiments of this specification, a server is provided, including: a memory, configured to store computer instructions; a processor, configured to execute the computer instructions to implement the method according to the fifth aspect step.

According to an eighth aspect of one or more embodiments of this specification, there is provided a data processing method applied to a smart card, including: receiving a device private key ciphertext and an authentication key ciphertext sent by a terminal device; the device The private key cipher text is obtained by encrypting the device private key; the authentication key cipher text is obtained by encrypting the authentication key; using its own card private key to separately encrypt the device private key cipher text Decrypt the ciphertext with the authentication key to obtain the device private key and the authentication key; store the authentication key; and send the device private key and the authentication key to a terminal device.

According to the ninth aspect of one or more embodiments of this specification, there is provided a data processing device applied to a smart card, including: a receiving unit for receiving a device private key ciphertext and an authentication key ciphertext sent by a terminal device The device private key ciphertext is obtained by encrypting the device private key; the authentication key ciphertext is obtained by encrypting the authentication key; the decryption unit is used to use its own card private The key respectively decrypts the device private key ciphertext and the authentication key ciphertext to obtain the device private key and the authentication key; the storage unit is used to store the authentication key; the sending unit is used to Send the device private key and the authentication key to the terminal device.

According to a tenth aspect of one or more embodiments of this specification, there is provided a smart card, including: a memory, configured to store computer instructions; a processor, configured to execute the computer instructions to implement the method according to the eighth aspect step.

According to the eleventh aspect of one or more embodiments of this specification, a data processing method is provided, which includes: a server based on a held server private key, a terminal device based on the held device private key, and a smart card based on the held card The private key performs multi-party security calculations together to obtain an authentication key; the server authenticates the terminal device based on the authentication key; the terminal device authenticates the server based on the authentication key .

According to a twelfth aspect of one or more embodiments of this specification, a data processing method is provided, including: a server based on a held server private key, and a terminal device based on the held device private key and the card private key of the smart card, Perform multi-party security calculations together to obtain an authentication key; the server authenticates the terminal device based on the authentication key; the terminal device authenticates the server based on the authentication key.

According to the thirteenth aspect of one or more embodiments of the present specification, there is provided a data processing method applied to a server, including: performing multi-party security calculations based on the server's private key to obtain an authentication key; and based on the authentication secret Key to authenticate the terminal device.

According to a fourteenth aspect of one or more embodiments of this specification, there is provided a data processing device applied to a server, including: a computing unit for performing multi-party secure calculations based on the server's private key to obtain an authentication key; The right unit is configured to authenticate the terminal device based on the authentication key.

According to a fifteenth aspect of one or more embodiments of the present specification, there is provided a server, including: a memory, configured to store computer instructions; and a processor, configured to execute the computer instructions to implement the method described in the thirteenth aspect Method steps.

According to the sixteenth aspect of one or more embodiments of this specification, a data processing method is provided, which is applied to a terminal device, including: performing multi-party secure calculation based on the device private key to obtain an authentication key; based on the authentication The key is used to authenticate the server.

According to a seventeenth aspect of one or more embodiments of this specification, there is provided a data processing device applied to a terminal device, including: a computing unit, configured to perform multi-party secure calculation based on the device private key to obtain an authentication key; The authentication unit is configured to authenticate the server based on the authentication key.

According to an eighteenth aspect of one or more embodiments of the present specification, there is provided a terminal device, including: a memory, configured to store computer instructions; and a processor, configured to execute the computer instructions to implement as described in the sixteenth aspect The method steps described.

It can be seen from the technical solutions provided in the above embodiments of this specification that, in the embodiments of this specification, through multi-party secure computing, both the terminal device and the server can obtain the authentication key. The server may authenticate the terminal device based on the authentication key. The terminal device may authenticate the server based on the authentication key. In this way, mutual authentication between the terminal device and the server can be realized.

Description of the drawings

In order to more clearly explain the technical solutions in the embodiments of this specification or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments described in this specification. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without creative labor.

Figure 1 is an authentication flow chart in related technologies;

2 is a schematic diagram of the functional structure of a mobile communication system according to an embodiment of the specification;

Figure 3 is a flowchart of a data processing method according to an embodiment of the specification;

4 is a flowchart of a data processing method according to an embodiment of the specification;

Fig. 5 is a flowchart of a data processing method according to an embodiment of the specification;

Fig. 6 is a flowchart of a data processing method according to an embodiment of the specification;

FIG. 7 is a flowchart of a data processing method according to an embodiment of this specification;

FIG. 8 is a flowchart of a data processing method according to an embodiment of the specification;

Fig. 9 is a flowchart of a data processing method according to an embodiment of the specification;

FIG. 10 is a flowchart of a data processing method according to an embodiment of this specification;

11 is a schematic diagram of the functional structure of a data processing device according to an embodiment of the specification;

FIG. 12 is a schematic diagram of the functional structure of a terminal device according to an embodiment of the specification;

13 is a schematic diagram of the functional structure of a data processing device according to an embodiment of the specification;

14 is a schematic diagram of the functional structure of a server according to an embodiment of the specification;

15 is a schematic diagram of the functional structure of a data processing device according to an embodiment of the specification;

16 is a schematic diagram of the functional structure of a smart card according to an embodiment of the specification;

FIG. 17 is a schematic diagram of the functional structure of a data processing device according to an embodiment of the specification;

FIG. 18 is a schematic diagram of the functional structure of a data processing device according to an embodiment of the specification.

detailed description

The technical solutions in the embodiments of this specification will be clearly and completely described below in conjunction with the drawings in the embodiments of this specification. Obviously, the described embodiments are only a part of the embodiments of this specification, not all of the embodiments. Based on the embodiments in this specification, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this specification.

