WO2021068963A1 - 云端服务访问的方法、云端服务器及终端 - Google Patents

云端服务访问的方法、云端服务器及终端 Download PDF

Info

Publication number
WO2021068963A1
WO2021068963A1 PCT/CN2020/120371 CN2020120371W WO2021068963A1 WO 2021068963 A1 WO2021068963 A1 WO 2021068963A1 CN 2020120371 W CN2020120371 W CN 2020120371W WO 2021068963 A1 WO2021068963 A1 WO 2021068963A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
random sequence
terminal
service access
sequence information
Prior art date
Application number
PCT/CN2020/120371
Other languages
English (en)
French (fr)
Inventor
胡伟
Original Assignee
深圳市道通科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市道通科技股份有限公司 filed Critical 深圳市道通科技股份有限公司
Publication of WO2021068963A1 publication Critical patent/WO2021068963A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Definitions

  • This application relates to the field of wireless communication technology, and in particular to a method for accessing cloud services, a cloud server, and a terminal.
  • IC chip
  • OS operating system
  • APP application program
  • the inventor found that the related technology has at least the following problems: once the above-mentioned terminal is cloned and mass-produced, these cloned illegal terminals have the functions of legal terminals, and can smoothly enjoy legal terminals. Such as being able to access cloud services accessible by legal terminals, and because illegal terminals can clone the secret keys of legal terminals to access cloud services, it is now impossible to effectively intercept access to the above illegal terminals, resulting in the misappropriation of cloud services.
  • embodiments of the present invention provide a cloud service access method, a cloud server, and a terminal for effectively intercepting access to illegal terminals and preventing cloud services from being stolen.
  • a method for accessing cloud services is applied to a cloud server, and the method for accessing cloud services includes:
  • the service access request carries the device information and random sequence information of the terminal, and the random sequence information is dynamically generated by the cloud server after successful authentication according to the service access request Update
  • the terminal is controlled to use cloud services.
  • verifying the random sequence information to obtain authentication information includes:
  • the controlling the terminal to use cloud services according to the authentication information includes:
  • the authentication information is the authentication success information, open the terminal to use cloud services;
  • the service access request is rejected.
  • the method further includes:
  • the cloud server includes a register, the register includes an address space for storing a number of random sequence verification information, and the storing of updated random sequence information includes:
  • the updated random sequence information is stored as random sequence verification information in a storage location in the address space where the random sequence verification information is not stored.
  • the address space includes multiple storage locations adjacent to storage addresses, and each of the storage locations is used to store corresponding random sequence verification information.
  • the service access request carries signature data
  • the obtaining of the service access request sent by the terminal includes:
  • a method for accessing a cloud service is applied to a cloud server, and the method for accessing a cloud service includes: obtaining a service access request sent by a terminal, wherein the service The access request carries the device information and random sequence information of the terminal;
  • the random sequence table includes N pieces of random sequence information, the N pieces of random sequence information are sorted according to storage time, and N is greater than or An integer equal to 2;
  • the authentication information is authentication success information
  • a new random sequence information is allocated to the terminal, and the new random sequence information is stored in the first bit in the random sequence table, and the random sequence information is stored in the random sequence table.
  • the random sequence information of the last digit in the sequence list is deleted.
  • the factory random sequence information of the terminal is stored in the random sequence table, and the factory random sequence information is carried in the first service access request sent by the terminal.
  • a method for accessing a cloud service which is applied to a terminal, and the method for accessing a cloud service includes:
  • the cloud service of the cloud server is used.
  • the method before sending the service access request to the cloud server, the method further includes:
  • the updated random sequence information is iterated over the current random sequence information.
  • a method for accessing a cloud service which is applied to a terminal, and the method for accessing a cloud service includes: sending a service including device information and random sequence information of the terminal An access request is made to the cloud server, so that the cloud server verifies the device information and the random sequence information to obtain authentication information when the random sequence information is in the random sequence table corresponding to the device information in the database ,
  • the random sequence table includes N random sequence information, the N random sequence information is sorted according to storage time, N is an integer greater than or equal to 2, and the random sequence information is dynamically updated by the cloud server;
  • the authentication information is the authentication success information
  • the cloud service of the cloud server is used.
  • the factory random sequence information of the terminal is stored in the random sequence table, and the factory random sequence information is carried in the first service access request sent by the terminal.
  • the cloud server includes:
  • At least one processor At least one processor
  • the device can be used to execute the cloud service access method described above.
  • the terminal includes:
  • At least one processor At least one processor
  • At least one read-only memory which is in communication connection with the at least one processor, and is used to store device information
  • At least one random access memory connected to the at least one processor in communication, for storing random sequence information
  • At least one functional memory is communicatively connected to the at least one processor, wherein the functional memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the The at least one processor can be used to execute the cloud service access method described above.
  • the cloud service access method provided by the embodiment of the present invention first obtains a service access request sent by a terminal, wherein the service access request carries the terminal's device information and random sequence information, and the random sequence
  • the information is dynamically updated by the cloud server, and then the acquired device information and random sequence information of the terminal will be verified to obtain authentication information, and then according to the authentication information, the terminal is controlled to use cloud services, thereby Realize effective interception and verification of service access requests from illegal terminals, and prevent cloud services from being misappropriated.
  • FIG. 1 is a schematic diagram of an application environment of an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a communication architecture between a terminal and a cloud server according to an embodiment of the present invention
  • FIG. 3 is a schematic flowchart of a method for accessing a cloud service provided by one of the embodiments of the present invention, and the method is applied to a cloud server;
  • Fig. 4 is a schematic diagram of the flow of S22 in Fig. 3;
  • FIG. 5 is a schematic diagram of the flow of S223 in FIG. 4;
  • FIG. 6 is a schematic flowchart of a method for accessing a cloud service provided by another embodiment of the present invention, and the method is applied to a cloud server;
  • FIG. 7 is a schematic diagram of the flow of S25 in FIG. 6;
  • FIG. 8 is a schematic flowchart of a method for accessing a cloud service provided by another embodiment of the present invention, and the method is applied to a cloud server;
  • FIG. 9 is a schematic flowchart of a method for accessing a cloud service provided by another embodiment of the present invention, and the method is applied to a cloud server;
  • FIG. 10 is a schematic flowchart of a method for accessing a cloud service provided by one of the embodiments of the present invention, and the method is applied to a terminal;
  • FIG. 11 is a schematic flowchart of a method for accessing a cloud service provided by another embodiment of the present invention, and the method is applied to a terminal;
  • FIG. 12 is a schematic flowchart of a method for accessing a cloud service provided by another embodiment of the present invention, and the method is applied to a terminal;
  • Fig. 13 is a schematic structural diagram of a cloud service access device provided by an embodiment of the present invention, and the device runs on a cloud server;
  • FIG. 14 is a schematic structural diagram of a cloud service access device provided by an embodiment of the present invention, and the device runs on a terminal;
  • 15 is a schematic diagram of the hardware structure of a cloud server provided by an embodiment of the present invention.
  • FIG. 16 is a schematic diagram of the hardware structure of a terminal provided by an embodiment of the present invention.
  • the embodiment of the present invention provides a method for accessing a cloud service.
  • the method first obtains a service access request sent by a terminal, wherein the service access request carries device information and random sequence information of the terminal, and the random sequence information It is dynamically updated by the cloud server, and then the acquired device information and random sequence information of the terminal will be verified to obtain authentication information, and then according to the authentication information, the terminal is controlled to use cloud services, thereby achieving Effective interception and verification of service access requests from illegal terminals to prevent cloud services from being stolen.
  • the following examples illustrate the application environment of the cloud service access method.
  • FIG. 1 is a schematic diagram of an application environment of a cloud service access system provided by an embodiment of the present invention; as shown in FIG. 1, the application scenario includes a cloud server 10, a wireless network 20, a terminal 30, and a user 40.
  • the user 40 can operate the terminal 30 to access the cloud server 10 through the wireless network 20.
  • the cloud server 10 may be any type of cloud server in the network connection, such as a network cloud server, etc. After the cloud server 10 communicates with the terminal, the cloud server 10 can provide corresponding business services to the terminal.
  • the cloud server 10 is a hardware device or hardware component for providing computing services.
  • the cloud server 10 includes a controller and a product cloud server connected to the controller.
  • the product cloud server is used to provide business services for the terminal 30.
  • the cloud server is a car diagnostic cloud server.
  • the The product cloud server can provide diagnostic services for the terminal 30.
  • the product cloud server can also be used for data access, that is, the product cloud server can be understood as a memory with the function of storing data.
  • the product cloud server stores device information of multiple terminals, which can then be accessed by accessing the product cloud server. Extract the corresponding device information of the terminal.
  • the controller has logic processing capabilities and is mainly used to provide computer services for the product cloud server, that is, the controller can be understood as the processor of the cloud server, and the controller can execute the cloud service access provided by the embodiment of the present invention. method.
  • the terminal 30 may be any type of smart device used to establish a communication connection with the cloud server 10, such as a mobile phone, a tablet computer, or a smart remote control.
  • the terminal 30 may be equipped with one or more different user 40 interaction devices to collect instructions from the user 40 or display and feedback information to the user 40. These interactive devices include but are not limited to: buttons, display screens, touch screens, speakers, and remote control joysticks.
  • the cloud server 10 and the terminal 30 can also integrate existing image visual processing technologies to further provide more intelligent services.
  • the cloud server 10 may collect images through a dual-lens camera, and the terminal 30 may analyze the images, so as to realize the gesture control of the user 40 on the cloud server 10.
  • the wireless network 20 may be a wireless communication network based on any type of data transmission principle for establishing a data transmission channel between two nodes, such as a Bluetooth network, a WiFi network, a wireless cellular network, or a combination thereof located in different signal frequency bands.
  • the illegal terminal can clone the identity and random sequence information of the legal terminal, the illegal terminal can pass the authentication of the cloud server, and then can access the cloud server. Since multiple illegal terminals can clone the identity and random sequence information of the same legal terminal, the legal rights of legal terminal manufacturers are damaged, and multiple illegal terminals can access the cloud server. By using the method in the embodiment of the present application, the situation that multiple illegal terminals can access the cloud server multiple times can be effectively avoided.
  • Fig. 2 is a communication architecture diagram between a terminal and a cloud server provided by an embodiment of the present invention. The method for accessing the cloud server in the embodiment of the present invention will be described with an example in conjunction with FIG. 2:
  • the terminal 30 first sends a service access request to the cloud server 10, where the service access request carries device information and random sequence information of the terminal 30.
  • the terminal 30 includes a chip (IC), an operating system (OS), and an application program (APP) running in the operating system.
  • a read-only memory (ROM) is used in the IC to store the device information, and the device information is
  • the unique identification (ID) of the terminal 30 uses a flash memory (flash) to store random sequence information (SN), a data read interface is provided in the chip, and the application program reads the unique identification and random sequence information, and the chip provides data writing
  • the incoming interface application program writes new random sequence information to the flash memory. For example, as shown in FIG.
  • the device information (unique identification) of the terminal 30 is 58dda003a
  • the random sequence information is 12345.
  • the application program reads the unique identification 58dda003a and random sequence information 12345 through the read interface in the chip, and then the application uses the RSA algorithm and the public key issued by the cloud server 10 to pair device information 58dda003a, random sequence information 12345, and business data (It may be empty) is encrypted, and then the application establishes a communication connection with the cloud, and then the application sends the device information 58dda003a of the terminal 30 and the random sequence information 12345 to the cloud server 10.
  • the cloud server 10 obtains the service access request sent by the terminal 30.
  • the cloud server 10 includes a verification module, a business service module, and a database 50.
  • the verification module can intercept all service access requests from the terminal 30, and can obtain the device information and random sequence information of the terminal 30 in the service access request. It is also possible to read the database 50 to obtain the terminal 30 information stored in the database 50.
  • the business service module mainly provides business services for the terminal 30 so that it can complete specific business functions. When the terminal 30 leaves the factory, the device information is used as the device verification information and the random sequence information is entered into the database 50 as the random sequence verification information. For example, as shown in Figure 2, a service access request carrying device information 58dda003a and random sequence information 12345 reaches the verification module of the cloud server 10.
  • the verification module obtains the parameters in the service access request. If the acquisition fails, it is considered as Illegal request is directly rejected. If the acquisition is successful, the RSA algorithm and the matching private key are used to decrypt the parameters to obtain the device information 58dda003a and the random sequence information 12345. If the decryption fails, it is considered an illegal request and directly rejected.
  • the cloud server 10 verifies the device information and the random sequence information according to the service access request to obtain authentication information.
  • the verification module obtains the device information 58dda003a from the decrypted data, and uses the device information 58dda003a as a parameter to query the corresponding device verification information in the database 50. If the verification information is not found, the terminal 30 is considered illegal, the authentication failure information is obtained, and the service access is denied Request, if the device verification information 58dda003a is queried, compare the random sequence information 12345 with some random sequence verification information in the database 50. If the database 50 does not contain the corresponding random sequence verification information 12345, the terminal 30 is considered to be illegal and the authentication is obtained Failure information, reject the service access request.
  • the cloud server 10 allows the terminal 30 to access to use the cloud service.
  • the verification module uses the device information 58dda003a as a parameter to query the corresponding device verification information 58dda003a in the database 50, and after comparing the random sequence information 12345 with some random sequence verification information in the database 50, the database 50 contains the corresponding random sequence verification information 12345, it indicates that the verification is successful, the authentication success information is generated, the verification module transparently transmits the service access request, and the service access request carries the business data to the business service module, that is, the terminal 30 is allowed to access to use the corresponding cloud service.
  • the cloud server 10 generates new random sequence information, saves the updated random sequence information, and sends the updated random sequence information to the terminal 30.
  • the verification module After the verification is successful, that is, if the authentication information is authentication success information, the verification module generates new random sequence information and updates the database 50 with the new random sequence information.
  • the new random sequence information is 78954, and the database 50
  • the random sequence information table corresponding to each device information is included in the database.
  • the database can allocate N fields to each random sequence information table to store N random sequence verification information in each random sequence information table. Among them, the random sequence verification information It is used to compare with the random sequence information in the service access request. If it is consistent, it indicates that the random sequence information exists in the database.
  • the random sequence verification in the full text Information can be understood as random sequence information stored in a database.
  • the random sequence information table shown in FIG. 2 the random sequence information table corresponding to the device information of the terminal 30 in the database uses three fields sn1, sn2, and sn3 to store three random sequence verification information.
