WO2021115381A1 - Procédé permettant à un terminal d'accéder à une plateforme de surveillance, et dispositif électronique, plateforme et support de stockage - Google Patents

Procédé permettant à un terminal d'accéder à une plateforme de surveillance, et dispositif électronique, plateforme et support de stockage Download PDF

Info

Publication number
WO2021115381A1
WO2021115381A1 PCT/CN2020/135292 CN2020135292W WO2021115381A1 WO 2021115381 A1 WO2021115381 A1 WO 2021115381A1 CN 2020135292 W CN2020135292 W CN 2020135292W WO 2021115381 A1 WO2021115381 A1 WO 2021115381A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
monitoring platform
digital signature
verification code
attribute information
Prior art date
Application number
PCT/CN2020/135292
Other languages
English (en)
Chinese (zh)
Inventor
李伟华
夷嬿霖
郑海平
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2021115381A1 publication Critical patent/WO2021115381A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the embodiments of the present application relate to the field of communications, and in particular to a method, electronic equipment, platform, and storage medium for a terminal to access a monitoring platform.
  • Mobile video surveillance is the integration of mobile network and video surveillance. With the improvement of mobile bandwidth, mobile terminal processing capabilities and camera resolution, mobile video surveillance has ushered in a broad space for development. The development trend of mobile video surveillance has gradually changed from operating vehicles, public security mobile law enforcement, logistics management, industry security inspections, etc. The professional market is gradually transitioning to a civilian market dominated by homes, shops, and small offices.
  • Video surveillance images are collected and encoded by mobile capture devices, and processed by network optimization algorithms for fidelity.
  • the mobile signals are transmitted in the air using network technologies such as WiFi and 4G, and are oriented to mobile terminals such as mobile phones, PADs, and laptops. , To realize the function of people to monitor remote real-time dynamic pictures anytime and anywhere, providing a simpler, more convenient and more timely monitoring solution for enterprises and families.
  • the purpose of the embodiments of this application is to provide a method, electronic equipment, platform, and storage medium for a terminal to access the monitoring platform, which can improve the security of the terminal’s access to the monitoring platform, thereby improving the user’s ability to access the terminal to the monitoring platform. Sense of security.
  • the embodiments of the present application provide a method for a terminal to access a monitoring platform, which is applied to a terminal, and the method includes: according to the attribute information of the terminal and logging in to the monitoring platform from the monitoring platform
  • the received dynamic verification code generates a first digital signature; an access request containing the first digital signature is sent to the monitoring platform for the monitoring platform to use the attribute information bound to the terminal’s login account and download
  • the sent dynamic verification code authenticates the first digital signature; receives a response message issued by the monitoring platform after the authentication is passed, and accesses the monitoring platform.
  • the embodiment of the present application also provides a method for a terminal to access a monitoring platform, which is applied to a monitoring platform.
  • the method includes: generating a dynamic verification code during the process of logging in to the monitoring platform by the terminal and sending it to the terminal to For the terminal to generate a first digital signature based on the terminal’s attribute information and the dynamic verification code; receive an access request containing the first digital signature sent by the terminal; bind based on the terminal’s login account And the issued dynamic verification code to authenticate the first digital signature; after the authentication is passed, a response message is issued to the terminal for the terminal to receive the response message Access the monitoring platform.
  • the embodiment of the present application also provides an electronic device.
  • the electronic device is a terminal, and includes: at least one processor; and a memory communicatively connected with the at least one processor; wherein the memory stores the The instructions executed by the at least one processor are executed by the at least one processor, so that the at least one processor can execute the foregoing terminal access monitoring platform method.
  • the embodiment of the present application also provides a platform.
  • the platform is a monitoring platform and includes: at least one processor; and a memory communicatively connected with the at least one processor; The instructions executed by the at least one processor are executed by the at least one processor, so that the at least one processor can execute the foregoing terminal access monitoring platform method.