In addition, in the above related technology, the key ki is only stored on the smart card. In this way, there is a risk of the smart card being copied and embezzled.

Please refer to Figure 2. The embodiment of this specification provides a mobile communication system. The mobile communication system may include a smart card, terminal equipment, network server and base station server. The smart card may be an integrated circuit card with data processing functions and storage functions, such as a SIM card (Subscriber Identity Module, user identification card), USIM card (Universal Subscriber Identity Module, global user identification card), and UIM card (User Identity Module). Module) and so on. The terminal device may be a device capable of providing users with voice and/or data connectivity, such as a mobile phone (also referred to as a "cellular phone"), a cordless phone, a handheld device, a vehicle-mounted device, a wearable device, and so on. The network server may be used to provide communication services, and may specifically include one or more functional units. For example, the network server may be a network and switching subsystem (Network Switching Subsystem, NSS) server, and may specifically include a mobile service switching center (Mobile Service Switching Center, MSC), a visitor location register (Visitor Location Register, VLR), One or more of a home location register (Home Location Register, HLR) and an authentication center (Authentication Center, AUC). The base station server may be used to provide data transmission service between the terminal device and the network server. For example, the base station server may be a base station system (Base Station System, BSS) server.

In some embodiments, the smart card may be installed on the terminal device. In this way, by running the smart card, the terminal device can perform wireless communication with the network server. Specifically, the terminal device may perform wireless communication with the network server through the transparent transmission of the base station server. The wireless communication can use any of a variety of communication standards, protocols and technologies, including but not limited to Global System for Mobile Communications (GSM), Wideband Code Division Multiple Access (W-CDMA), Code Division Multiple Access (CDMA) ), Time Division Multiple Access (TDMA) and so on.

In some embodiments, the smart card may be assigned a user identification code (International Mobile Subscriber Identity, IMSI) and a public-private key pair when signing a contract (registration). The user identification code can be used to distinguish mobile users. The public-private key pair of the smart card may include a card public key and a card private key. In this way, the smart card can store the user identification code, the card private key, and the card public key. For example, the card private key may be expressed as sk1, and the card public key may be expressed as pk1.

Through the contract, the network server can obtain the user identification code, the card private key, and the card public key; and can generate a public-private key pair of the terminal device and its own public-private key pair. The public-private key pair of the terminal device may include a device public key and a device private key. The public-private key pair of the server may include a server public key and a server private key. In this way, the network server can associate the user identification code with the card public key, the card private key, the device public key, the device private key, the server public key, and the server private key. Perform corresponding storage. For example, the server private key may be expressed as sk2, the server public key may be expressed as pk2, the device private key may be expressed as sk3, and the device public key may be expressed as pk3.

The network server may generate a random number as an authentication random number (RAND); may store the user identification code and the authentication random number correspondingly; and may generate authentication response data according to the authentication random number ( SRES); the user identification code and the authentication response data can be stored correspondingly. For example, the network server may use the A3 algorithm (an encryption algorithm) to generate the authentication response data according to the card private key and the authentication random number.

Please refer to Figure 3. This specification provides an embodiment of the data processing method. This embodiment can be applied to a smart card activation scenario, and can include the following steps.

Step S11: The terminal device sends the first device identifier to the server.

Step S12: The server receives the first device identification; and generates a device private key according to the first device identification.

In some embodiments, the first device identifier may be used to identify the terminal device, for example, may be the serial number (International Mobile Equipment Identity, IMEI) of the terminal device. The server may be used to provide communication services, for example, may be the previous web server.

In some embodiments, a smart card may be installed in the terminal device. In this way, the terminal device can send a network access request to the server. The user identification code may be carried in the network access request. In an example scenario, the terminal device may send a network access request to the server after being turned on.

As mentioned above, through the signing process, the server can correspondingly store the user identification code and the authentication random number. In this way, the server can receive the network access request; can read the pre-stored authentication random number according to the user identification code; and can send the authentication random number to the terminal device. The terminal device can receive the authentication random number; can send the authentication random number to the smart card. The smart card can receive the authentication random number; can generate authentication response data according to the authentication random number; and can send the authentication response data to a terminal device. For example, the smart card may use the A3 algorithm to generate the authentication response data according to its own card private key and the authentication random number. The terminal device may receive the authentication response data; may send the authentication response data and the first device identifier to the server.

As mentioned above, through the signing process, the server can correspondingly store the user identification code and the authentication response data. In this way, the server can receive the authentication response data and the first device identification; can read the pre-stored authentication response data according to the user identity identification; can combine the received authentication response data with the read authentication response The data is compared; if they are the same, the device private key can be generated according to the first device identifier; if they are not the same, the network access request can be ignored. Specifically, the server may generate the public-private key pair of the terminal device according to the first device identifier. The public-private key pair of the terminal device may include a device private key and a device public key. For example, the device private key generated by the server may be expressed as sk3', and the device public key generated by the server may be expressed as pk3'.

In some embodiments, the server can detect whether the user identification code meets a preset condition. The preset condition may include: the user identification code is not bound to a device identification; the user identification code is bound to a second device identification, and the second device identification is different from the first device identification. If the preset condition is met, the server may generate a device private key according to the first device identification. If the preset conditions are not met, the server considers that the smart card is already in the activated state; the steps related to the activation scenario can be ended.