  • the random sequence information table It may include N random sequence verification information, and N is an integer greater than 2, and N is 3 as an example for illustration.
  • the random sequence verification information is stored in the three fields in the random sequence information table in sequence according to the storage time, that is, the newly generated random sequence verification information is stored in sn1, and the earliest random sequence verification information is stored in sn3. Beware of random sequence verification When the information is stored in the random sequence information table, each random sequence verification information stored in the random sequence information table is sequentially moved to the next field, so that the random sequence verification information in the random sequence information table can be arranged according to the storage time.
  • the verification module of the cloud server 10 writes the generated new random sequence information 78954 as new random verification information 78954 into sn1, and the random sequence in the original sn1 is verified
  • the information 12345 is written into sn2
  • the random sequence verification information 23456 in the original sn2 is written into sn3
  • the random sequence verification information 56789 in the original sn3 is deleted or overwritten to realize the dynamic update of the random sequence verification information.
  • the business service module processes the service access request, it returns the business data and new random sequence information corresponding to the application program to the terminal 30, that is, the random sequence information 78954 in sn1.
  • the terminal 30 receives the updated random sequence information, and replaces the current random sequence information with the updated random sequence information, so as to implement dynamic update with the random sequence information. For example, after the application program of the terminal 30 receives the new random sequence information 78954, it writes the new random sequence information 78954 into the flash memory of the chip through the data writing interface of the chip, overwriting the current random sequence information 12345 , Realize dynamic update with the random sequence information, so that it can be used when the terminal 30 requests a service next time.
  • the current device information and random sequence information in the legal terminal can be used as the device information and random sequence information of each illegal terminal, that is, each illegal terminal
  • the device information of the terminal is the same as the random sequence information.
  • the random sequence information in this batch of illegal terminals is 12345.
  • the random sequence information can be the random sequence information set by the legal terminal when it leaves the factory, or it can be updated by the cloud server after the legal terminal sends a service access request. To the legal terminal.
  • the random sequence information table no longer contains its initial random sequence information 12345, that is, random sequence information. 12345 has been replaced, and other illegal terminals cannot pass the authentication of the cloud server, and thus cannot access the cloud server.
  • the cloud server blocks most of the service access requests of illegal terminals; in another case, in this batch of illegal terminals If different illegal terminals use the random sequence information 12345 to request access to the cloud server, the random sequence information 12345 will be quickly replaced, and since the updated random sequence information is allocated to different illegal terminals, the updated random sequence information will also It will be replaced soon, causing these illegal terminals to be unable to access the cloud server, thereby protecting the access rights of legitimate terminals.
  • Fig. 3 is an embodiment of a method for accessing a cloud service provided by an embodiment of the present invention. As shown in Figure 3, the method for accessing the cloud service can be executed by the cloud server and includes the following steps:
  • the service access request carries device information and random sequence information of the terminal.
  • the device information is the unique identity of the terminal, that is, a terminal corresponds to only one piece of the device information, and the device information is set at the factory, and cannot be changed or replaced later.
  • the device information is stored in a read-only memory (ROM) of the terminal chip.
  • the random sequence information is dynamically updated by the cloud server after successful authentication according to the service access request, and the terminal stores the received random sequence information in a flash memory, where the flash memory
  • the memory is a kind of non-volatile (Non-Volatile) memory, which can retain data for a long time without current supply. Its storage characteristics are equivalent to hard disks. This feature is exactly how flash memory can become a storage medium for various terminals. Foundation. Based on the characteristics of the flash memory, when the terminal receives new random sequence information sent by the cloud server, the terminal can replace or overwrite the current random sequence information with the new random sequence information.
  • the flash memory can be FLASH flash memory, NAND flash memory, NOR flash memory, or the like.
  • the cloud server can extract the corresponding device information and random sequence information of the terminal from the service request.
  • the database of the cloud server stores device verification information and random sequence verification information, and the device information and random sequence information of the terminal can be verified according to the device verification information and random sequence verification information to obtain corresponding authentication information .
  • the authentication information includes authentication success information and authentication failure information.
  • the cloud server When the device information and random sequence information of the terminal are successfully verified, the cloud server generates the authentication success information, and if the authentication information is the authentication success information, the terminal is opened to use the cloud service.
  • the cloud server When the verification of the device information and the random sequence information of the terminal fails, the cloud server generates the authentication failure information, and if the authentication information is the authentication failure information, the service access request is rejected.
  • the embodiment of the present invention provides a method for accessing a cloud service.
  • the method first obtains a service access request sent by a terminal, wherein the service access request carries device information and random sequence information of the terminal, and the random sequence information It is dynamically updated by the cloud server, and then the acquired device information and random sequence information of the terminal will be verified to obtain authentication information, and then according to the authentication information, the terminal is controlled to use cloud services, thereby achieving Effective interception and verification of service access requests from illegal terminals to prevent cloud services from being stolen.
  • S22 further includes the following steps:
  • the cloud server stores unique device verification information corresponding to legal terminals, that is, each legal terminal pre-stores corresponding and unique device verification information in the cloud server.
  • the database of the cloud server may be accessed to extract a device verification information list, and the device verification information list includes the multiple pieces of device verification information.
  • each legitimate terminal stores a corresponding and unique piece of device verification information on the cloud server, and the device information of each legitimate terminal is the same as the corresponding device verification information stored in the cloud server. the same.
  • the device information of the legal terminal is 58dda003a
  • the device verification information corresponding to the legal terminal is also 58dda003a.
  • the device information of the terminal carried in the obtained service access request is compared with multiple device verification information in the device verification information list extracted from the cloud server database. If the device verification information list is If a certain piece of device verification information in is the same as the device information of the terminal carried in the obtained service access request, the comparison is successful. If all the device verification information in the device verification information list are not the same as the device information of the terminal carried in the obtained service access request, the comparison fails.
  • the comparison fails, indicating that all the device verification information in the device verification information list is different from the device information of the terminal carried in the obtained service access request, it is determined that the terminal is an illegal terminal, Without the right to use the cloud service, the service access request is directly rejected, resulting in the illegal terminal being unable to access the cloud server and thus unable to use the corresponding cloud service.
  • S223 includes the following steps:
  • each legitimate terminal stores a number of corresponding random sequence verification information in the cloud server.
  • the random sequence information stored in the legitimate terminal is the same as one of the random sequence verification information stored in the cloud server. .
  • the device information of the terminal carried in the service access request is the same as one of the device verification information in the device verification information list.
  • the device information of the terminal extracts corresponding pieces of random sequence verification information.
  • S2232 Perform comparison processing between the random sequence verification information and the random sequence information.
  • the random sequence information carried in the service access request is respectively compared with a plurality of corresponding random sequence verification information.
  • the comparison is successful. If the random sequence information carried in the service access request is different from all the random sequence verification information in the corresponding plurality of random sequence verification information, the comparison fails.
  • the authentication information includes authentication success information and authentication failure information. If the comparison is successful, the authentication success information is generated correspondingly. If the comparison fails, the authentication failure information is generated correspondingly.
  • the generated authentication information is authentication success information
  • the terminal that issued the service access request is a legal terminal and is entitled to legally use the cloud service
  • the service access request is transparently transmitted so that the legal terminal can access the service.
  • the generated authentication information is authentication failure information
  • the method further includes the following steps:
  • the cloud server randomly generates new random sequence information, and replaces or overwrites the current information in the acquired service access request with the new random sequence information. Random sequence information to update the random sequence information.
  • the random sequence information may be pre-stored in the register of the cloud server.
  • S25 Save the updated random sequence information, and send the updated random sequence information to the terminal, so that the terminal iterates the updated random sequence information to the current random sequence information.
  • the cloud server includes a register
  • the register includes an address space for storing a number of random sequence information
  • the updated random sequence information is stored in the address space.
  • the generated new random sequence information that is, the updated random sequence information
  • the terminal After the terminal obtains the updated random sequence information, the terminal iterates the updated random sequence information to the current Random sequence information stored in flash memory,
  • the terminal Since each time the terminal successfully accesses the cloud server, the terminal replaces or overwrites the current random sequence information with the updated random sequence information, so that the random sequence information in the terminal keeps changing and updating continuously, even if the terminal is running on
  • the application in the terminal or the SDK on which the application depends is brute force cracked to realize the copy or clone of the overall function of the terminal. Since the random sequence information in the terminal is fixed after copying or cloning, the terminal after copying or cloning cannot Successfully connected to the cloud server.
  • S25 includes the following steps:
  • S251 Synchronize shift processing of several random sequence verification information stored in the address space in the address space.
  • the address space includes multiple storage locations adjacent to storage addresses, and each of the storage locations is used to store corresponding random sequence verification information, and the cloud server can search through the storage address. Go to the corresponding storage location, and then read the random sequence verification information in the storage location.
  • the address space includes three storage locations A, storage location B, and storage location C.
  • Storage location A stores random sequence verification information 12535
  • storage location B stores random sequence verification information 13654
  • storage location C stores random sequence verification information 12535. Random sequence verification information 15665 is stored.
  • the storage location A corresponds to the storage address a
  • the storage location B corresponds to the storage address b
  • the storage location C corresponds to the storage address c.
  • the cloud server can find the corresponding storage location A through the storage address a, and then the storage location can be read.
  • the random sequence verification information in A is 12535.
  • the random sequence verification information in the previous storage location is shifted to the random sequence verification information in the subsequent storage location.
  • the random sequence verification information 12535 in the storage location A corresponding to the storage address a is shifted to the storage location B corresponding to the storage address b
  • the random sequence verification information 13654 in the storage location B corresponding to the storage address b is shifted To the storage location C corresponding to the storage address c.
  • the address space includes only three storage locations A, storage location B, and storage location C
  • the random sequence verification information 12535 in storage location A corresponding to storage address a is shifted to storage address b
  • the random sequence verification information 13654 in the storage location B corresponding to the storage address b is shifted to the storage location C corresponding to the storage address c
  • the storage location C corresponding to the storage address c is the last one
  • the random sequence verification information 15665 in the storage location C cannot be shifted, it overflows the address space, and the random sequence verification information 15665 that overflows the address space is deleted.
  • S253 Save the updated random sequence information as random sequence verification information in a storage location in the address space where the random sequence verification information is not stored.
  • the address space includes only three storage locations A, storage location B, and storage location C
  • the random sequence verification information 12535 in storage location A corresponding to storage address a is shifted to storage address b
  • the random sequence verification information 13654 in the storage location B corresponding to the storage address b is shifted to the storage location C corresponding to the storage address c
  • the storage location B is shifted to the storage address b.
  • the updated random sequence information can be stored in the current storage as the random sequence verification information In the storage location A corresponding to the address a.
  • the method further includes the following steps:
  • S31 Use the private key of the cloud server to decrypt the signature data.
  • the service access request carries signature data.
  • the signature data is obtained by encrypting the device information and random sequence information by the terminal using the public key of the cloud server. Specifically, before the terminal sends the service access request, it first uses the RSA encryption algorithm and the supporting public key to encrypt the data for the service access request. After the cloud server obtains the service access request, it uses the corresponding algorithm and the supporting private key to perform Decryption, which can prevent hackers from brute force attacks on the cloud server.
  • the cloud server uses the corresponding algorithm and the supporting private key to successfully decrypt it, and then responds to the service access request, that is, continues to verify the device of the terminal according to the service access request Information and random sequence information to obtain authentication information.
  • the cloud server obtains the service access request and fails to decrypt using the corresponding algorithm and the supporting private key, it indicates that the terminal is not a legitimate terminal, and the service request information sent by the terminal is rejected.
  • FIG. 9 is an embodiment of a method for accessing a cloud service provided by another embodiment of the present invention. As shown in Figure 9, the method for accessing the cloud service can be executed by the cloud server and includes the following steps:
  • S41 Obtain a service access request sent by a terminal, where the service access request carries device information and random sequence information of the terminal.
  • the random sequence table stores factory random sequence information of the terminal, and the factory random sequence information is carried in the first service access request sent by the terminal.
  • S42 Determine whether the random sequence information is in the random sequence table corresponding to the device information in the database, the random sequence table includes N pieces of random sequence information, and the N pieces of random sequence information are sorted according to storage time, and N is An integer greater than or equal to 2.
  • the obtained device information is used as a parameter to query several device information in the database. If it is not queried, the terminal is considered illegal, authentication failure information is generated, and the service access request is rejected. If several pieces of equipment in the database are queried If the device information is consistent with the device information of the terminal, continue to compare several random sequence information in the random sequence table with the random sequence information of the terminal. If the random sequence table does not contain the random sequence information of the corresponding terminal, the terminal is considered illegal , Get the authentication failure information, and reject the service access request.
  • the random sequence table contains the random sequence information of the corresponding terminal, then Indicates that the verification is successful, and the authentication success message is generated.
  • FIG. 10 is a schematic flowchart of a method for accessing a cloud service provided by an embodiment of the present application. The method may be executed by the terminal in FIG. 1 and includes the following steps:
  • S51 Send a service access request to a cloud server, so that the cloud server verifies the device information and random sequence information of the terminal according to the service access request to obtain authentication information.
  • the service access request carries device information and random sequence information of the terminal, and the random sequence information is dynamically updated by the cloud server after successful authentication according to the service access request.