  • the embodiment of the present application also provides a computer-readable storage medium that stores a computer program, and the computer program is executed by a processor to implement the above-mentioned terminal access monitoring platform method.
  • Fig. 1 is a flowchart of a method for a terminal to access a monitoring platform according to the first embodiment of the present application
  • FIG. 2 is a flowchart of a method of binding a login account of a terminal and attribute information of the terminal according to the first embodiment of the present application;
  • Fig. 3 is a flowchart of a method for terminal access to a monitoring platform according to a second embodiment of the present application
  • Fig. 4 is a flowchart of a method for terminal access to a monitoring platform according to a third embodiment of the present application.
  • FIG. 5 is a flowchart of a method for a terminal to access a monitoring platform according to a fourth embodiment of the present application
  • Fig. 6 is a flowchart of a method for terminal access to a monitoring platform according to a fifth embodiment of the present application.
  • FIG. 7 is a flowchart of a method for binding a login account of a terminal and attribute information of the terminal according to a fifth embodiment of the present application.
  • FIG. 8 is a flowchart of a method for a terminal to access a monitoring platform according to a sixth embodiment of the present application.
  • FIG. 9 is a flowchart of a method for a terminal to access a monitoring platform according to a seventh embodiment of the present application.
  • FIG. 10 is a flowchart of a method for a terminal to access a monitoring platform according to an eighth embodiment of the present application.
  • FIG. 11 is a structural diagram of an electronic device according to a ninth embodiment of the present application.
  • Fig. 12 is a structural diagram of a platform according to a tenth embodiment of the present application.
  • the bandwidth problem and real-time problem of the development bottleneck of mobile video surveillance have been basically solved.
  • the inventor of this application found that: when the mobile terminal is used as a collection terminal, if the access security is relatively poor, the collection terminal may be replaced by other fake terminals, resulting in invalid or unavailable collected video; when the mobile terminal is used as a monitoring terminal
  • the device is connected to the device, if the access security is relatively poor, other fake terminals are connected to the platform, resulting in illegal browsing and downloading of surveillance videos, resulting in privacy leakage and other issues. Therefore, if the security problem of mobile video surveillance is further solved, it will promote the rapid development of mobile video surveillance, and mobile video surveillance will usher in a broad space for development.
  • the first embodiment of the present application relates to a method for a terminal to access a monitoring platform, which is applied to a terminal.
  • the method includes: generating a first digital signature based on the terminal’s attribute information and the dynamic verification code received from the monitoring platform during the login to the monitoring platform ; Send an access request containing the first digital signature to the monitoring platform for the monitoring platform to authenticate the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code; receive the monitoring platform in the authentication The response message issued after the right is passed is connected to the monitoring platform.
  • FIG. 1 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 1, and includes:
  • Step 101 Generate a first digital signature according to the attribute information of the terminal and the dynamic verification code received from the monitoring platform during the process of logging in to the monitoring platform.
  • the terminal has the functions of receiving a verification code, acquiring attribute information of the terminal, and generating a digital signature including the terminal attribute information and the verification code.
  • the terminal’s attribute information refers to the terminal’s International Mobile Equipment Identity (IMEI), the terminal’s SIM card’s International Mobile Subscriber Identification Number (IMSI, International Mobile Subscriber Identification Number), or calling the terminal system (such as Android, iOS, etc.) )
  • the interface generates a unique identifier.
  • the terminal is a terminal for collecting video, that is, a VSS (Video Surveillance System) terminal.
  • VSS terminal can be divided into a fixed VSS terminal or a mobile VSS terminal.
  • the VSS terminal in this example refers to a mobile VSS terminal with a camera, such as a smart phone, a tablet computer, etc.
  • the mobile VSS terminal includes hardware for running software and running APP software, namely mobile equipment + APP software; APP software is software that can be identified by the monitoring platform, so that the terminal can upload the collected content to the monitoring platform through the APP software.
  • the terminal is a terminal used to monitor video, that is, a VSS client, such as a smart phone, a tablet computer, etc.