Further, when it is detected that the user identification code is not bound to the device identification, the server considers the smart card to be used for the first time; the user identification code and the first device identification may also be bound. In this way, the binding of the smart card and the terminal device can be realized, and the smart card can be prevented from being stolen and used on other terminal devices. When it is detected that the user identification code is bound to the second device identification, the server considers that the smart card has replaced the terminal device; it can also cancel the binding relationship between the user identification code and the second device identification ; The user identification code and the first device identification can be bound. In this way, terminal equipment can be replaced.

Furthermore, if the preset conditions are met, the server may also send an identification key acquisition request to the terminal device. The terminal device can receive the identity recognition key acquisition request; can send the identity recognition key to the server. The identification key may be, for example, a PIN (Personal Identification Number) code. Of course, the identity recognition key may also be a password that can be input by the user, such as a login password. The server may receive the identification key; may verify the identification key; if the verification is passed, the user identification code and the first device identification may be bound, or may be cancelled The binding relationship between the user identification code and the second device identification, and the user identification code and the first device identification are bound.

Further, as mentioned above, through the signing process, the server can store the user identification code corresponding to the device public key and the device private key respectively. For example, the stored device private key can be expressed as sk3, and the stored device public key can be expressed as pk3. In this way, if the preset conditions are met, the server can also use the device public key generated in step S12 to update the pre-stored device public key; and can use the device private key generated in step S12 to update the pre-stored device private key. Continuing the previous example, the device private key generated in step S12 can be expressed as sk3', and the device public key generated in step S12 can be expressed as pk3'. Then, the server can use the device private key sk3' to update the device private key sk3, and can use the device public key pk3' to update the device public key pk3.

Step S13: The server generates an authentication key according to the device private key, the card private key of the smart card, and its own server private key.

In some embodiments, as described above, through the signing process, the server can store the user identification code corresponding to the card private key and the server private key respectively. In this way, the server can read the pre-stored card private key and server private key according to the user identification code; it can generate an authentication key according to the generated device private key, the read card private key, and the read server private key. key. Specifically, the server may generate a specific private key according to the device private key, the card private key, and the server private key; and may generate the specific public key as the authentication key according to the specific private key. For example, the read card private key can be represented as sk1, the read server private key can be represented as sk2, and the generated device private key can be represented as sk3'. Then, the server can calculate the function sk=f(sk1, sk2, sk3'), where sk represents a specific private key. The server may calculate the specific public key pk as the authentication key according to the specific private key sk.

Step S14: The server encrypts the device private key and the authentication key to obtain the device private key ciphertext and the authentication key ciphertext.

In some embodiments, as mentioned above, the server can store the user identification code and the card public key correspondingly through the signing process. In this way, the server can read the pre-stored card public key according to the user identity; the read card public key can be used to respectively encrypt the device private key and the authentication key to obtain the device private key Cipher text and authentication key cipher text.

Step S15: The server sends the device private key ciphertext and the authentication key ciphertext to the terminal device.

Step S16: The terminal device receives and sends the device private key ciphertext and the authentication key ciphertext to the smart card.

Step S17: The smart card receives the device private key ciphertext and the authentication key ciphertext; decrypts the device private key ciphertext and the authentication key ciphertext to obtain the device private key and the authentication key key.

In some embodiments, as mentioned above, the smart card can obtain the card private key through the signing process. In this way, the smart card can receive the device private key ciphertext and the authentication key ciphertext; the card private key can be used to decrypt the device private key ciphertext and the authentication key ciphertext respectively , Get the device private key and authentication key.

Step S18: The smart card stores the authentication key, and sends the device private key and the authentication key to the terminal device.

Step S19: The terminal device receives and stores the device private key and the authentication key.

For example, the terminal device may store the device private key and the authentication key in a Trusted Execution Environment (TEE). This can increase the security of the device private key and the authentication key, and reduce the risk of the device private key and the authentication key being leaked.

In the data processing method of this embodiment, the terminal device can obtain the device private key and the authentication key, the smart card can obtain the card private key and the authentication key, and the server can obtain the server private key and the authentication key, which is the subsequent authentication process. to offer comfort. Compared with only storing the key on the smart card, this embodiment can store the device private key, the card private key, and the server private key on three different media respectively, thereby reducing the risk of the smart card being copied and misused.

Please refer to Figure 4. This specification provides another embodiment of the data processing method. This embodiment takes the terminal device in the embodiment described in FIG. 3 as the main body, and may include the following steps.

Step S21: Send the device identification to the server.

Step S22: Receive the device private key ciphertext and the authentication key ciphertext sent by the server.

The device private key ciphertext is obtained by encrypting the device private key. The authentication key ciphertext is obtained by encrypting the authentication key. Both the device private key and the authentication key are calculated according to the device identifier;

Step S23: Send the device private key ciphertext and the authentication key ciphertext to the smart card.

Step S24: Receive the device private key and authentication key sent by the smart card.

Step S25: Store the device private key and the authentication key.

Please refer to Figure 5. This specification provides another embodiment of the data processing method. This embodiment takes the server in the embodiment described in FIG. 3 as the main body, and may include the following steps.

Step S31: Receive the first device identifier sent by the terminal device.

Step S32: Generate a device private key according to the first device identification.

Step S33: Generate an authentication key according to the device private key, the card private key of the smart card, and the server private key of itself.

Step S34: Use the card public key of the smart card to respectively encrypt the device private key and the authentication key to obtain the device private key ciphertext and the authentication key ciphertext.

Step S35: Send the device private key ciphertext and the authentication key ciphertext to the terminal device.