  • the device information is the unique identity of the terminal, that is, one terminal corresponds to only one piece of the device information, and the device information is set at the factory, and cannot be changed or replaced later.
  • the device information is stored in the read-only memory (ROM) of the terminal chip.
  • the random sequence information is dynamically updated by the cloud server, and the terminal stores the received random sequence information in a flash memory, where the flash memory is a non-volatile (Non-Volatile) memory , It can retain data for a long time without current supply.
  • Its storage characteristic is equivalent to that of a hard disk. This characteristic is the basis for flash memory to become a storage medium for various terminals. Based on the characteristics of the flash memory, when the terminal receives new random sequence information sent by the cloud server, the terminal can replace or overwrite the current random sequence information with the new random sequence information.
  • the cloud server can extract the corresponding device information and random sequence information of the terminal from the service request.
  • the database of the cloud server stores device verification information and random sequence verification information, and the device information and random sequence information of the terminal can be verified according to the device verification information and random sequence verification information to obtain corresponding authentication information .
  • the authentication information includes authentication success information and authentication failure information.
  • the cloud server When the device information and random sequence information of the terminal are successfully verified, the cloud server generates the authentication success information, and if the authentication information is the authentication success information, the terminal is opened to use the cloud service.
  • the cloud server When the verification of the device information and the random sequence information of the terminal fails, the cloud server generates the authentication failure information, and if the authentication information is the authentication failure information, the service access request is rejected.
  • the method further includes the following steps:
  • the terminal Before the terminal sends the service access request, it first uses the RSA encryption algorithm and the supporting public key to encrypt the data for the service access request. After the cloud server obtains the service access request, it uses the corresponding algorithm and the supporting private key to perform Decryption, which can prevent hackers from brute force attacks on the cloud server.
  • the cloud server uses the corresponding algorithm and the supporting private key to successfully decrypt it, and then responds to the service access request, that is, continues to verify the device of the terminal according to the service access request Information and random sequence information to obtain authentication information.
  • the cloud server obtains the service access request and fails to decrypt using the corresponding algorithm and the supporting private key, it indicates that the terminal is not a legitimate terminal, and the service request information sent by the terminal is rejected.
  • the method further includes the following steps:
  • the random sequence information is dynamically updated by the cloud server, and the terminal stores the received random sequence information in a flash memory, and the flash memory is a non-volatile (N characteristic is equivalent to hard disk This feature is the basis for the flash memory to become the storage medium of various terminals. Based on the characteristics of the flash memory, when the terminal receives the new random sequence information sent by the cloud server, the terminal can store the current random sequence information. The sequence information is iterated to the updated random sequence information.
  • FIG. 12 is a schematic flowchart of a method for accessing a cloud service provided by an embodiment of the present application. The method may be executed by the terminal in FIG. 1, and includes the following steps:
  • the random sequence table includes N pieces of random sequence information, the N pieces of random sequence information are sorted according to storage time, and N is an integer greater than or equal to 2.
  • the obtained device information is used as a parameter to query several device information in the database. If it is not queried, the terminal is considered illegal, authentication failure information is generated, and the service access request is rejected. If several pieces of equipment in the database are queried If the device information is consistent with the device information of the terminal, continue to compare several random sequence information in the random sequence table with the random sequence information of the terminal. If the random sequence table does not contain the random sequence information of the corresponding terminal, the terminal is considered illegal , Get the authentication failure information, and reject the service access request.
  • the device information of the terminal is used as a parameter to query the corresponding device verification information in the database, and after comparing the random sequence information of the terminal with some random sequence information in the random sequence table, the random sequence table contains the random sequence information of the corresponding terminal, then It indicates that the verification is successful, and authentication success information is generated, so that the cloud service of the cloud server can be used legally.
  • the embodiments of the present application provide a cloud service access device 50.
  • the cloud service access device is applied to a cloud server.
  • the cloud service access device 50 includes: a service access request obtaining module 51, a verification module 52 and a control module 53.
  • the service access request obtaining module 51 is configured to obtain a service access request sent by a terminal, wherein the service access request carries the terminal equipment information and random sequence information, and the random sequence information is determined by the cloud server according to the The service access request is dynamically updated after successful authentication.
  • the verification module 52 is configured to verify the device information and random sequence information of the terminal according to the service access request to obtain authentication information.
  • the control module 53 is configured to control the terminal to use cloud services according to the authentication information.
  • the control module is specifically configured to allow the terminal to use the cloud service if the authentication information is the authentication success information; if the authentication information is the authentication failure information, reject the service access request.
  • the service access request by first acquiring the service access request sent by the terminal, the service access request carries the terminal’s device information and random sequence information, and the random sequence information is determined by the cloud server according to the The service access request is dynamically updated after successful authentication, and then the obtained device information and random sequence information of the terminal are verified to obtain authentication information, and then the use of the illegal terminal is controlled according to the authentication information Cloud services, thereby realizing effective interception and verification of terminal service access requests, and preventing cloud services from being misappropriated.
  • the cloud service access device 50 further includes an update module 54 and an iteration module 55.
  • the update module 54 is used to update the random sequence information.
  • the iteration module 55 is configured to save the updated random sequence information, and send the updated random sequence information to the terminal, so that the terminal iterates the updated random sequence information to the current random sequence information. Sequence information.
  • the iteration module 55 includes a shift unit, a deletion unit, and a storage unit; the shift unit is used to synchronize a number of random sequence verification information stored in the address space for shift processing in the address space.
  • the cloud server includes a register, and the register includes an address space for storing a number of random sequence verification information.
  • the address space includes a plurality of storage locations adjacent to storage addresses, and each of the storage locations is used to store corresponding random sequence verification information.
  • the deleting unit is used to delete the random sequence verification information overflowing the address space.
  • the storage unit is configured to store the updated random sequence information as random sequence verification information in a storage location in the address space where the random sequence verification information is not stored.
  • the cloud service access device 50 further includes an encryption module 56 for decrypting the signature data using the private key of the cloud server, wherein the signature data is used by the terminal.
  • the public key of the cloud server is obtained by encrypting the device information and random sequence information.
  • the encryption module 56 is specifically configured to respond to the service access request sent by the terminal when the signature data is successfully decrypted. When the decryption of the signature data fails, the service access request sent by the terminal is rejected.
  • the embodiments of the present application provide a cloud service access device 60.
  • the cloud service access device is applied to a terminal.
  • the cloud service access device 60 includes: a service access request sending module 61 and a service obtaining module 62.
  • the service access request sending module 61 is configured to send a service access request to a cloud server, so that the cloud server verifies the device information and random sequence information of the terminal according to the service access request to obtain authentication information, where:
  • the service access request carries device information and random sequence information of the terminal, and the random sequence information is dynamically updated by the cloud server
  • the obtaining service module 62 is configured to use the cloud service of the cloud server when the authentication information is the authentication success information.
  • the cloud service access device 60 further includes an encryption module 63 configured to use the public key of the cloud server to sign the service access request to obtain the signature data, wherein: The signature data is encapsulated in the service access request.
  • FIG. 15 is a structural block diagram of a cloud server 10 provided by an embodiment of the present invention.
  • the cloud server 10 may include: a processor 110, a memory 120, and a communication module 130.
  • the processor 110, the memory 120, and the communication module 130 establish a communication connection between any two through a bus.
  • the processor 110 may be of any type, and has one or more processing cores. It can perform single-threaded or multi-threaded operations, and is used to parse instructions to perform operations such as obtaining data, performing logical operation functions, and issuing operation processing results.
  • the memory 120 can be used to store non-transitory software programs, non-transitory computer-executable programs and modules, such as program instructions corresponding to the cloud service access method in the embodiment of the present invention /Module (for example, the service access request acquisition module 51, the verification module 52, the control module 53, the update module 54, the iteration module 55, and the encryption module 56 shown in FIG. 13).
  • the processor 110 executes various functional applications and data processing of the cloud service access device 50 by running the non-transitory software programs, instructions, and modules stored in the memory 120, that is, implements the cloud service access in any of the foregoing method embodiments. method.
  • the memory 120 may include a storage program area and a storage data area.
  • the storage program area may store an operating system and an application program required by at least one function; the storage data area may store data created according to the use of the cloud service access device 50 and the like.
  • the memory 120 may include a high-speed random access memory, and may also include a non-transitory memory, such as at least one magnetic disk storage device, a flash memory device, or other non-transitory solid-state storage devices.
  • the storage 120 may optionally include storage remotely provided with respect to the processor 110, and these remote storages may be connected to the cloud server 10 via a network. Examples of the aforementioned networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.
  • the memory 120 stores instructions that can be executed by the at least one processor 110; the at least one processor 110 is configured to execute the instructions to implement the cloud service access method in any of the foregoing method embodiments, for example, execute The method steps 21, 22, 23, etc. described above realize the functions of the modules 51-56 in FIG. 13.
  • the communication module 130 is a functional module used to establish a communication connection and provide a physical channel.
  • the communication module 130 may be any type of wireless or wired communication module 130, including but not limited to a WiFi module or a Bluetooth module.
  • FIG. 16 is a structural block diagram of a terminal 30 provided by an embodiment of the present invention.
  • the terminal 30 may include: at least one processor 310, at least one read-only memory 320, at least one random access memory 330, at least one functional memory 340, and a communication module 350.
  • the read-only memory 320 is communicatively connected with the processor and is used for storing device information;
  • the random access memory 330 is communicatively connected with the processor and is used for storing random sequence information;
  • the functional memory 340 is communicatively connected with the processor .
  • the read-only memory 320 can be a read-only memory (ROM), wherein the random access memory 330 can be a flash memory, and the flash memory is a non-volatile (Non-Volatile) memory. It can also retain data for a long time under the conditions of, and its storage characteristic is equivalent to that of a hard disk. This characteristic is the basis for flash memory to become a storage medium for various terminals.
  • ROM read-only memory
  • the random access memory 330 can be a flash memory
  • the flash memory is a non-volatile (Non-Volatile) memory. It can also retain data for a long time under the conditions of, and its storage characteristic is equivalent to that of a hard disk. This characteristic is the basis for flash memory to become a storage medium for various terminals.
  • the processor 310 may be of any type, and has one or more processing cores. It can perform single-threaded or multi-threaded operations, and is used to parse instructions to perform operations such as obtaining data, performing logical operation functions, and issuing operation processing results.
  • the functional memory 340 can be used to store non-transitory software programs, non-transitory computer-executable programs and modules, such as the corresponding cloud service access method in the embodiment of the present invention
  • Program instructions/modules for example, the service access request sending module 61, the service acquisition module 62, and the encryption module 63 shown in FIG. 14
  • the processor 310 executes various functional applications and data processing of the cloud service access device 60 by running the non-transitory software programs, instructions, and modules stored in the memory 320, that is, implements the cloud service access in any of the foregoing method embodiments. method.
  • the function memory 340 may include a storage program area and a storage data area, where the storage program area may store an operating system and an application program required by at least one function; the storage data area may store information created based on the use of the cloud service access device 60 Data etc.
  • the functional memory 340 may include a high-speed random access memory, and may also include a non-transitory memory, such as at least one magnetic disk storage device, a flash memory device, or other non-transitory solid-state storage devices.
  • the functional storage 340 may optionally include storage remotely arranged relative to the processor 310, and these remote storages may be connected to the cloud server 10 via a network. Examples of the aforementioned networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.
  • the functional memory 340 stores instructions that can be executed by the at least one processor 310; the at least one processor 310 is configured to execute the instructions to implement the cloud service access method in any of the foregoing method embodiments, for example, The method steps 41, 42, 43, 44 and so on described above are executed to realize the functions of the modules 61-63 in FIG. 14.
  • the communication module 350 is a functional module used to establish a communication connection and provide a physical channel.
  • the communication module 350 may be any type of wireless or wired communication module 350, including but not limited to a WiFi module or a Bluetooth module.
  • the embodiment of the present invention also provides a non-transitory computer-readable storage medium, the non-transitory computer-readable storage medium stores computer-executable instructions, and the computer-executable instructions are executed by one or more processors.
  • 110 is executed, for example, executed by one of the processors 110 in FIG. 15, so that the above-mentioned one or more processors 110 may execute the cloud service access method in any of the above-mentioned method embodiments, for example, execute the above-described method steps 21 and 22 , 23 and so on, realize the functions of modules 51-56 in Figure 13.
  • the embodiment of the present invention also provides a non-transitory computer-readable storage medium, the non-transitory computer-readable storage medium stores computer-executable instructions, and the computer-executable instructions are executed by one or more processors.
  • 310 is executed, for example, executed by one of the processors 310 in FIG. 16, so that the above-mentioned one or more processors 310 can execute the cloud service access method in any of the above-mentioned method embodiments, for example, execute the above-described method steps 41 and 42 , 43, 44, etc., realize the functions of modules 61-63 in Figure 14.
  • the device embodiments described above are merely illustrative.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in One place, or it can be distributed to multiple network units. Some or all of the modules can be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • each implementation manner can be implemented by means of software plus a general hardware platform, and of course, it can also be implemented by hardware.
  • a person of ordinary skill in the art can understand that all or part of the processes in the methods of the foregoing embodiments can be implemented by instructing relevant hardware by a computer program in a computer program product.
  • the computer program can be stored in a non-transitory computer.
  • the computer program includes program instructions, and when the program instructions are executed by a related device, the related device can execute the flow of the foregoing method embodiments.
  • the storage medium may be a magnetic disk, an optical disc, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM), etc.
  • the above-mentioned products can execute the cloud service access method provided by the embodiment of the present invention, and have corresponding functional modules and beneficial effects for the cloud service access method.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本发明实施例涉及一种云端服务访问方法、云端服务器及终端。上述方法包括:首先获取终端发送的服务访问请求,其中服务访问请求携带终端的设备信息及随机序列信息,所述随机序列信息由所述云端服务器在根据所述服务访问请求进行鉴权成功后动态更新,然后将对获取到的终端的设备信息及随机序列信息进行验证,得到鉴权信息,进而根据鉴权信息,控制终端使用云端服务,从而实现对非法终端的服务访问请求的有效拦截和验证,防止云服务被盗用。