  • the VSS client includes hardware running software and APP software running in the device, that is, mobile device + APP software; APP software is software that can be identified by the monitoring platform, so that the terminal can browse the video content of the monitoring platform through the APP software.
  • the monitoring platform is a distributed architecture consisting of a central node and several edge nodes. It is worth noting that the VSS platform in this embodiment has the functions of generating verification codes and verifying digital signatures containing terminal attribute information and verification codes.
  • the platform includes mobile monitoring interface machines, namely MSP interface machines, central management server CMS and signaling management. Server RGM, SMS interface machine.
  • the dynamic verification code in this embodiment may be a short message verification code.
  • This embodiment and the following embodiments all take the short message verification code as an example for description, but it is not limited thereto. Therefore, the user manually enters the login account to trigger the APP software to send a login request to the monitoring platform, where the initial login is the terminal's phone number and user name and other information; after receiving the login request, the MSP interface machine of the monitoring platform sends the login request to Monitor the CMS and RGM of the monitoring platform, and forward the verification code returned by the CMS and RGM of the monitoring platform to the SMS interface machine of the monitoring platform.
  • the SMS interface machine sends the dynamic verification code to the SMS system of the terminal.
  • the dynamic verification code is input into the APP software, and after the user clicks the access button of the APP software interface, the APP software generates the first digital signature according to the terminal attribute information and the dynamic verification code. It is worth noting that the dynamic verification code received by the terminal from the monitoring platform is different each time.
  • the channel through which the monitoring platform issues the verification code to the terminal and the channel through which the request or response message exchanges between the terminal and the monitoring platform can be the same channel or different channels.
  • the first digital signature is generated based on the terminal’s attribute information and the dynamic verification code received from the monitoring platform during the login process through the preset channel; the preset channel is different from the one between the terminal and the monitoring platform.
  • the channel for request or response message interaction is not limited to the terminal and the channel through which the request or response message exchanges between the terminal and the monitoring platform.
  • the short message verification code is sent to the short message center of operators such as mobile/telecom through the short message interface machine, and the operator sends the short message system of the terminal through the short message service, and the access request or response message between the terminal and the monitoring platform is not It needs to go through the operator’s short message center and directly interact with the channel connected by the MSP interface machine and APP software; that is, the channel through which the monitoring platform sends the verification code to the terminal is different from the channel for the access request between the terminal and the monitoring platform aisle. By setting different channels, the risk of the dynamic verification code being stolen is reduced, thereby further improving the security of terminal access to the monitoring platform.
  • the verification code is obtained by hashing the random salt value generated by the time stamp information by the monitoring platform.
  • the monitoring platform generates a random salt value according to the time stamp information or a certain part of it as a seed random number, and then hashes the generated random salt value to generate a verification code.
  • This method of generating a verification code improves the security of the verification code, thereby further improving the security of the terminal accessing the monitoring platform.
  • Step 102 Send an access request containing the first digital signature to the monitoring platform for the monitoring platform to authenticate the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code.
  • the APP software sends an access request containing the first digital signature to the monitoring platform, and the monitoring platform uses the attribute information bound to the login account of the terminal and the issued dynamic verification
  • the code authenticates the first digital signature.
  • the first digital signature can be plaintext information, or it can be encrypted.
  • the first digital signature is plaintext
  • the specific process of authentication is: parsing the first signature to obtain the terminal's attribute information and the dynamic verification code received from the monitoring platform during the login to the monitoring platform; if the terminal's attribute information and the terminal If the attribute information bound to the login account is consistent and the received dynamic verification code is consistent with the issued dynamic verification code, the authentication is passed.
  • Figure 2 the specific flow chart of the binding method of the login account of the terminal and the attribute information of the terminal is shown in Figure 2, including:
  • Step 1021 Send a registration request to the monitoring platform for the monitoring platform to issue a dynamic verification code after receiving the registration request.
  • the APP software sends a registration request to the monitoring platform, and the short message interface machine sends the dynamic verification code to the terminal's short message system, and the dynamic verification code is manually operated by the user. Enter the APP software.