Please refer to Figure 6. This specification provides another embodiment of the data processing method. This embodiment takes the smart card in the embodiment described in FIG. 3 as the main body, and may include the following steps.

Step S41: Receive the device private key ciphertext and the authentication key ciphertext sent by the terminal device.

The device private key ciphertext is obtained by encrypting the device private key. The authentication key ciphertext is obtained by encrypting the authentication key.

Step S42: Use its own card private key to decrypt the device private key cipher text and the authentication key cipher text respectively to obtain the device private key and the authentication key.

Step S43: Store the authentication key.

Step S44: Send the device private key and the authentication key to the terminal device.

Refer to Figure 7. This specification provides another embodiment of the data processing method. This embodiment can be applied to an authentication scenario and can include the following steps.

Step S51: Based on the server private key held by the server, the terminal device based on the held device private key, and the smart card based on the held card private key, perform multi-party security calculations to obtain an authentication key.

In some embodiments, Secure Muti-Party Computation (MPC) is an algorithm to protect data privacy. Multiple participants can use secure multi-party computing technology to perform collaborative calculations and obtain calculation results without leaking their own data. For example, using secure multi-party computing technology, the participants P ₁ ,..., P _n can cooperate to calculate the function y=f(x ₁ ,..., x _n ). Among them, n≥2; x ₁ ,...,x _n are the data of the participants P ₁ ,...,P _n respectively; y is the calculation result. The participants P ₁ ,..., P _n can all obtain the calculation result y.

As mentioned above, through the signing process and the activation process, the server can obtain the server private key, the terminal device can obtain the device private key, and the smart card can obtain the card private key. In this way, the server may use the server private key as an input parameter, the terminal device may use the device private key as an input parameter, and the smart card may use the card private key as an input parameter to jointly perform multi-party security calculations. The server, the terminal device and the smart card can all obtain the calculation result. The calculation result may specifically include a signature key.

In some embodiments, the server may be used to provide communication services, for example, may be the previous web server. A smart card may be installed in the terminal device. The terminal device may send a service processing request to the server. The service processing request may be, for example, a voice call request or a data connection request. The server may receive the service processing request; may send an authentication request to the terminal device. The terminal device can receive the authentication request; can send the authentication request to the smart card. In this way, the server may use the server private key as an input parameter, the terminal device may use the device private key as an input parameter, and the smart card may use the card private key as an input parameter to jointly perform multi-party security calculations. In an example scenario, after receiving the service processing request, the server may calculate the time interval between the current time and the time when the last authentication passed; under the condition that the time interval reaches a preset time interval, An authentication request can be sent to the terminal device.

Step S52: The server authenticates the terminal device based on the authentication key.

In some embodiments, as mentioned above, the server may obtain the authentication key in advance through the activation process. In this way, the server can compare the calculated authentication key with the preset authentication key; if they are the same, it can determine that the authentication result of the terminal device is successful, so as to allow the terminal device to access; if If they are not the same, it can be determined that the authentication result of the terminal device is a failure, so as to deny the access of the terminal device.

Step S53: The terminal device authenticates the server based on the authentication key.

In some embodiments, as mentioned above, the terminal device can obtain the authentication key in advance through the activation process. In this way, the terminal can compare the calculated authentication key with the preset authentication key; if they are the same, the server is considered to be a legitimate server, and the communication network corresponding to the server is secure. The authentication result of the server is successful; if they are not the same, the server is considered to be an illegal server, and the communication network corresponding to the server is insecure, and the authentication result of the server can be determined to be a failure.

In some embodiments, the smart card may authenticate the terminal device based on the authentication key. Specifically, as mentioned above, the smart card can obtain the authentication key in advance through the activation process. In this way, the smart card can compare the calculated authentication key with the preset authentication key; if they are the same, determine that the authentication result of the terminal device is successful; if not, determine the authentication of the terminal device The result is failure.

In the data processing method of this embodiment, through multi-party secure calculation, both the terminal device and the server can obtain the authentication key. The server may authenticate the terminal device based on the authentication key. The terminal device may authenticate the server based on the authentication key. In this way, mutual authentication between the terminal device and the server can be realized.

Refer to Figure 8. This specification provides another embodiment of the data processing method. This embodiment can be applied to an authentication scenario and can include the following steps.

Step S61: Based on the server private key held by the server, and the terminal device based on the held device private key and the card private key of the smart card, jointly perform multi-party security calculations to obtain an authentication key.

In some embodiments, the server may be used to provide communication services, for example, may be the previous web server. A smart card may be installed in the terminal device. The terminal device may send a service processing request to the server. The service processing request may be, for example, a voice call request or a data connection request. The server may receive the service processing request; may send an authentication request to the terminal device. The terminal device may receive the authentication request.

As mentioned above, through the signing process and the activation process, the server can obtain the server private key, the terminal device can obtain the device private key, and the smart card can obtain the card private key. In view of the weak computing capability of the smart card, in order to improve the efficiency of multi-party secure computing, the terminal device may send a key acquisition request to the smart card. The smart card can receive the key acquisition request; can send the card private key to the terminal device. The terminal device can receive the card private key. The terminal device may use the device private key and the card private key as input parameters, and the server may use the server private key as input parameters to jointly perform multi-party security calculations. Both the server and the terminal device can obtain the calculation result. The calculation result may specifically include a signature key.

Step S62: The server authenticates the terminal device based on the authentication key.

Step S63: The terminal device authenticates the server based on the authentication key.