Description

云端服务访问的方法、云端服务器及终端
本申请要求于2019年10月12日提交中国专利局、申请号为201910969855.8、申请名称为“云端服务访问的方法、云端服务器及终端”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请涉及无线通信技术领域,尤其涉及一种云端服务访问的方法、云端服务器及终端。
背景技术
目前,智能物联网设备已经相当普及,智慧家居、智慧停车、智能跑步机、智能诊断等等各种业务场景都已经开始使用大量的终端直接调用云端服务来实现相应的业务功能。而大多数终端主要是由能够完成特殊功能的芯片(IC)、操作系统(OS)以及运行在操作系统中的应用程序(APP)组成。
在实现本发明的过程中,发明人发现相关技术至少存在以下问题:上述终端一旦被克隆并且被批量生产后,这些克隆后的非法终端具备合法终端所具备的功能,进而能顺利的享受合法终端的合法权益,如能够访问合法终端可访问的云服务,而由于非法终端能够克隆合法终端的访问云服务的秘钥,现在无法对上述非法终端的访问进行有效拦截,造成了云服务的盗用。
发明内容
为了解决上述技术问题,本发明实施例提供一种对非法终端的访问进行有效拦截,防止云服务被盗用的云端服务访问的方法、云端服务器及终端。
为解决上述技术问题,本发明实施例提供以下技术方案:一种云端服务访问的方法,应用于云端服务器,所述云端服务访问的方法包括:
获取终端发送的服务访问请求,其中,所述服务访问请求携带所述终端的设备信息及随机序列信息,所述随机序列信息由所述云端服务器在根据所述服务访问请求进行鉴权成功后动态更新;
根据所述服务访问请求,验证所述终端的设备信息及随机序列信息,得到鉴权信息;
根据所述鉴权信息,控制所述终端使用云端服务。
可选地,
获取预存储的设备验证信息;
将所述设备验证信息与所述设备信息进行比对处理;
若比对成功,验证所述随机序列信息,得到鉴权信息;
若比对失败,拒绝所述服务访问请求。
可选地,所述若比对成功,验证所述随机序列信息,得到鉴权信息,包括:
获取随机序列验证信息;
将所述随机序列验证信息与所述随机序列信息进行比对处理;
若比对成功,得到鉴权成功信息;
若比对失败,得到鉴权失败信息。
可选地,所述根据所述鉴权信息,控制所述终端使用云端服务,包括:
若所述鉴权信息为所述鉴权成功信息,开放所述终端使用云端服务;
若所述鉴权信息为所述鉴权失败信息,拒绝所述服务访问请求。
可选地,若所述鉴权信息为鉴权成功信息,即鉴权成功后,所述方法还包括:
更新所述随机序列信息;
保存所述更新后的随机序列信息,并发送所述更新后的随机序列信息至所述终端,以使所述终端将所述更新后的随机序列信息迭代当前的随机序列信息。
可选地,所述云端服务器包括寄存器,所述寄存器包括用于存储若干随机序列验证信息的地址空间,所述保存更新后的随机序列信息包括:
将存储在所述地址空间下的若干随机序列验证信息在所述地址空间同步作移位处理;
删除溢出所述地址空间的随机序列验证信息;
将更新后的随机序列信息作为随机序列验证信息保存在所述地址空间下未存储有所述随机序列验证信息的存储位置中。
可选地,所述地址空间包括存储地址相邻的多个存储位置,每个所述存储位置皆用于存储相应的随机序列验证信息。
可选地,所述服务访问请求携带签名数据,所述获取终端发送的服务访问请求,包括:
使用所述云端服务器的私钥解密所述签名数据,其中,所述签名数据由所述终端使用所述云端服务器的公钥对所述设备信息及随机序列信息作加密处理而得到;
当解密所述签名数据成功时,响应终端发送的服务访问请求;
当解密所述签名数据失败时,拒绝终端发送的服务访问请求。
为解决上述技术问题,本发明实施例提供以下技术方案:一种云端服务访问的方法,应用于云端服务器,所述云端服务访问的方法包括:获取终端发送的服务访问请求,其中,所述服务访问请求携带所述终端的设备信息及随机序列信息;
判断所述随机序列信息是否在数据库中的所述设备信息对应的随机序列表中,所述随机序列表包括N个随机序列信息,所述N个随机序列信息按照存储时间排序,N为大于或等于2的整数;
若是,验证所述设备信息及所述随机序列信息,得到鉴权信息;
若鉴权信息为鉴权成功信息,则为所述终端分配一个新的随机序列信息, 并将所述新的随机序列信息存储至所述随机序列表中的第一位,并将所述随机序列表中的最后一位的随机序列信息删除。
可选地,所述随机序列表中存储有所述终端的出厂随机序列信息,所述出厂随机序列信息携带在所述终端发送的第一次服务访问请求中。
为解决上述技术问题,本发明实施例提供以下技术方案:一种云端服务访问的方法,应用于终端,所述云端服务访问的方法包括:
发送服务访问请求至云端服务器,以使所述云端服务器根据所述服务访问请求,验证所述终端的设备信息及随机序列信息,得到鉴权信息,其中,所述服务访问请求携带所述终端的设备信息及随机序列信息,所述随机序列信息由所述云端服务器动态更新;
当所述鉴权信息为所述鉴权成功信息时,使用所述云端服务器的云端服务。
可选地,在发送服务访问请求至云端服务器之前,所述方法还包括:
使用所述云端服务器的公钥对所述服务访问请求作签名处理,得到所述签名数据;
将所述签名数据封装于所述服务访问请求中。
可选地,接收所述云端服务器发送的更新后的随机序列信息;
将所述更新后的随机序列信息迭代当前的随机序列信息。
为解决上述技术问题,本发明实施例提供以下技术方案:一种云端服务访问的方法,应用于终端,所述云端服务访问的方法包括:发送包含所述终端的设备信息及随机序列信息的服务访问请求至云端服务器,以使所述云端服务器当所述随机序列信息在数据库中的所述设备信息对应的随机序列表中时,验证所述设备信息及所述随机序列信息,得到鉴权信息,其中,所述随机序列表包括N个随机序列信息,所述N个随机序列信息按照存储时间排序,N为大于或等于2的整数,所述随机序列信息由所述云端服务器动态更新;当所述鉴权信息为所述鉴权成功信息时,使用所述云端服务器的云端服务。
可选地,所述随机序列表中存储有所述终端的出厂随机序列信息,所述出厂随机序列信息携带在所述终端发送的第一次服务访问请求中。
为解决上述技术问题,本发明实施例还提供以下技术方案:一种云端服务器。所述云端服务器包括:
至少一个处理器;以及
与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够用于执行如上所述的云端服务访问方法。
为解决上述技术问题,本发明实施例还提供以下技术方案:一种终端。所述终端包括:
至少一个处理器;
至少一个只读存储器,与所述至少一个处理器通信连接,用于存储设备信 息;
至少一个随机存储器,与所述至少一个处理器通信连接,用于存储随机序列信息;以及,
至少一个功能存储器,与所述至少一个处理器通信连接,其中,所述功能存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够用于执行如上所述的云端服务访问方法。
与现有技术相比较,本发明实施例的提供的云端服务访问方法首先通过获取终端发送的服务访问请求,其中所述服务访问请求携带所述终端的设备信息及随机序列信息,所述随机序列信息由所述云端服务器动态更新,然后将对获取到的所述终端的设备信息及随机序列信息进行验证,得到鉴权信息,进而根据所述鉴权信息,控制所述终端使用云端服务,从而实现对非法终端的服务访问请求的有效拦截和验证,防止云服务被盗用。
附图说明
一个或多个实施例通过与之对应的附图中的图片进行示例性说明,这些示例性说明并不构成对实施例的限定,附图中具有相同参考数字标号的元件表示为类似的元件,除非有特别申明,附图中的图不构成比例限制。
图1为本发明实施例的应用环境示意图;
图2为本发明实施例的终端与云端服务器的通信架构示意图;
图3为本发明其中一实施例提供的云端服务访问的方法的流程示意图,该方法应用于云端服务器;
图4是图3中S22的流程示意图;
图5是图4中S223的流程示意图;
图6为本发明另一实施例提供的云端服务访问的方法的流程示意图,该方法应用于云端服务器;
图7是图6中S25的流程示意图;
图8为本发明又一实施例提供的云端服务访问的方法的流程示意图,该方法应用于云端服务器;
图9为本发明再一实施例提供的云端服务访问的方法的流程示意图,该方法应用于云端服务器;
图10为本发明其中一实施例提供的云端服务访问的方法的流程示意图,该方法应用于终端;
图11为本发明另一实施例提供的云端服务访问的方法的流程示意图,该方法应用于终端;
图12为本发明又一实施例提供的云端服务访问的方法的流程示意图,该方法应用于终端;
图13是本发明实施例提供的一种云端服务访问装置的结构示意图,该装 置运行于云端服务器;
图14是本发明实施例提供的一种云端服务访问装置的结构示意图,该装置运行于终端;
图15是本发明实施例提供的一种云端服务器的硬件结构示意图;
图16是本发明实施例提供的一种终端的硬件结构示意图。
具体实施方式
为了便于理解本发明,下面结合附图和具体实施例,对本发明进行更详细的说明。需要说明的是,当元件被表述“固定于”另一个元件,它可以直接在另一个元件上、或者其间可以存在一个或多个居中的元件。当一个元件被表述“连接”另一个元件,它可以是直接连接到另一个元件、或者其间可以存在一个或多个居中的元件。本说明书所使用的术语“上”、“下”、“内”、“外”、“底部”等指示的方位或位置关系为基于附图所示的方位或位置关系,仅是为了便于描述本发明和简化描述,而不是指示或暗示所指的装置或元件必须具有特定的方位、以特定的方位构造和操作,因此不能理解为对本发明的限制。此外,术语“第一”、“第二”“第三”等仅用于描述目的,而不能理解为指示或暗示相对重要性。
除非另有定义,本说明书所使用的所有的技术和科学术语与属于本发明的技术领域的技术人员通常理解的含义相同。本说明书中在本发明的说明书中所使用的术语只是为了描述具体的实施例的目的,不是用于限制本发明。本说明书所使用的术语“和/或”包括一个或多个相关的所列项目的任意的和所有的组合。
此外,下面所描述的本发明不同实施例中所涉及的技术特征只要彼此之间未构成冲突就可以相互结合。
本发明实施例提供了一种云端服务访问的方法,所述方法首先通过获取终端发送的服务访问请求,其中所述服务访问请求携带所述终端的设备信息及随机序列信息,所述随机序列信息由所述云端服务器动态更新,然后将对获取到的所述终端的设备信息及随机序列信息进行验证,得到鉴权信息,进而根据所述鉴权信息,控制所述终端使用云端服务,从而实现对非法终端的服务访问请求的有效拦截和验证,防止云服务被盗用。
以下举例说明所述云端服务访问的方法的应用环境。
图1是本发明实施例提供的云端服务访问系统的应用环境的示意图;如图1所示,所述应用场景包括云端服务器10、无线网络20、终端30以及用户40。用户40可操作终端30通过无线网络20访问所述云端服务器10。
云端服务器10可以是网络连接中的任意类型的云端服务器,比如:网络云端服务器等等,当云端服务器10与终端进行通信连接后,云端服务器10便可对终端提供相应的业务服务。
具体地,所述云端服务器10为用于提供计算服务的硬件设备或硬件组件。 在本实施例中,云端服务器10包括控制器及与控制器连接的产品云端服务器,产品云端服务器用于为终端30提供业务服务,例如所述云端服务器为汽车诊断云端服务器,对应地,所述产品云端服务器可为终端30提供诊断服务。产品云端服务器还可以用于数据存取,也即可以将产品云端服务器理解为具有存储数据功能的存储器,例如所述产品云端服务器内存储有多个终端的设备信息,进而可通过访问产品云端服务器提取所述终端的对应的设备信息。具体地,控制器具有逻辑处理能力,主要用于为产品云端服务器提供计算机服务,也即可以将控制器理解为云端服务器的处理器,所述控制器能够执行本发明实施例提供的云端服务访问方法。
终端30可以是任何类型,用以与云端服务器10建立通信连接的智能装置,例如手机、平板电脑或者智能遥控器等。该终端30可以装配有一种或者多种不同的用户40交互装置,用以采集用户40指令或者向用户40展示和反馈信息。这些交互装置包括但不限于:按键、显示屏、触摸屏、扬声器以及遥控操作杆。在一些实施例中,云端服务器10与终端30之间还可以融合现有的图像视觉处理技术,进一步的提供更智能化的服务。例如云端服务器10可以通过双光相机采集图像的方式,由终端30对图像进行解析,从而实现用户40对于云端服务器10的手势控制。