  • the channel for the monitoring platform to issue the verification code to the terminal and the channel for the registration request between the terminal and the monitoring platform are different channels.
  • Step 1022 Receive a dynamic verification code from the monitoring platform.
  • Step 1023 Generate a first digital signature according to the attribute information and the received dynamic verification code.
  • Step 1024 Send the first digital signature and the login account of the terminal to the monitoring platform, so that the monitoring platform can parse the attribute information from the first digital signature, and bind the login account of the terminal with the attribute information of the terminal.
  • the received dynamic verification code is encrypted based on a preset irreversible encryption algorithm to obtain an encryption key, and the encryption key is used to reversibly encrypt the first digital signature to obtain the encrypted first digital signature.
  • the monitoring platform encrypts the issued dynamic verification code based on the same irreversible encryption algorithm to obtain the decryption key, and uses the decryption key to decrypt the encrypted first digital signature with the inverse algorithm of the reversible encryption algorithm to obtain the first digital signature. Restore it to readable plaintext information, so that the terminal's attribute information can be obtained, the login account and the terminal's attribute information are bound, and the bound information of the two is stored locally.
  • the first digital signature may not be encrypted, that is, the first digital signature is plaintext information, and the monitoring platform may directly obtain the attribute information according to the first digital signature.
  • the first digital signature sent by the terminal to the monitoring platform is generated by the attribute information and the dynamic verification code, which can ensure the authenticity and reliability of the attribute information obtained by the monitoring platform from the first digital signature. Improved the authenticity and reliability of the process of binding the login account and attribute information.
  • Step 103 Receive a response message issued by the monitoring platform after the authentication is passed, and access the monitoring platform.
  • the terminal when the terminal receives the issued response message, it can immediately access the monitoring platform, or can access the monitoring platform when the preset time is met, which is not specifically limited in this embodiment. It is worth noting that the response message can carry video information, such as resolution and frame rate.
  • receiving the response message issued by the monitoring platform after the authentication is passed, and accessing the monitoring platform is specifically: receiving the response message containing the second digital signature issued by the monitoring platform after the authentication is passed, and according to the terminal
  • the attribute information of the terminal and the received dynamic verification code authenticate the second digital signature, and access the monitoring platform after the authentication is passed; wherein the second digital signature is the attribute information bound to the terminal’s login account and the issued dynamic The verification code is generated.
  • the terminal also has the function of verifying a digital signature containing terminal attribute information and a verification code.
  • the second digital signature is plain text information.
  • the terminal can obtain the attribute information bound to the login account of the terminal and the issued dynamic verification code according to the second digital signature. If the attribute information bound to the login account of the terminal is consistent with the attribute information of the terminal, If the issued dynamic verification code is consistent with the received dynamic verification code, the authentication is passed.
  • the second digital signature is generated by the monitoring platform based on the irreversible encryption algorithm on the attribute information bound to the terminal's login account and the issued dynamic verification code plaintext information, and the terminal authenticates the second digital signature. It is: based on the same irreversible encryption algorithm to encrypt the plain text formed by combining the terminal attribute information and the received dynamic verification code to generate an authentication password, and to determine whether the authentication password matches the second digital signature, when the authentication password matches The authentication passes when the first digital signature matches.
  • the monitoring platform encrypts the plaintext information formed by combining the attribute information bound to the terminal's login account and the issued dynamic verification code based on the irreversible encryption algorithm, and after generating the second digital signature, it is also based on the irreversible encryption algorithm Encrypt the received dynamic verification code to obtain an encryption key, use the encryption key to encrypt the second digital signature to obtain the encrypted second digital signature; and send a response message containing the encrypted second digital signature to the terminal.
  • the authentication process of the terminal on the second digital signature is: encrypt the received dynamic verification code based on the same irreversible encryption algorithm to obtain a decryption key, and use the decryption key to decrypt the encrypted second digital signature to obtain the first 2.