In the data processing method of this embodiment, through multi-party secure calculation, the terminal device and the server can obtain the authentication key respectively. The server may authenticate the terminal device based on the authentication key. The terminal device can authenticate the server based on the authentication key. In this way, mutual authentication between the terminal device and the server can be realized. In addition, in view of the weak computing power of the smart card, in order to improve the efficiency of multi-party secure computing, the terminal device can obtain the card private key of the smart card, so that the terminal device and the server participate in the multi-party secure computing, avoiding the smart card from directly participating in the multi-party secure computing.

Refer to Figure 9. This specification provides another embodiment of the data processing method. This embodiment can be applied to authentication scenarios. This embodiment takes the server as the execution subject, and may include the following steps.

Step S71: Perform multi-party security calculation based on the server private key to obtain an authentication key.

In some embodiments, the input parameters of the multi-party secure calculation include the server private key of the server, the device private key of the terminal device, and the card private key of the smart card.

The multi-party secure calculation may be jointly executed by the server, terminal device and smart card. Specifically, as described above, through the signing process and the activation process, the server can obtain the server private key, the terminal device can obtain the device private key, and the smart card can obtain the card private key. In this way, the server may use the server private key as an input parameter, the terminal device may use the device private key as an input parameter, and the smart card may use the card private key as an input parameter to jointly perform multi-party security calculations. The server, the terminal device and the smart card can all obtain the calculation result. The calculation result may specifically include a signature key.

Or, in view of the weak computing power of the smart card, in order to improve the efficiency of multi-party secure computing, the multi-party secure computing may be performed jointly by the server and the terminal device. Specifically, the terminal device may send a key acquisition request to the smart card. The smart card can receive the key acquisition request; can send the card private key to the terminal device. The terminal device can receive the card private key. The terminal device may use the device private key and the card private key as input parameters, and the server may use the server private key as input parameters to jointly perform multi-party security calculations. Both the server and the terminal device can obtain the calculation result. The calculation result may specifically include a signature key.

Step S72: Perform authentication on the terminal device based on the authentication key.

Refer to Figure 10. This specification provides another embodiment of the data processing method. This embodiment can be applied to authentication scenarios. This embodiment takes the terminal device as the execution subject, and may include the following steps.

Step S81: Perform multi-party security calculation based on the device private key to obtain an authentication key.

The input parameters of the multi-party secure calculation include the server private key of the server, the device private key of the terminal device, and the card private key of the smart card.

Step S82: Authenticate the server based on the authentication key.

Refer to Figure 11. The embodiment of this specification provides a data processing device applied to terminal equipment, including:

The first sending unit 91 is configured to send a device identifier to the server;

The first receiving unit 92 is configured to receive the device private key ciphertext and the authentication key ciphertext sent by the server; the device private key ciphertext is obtained by encrypting the device private key; the authentication key The ciphertext is obtained by encrypting the authentication key; the device private key and the authentication key are both calculated according to the device identification;

The second sending unit 93 is configured to send the device private key ciphertext and the authentication key ciphertext to the smart card;

The second receiving unit 94 is configured to receive the device private key and authentication key sent by the smart card;

The storage unit 95 is used to store the device private key and the authentication key.

Refer to Figure 12. The embodiment of this specification provides a terminal device. The terminal device may include a memory and a processor.

The memory can be implemented in any suitable way. For example, the memory may be a read-only memory, a mechanical hard disk, a solid state hard disk, or a U disk. The memory can be used to store computer instructions.

The processor can be implemented in any suitable way. For example, the processor may take the form of a microprocessor or a processor and a computer-readable medium, logic gates, switches, application specific integrated circuits ( Application Specific Integrated Circuit (ASIC), programmable logic controller and embedded microcontroller form, etc. The processor may execute the computer instructions to implement the following steps: send the device identification to the server; receive the device private key ciphertext and the authentication key ciphertext sent by the server; the device private key ciphertext is obtained by The authentication key is obtained by encrypting the key; the authentication key ciphertext is obtained by encrypting the authentication key; the device private key and the authentication key are both calculated based on the device identification; The smart card sends the device private key ciphertext and the authentication key ciphertext; receives the device private key and the authentication key sent by the smart card; and stores the device private key and the authentication key.

Refer to Figure 13. The embodiment of this specification provides a data processing device applied to a server, including:

The receiving unit 101 is configured to receive a first device identifier sent by a terminal device;

The first generating unit 102 is configured to generate a device private key according to the first device identification;

The second generating unit 103 is configured to generate an authentication key according to the device private key, the card private key of the smart card, and its own server private key;

The encryption unit 104 is configured to use the card public key of the smart card to respectively encrypt the device private key and the authentication key to obtain the device private key ciphertext and the authentication key ciphertext;

The sending unit 105 is configured to send the device private key ciphertext and the authentication key ciphertext to the terminal device.

Refer to Figure 14. The embodiment of this specification provides a server. The server may include a memory and a processor.

The processor can be implemented in any suitable way. For example, the processor may take the form of a microprocessor or a processor and a computer-readable medium, logic gates, switches, application specific integrated circuits ( Application Specific Integrated Circuit (ASIC), programmable logic controller and embedded microcontroller form, etc. The processor may execute the computer instructions to implement the following steps: receiving a first device identification sent by a terminal device; generating a device private key according to the first device identification; according to the device private key, the card private key of the smart card, and The server private key generates the authentication key; the card public key of the smart card is used to encrypt the device private key and the authentication key respectively to obtain the device private key ciphertext and the authentication key ciphertext; to the terminal The device sends the device private key ciphertext and the authentication key ciphertext.