无线网络20可以是基于任何类型的数据传输原理,用于建立两个节点之间的数据传输信道的无线通信网络,例如位于不同信号频段的蓝牙网络、WiFi网络、无线蜂窝网络或者其结合。
通常,由于非法终端可以克隆合法终端的身份标识和随机序列信息,则非法终端可以通过云端服务器的鉴权,进而能够访问云端服务器。由于,多个非法终端可以克隆同一个合法终端的身份标识和随机序列信息,则损害了合法终端制造商的合法权益,致使多个非法终端均能够访问云端服务器。而利用本申请实施例中的方法,则可以有效避免多个非法终端能够多次访问云端服务器的情况。
图2为本发明实施例提供的终端与云端服务器的通信架构图。并结合图2对本发明实施例中的访问云端服务器的方法进行举例描述:
1、终端30首先发送服务访问请求至云端服务器10,其中,所述服务访问请求携带所述终端30的设备信息及随机序列信息。所述终端30包含芯片(IC)、操作系统(OS)及运行在操作系统中的应用程序(APP),在IC中使用一块只读存储器(ROM)存储所述设备信息,所述设备信息为终端30的唯一身份标识(ID),使用一块闪存存储器(flash)存储随机序列信息(SN),芯片中提供数据读取接口供应用程序读取唯一身份标识和随机序列信息,芯片中提供数据写入接口供应用程序向闪存存储器写入新的随机序列信息。举例说明,如图2所示,所述终端30的设备信息(唯一身份标识)为58dda003a,随机序列信息为12345。首先,应用程序通过芯片中的读取接口读取到唯一身份标识58dda003a和随机序列信息12345,然后应用程序使用RSA算法和云端服务器 10发布的公钥对设备信息58dda003a,随机序列信息12345以及业务数据(有可能为空)进行加密,然后应用程序与所述云端建立通信连接,进而所述应用程序将所述终端30的设备信息58dda003a及随机序列信息12345发送到云端服务器10。
2、云端服务器10获取终端30发送的服务访问请求。所述云端服务器10包含校验模块、业务服务模块以及数据库50,校验模块可以拦截所有来自终端30的服务访问请求,可以获取服务访问请求中的所述终端30的设备信息及随机序列信息,也可以读取数据库50,获得存储在数据库50中的终端30信息,业务服务模块主要是为终端30提供业务服务,使其能完成特定的业务功能。所述终端30在出厂时即将设备信息作为设备验证信息及随机序列信息作为随机序列验证信息录入到数据库50中。举例说明,如图2所示,携带有设备信息58dda003a及随机序列信息12345的服务访问请求到达云端服务器10的校验模块,校验模块获取服务访问请求中的参数,若获取失败,则认为是非法请求,直接拒绝,若获取成功,则使用RSA算法和配套的私钥对参数解密,以获取到设备信息58dda003a及随机序列信息12345,若解密失败,则认为是非法请求,直接拒绝。
3、云端服务器10根据所述服务访问请求,验证所述设备信息及所述随机序列信息,得到鉴权信息。校验模块从解密数据中获得设备信息58dda003a,使用设备信息58dda003a作为参数到数据库50中查询对应的设备验证信息,若查询不到,则认为终端30非法,得到鉴权失败信息,并拒绝服务访问请求,若查询到设备验证信息58dda003a,则对比随机序列信息12345和数据库50中的若干随机序列验证信息,若数据库50中不包含对应的随机序列验证信息12345,则认为终端30非法,得到鉴权失败信息,拒绝该服务访问请求。
4、若鉴权信息为鉴权成功信息,云端服务器10允许所述终端30接入以使用云端服务。若校验模块使用设备信息58dda003a作为参数到数据库50中查询对应的设备验证信息58dda003a,且对比随机序列信息12345和数据库50中的若干随机序列验证信息后,数据库50中包含对应的随机序列验证信息12345,则表明校验成功,生成鉴权成功信息,检验模块透传服务访问请求,让该服务访问请求携带业务数据到达业务服务模块,即允许所述终端30接入以使用相应的云端服务。
5、云端服务器10生成新的随机序列信息,保存所述更新后的随机序列信息并发送所述更新后的随机序列信息至所述终端30。校验成功后,即若鉴权信息为鉴权成功信息,校验模块生成新的随机序列信息,并利用新的随机序列信息更新数据库50,举例说明,新的随机序列信息为78954,数据库50中包括每个设备信息对应的随机序列信息表,数据库可以为每个随机序列信息表分配N个字段,以在每个随机序列信息表中保存N个随机序列验证信息,其中,随机序列验证信息用于与服务访问请求中的随机序列信息进行比对,若一致,则表明随机序列信息存在于数据库中,由于随机序列信息与随机序列验证信息包 含的值的定义相同,全文中的随机序列验证信息可以被理解为存储在数据库中的随机序列信息。以图2中所示的随机序列信息表为例,数据库中终端30的设备信息对应的随机序列信息表使用三个字段sn1,sn2,sn3保存三个随机序列验证信息,当然,随机序列信息表可以包括N个随机序列验证信息,N为大于2的整数即可,在此以N为3为例进行说明。其中,随机序列验证信息按照存储时间依次存至随机序列信息表中的三个字段中,即sn1中存储最新生成的随机序列验证信息,sn3中存储最早的随机序列验证信息,当心的随机序列验证信息存储至随机序列信息表中时,随机序列信息表中存储的各随机序列验证信息依次移至下一个字段中,进而可以使随机序列信息表中的随机序列验证信息按照存储时间进行排列。如图2所示,当鉴权成功后,云端服务器10的校验模块将生成的所述新的随机序列信息78954作为新的随机验证信息78954写入到sn1,原来的sn1中的随机序列验证信息12345写入到sn2,原来的sn2中的随机序列验证信息23456写入到sn3,则原来的sn3中的随机序列验证信息56789被删除或被覆盖,以实现随机序列验证信息的动态更新。业务服务模块处理完服务访问请求后,返回给终端30的应用程序对应的业务数据和新的随机序列信息,即sn1中的随机序列信息78954。
6、所述终端30接收更新后的随机序列信息,并将更新后的随机序列信息替换当前的随机序列信息,以所述随机序列信息实现动态更新。举例说明,所述终端30的应用程序接收到新的随机序列信息78954后,通过芯片的数据写入接口,将新的随机序列信息78954写入到芯片的闪存存储器中,覆盖当前随机序列信息12345,以所述随机序列信息实现动态更新,以备下次终端30请求服务时使用。
经过上述步骤,若存在一批非法终端克隆一个合法终端的设备信息和随机序列信息,则合法终端中当前的设备信息和随机序列信息可以作为各非法终端的设备信息和随机序列信息,即各非法终端的设备信息和随机序列信息相同。结合图2,例如,这批非法终端中的随机序列信息均为12345,该随机序列信息可以是合法终端出厂时设置的随机序列信息,也可以是合法终端在发送服务访问请求后,云端服务器更新至合法终端中的。此后,若这批非法终端需要访问云端服务器,一种情况下,在其中的任意一个非法终端连续访问三次后,则随机序列信息表中已经不包含其初始的随机序列信息12345,即随机序列信息12345已经被更迭掉了,则其他非法终端无法通过云端服务器的鉴权,进而无法访问云端服务器,云端服务器屏蔽了大部分非法终端的服务访问请求;另一种情况下,在这批非法终端中,若不同的非法终端利用随机序列信息12345请求访问云端服务器,则随机序列信息12345会很快被更迭掉,并且由于更新的随机序列信息被分配至不同的非法终端中,更新的随机序列信息也会很快被更迭掉,导致这批非法终端均无法访问云端服务器,进而保障了合法终端的访问权益。
基于上述应用场景以及本申请实施例所要表达的精神,下面结合以下附图,具体描述本申请实施例中的云端服务器以及终端所执行的访问方法中的具体步骤。
图3为本发明实施例提供的云端服务访问的方法的实施例。如图3所示,该云端服务访问的方法可以由云端服务器执行,包括如下步骤:
S21、获取终端发送的服务访问请求。
其中,所述服务访问请求携带所述终端的设备信息及随机序列信息。所述设备信息为终端的唯一身份标识,即一个终端对应有唯一一个所述设备信息,且所述设备信息在出厂时即已设定,后期不可更改和替换。具体地,所述设备信息存储于终端芯片的只读存储器(ROM)中。
其中,所述随机序列信息由所述云端服务器在根据所述服务访问请求进行鉴权成功后动态更新,所述终端将接收到的所述随机序列信息存储于闪存存储器中,其中,所述闪存存储器是一种非易失性(Non-Volatile)内存,在没有电流供应的条件下也能够长久地保持数据,其存储特性相当于硬盘,这项特性正是闪存得以成为各类终端的存储介质的基础。基于所述闪存存储器的特性,当所述终端接收到云端服务器发送的新的随机序列信息,所述终端可将当前随机序列信息替换或覆盖为新的随机序列信息。
所述闪存存储器可为FLASH闪存、NAND闪存或NOR闪存等等。
S22、根据所述服务访问请求,验证所述终端的设备信息及随机序列信息,得到鉴权信息。
具体地,由于所述服务访问请求中携带有所述终端的设备信息及随机序列信息,进而所述云端服务器可从所述服务请求中提取出对应的所述终端的设备信息及随机序列信息。所述云端服务器的数据库内存储有设备验证信息和随机序列验证信息,进而可根据所述设备验证信息和随机序列验证信息,验证所述终端的设备信息及随机序列信息,得到对应的鉴权信息。
S23、根据所述鉴权信息,控制所述终端使用云端服务。
具体地,所述鉴权信息包括鉴权成功信息和鉴权失败信息。
当所述终端的设备信息及随机序列信息验证成功,则所述云端服务器生成所述鉴权成功信息,若所述鉴权信息为所述鉴权成功信息,则开放所述终端使用云端服务。
当所述终端的设备信息及随机序列信息验证失败,则所述云端服务器生成所述鉴权失败信息,若所述鉴权信息为所述鉴权失败信息,则拒绝所述服务访问请求。
本发明实施例提供了一种云端服务访问的方法,所述方法首先通过获取终端发送的服务访问请求,其中所述服务访问请求携带所述终端的设备信息及随机序列信息,所述随机序列信息由所述云端服务器动态更新,然后将对获取到的所述终端的设备信息及随机序列信息进行验证,得到鉴权信息,进而根据所述鉴权信息,控制所述终端使用云端服务,从而实现对非法终端的服务访问请 求的有效拦截和验证,防止云服务被盗用。
为了有效的验证所述终端的设备信息及随机序列信息,得到准确的鉴权信息,在一些实施例中,请参阅图4,S22还包括如下步骤:
S221:获取预存储的设备验证信息。
其中,所述云端服务器存储有合法终端对应的唯一设备验证信息,即每一个合法终端在所述云端服务器预存储有对应的唯一一个设备验证信息。
具体地,可访问所述云端服务器的数据库,提取设备验证信息列表,所述设备验证信息列表中包括所述多个所述设备验证信息。
S222:将所述设备验证信息与所述设备信息进行比对处理。
具体地,在本实施例中,每一个合法终端在所述云端服务器存储有对应的唯一一个设备验证信息,且每一个合法终端的设备信息与对应的存储于所述云端服务器中的设备验证信息相同。例如,合法终端的设备信息为58dda003a,合法终端对应的设备验证信息也为58dda003a。
具体地,将获取到的服务访问请求所携带的所述终端的设备信息与从云端服务器数据库中提取的设备验证信息列表中的多个设备验证信息分别进行比对,若所述设备验证信息列表中的某一个设备验证信息与获取到的服务访问请求所携带的所述终端的设备信息相同,则比对成功。若所述设备验证信息列表中的全部设备验证信息均与获取到的服务访问请求所携带的所述终端的设备信息不相同,则比对失败。
S223:若比对成功,验证所述随机序列信息,得到鉴权信息。
S224:若比对失败,拒绝所述服务访问请求。
具体地,若比对失败,表明所述设备验证信息列表中的全部设备验证信息均与获取到的服务访问请求所携带的所述终端的设备信息不相同,则确定所述终端为非法终端,无权使用云端服务,直接拒绝所述服务访问请求,导致所述非法终端无法接入云端服务器,进而无法使用相应的云端服务。
为了当所述设备验证信息与所述设备信息比对成功时,及时有效地验证所述随机序列信息,得到准确的鉴权信息,在一些实施例中,请参阅图5,S223包括如下步骤:
S2231:获取随机序列验证信息。
具体地,每一个合法终端在所述云端服务器存储有对应的若干个随机序列验证信息,在本实施例中,存储于合法终端的随机序列信息与存储于云端服务器的其中一个随机序列验证信息相同。