  • Digital signature based on the same irreversible encryption algorithm to encrypt the plain text formed by the combination of the terminal's attribute information and the received dynamic verification code to generate an authentication password, and to determine whether the authentication password matches the second digital signature, when authenticating The authentication passes when the password matches the first digital signature.
  • the first digital signature includes the terminal's attribute information and the dynamic verification code; the terminal's attribute information is the immutable digital part, and the dynamic verification code is the real-time changing digital part; that is, it is used in the terminal and monitoring platform access
  • the first digital signature to authenticate the identity includes both an immutable digital part and a real-time changing digital part, which can improve the reliability of identity authentication, thereby enhancing the security of terminal access to the monitoring platform.
  • the first digital signature is generated based on the terminal’s attribute information and the dynamic verification code received from the monitoring platform through the preset channel during the login process of the monitoring platform; wherein, the preset channel is different from the request or the request between the terminal and the monitoring platform. Response message interaction channel; by setting different channels, the risk of dynamic verification code being stolen is reduced, thereby further improving the security of terminal access to the monitoring platform.
  • the terminal since the response message contains the second digital signature, the terminal does not access the monitoring platform when receiving the response message, and only accesses the monitoring platform after the terminal passes the authentication of the second digital signature. , That is, the terminal has also undergone an authentication process, which can further improve the reliability of identity authentication, thereby further improving the security of the terminal access to the monitoring platform.
  • the second embodiment of the present application relates to a method for a terminal to access a monitoring platform.
  • This embodiment is substantially the same as the first embodiment, but the difference lies in that the plaintext information formed by combining the attribute information of the terminal and the received dynamic verification code is irreversibly encrypted to generate the first digital signature.
  • FIG. 3 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 3, including:
  • Steps 202 and 203 are similar to steps 102 and 103 respectively, and will not be repeated here.
  • Step 201 Encrypt the plaintext information formed by combining the attribute information of the terminal and the received dynamic verification code based on a preset first irreversible encryption algorithm, and generate a first digital signature.
  • irreversible encryption cannot obtain attribute information and dynamic verification codes through reverse analysis.
  • the plain text information formed by combining the terminal attribute information and the received dynamic verification code is IMEI or/and IMSI and the dynamic verification code are spliced together to obtain the plain text information, for example: the IMEI or/and IMSI and the dynamic verification code can be XORed
  • IMEI or/and IMSI the IMEI or/and IMSI
  • the dynamic verification code can be XORed
  • the authentication process of the monitoring platform the monitoring platform encrypts the plain text formed by combining the attribute information bound to the terminal's login account and the issued dynamic verification code based on the same first irreversible encryption to generate an authentication password, and Determine whether the authentication password matches the first digital signature; wherein, when the authentication password matches the first digital signature, it means that the authentication is passed.
  • the terminal uses encryption technology to enhance the confidentiality of attribute information and dynamic verification codes, and irreversible encryption cannot obtain attribute information and dynamic verification codes through reverse analysis.
  • the monitoring platform is authenticated, it is only based on the same attribute information and dynamic verification.
  • the same first digital signature can be decrypted only after the same irreversible encryption algorithm is encrypted to obtain the same first digital signature, which is beneficial to further improve the authenticity of the authentication result of the first digital signature, thereby further improving the security of terminal access to the monitoring platform.
  • the third embodiment of the present application relates to a method for a terminal to access a monitoring platform.
  • This embodiment is roughly the same as the second embodiment, but the difference is: the terminal irreversibly encrypts the dynamic verification code to obtain the encryption key, and then uses the encryption key to encrypt the first digital signature to obtain the encrypted first digital signature .
  • FIG. 4 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 4, including:
  • Steps 301 and 304 are similar to steps 201 and 203 respectively, and will not be repeated here.
  • Step 302 Encrypt the received dynamic verification code based on a preset second irreversible encryption algorithm to obtain an encryption key, and use the encryption key to encrypt the first digital signature to obtain an encrypted first digital signature.