Refer to Figure 15. The embodiment of this specification provides a data processing device applied to a smart card, including:

The receiving unit 111 is configured to receive the device private key ciphertext and the authentication key ciphertext sent by the terminal device; the device private key ciphertext is obtained by encrypting the device private key; the authentication key ciphertext The text is obtained by encrypting the authentication key;

The decryption unit 112 is configured to use its card private key to decrypt the device private key ciphertext and the authentication key ciphertext respectively to obtain the device private key and the authentication key;

The storage unit 113 is configured to store the authentication key;

The sending unit 114 is configured to send the device private key and the authentication key to the terminal device.

Refer to Figure 16. The embodiment of this specification provides a smart card. The smart card may include a memory and a processor.

The processor can be implemented in any suitable way. For example, the processor may take the form of a microprocessor or a processor and a computer-readable medium, logic gates, switches, application specific integrated circuits ( Application Specific Integrated Circuit (ASIC), programmable logic controller and embedded microcontroller form, etc. The processor may execute the computer instructions to implement the following steps: receive the device private key ciphertext and the authentication key ciphertext sent by the terminal device; the device private key ciphertext is obtained by encrypting the device private key The authentication key ciphertext is obtained by encrypting the authentication key; using its own card private key to decrypt the device private key ciphertext and the authentication key ciphertext respectively to obtain the device Private key and authentication key; store the authentication key; send the device private key and the authentication key to a terminal device.

Refer to Figure 17. The embodiment of this specification provides a data processing device applied to a server, including:

The calculation unit 121 is configured to perform multi-party security calculations based on the server private key to obtain an authentication key;

The authentication unit 122 is configured to authenticate the terminal device based on the authentication key.

The processor can be implemented in any suitable way. For example, the processor may take the form of a microprocessor or a processor and a computer-readable medium, logic gates, switches, application specific integrated circuits that store computer-readable program codes (such as software or firmware) executable by the (micro)processor ( Application Specific Integrated Circuit (ASIC), programmable logic controller and embedded microcontroller form, etc. The processor may execute the computer instructions to implement the following steps: perform multi-party secure calculation based on the server private key to obtain an authentication key; and based on the authentication key, authenticate the terminal device.

Refer to Figure 18. The embodiment of this specification provides a data processing device applied to terminal equipment, including:

The calculation unit 131 is configured to perform multi-party security calculations based on the device private key to obtain an authentication key;

The authentication unit 132 is configured to authenticate the server based on the authentication key.

The processor can be implemented in any suitable way. For example, the processor may take the form of a microprocessor or a processor and a computer-readable medium, logic gates, switches, application specific integrated circuits ( Application Specific Integrated Circuit (ASIC), programmable logic controller and embedded microcontroller form, etc. The processor may execute the computer instructions to implement the following steps: perform multi-party secure calculation based on the private key of the device to obtain an authentication key; and authenticate the server based on the authentication key.

It should be noted that the various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. Place. In particular, for the device embodiment, terminal device embodiment, server embodiment, and smart card embodiment, since they are basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment.

After reading the documents of this specification, those skilled in the art can think of any combination of some or all of the embodiments listed in this specification without creative work, and these combinations are also within the scope of disclosure and protection of this specification.

In the 1990s, the improvement of a technology can be clearly distinguished between hardware improvements (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or software improvements (improvements in method flow). However, with the development of technology, the improvement of many methods and processes of today can be regarded as a direct improvement of the hardware circuit structure. Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by hardware entity modules. For example, a programmable logic device (Programmable Logic Device, PLD) (for example, a Field Programmable Gate Array (FPGA)) is such an integrated circuit whose logic function is determined by the user's programming of the device. It is programmed by the designer to "integrate" a digital system on a piece of PLD without requiring the chip manufacturer to design and manufacture a dedicated integrated circuit chip 2. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly realized by using "logic compiler" software, which is similar to the software compiler used in program development and writing, but before compilation The original code must also be written in a specific programming language, which is called Hardware Description Language (HDL), and there is not only one type of HDL, but many types, such as ABEL (Advanced Boolean Expression Language) , AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description), etc., currently most commonly used The ones are VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog2. It should also be clear to those skilled in the art that just a little bit of logic programming of the method flow in the above-mentioned hardware description languages and programming into an integrated circuit can easily obtain the hardware circuit that implements the logic method flow.

The systems, devices, modules, or units illustrated in the above embodiments may be specifically implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a cell phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or Any combination of these devices.

From the description of the foregoing implementation manners, it can be known that those skilled in the art can clearly understand that this specification can be implemented by means of software plus a necessary general hardware platform. Based on this understanding, the technical solution of this specification can be embodied in the form of a software product, which can be stored in a storage medium, such as ROM/RAM, magnetic disk. , CD-ROM, etc., including a number of instructions to make a computer device (which may be a personal computer, server, or network device, etc.) execute the methods described in each embodiment of this specification or some parts of the embodiment.

This manual can be used in many general or special computer system environments or configurations. For example: personal computers, server computers, handheld or portable devices, tablet devices, multi-processor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics devices, network PCs, small computers, large computers, including Distributed computing environment for any of the above systems or equipment, etc.

This specification may be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. This specification can also be practiced in distributed computing environments, in which tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.

Although the description has been described through the embodiments, those of ordinary skill in the art know that there are many variations and changes in the specification without departing from the spirit of the specification, and it is hoped that the appended claims include these variations and changes without departing from the spirit of the specification.