具体地,首先由于第一验证结果为验证成功结果,即服务访问请求所携带的所述终端的设备信息与设备验证信息列表中的其中一个设备验证信息相同,则可根据服务访问请求所携带的所述终端的设备信息提取出对应的若干个随机序列验证信息。
S2232:将所述随机序列验证信息与所述随机序列信息进行比对处理。
具体地,将服务访问请求所携带的所述随机序列信息分别与对应的若干个 随机序列验证信息进行比对。
S2233:若比对成功,得到鉴权成功信息;
S2234:若比对失败,得到鉴权失败信息。
具体地,若服务访问请求所携带的所述随机序列信息与对应的若干个随机序列验证信息中的其中一个随机序列验证信息相同,则比对成功。若服务访问请求所携带的所述随机序列信息与对应的若干个随机序列验证信息中的全部随机序列验证信息均不相同,则比对失败。
其中,所述鉴权信息包括鉴权成功信息和鉴权失败信息,若比对成功,则对应的生成所述鉴权成功信息。若比对失败,则对应的生成所述鉴权失败信息。
具体地,当生成的鉴权信息为鉴权成功信息,则表明发出服务访问请求的终端为合法终端,则有权合法使用云端服务,则透传所述服务访问请求,使所述合法终端接入云端服务器,进而使用相应的云端服务。当生成的鉴权信息为鉴权失败信息,则表明发出服务访问请求的终端为非法终端,则无权使用云端服务,则直接拒绝所述服务访问请求,导致所述非法终端无法接入云端服务器,进而无法使用相应的云端服务。
当所述鉴权信息为鉴权成功信息时,在一些实施例中,请参阅图6,所述方法还包括如下步骤:
S24:更新所述随机序列信息。
具体地,当所述鉴权信息为鉴权成功信息后,所述云端服务器随机生成新的随机序列信息,将所述新的随机序列信息替换或覆盖获取到的所述服务访问请求中的当前随机序列信息,以更新所述随机序列信息。所述随机序列信息可预存在所述云端服务器的寄存器中。
S25:保存所述更新后的随机序列信息,并发送所述更新后的随机序列信息至所述终端,以使所述终端将所述更新后的随机序列信息迭代当前的随机序列信息。
其中,所述云端服务器包括寄存器,所述寄存器包括用于存储若干随机序列信息的地址空间,将所述更新后的随机序列信息保存在所述地址空间内。
具体地,将生成的新的随机序列信息,即更新后的随机序列信息发送至终端,所述终端获取到更新后的随机序列信息后,所述终端将所述更新后的随机序列信息迭代当前存储在闪存存储器的中的随机序列信息,
由于每一次终端成功接入云端服务器,所述终端将更新后的随机序列信息替换或覆盖当前的随机序列信息,以使终端中的随机序列信息保持持续变化和更新,即便现实情况中对运行在终端中的应用程序或应用程序依赖的SDK进行暴力破解,实现对终端整体功能的复制或克隆,由于复制或克隆后终端中的随机序列信息是固定不变的,复制或克隆后的终端也无法成功接入云端服务器。
为了更好的保存更新后的随机序列信息,在一些实施例中,请参阅图7,S25包括以下步骤:
S251:将存储在所述地址空间下的若干随机序列验证信息在所述地址空间 同步作移位处理。
具体地,在本实施例中,所述地址空间包括存储地址相邻的多个存储位置,每个所述存储位置皆用于存储相应的随机序列验证信息,所述云端服务器可通过存储地址查找到对应的存储位置,进而可读取存储位置内的随机序列验证信息。
例如,所述地址空间包括3个存储位置A、存储位置B及存储位置C,存储位置A内存储有随机序列验证信息12535,存储位置B内存储有随机序列验证信息息13654,存储位置C内存储有随机序列验证信息15665。
存储位置A对应有存储地址a,存储位置B对应有存储地址b,存储位置C对应有存储地址c,所述云端服务器可通过存储地址a查找到对应的存储位置A,进而可读取存储位置A内的随机序列验证信息12535。
具体地,当进行同步作移位处理时,将前一存储位置中的随机序列验证信息移位至后一存储位置中的随机序列验证信息。举例说明,将存储地址a对应的存储位置A中的随机序列验证信息12535移位至存储地址b对应的存储位置B内,将存储地址b对应的存储位置B中的随机序列验证信息13654移位至存储地址c对应的存储位置C内。
S252:删除溢出所述地址空间的随机序列验证信息。
具体地,举例说明,若所述地址空间仅包括3个存储位置A、存储位置B及存储位置C,当将存储地址a对应的存储位置A中的随机序列验证信息12535移位至存储地址b对应的存储位置B内,将存储地址b对应的存储位置B中的随机序列验证信息息13654移位至存储地址c对应的存储位置C内之后,由于存储地址c对应的存储位置C为最后一个存储位置,存储位置C内随机序列验证信息15665无法进行移位处理,则溢出所述地址空间,并将溢出所述地址空间的的随机序列验证信息15665删除。
S253:将更新后的随机序列信息作为随机序列验证信息保存在所述地址空间下未存储有所述随机序列验证信息的存储位置中。
具体地,举例说明,若所述地址空间仅包括3个存储位置A、存储位置B及存储位置C,当将存储地址a对应的存储位置A中的随机序列验证信息12535移位至存储地址b对应的存储位置B内,将存储地址b对应的存储位置B中的随机序列验证信息13654移位至存储地址c对应的存储位置C内之后,由于存储地址a对应的存储位置A中的随机序列验证信息12535已移位至存储地址b对应的存储位置B内,当前存储地址a对应的存储位置A中未存储有数据,所以可将更新后的随机序列信息作为随机序列验证信息保存在当前存储地址a对应的存储位置A内。经过上述步骤,如果某个终端被克隆了,由于这批克隆的非法终端,拥有相同的验证信息和随机序列信息,一旦某个终端请求了云平台的服务超过3次,那么云端服务器中验证信息对应的终端的3个随机验证序列信息将全部更新,其他的克隆终端将不能再使用云服务功能,如果是不同的终端请求云服务超过3次,那么所有拥有相同验证信息的终端将不能再使用云 服务,最终实现了防止克隆终端非法使用云服务的功能。
为了更好的防止非法终端使用云服务,在一些实施例中,请参阅图8,所述方法还包括如下步骤:
S31:使用所述云端服务器的私钥解密签名数据。
其中,所述服务访问请求携带签名数据。所述签名数据由所述终端使用所述云端服务器的公钥对所述设备信息及随机序列信息作加密处理而得到。具体地,当终端发出所述服务访问请求之前,首先对服务访问请求使用RSA加密算法和配套公钥对数据加密传输,云端服务器获取到所述服务访问请求后,使用对应算法和配套私钥进行解密,由此可防止黑客对云端服务器的暴力攻击。
S32:当解密所述签名数据成功时,响应终端发送的服务访问请求。
具体地,当云端服务器获取到所述服务访问请求后,使用对应算法和配套私钥进行成功解密后,然后响应所述服务访问请求,即继续根据所述服务访问请求,验证所述终端的设备信息及随机序列信息,得到鉴权信息。
S33:当解密所述签名数据失败时,中断终端发送的服务访问请求。
具体地,当云端服务器获取到所述服务访问请求后,使用对应算法和配套私钥进行解密失败,则表明所述终端不是合法终端,进而拒绝终端发送的服务请求信息。
图9为本发明又一实施例提供的云端服务访问的方法的实施例。如图9所示,该云端服务访问的方法可以由云端服务器执行,包括如下步骤:
S41:获取终端发送的服务访问请求,其中,所述服务访问请求携带所述终端的设备信息及随机序列信息。
其中,所述随机序列表中存储有所述终端的出厂随机序列信息,所述出厂随机序列信息携带在所述终端发送的第一次服务访问请求中。
S42:判断所述随机序列信息是否在数据库中的所述设备信息对应的随机序列表中,所述随机序列表包括N个随机序列信息,所述N个随机序列信息按照存储时间排序,N为大于或等于2的整数。
S43:若是,验证所述设备信息及所述随机序列信息,得到鉴权信息。
具体地,将获取到设备信息作为参数到数据库中查询数据库中的若干设备信息,若查询不到,则认为终端非法,生成鉴权失败信息,并拒绝服务访问请求,若查询到数据库中的若干设备信息与终端的设备信息一致,则继续对随机序列表中的若干随机序列信息和终端的随机序列信息进行比对,若随机序列表中不包含对应的终端的随机序列信息,则认为终端非法,得到鉴权失败信息,拒绝该服务访问请求。若终端的设备信息作为参数到数据库中查询到对应的设备验证信息,且对比终端随机序列信息和随机序列表中的若干随机序列信息后,随机序列表中包含对应的终端的随机序列信息,则表明验证成功,生成鉴权成功信息。
S44:若鉴权信息为鉴权成功信息,则为所述终端分配一个新的随机序列信息,并将所述新的随机序列信息存储至所述随机序列表中的第一位,并将所 述随机序列表中的最后一位的随机序列信息删除。
图10是本申请实施例提供的一种云端服务访问方法的流程示意图,该方法可以由图1中的终端执行,包括如下步骤:
S51、发送服务访问请求至云端服务器,以使所述云端服务器根据所述服务访问请求,验证所述终端的设备信息及随机序列信息,得到鉴权信息。
其中,所述服务访问请求携带所述终端的设备信息及随机序列信息,所述随机序列信息由所述云端服务器在根据所述服务访问请求进行鉴权成功后动态更新。
具体地,所述设备信息为终端的唯一身份标识,即一个终端对应有唯一一个所述设备信息,且所述设备信息在出厂时即已设定,后期不可更改和替换。所述设备信息存储于终端芯片的只读存储器(ROM)中。所述随机序列信息由所述云端服务器动态更新,所述终端将接收到的所述随机序列信息存储于闪存存储器中,其中,所述闪存存储器是一种非易失性(Non-Volatile)内存,在没有电流供应的条件下也能够长久地保持数据,其存储特性相当于硬盘,这项特性正是闪存得以成为各类终端的存储介质的基础。基于所述闪存存储器的特性,当所述终端接收到云端服务器发送的新的随机序列信息,所述终端可将当前随机序列信息替换或覆盖为新的随机序列信息。
具体地,由于所述服务访问请求中携带有所述终端的设备信息及随机序列信息,进而所述云端服务器可从所述服务请求中提取出对应的所述终端的设备信息及随机序列信息。所述云端服务器的数据库内存储有设备验证信息和随机序列验证信息,进而可根据所述设备验证信息和随机序列验证信息,验证所述终端的设备信息及随机序列信息,得到对应的鉴权信息。
S52、当所述鉴权信息为所述鉴权成功信息时,使用所述云端服务器的云端服务。
具体地,所述鉴权信息包括鉴权成功信息和鉴权失败信息。
当所述终端的设备信息及随机序列信息验证成功,则所述云端服务器生成所述鉴权成功信息,若所述鉴权信息为所述鉴权成功信息,则开放所述终端使用云端服务。
当所述终端的设备信息及随机序列信息验证失败,则所述云端服务器生成所述鉴权失败信息,若所述鉴权信息为所述鉴权失败信息,则拒绝所述服务访问请求。
为了更好的防止非法访问云端服务器,在发送服务访问请求至云端服务器之前,在一些实施例中,请参阅图12,所述方法还包括如下步骤:
S53、使用所述云端服务器的公钥对所述服务访问请求作签名处理,得到所述签名数据。
具体地,当终端发出所述服务访问请求之前,首先对服务访问请求使用RSA加密算法和配套公钥对数据加密传输,云端服务器获取到所述服务访问请求后,使用对应算法和配套私钥进行解密,由此可防止黑客对云端服务器的暴 力攻击。
S54、将所述签名数据封装于所述服务访问请求中。
具体地,当云端服务器获取到所述服务访问请求后,使用对应算法和配套私钥进行成功解密后,然后响应所述服务访问请求,即继续根据所述服务访问请求,验证所述终端的设备信息及随机序列信息,得到鉴权信息。
具体地,当云端服务器获取到所述服务访问请求后,使用对应算法和配套私钥进行解密失败,则表明所述终端不是合法终端,进而拒绝终端发送的服务请求信息。
为了更好的防止非法访问云端服务器,在发送服务访问请求至云端服务器之前,在一些实施例中,请参阅图11,所述方法还包括如下步骤:
S55、接收所述云端服务器发送的更新后的随机序列信息。
S56、将所述更新后的随机序列信息迭代当前的随机序列信息。
其中,所述随机序列信息由所述云端服务器动态更新,所述终端将接收到的所述随机序列信息存储于闪存存储器中,所述闪存存储器是一种非易失性(N特性相当于硬盘,这项特性正是闪存得以成为各类终端的存储介质的基础。基于所述闪存存储器的特性,当所述终端接收到云端服务器发送的新的随机序列信息,所述终端可将当前的随机序列信息迭代为更新后的随机序列信息。
图12是本申请实施例提供的一种云端服务访问方法的流程示意图,该方法可以由图1中的终端执行,包括如下步骤:
S61、发送包含所述终端的设备信息及随机序列信息的服务访问请求至云端服务器,以使所述云端服务器当所述随机序列信息在数据库中的所述设备信息对应的随机序列表中时,验证所述设备信息及所述随机序列信息,得到鉴权信息。其中,所述随机序列表包括N个随机序列信息,所述N个随机序列信息按照存储时间排序,N为大于或等于2的整数。
S62、当所述鉴权信息为所述鉴权成功信息时,使用所述云端服务器的云端服务。
具体地,将获取到设备信息作为参数到数据库中查询数据库中的若干设备信息,若查询不到,则认为终端非法,生成鉴权失败信息,并拒绝服务访问请求,若查询到数据库中的若干设备信息与终端的设备信息一致,则继续对随机序列表中的若干随机序列信息和终端的随机序列信息进行比对,若随机序列表中不包含对应的终端的随机序列信息,则认为终端非法,得到鉴权失败信息,拒绝该服务访问请求。若终端的设备信息作为参数到数据库中查询到对应的设备验证信息,且对比终端随机序列信息和随机序列表中的若干随机序列信息后,随机序列表中包含对应的终端的随机序列信息,则表明验证成功,生成鉴权成功信息,进而可合法使用所述云端服务器的云端服务。
需要说明的是,在上述各个实施例中,上述各步骤之间并不必然存在一定的先后顺序,本领域普通技术人员,根据本申请实施例的描述可以理解,不同实施例中,上述各步骤可以有不同的执行顺序,亦即,可以并行执行,亦可以 交换执行等等。
作为本申请实施例的另一方面,本申请实施例提供一种云端服务访问装置50。所述云端服务访问装置应用于云端服务器。请参阅图13,该云端服务访问装置50包括:服务访问请求获取模块51、验证模块52及控制模块53。
所述服务访问请求获取模块51用于获取终端发送的服务访问请求,其中,所述服务访问请求携带所述终端的设备信息及随机序列信息,所述随机序列信息由所述云端服务器在根据所述服务访问请求进行鉴权成功后动态更新。
所述验证模块52用于根据所述服务访问请求,验证所述终端的设备信息及随机序列信息,得到鉴权信息。
所述控制模块53用于根据所述鉴权信息,控制所述终端使用云端服务。所述控制模块具体用于若所述鉴权信息为所述鉴权成功信息,开放所述终端使用云端服务;若所述鉴权信息为所述鉴权失败信息,拒绝所述服务访问请求。
因此,在本实施例中,通过首先通过获取终端发送的服务访问请求,其中所述服务访问请求携带所述终端的设备信息及随机序列信息,所述随机序列信息由所述云端服务器在根据所述服务访问请求进行鉴权成功后动态更新,然后将对获取到的所述终端的设备信息及随机序列信息进行验证,得到鉴权信息,进而根据所述鉴权信息,控制所述非法终端使用云端服务,从而实现对终端的服务访问请求的有效拦截和验证,防止云服务被盗用。
在一些实施例中,云端服务访问装置50还包括更新模块54和迭代模块55。
所述更新模块54用于更新所述随机序列信息。
所述迭代模块55用于保存所述更新后的随机序列信息,并发送所述更新后的随机序列信息至所述终端,以使所述终端将所述更新后的随机序列信息迭代当前的随机序列信息。
所述迭代模块55包括移位单元、删除单元及保存单元;所述移位单元用于将存储在所述地址空间下的若干随机序列验证信息在所述地址空间同步作移位处理。其中,所述云端服务器包括寄存器,所述寄存器包括用于存储若干随机序列验证信息的地址空间。其中,所述地址空间包括存储地址相邻的多个存储位置,每个所述存储位置皆用于存储相应的随机序列验证信息。
所述删除单元用于删除溢出所述地址空间的随机序列验证信息。
所述保存单元用于将更新后的随机序列信息作为随机序列验证信息保存在所述地址空间下未存储有所述随机序列验证信息的存储位置中。
在一些实施例中,云端服务访问装置50还包括加密模块56,所述加密模块56用于使用所述云端服务器的私钥解密所述签名数据,其中,所述签名数据由所述终端使用所述云端服务器的公钥对所述设备信息及随机序列信息作加密处理而得到。所述加密模块56具体用于当解密所述签名数据成功时,响应终端发送的服务访问请求。当解密所述签名数据失败时,拒绝终端发送的服务访问请求。
作为本申请实施例的另一方面,本申请实施例提供一种云端服务访问装置60。所述云端服务访问装置应用于终端。请参阅图14,该云端服务访问装置60包括:服务访问请求发送模块61及获取服务模块62。
所述服务访问请求发送模块61用于发送服务访问请求至云端服务器,以使所述云端服务器根据所述服务访问请求,验证所述终端的设备信息及随机序列信息,得到鉴权信息,其中,所述服务访问请求携带所述终端的设备信息及随机序列信息,所述随机序列信息由所述云端服务器动态更新
所述获取服务模块62用于当所述鉴权信息为所述鉴权成功信息时,使用所述云端服务器的云端服务。
在一些实施例中,云端服务访问装置60还包括加密模块63,所述加密模块63用于使用所述云端服务器的公钥对所述服务访问请求作签名处理,得到所述签名数据,其中,所述签名数据封装于所述服务访问请求中。
图15为本发明实施例提供的云端服务器10的结构框图。如图15所示,该云端服务器10可以包括:处理器110和存储器120以及通信模块130。
所述处理器110、存储器120以及通信模块130之间通过总线的方式,建立任意两者之间的通信连接。
处理器110可以为任何类型,具备一个或者多个处理核心的处理器110。其可以执行单线程或者多线程的操作,用于解析指令以执行获取数据、执行逻辑运算功能以及下发运算处理结果等操作。
存储器120作为一种非暂态计算机可读存储介质,可用于存储非暂态软件程序、非暂态性计算机可执行程序以及模块,如本发明实施例中的云端服务访问的方法对应的程序指令/模块(例如,附图13所示的服务访问请求获取模块51、验证模块52、控制模块53、更新模块54、迭代模块55及加密模块56)。处理器110通过运行存储在存储器120中的非暂态软件程序、指令以及模块,从而执行云端服务访问装置50的各种功能应用以及数据处理,即实现上述任一方法实施例中云端服务访问的方法。
存储器120可以包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需要的应用程序;存储数据区可存储根据云端服务访问装置50的使用所创建的数据等。此外,存储器120可以包括高速随机存取存储器,还可以包括非暂态存储器,例如至少一个磁盘存储器件、闪存器件、或其他非暂态固态存储器件。在一些实施例中,存储器120可选包括相对于处理器110远程设置的存储器,这些远程存储器可以通过网络连接至云端服务器10。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。
所述存储器120存储有可被所述至少一个处理器110执行的指令;所述至少一个处理器110用于执行所述指令,以实现上述任意方法实施例中云端服务访问的方法,例如,执行以上描述的方法步骤21、22、23等等,实现图13中的模块51-56的功能。
通信模块130是用于建立通信连接,提供物理信道的功能模块。通信模块130以是任何类型的无线或者有线通信模块130,包括但不限于WiFi模块或者蓝牙模块等。
图16为本发明实施例提供的终端30的结构框图。如图16所示,该终端30可以包括:至少一个处理器310和至少一个只读存储器320、至少一个随机存储器330、至少一个功能存储器340以及通信模块350。
所述只读存储器320与处理器通信连接,用于存储设备信息;所述随机存储器330与所述处理器通信连接,用于存储随机序列信息;所述功能存储器340与所述处理器通信连接。
所述只读存储器320为可为只读存储器(ROM),其中,所述随机存储器330可为闪存存储器,所述闪存存储器是一种非易失性(Non-Volatile)内存,在没有电流供应的条件下也能够长久地保持数据,其存储特性相当于硬盘,这项特性正是闪存得以成为各类终端的存储介质的基础。
所述处理器310、只读存储器320、随机存储器330、功能存储器340以及通信模块350之间通过总线的方式,建立任意两者之间的通信连接。
处理器310可以为任何类型,具备一个或者多个处理核心的处理器310。其可以执行单线程或者多线程的操作,用于解析指令以执行获取数据、执行逻辑运算功能以及下发运算处理结果等操作。
所述功能存储器340作为一种非暂态计算机可读存储介质,可用于存储非暂态软件程序、非暂态性计算机可执行程序以及模块,如本发明实施例中的云端服务访问的方法对应的程序指令/模块(例如,附图14所示的服务访问请求发送模块61、获取服务模块62及加密模块63)。处理器310通过运行存储在存储器320中的非暂态软件程序、指令以及模块,从而执行云端服务访问装置60的各种功能应用以及数据处理,即实现上述任一方法实施例中云端服务访问的方法。
所述功能存储器340可以包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需要的应用程序;存储数据区可存储根据云端服务访问装置60的使用所创建的数据等。此外,所述功能存储器340可以包括高速随机存取存储器,还可以包括非暂态存储器,例如至少一个磁盘存储器件、闪存器件、或其他非暂态固态存储器件。在一些实施例中,所述功能存储器340可选包括相对于处理器310远程设置的存储器,这些远程存储器可以通过网络连接至云端服务器10。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。
所述功能存储器340存储有可被所述至少一个处理器310执行的指令;所述至少一个处理器310用于执行所述指令,以实现上述任意方法实施例中云端服务访问的方法,例如,执行以上描述的方法步骤41、42、43、44等等,实现图14中的模块61-63的功能。
通信模块350是用于建立通信连接,提供物理信道的功能模块。通信模块 350以是任何类型的无线或者有线通信模块350,包括但不限于WiFi模块或者蓝牙模块等。
进一步地,本发明实施例还提供了一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储有计算机可执行指令,该计算机可执行指令被一个或多个处理器110执行,例如,被图15中的一个处理器110执行,可使得上述一个或多个处理器110执行上述任意方法实施例中云端服务访问的方法,例如,执行以上描述的方法步骤21、22、23等等,实现图13中的模块51-56的功能。
进一步地,本发明实施例还提供了一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储有计算机可执行指令,该计算机可执行指令被一个或多个处理器310执行,例如,被图16中的一个处理器310执行,可使得上述一个或多个处理器310执行上述任意方法实施例中云端服务访问的方法,例如,执行以上描述的方法步骤41、42、43、44等等,实现图14中的模块61-63的功能。
以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。
通过以上的实施方式的描述,本领域普通技术人员可以清楚地了解到各实施方式可借助软件加通用硬件平台的方式来实现,当然也可以通过硬件。本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程是可以通过计算机程序产品中的计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一非暂态计算机可读取存储介质中,该计算机程序包括程序指令,当所述程序指令被相关设备执行时,可使相关设备执行上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。
上述产品可执行本发明实施例所提供的云端服务访问的方法,具备执行云端服务访问的方法相应的功能模块和有益效果。未在本实施例中详尽描述的技术细节,可参见本发明实施例所提供的云端服务访问的方法。
最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;在本发明的思路下,以上实施例或者不同实施例中的技术特征之间也可以进行组合,步骤可以以任意顺序实现,并存在如上所述的本发明的不同方面的许多其它变化,为了简明,它们没有在细节中提供;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。