  • Step 303 Send an access request including the encrypted first digital signature to the monitoring platform.
  • the APP software encrypts the received dynamic verification code based on the preset second irreversible encryption algorithm to obtain the encryption key, and then uses the encryption key to perform the reversible digital signature on the first digital signature.
  • the encryption algorithm performs reversible encryption to obtain the encrypted first digital signature, for example: the reversible encryption algorithm is AES256; and the access request containing the encrypted first digital signature is sent to the monitoring platform.
  • the second irreversible encryption algorithm may be the same as the first irreversible encryption algorithm.
  • the authentication process of the monitoring platform is as follows: the monitoring platform encrypts the issued dynamic verification code based on the preset second irreversible encryption algorithm to obtain the decryption key, and uses the decryption key to reversibly encrypt the encrypted first digital signature
  • the inverse algorithm decrypts the algorithm to obtain the first digital signature.
  • the attribute information bound to the terminal's login account and the issued dynamic verification code are combined to encrypt the plain text to generate an authentication password. And judge whether the authentication password matches the first digital signature; wherein, when the authentication password matches the first digital signature, it means that the authentication is passed.
  • the terminal irreversibly encrypts the dynamic verification code to obtain an encryption key, and then uses the encryption key to encrypt the first digital signature to obtain the encrypted first digital signature. This is beneficial to further improve the authenticity of the authentication result of the first digital signature, thereby further improving the security of the terminal's access to the monitoring platform.
  • the fourth embodiment of the present application relates to a method for a terminal to access a monitoring platform.
  • This embodiment is roughly the same as the first embodiment, except that the terminal performs functional configuration on the monitoring platform.
  • FIG. 5 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 5 and includes:
  • Steps 401-403 are similar to steps 101-103, respectively, and will not be repeated here.
  • Step 404 Send a function configuration request containing the first digital signature to the monitoring platform for the monitoring platform to authenticate the first digital signature according to the attribute information bound to the login account and the issued dynamic verification code, and after the authentication is passed Then configure the functions for the terminal.
  • the channel through which the monitoring platform issues the verification code to the terminal and the channel through which the functional configuration request between the terminal and the monitoring platform is requested are different channels.
  • the terminal encrypts the plaintext information formed by combining the attribute information of the terminal and the received dynamic verification code based on the irreversible encryption algorithm for the first digital signature to generate the first digital signature.
  • the first digital signature may not be encrypted, that is, the first digital signature is plaintext information.
  • the first digital signature is based on the irreversible encryption algorithm by the terminal to encrypt the plaintext information formed by the combination of the terminal's attribute information and the received dynamic verification code to generate the first digital signature; and then based on the preset second irreversible
  • the encryption algorithm encrypts the received dynamic verification code to obtain an encryption key, and uses the encryption key to encrypt the first digital signature to obtain the encrypted first digital signature.
  • the monitoring platform sends the functional configuration request to the VSS terminal, and the request of the monitoring platform is approved by the VSS terminal, and according to The attribute information bound to the login account and the issued dynamic verification code authenticate the first digital signature, and configure functions for the terminal after the authentication is passed.
  • step 404 can be performed in any step after step 401 and before step 403.
  • the first digital signature in the function configuration request is generated by the attribute information and the dynamic verification code, which ensures that the result of the monitoring platform’s authentication of the first digital signature is authentic and reliable, thereby improving the security of the function permission configuration process Sex.
  • the fifth embodiment of the present application relates to a method for a terminal to access a monitoring platform, which is applied to the monitoring platform.
  • the method includes: generating a dynamic verification code during the process of logging in to the monitoring platform of the terminal and sending it to the terminal for the terminal according to the attributes of the terminal Information and the dynamic verification code to generate the first digital signature; receiving the access request containing the first digital signature sent by the terminal; authenticating the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code ; Send a response message to the terminal after the authentication is passed, so that the terminal can access the monitoring platform after receiving the response message.