Claims

A data processing method, including:

The terminal device sends the first device identifier to the server;

The server receives the first device identification; generates a device private key according to the first device identification; generates an authentication key according to the device private key, the card private key of the smart card, and its own server private key; uses the smart card public key The key respectively encrypts the device private key and the authentication key to obtain the device private key ciphertext and the authentication key ciphertext; sending the device private key ciphertext and the authentication key to the terminal device Ciphertext

The terminal device receives and sends the device private key ciphertext and the authentication key ciphertext to the smart card;

The smart card receives the device private key ciphertext and the authentication key ciphertext; uses the card private key to decrypt the device private key ciphertext and the authentication key ciphertext respectively to obtain the device private key And an authentication key; storing the authentication key; sending the device private key and the authentication key to a terminal device;

The terminal device receives and stores the device private key and the authentication key.
The method according to claim 1, wherein the step of generating an authentication key comprises:

The server generates a specific private key according to the device private key, the card private key of the smart card, and its own server private key; and generates the specific public key as an authentication key according to the specific private key.
The method of claim 1, further comprising:

The terminal device sends the user identification code to the server;

The server receives the user identification code; detects whether the user identification code meets a preset condition;

The steps of generating the device private key include:

If it is satisfied, the server generates a device private key according to the first device identification.
The method according to claim 3, wherein the preset conditions include:

The user identification code is not bound to the device identification;

If it is satisfied, the method further includes:

The server binds the user identification code and the first device identifier.
The method of claim 4, further comprising:

The server sends an identification key acquisition request to the terminal device;

The terminal device receives the identity recognition key acquisition request; sends the identity recognition key to the server;

The server receives the identity recognition key; verifies the identity recognition key;

The step of binding the user identification code and the first device identifier includes:

If the verification is passed, the server binds the user identification code and the first device identifier.
The method according to claim 3, wherein the preset conditions include:

The user identification code is bound with a second device identifier;

If it is satisfied, the method further includes:

The server cancels the binding relationship between the user identification code and the second device identification; binds the user identification code and the first device identification.
The method of claim 6, further comprising:

The server sends an identification key acquisition request to the terminal device;

The terminal device receives the identity recognition key acquisition request; sends the identity recognition key to the server;

The server receives the identity recognition key; verifies the identity recognition key;

The server cancels the binding relationship between the user identification code and the second device identification; binding the user identification code and the first device identification includes:

If the verification is passed, the server cancels the binding relationship between the user identification code and the second device identification; binds the user identification code and the first device identification.
The method of claim 1, further comprising:

The server sends the authentication random number to the terminal device;

The terminal device receives and sends the authentication random number to the smart card;

The smart card receives the authentication random number; calculates authentication response data according to the authentication random number; sends the authentication response data to the terminal device;

The terminal device receives and sends the authentication response data to the server;

The server receives the authentication response data; compares the received authentication response data with preset authentication response data;

The steps of generating the device private key include:

If they are the same, the server generates a device private key according to the first device identification.
A data processing method applied to terminal equipment, including:

Send the device ID to the server;

Receive the device private key ciphertext and authentication key ciphertext sent by the server; the device private key ciphertext is obtained by encrypting the device private key; the authentication key ciphertext is obtained by encrypting the authentication key Key is obtained through encryption; the device private key and the authentication key are both calculated according to the device identifier;

Sending the device private key ciphertext and the authentication key ciphertext to the smart card;

Receive the device private key and authentication key sent by the smart card;

Store the device private key and the authentication key.
The method according to claim 9, further comprising:

Receive the authentication random number sent by the server;

Sending the authentication random number to the smart card;

Receiving authentication response data sent by the smart card; the authentication response data is calculated according to the authentication random number;

Send the authentication response data to the server.
A data processing device applied to terminal equipment, including:

The first sending unit is used to send the device identification to the server;

The first receiving unit is configured to receive the device private key ciphertext and the authentication key ciphertext sent by the server; the device private key ciphertext is obtained by encrypting the device private key; the authentication key ciphertext The text is obtained by encrypting the authentication key; the device private key and the authentication key are both calculated according to the device identification;

The second sending unit is configured to send the device private key ciphertext and the authentication key ciphertext to the smart card;

The second receiving unit is used to receive the device private key and the authentication key sent by the smart card;

The storage unit is used to store the device private key and the authentication key.
A terminal device, including:

Memory, used to store computer instructions;

The processor is configured to execute the computer instructions to implement the method steps according to claim 9 or 10.
A data processing method applied to a server, including:

Receiving the first device identifier sent by the terminal device;

Generating a device private key according to the first device identification;

Generate an authentication key according to the device private key, the card private key of the smart card, and its own server private key;

Use the card public key of the smart card to respectively encrypt the device private key and the authentication key to obtain the device private key ciphertext and the authentication key ciphertext;

Send the device private key ciphertext and the authentication key ciphertext to the terminal device.
The method according to claim 13, wherein the step of generating an authentication key comprises:

Generate a specific private key according to the device private key, the card private key of the smart card, and its own server private key;

Generate a specific public key as an authentication key according to the specific private key.
The method of claim 13, further comprising:

Receive user identification code;

Detecting whether the user identification code meets a preset condition;

The steps of generating the device private key include:

If it is satisfied, the device private key is generated according to the first device identification.
The method according to claim 15, wherein the preset conditions include:

The user identification code is not bound to the device identification;

If it is satisfied, the method further includes:

Bind the user identification code and the first device identifier.
The method of claim 16, further comprising:

Send an identification key acquisition request to the terminal device;

Receive the identification key sent by the terminal device;

Verify the identity key;

The step of binding the user identification code and the first device identifier includes:

If the verification is passed, the user identification code and the first device identification are bound.
The method according to claim 15, wherein the preset conditions include:

The user identification code is bound with a second device identifier;