Claims (17)

  1. 一种云端服务访问方法,应用于云端服务器,其特征在于,包括:
    获取终端发送的服务访问请求,其中,所述服务访问请求携带所述终端的设备信息及随机序列信息,所述随机序列信息由所述云端服务器在根据所述服务访问请求进行鉴权成功后动态更新;
    根据所述服务访问请求,验证所述设备信息及所述随机序列信息,得到鉴权信息;
    根据所述鉴权信息,控制所述终端使用云端服务。
  2. 根据权利要求1述的方法,其特征在于,所述验证所述设备信息及所述随机序列信息,得到鉴权信息,包括:
    获取预存储的设备验证信息;
    将所述设备验证信息与所述设备信息进行比对处理;
    若比对成功,验证所述随机序列信息,得到鉴权信息;
    若比对失败,拒绝所述服务访问请求。
  3. 根据权利要求2所述的方法,其特征在于,所述若比对成功,验证所述随机序列信息,得到鉴权信息,包括:
    获取随机序列验证信息;
    将所述随机序列验证信息与所述随机序列信息进行比对处理;
    若比对成功,得到鉴权成功信息;
    若比对失败,得到鉴权失败信息。
  4. 根据权利要求3所述的方法,其特征在于,所述根据所述鉴权信息,控制所述终端使用云端服务,包括:
    若所述鉴权信息为所述鉴权成功信息,开放所述终端使用云端服务;
    若所述鉴权信息为所述鉴权失败信息,拒绝所述服务访问请求。
  5. 根据权利要求4所述的方法,其特征在于,若所述鉴权信息为鉴权成功信息,即鉴权成功后,所述方法还包括:
    更新所述随机序列信息;
    保存所述更新后的随机序列信息,并发送所述更新后的随机序列信息至所述终端,以使所述终端将所述更新后的随机序列信息迭代当前的随机序列信息。
  6. 根据权利要求5所述的方法,其特征在于,所述云端服务器包括寄存器,所述寄存器包括用于存储若干随机序列验证信息的地址空间,所述保存更新后的随机序列信息包括:
    将存储在所述地址空间下的所述若干随机序列验证信息在所述地址空间同步作移位处理;
    删除溢出所述地址空间的随机序列验证信息;
    将所述更新后的随机序列信息作为随机序列验证信息保存在所述地址空 间下未存储有所述随机序列验证信息的存储位置中。
  7. 根据权利要求6所述的方法,其特征在于,所述地址空间包括存储地址相邻的多个存储位置,每个所述存储位置皆用于存储相应的随机序列验证信息。
  8. 根据权利要求1至7任一项所述的方法,其特征在于,所述服务访问请求携带签名数据,所述获取终端发送的服务访问请求,包括:
    使用所述云端服务器的私钥解密所述签名数据,其中,所述签名数据由所述终端使用所述云端服务器的公钥对所述设备信息及随机序列信息作加密处理而得到;
    当解密所述签名数据成功时,响应终端发送的服务访问请求;
    当解密所述签名数据失败时,拒绝终端发送的服务访问请求。
  9. 一种云端服务访问方法,应用于云端服务器,其特征在于,包括:
    获取终端发送的服务访问请求,其中,所述服务访问请求携带所述终端的设备信息及随机序列信息;
    判断所述随机序列信息是否在数据库中的所述设备信息对应的随机序列表中,所述随机序列表包括N个随机序列信息,所述N个随机序列信息按照存储时间排序,N为大于或等于2的整数;
    若是,验证所述设备信息及所述随机序列信息,得到鉴权信息;
    若所述鉴权信息为鉴权成功信息,则为所述终端分配一个新的随机序列信息,并将所述新的随机序列信息存储至所述随机序列表中的第一位,并将所述随机序列表中的最后一位的随机序列信息删除。
  10. 根据权利要求9所述的方法,其特征在于,所述随机序列表中存储有所述终端的出厂随机序列信息,所述出厂随机序列信息携带在所述终端发送的第一次服务访问请求中。
  11. 一种云端服务访问方法,应用于终端,其特征在于,所述方法包括:
    发送服务访问请求至云端服务器,以使所述云端服务器根据所述服务访问请求,验证所述终端的设备信息及随机序列信息,得到鉴权信息,其中,所述服务访问请求携带所述终端的设备信息及随机序列信息,所述随机序列信息由所述云端服务器在根据所述服务访问请求进行鉴权成功后动态更新;当所述鉴权信息为鉴权成功信息时,使用所述云端服务器的云端服务。
  12. 根据权利要求11所述的方法,其特征在于,在发送服务访问请求至云端服务器之前,所述方法还包括:
    使用所述云端服务器的公钥对所述服务访问请求作签名处理,得到所述签名数据;
    将所述签名数据封装于所述服务访问请求中。
  13. 根据权利要求11或12所述的方法,其特征在于,还包括:
    接收所述云端服务器发送的更新后的随机序列信息;
    将所述更新后的随机序列信息迭代当前的随机序列信息。
  14. 一种云端服务访问方法,应用于终端,其特征在于,所述方法包括:
    发送包含所述终端的设备信息及随机序列信息的服务访问请求至云端服务器,以使所述云端服务器当所述随机序列信息在数据库中的所述设备信息对应的随机序列表中时,验证所述设备信息及所述随机序列信息,得到鉴权信息,其中,所述随机序列表包括N个随机序列信息,所述N个随机序列信息按照存储时间排序,N为大于或等于2的整数,所述随机序列信息由所述云端服务器动态更新;
    当所述鉴权信息为所述鉴权成功信息时,使用所述云端服务器的云端服务。
  15. 根据权利要求14所述的方法,其特征在于,
    所述随机序列表中存储有所述终端的出厂随机序列信息,所述出厂随机序列信息携带在所述终端发送的第一次服务访问请求中。
  16. 一种云端服务器,其特征在于,包括:
    至少一个处理器;以及
    与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够用于执行如权利要求1-8中任一项所述的云端服务访问方法或用于执行如权利要求9或10所述的云端服务访问方法。
  17. 一种终端,其特征在于,包括:
    至少一个处理器;
    至少一个只读存储器,与所述至少一个处理器通信连接,用于存储设备信息;
    至少一个随机存储器,与所述至少一个处理器通信连接,用于存储随机序列信息;以及,
    至少一个功能存储器,与所述至少一个处理器通信连接,其中,所述功能存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够用于执行如权利要求11-13中任一项所述的云端服务访问方法或用于执行如权利要求14或15所述的云端服务访问方法。
PCT/CN2020/120371 2019-10-12 2020-10-12 云端服务访问的方法、云端服务器及终端 WO2021068963A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910969855.8 2019-10-12
CN201910969855.8A CN110719288A (zh) 2019-10-12 2019-10-12 云端服务访问的方法、云端服务器及终端

Publications (1)

Publication Number Publication Date
WO2021068963A1 true WO2021068963A1 (zh) 2021-04-15

Family

ID=69211510

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/120371 WO2021068963A1 (zh) 2019-10-12 2020-10-12 云端服务访问的方法、云端服务器及终端

Country Status (2)

Country Link
CN (1) CN110719288A (zh)
WO (1) WO2021068963A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500107A (zh) * 2022-04-02 2022-05-13 公安部信息通信中心 一种跨平台的服务协同与鉴权系统

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110719288A (zh) * 2019-10-12 2020-01-21 深圳市道通科技股份有限公司 云端服务访问的方法、云端服务器及终端
CN112020065B (zh) * 2020-08-04 2023-05-19 深圳传音控股股份有限公司 一种信息处理方法、终端设备、服务器及存储介质
CN112668022A (zh) * 2020-12-25 2021-04-16 深圳创新科技术有限公司 一种调取云盘服务的许可证管理方法、装置及系统
CN114124533B (zh) * 2021-11-24 2024-07-02 山西大鲲智联科技有限公司 数据拦截方法、装置、电子设备和计算机可读介质
CN115987589B (zh) * 2022-12-14 2023-08-29 深圳市富临通实业股份有限公司 一种防止mcu内部程序被复制的方法

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101163010A (zh) * 2007-11-14 2008-04-16 华为软件技术有限公司 对请求消息的鉴权方法和相关设备
US20120167180A1 (en) * 2010-12-22 2012-06-28 Hon Hai Precision Industry Co., Ltd. Cloud server and access management method
CN104683343A (zh) * 2015-03-03 2015-06-03 中山大学 一种终端快速登录WiFi热点的方法
US20160065555A1 (en) * 2014-08-29 2016-03-03 Box, Inc. Accessing a cloud-based service platform using enterprise application authentication
CN108259502A (zh) * 2018-01-29 2018-07-06 平安普惠企业管理有限公司 用于获取接口访问权限的鉴定方法、服务端及存储介质
CN108632204A (zh) * 2017-03-17 2018-10-09 网宿科技股份有限公司 Http接口访问权限验证方法、系统、及服务器
CN110719288A (zh) * 2019-10-12 2020-01-21 深圳市道通科技股份有限公司 云端服务访问的方法、云端服务器及终端

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882676A (zh) * 2011-07-15 2013-01-16 深圳市汇川控制技术有限公司 物联网设备端安全接入方法及系统
CN104160652B (zh) * 2011-12-27 2017-06-13 英特尔公司 用于使用一次性密码的分布式离线登录的方法和系统
CN104283878B (zh) * 2014-09-30 2018-01-19 深圳万兴信息科技股份有限公司 基于云服务的安全型移动终端及其访问云服务器的方法
CN106656946B (zh) * 2015-11-03 2020-05-19 东莞酷派软件技术有限公司 一种动态鉴权方法及装置
CN105376253A (zh) * 2015-12-04 2016-03-02 上海斐讯数据通信技术有限公司 路由器的防刷机方法及系统
CN105916132A (zh) * 2015-12-12 2016-08-31 乐视移动智能信息技术(北京)有限公司 一种移动终端绑定针对性服务的方法和装置
CN105764051B (zh) * 2016-02-05 2019-06-18 中金金融认证中心有限公司 认证方法、认证装置、移动设备及服务器
CN106789876A (zh) * 2016-11-15 2017-05-31 上海远景数字信息技术有限公司 一种云终端服务器的认证方法及其装置
WO2019010701A1 (en) * 2017-07-14 2019-01-17 Zte Corporation METHODS AND COMPUTER DEVICE FOR TRANSMITTING ENCODED INFORMATION DURING AUTHENTICATION
CN109600337B (zh) * 2017-09-30 2020-12-15 腾讯科技(深圳)有限公司 资源处理方法、装置、系统及计算机可读介质
CN107733912A (zh) * 2017-10-31 2018-02-23 珠海市魅族科技有限公司 信息加密方法、信息认证方法、终端及计算机可读存储介质
CN110248215B (zh) * 2019-05-22 2021-03-26 福建大屏网络科技有限公司 视频播放链鉴权方法、装置、系统、服务器和存储介质

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101163010A (zh) * 2007-11-14 2008-04-16 华为软件技术有限公司 对请求消息的鉴权方法和相关设备
US20120167180A1 (en) * 2010-12-22 2012-06-28 Hon Hai Precision Industry Co., Ltd. Cloud server and access management method
US20160065555A1 (en) * 2014-08-29 2016-03-03 Box, Inc. Accessing a cloud-based service platform using enterprise application authentication
CN104683343A (zh) * 2015-03-03 2015-06-03 中山大学 一种终端快速登录WiFi热点的方法
CN108632204A (zh) * 2017-03-17 2018-10-09 网宿科技股份有限公司 Http接口访问权限验证方法、系统、及服务器
CN108259502A (zh) * 2018-01-29 2018-07-06 平安普惠企业管理有限公司 用于获取接口访问权限的鉴定方法、服务端及存储介质
CN110719288A (zh) * 2019-10-12 2020-01-21 深圳市道通科技股份有限公司 云端服务访问的方法、云端服务器及终端

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500107A (zh) * 2022-04-02 2022-05-13 公安部信息通信中心 一种跨平台的服务协同与鉴权系统
CN114500107B (zh) * 2022-04-02 2022-06-17 公安部信息通信中心 一种跨平台的服务协同与鉴权系统

Also Published As

Publication number Publication date
CN110719288A (zh) 2020-01-21

Similar Documents

Publication Publication Date Title
WO2021068963A1 (zh) 云端服务访问的方法、云端服务器及终端
US9858428B2 (en) Controlling mobile device access to secure data
US9626497B2 (en) Sharing USB key by multiple virtual machines located at different hosts
JP2021511561A (ja) 資産管理方法および装置ならびに電子デバイス
JP2021512380A (ja) 資産管理方法および装置、ならびに電子デバイス
CN113141610B (zh) 将设备标识符和用户标识符相关联的设备盗窃防护
JP2019091480A (ja) 画像分析および管理
US10659226B2 (en) Data encryption method, decryption method, apparatus, and system
KR20200027500A (ko) 디바이스 익명성을 제공하는 키 증명문 생성
JP2021509983A (ja) 資産管理方法および装置ならびに電子デバイス
US10454910B2 (en) Management apparatus, computer program product, system, device, method, information processing apparatus, and server
US20150067354A1 (en) Storage management device and storage management method
JP7174237B2 (ja) 鍵生成装置、鍵更新方法および鍵更新プログラム
US20230388304A1 (en) Decentralized application authentication
WO2017166362A1 (zh) 一种esim号码的写入方法、安全系统、esim号码服务器及终端
CN111475832B (zh) 一种数据管理的方法以及相关装置
US10043015B2 (en) Method and apparatus for applying a customer owned encryption
WO2020187008A1 (zh) 服务调用控制方法、服务调用方法、装置及终端
CN111567076A (zh) 用户终端设备、电子设备、包括它们的系统及控制方法
JP5678150B2 (ja) ユーザ端末、鍵管理システム、及びプログラム
US11294734B2 (en) Method and system optimizing the use of sub-data confidence fabrics
US10977055B2 (en) Method and system creating and using sub-data confidence fabrics
WO2023178724A1 (zh) 智能门铃防盗版方法、系统、智能门铃及计算机可读存储介质
US12126731B2 (en) System and method for securing host devices
WO2023051096A1 (zh) 访问资源的方法及电子设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20875205

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20875205

Country of ref document: EP

Kind code of ref document: A1