  • FIG. 6 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 6, including:
  • a dynamic verification code is generated during the process of the terminal logging into the monitoring platform and issued to the terminal, so that the terminal can generate a first digital signature according to the terminal's attribute information and the dynamic verification code.
  • the MSP interface machine of the monitoring platform sends a login message to the CMS and RGM of the monitoring platform, and forwards the verification code returned by the CMS and RGM of the monitoring platform to the SMS interface machine of the monitoring platform ,
  • the SMS interface machine will issue the verification code to the APP software of the terminal.
  • the dynamic verification code is generated during the terminal login to the monitoring platform, and the dynamic verification code is issued to the terminal through the preset channel; the preset channel is different from the request between the terminal and the monitoring platform Or the channel of response message interaction.
  • Step 502 Receive an access request containing the first digital signature sent by the terminal.
  • Step 503 Authenticate the first digital signature according to the attribute information bound to the login account of the terminal and the issued dynamic verification code.
  • the first digital signature sent by the terminal is encrypted or not, that is, the first digital signature may be plaintext information or encrypted; the authentication method of the monitoring platform is also different.
  • the first digital signature in this embodiment is plaintext information, and the specific process of authentication is: parsing the first signature to obtain the terminal's attribute information and the dynamic verification code received from the monitoring platform during the login to the monitoring platform; If the attribute information bound to the login account of the terminal is consistent and the received dynamic verification code is consistent with the issued dynamic verification code, the authentication is passed.
  • Step 5031 After receiving the registration request sent by the terminal, a dynamic verification code is issued for the terminal to generate a first digital signature according to the attribute information and the received dynamic verification code.
  • Step 5032 Receive the first digital signature and login account sent by the terminal.
  • Step 5033 Analyze the attribute information from the first digital signature, and bind the login account of the terminal with the attribute information of the terminal.
  • the first digital signature is obtained through encryption
  • the monitoring platform encrypts the issued dynamic verification code based on the same irreversible encryption algorithm to obtain the decryption key, and uses the decryption key to perform the encrypted first digital signature
  • the inverse algorithm of the reversible encryption algorithm decrypts the first digital signature and restores it to readable plaintext information, so that the terminal's attribute information can be obtained, the login account and the terminal's attribute information are bound, and the information bound between the two Stored locally.
  • the first digital signature may not be encrypted, and the monitoring platform can directly obtain the attribute information according to the first digital signature.
  • Step 504 After the authentication is passed, a response message is sent to the terminal, so that the terminal can access the monitoring platform after receiving the response message.
  • the response message issued by the monitoring platform only informs the terminal that it can access the monitoring platform; when the terminal receives the issued response message, it immediately accesses the monitoring platform, or when the preset time is met.
  • Platform this embodiment does not make specific limitations.
  • a response message is issued to the terminal after the authentication is passed, so that the terminal can access the monitoring platform after receiving the response message, specifically: after the authentication is passed, the attribute information bound to the login account of the terminal and The issued dynamic verification code generates the second digital signature; a response message containing the second digital signature is issued to the terminal so that the terminal can authenticate the second digital signature according to the terminal’s attribute information and the received dynamic verification code, and then After passing the authentication, it is connected to the monitoring platform.
  • the second digital signature can be plaintext information, or it can be generated by encrypting the attribute information bound to the login account of the terminal and the issued dynamic verification code plaintext information based on an irreversible encryption algorithm; it can also generate a second digital signature.
  • the monitoring platform encrypts the received dynamic verification code based on an irreversible encryption algorithm to obtain an encryption key, and uses the encryption key to encrypt the first digital signature to obtain an encrypted second digital signature.
  • the first digital signature used to authenticate the identity during the access of the terminal and the monitoring platform includes both an immutable digital part and a real-time changing digital part, which can improve the reliability of identity authentication, thereby improving the terminal access to the monitoring platform Security.
  • the dynamic verification code is issued to the terminal through a preset channel; wherein the preset channel is different from the channel through which the request or the response message is exchanged between the terminal and the monitoring platform; Different channels reduce the risk of dynamic verification codes being stolen, thereby further improving the security of terminal access to the monitoring platform.