If it is satisfied, the method further includes:

Cancel the binding relationship between the user identification code and the second device identification; bind the user identification code and the first device identification.
The method of claim 18, further comprising:

Send an identification key acquisition request to the terminal device;

Receive the identification key sent by the terminal device;

Verify the identity key;

The canceling the binding relationship between the user identification code and the second device identification; binding the user identification code and the first device identification includes:

If the verification is passed, cancel the binding relationship between the user identification code and the second device identification; bind the user identification code and the first device identification.
The method of claim 13, further comprising:

Send an authentication random number to the terminal device;

Receiving the authentication response data calculated according to the authentication random number sent by the terminal device;

Compare the received authentication response data with the preset authentication response data;

The steps of generating the device private key include:

If they are the same, generate a device private key according to the first device identification.
A data processing device applied to a server, including:

The receiving unit is configured to receive the first device identifier sent by the terminal device;

A first generating unit, configured to generate a device private key according to the first device identifier;

The second generating unit is configured to generate an authentication key according to the device private key, the card private key of the smart card, and its own server private key;

An encryption unit, configured to use the card public key of the smart card to respectively encrypt the device private key and the authentication key to obtain the device private key ciphertext and the authentication key ciphertext;

The sending unit is configured to send the device private key ciphertext and the authentication key ciphertext to the terminal device.
A server that includes:

Memory, used to store computer instructions;

The processor is configured to execute the computer instructions to implement the method steps according to any one of claims 13 to 20.
A data processing method applied to a smart card, including:

Receive the device private key ciphertext and authentication key ciphertext sent by the terminal device; the device private key ciphertext is obtained by encrypting the device private key; the authentication key ciphertext is obtained by authenticating The key is encrypted;

Use its own card private key to decrypt the device private key ciphertext and the authentication key ciphertext respectively to obtain the device private key and the authentication key;

Store the authentication key;

Send the device private key and the authentication key to the terminal device.
The method of claim 23, further comprising:

Receive the authentication random number sent by the terminal device;

Calculating authentication response data according to the authentication random number;

Send the authentication response data to the terminal device.
A data processing device applied to a smart card, including:

The receiving unit is configured to receive the device private key ciphertext and the authentication key ciphertext sent by the terminal device; the device private key ciphertext is obtained by encrypting the device private key; the authentication key ciphertext It is obtained by encrypting the authentication key;

The decryption unit is configured to use its own card private key to decrypt the device private key cipher text and the authentication key cipher text respectively to obtain the device private key and the authentication key;

A storage unit for storing the authentication key;

The sending unit is configured to send the device private key and the authentication key to the terminal device.
A smart card including:

Memory, used to store computer instructions;

The processor is configured to execute the computer instructions to implement the method steps according to claim 23 or 24.
A data processing method, including:

The server is based on the server private key it holds, the terminal device is based on the device private key it holds, and the smart card is based on the card private key it holds to jointly perform multi-party security calculations to obtain the authentication key;

The server authenticates the terminal device based on the authentication key;

The terminal device authenticates the server based on the authentication key.
The method according to claim 27, wherein the step of authenticating the terminal device comprises:

The server compares the calculated authentication key with the preset authentication key; if they are the same, it determines that the authentication result of the terminal device is a success; if they are not the same, it determines that the authentication result of the terminal device is a failure .
The method according to claim 27, wherein the step of authenticating the server comprises:

The terminal device compares the calculated authentication key with the preset authentication key; if they are the same, it is determined that the authentication result of the server is successful; if they are not the same, it is determined that the authentication result of the server is a failure.
A data processing method, including:

Based on the server private key held by the server, and the terminal device based on the held device private key and the card private key of the smart card, perform multi-party security calculations together to obtain the authentication key;

The server authenticates the terminal device based on the authentication key;

The terminal device authenticates the server based on the authentication key.
A data processing method applied to a server, including:

Perform multi-party security calculations based on the server's private key to obtain the authentication key;

Based on the authentication key, the terminal device is authenticated.
The method according to claim 31, wherein the step of authenticating the terminal device comprises:

Compare the calculated authentication key with the preset authentication key;

If they are the same, it is determined that the authentication result of the terminal device is successful.
The method according to claim 31, wherein the step of authenticating the terminal device comprises:

Compare the calculated authentication key with the preset authentication key;

If they are not the same, it is determined that the authentication result of the terminal device is a failure.
A data processing device applied to a server, including:

The calculation unit is used to perform multi-party security calculations based on the server private key to obtain the authentication key;

The authentication unit is used to authenticate the terminal device based on the authentication key.
A server that includes:

Memory, used to store computer instructions;

The processor is configured to execute the computer instructions to implement the method steps according to any one of claims 31 to 33.
A data processing method applied to terminal equipment, including:

Perform multi-party security calculations based on the device private key to obtain the authentication key;

Based on the authentication key, the server is authenticated.
The method according to claim 36, wherein the step of authenticating the server includes:

Compare the calculated authentication key with the preset authentication key;

If they are the same, it is determined that the authentication result of the server is successful.
The method according to claim 36, wherein the step of authenticating the server includes:

Compare the calculated authentication key with the preset authentication key;

If they are not the same, it is determined that the authentication result of the server is a failure.
A data processing device applied to terminal equipment, including:

The calculation unit is used to perform multi-party security calculations based on the device private key to obtain the authentication key;

The authentication unit is used to authenticate the server based on the authentication key.
A terminal device, including:

Memory, used to store computer instructions;

The processor is configured to execute the computer instructions to implement the method steps according to any one of claims 36 to 38.