  • the sixth embodiment of the present application relates to a method for a terminal to access a monitoring platform.
  • This embodiment is roughly the same as the fifth embodiment, but the difference is that the plaintext information formed by the combination of the attribute information and the received dynamic verification code is encrypted. After the monitoring platform receives the access request, it must be decrypted before the authentication can be performed. right.
  • FIG. 8 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 8, and includes:
  • Steps 601, 602, and 604 are similar to steps 501, 502, and 504, respectively, and will not be repeated here.
  • Step 603 Based on the preset first irreversible encryption algorithm, the plain text formed by combining the attribute information of the terminal's login account and the issued dynamic verification code is encrypted to generate an authentication password, and the authentication password is determined to be the same as the first Whether the digital signature matches; where, when the authentication password matches the first digital signature, it means that the authentication is passed.
  • the monitoring platform needs to pass the same encryption algorithm and obtain the authentication password matching the first digital signature before the authentication is passed, which is beneficial to further improve the authenticity and reliability of the authentication result of the first digital signature, thereby further improving the authenticity and reliability of the authentication result of the first digital signature. Improve the security of terminal access to the monitoring platform.
  • the seventh embodiment of the present application relates to a method for a terminal to access a monitoring platform.
  • This embodiment is roughly the same as the sixth embodiment, except that the terminal irreversibly encrypts the dynamic verification code to obtain the encryption key, and then uses the encryption key to encrypt the first digital signature to obtain the encrypted first digital signature .
  • FIG. 9 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in Fig. 9 and includes:
  • Steps 701, 702, 704, and 705 are similar to steps 601, 602, 603, and 604, respectively, and will not be repeated here.
  • Step 703 Encrypt the issued dynamic verification code based on the preset second irreversible encryption algorithm to obtain a decryption key, and use the decryption key to decrypt the encrypted first digital signature to obtain the first digital signature.
  • the first digital signature included in the access request is encrypted by the terminal.
  • the monitoring platform needs to decrypt twice to obtain the first digital signature, and then pass the authentication through the same encryption algorithm and obtain the authentication password matching the first digital signature, which is beneficial to further improve the first digital signature.
  • the authenticity and reliability of the digital signature authentication result, thereby further improving the security of the terminal's access to the monitoring platform.
  • the eighth implementation manner of the present application relates to a method for a terminal to access a monitoring platform.
  • This embodiment is roughly the same as the fifth embodiment. The difference is: the method includes: receiving a function configuration request containing the first digital signature sent by the terminal; A digital signature is used for authentication, and functions are configured for the terminal after the authentication is passed.
  • FIG. 10 The flowchart of the method for terminal access to the monitoring platform in this embodiment is shown in FIG. 10 and includes:
  • Steps 801-804 are similar to steps 501-504, respectively, and will not be repeated here.
  • Step 805 Receive a function configuration request including the first digital signature sent by the terminal.
  • step 806 the first digital signature is authenticated according to the attribute information bound to the login account and the issued dynamic verification code, and functions are configured for the terminal after the authentication is passed.
  • step 805 and step 806 can be performed in any step after step 801 and before step 804.
  • the first digital signature in the function configuration request is generated by the attribute information and the dynamic verification code, which ensures that the result of the monitoring platform’s authentication of the first digital signature is authentic and reliable, thereby improving the security of the function permission configuration process Sex.
  • the ninth implementation manner of the present application relates to an electronic device. As shown in FIG. 11, it includes at least one processor 902; and a memory 901 communicatively connected with the at least one processor; The instructions executed by 902 are executed by the at least one processor 902, so that the at least one processor 902 can execute the foregoing implementation of the cell search method.
  • the memory 901 and the processor 902 are connected in a bus manner.
  • the bus may include any number of interconnected buses and bridges.
  • the bus connects one or more processors 902 and various circuits of the memory 901 together.
  • the bus can also connect various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are all well-known in the art, and therefore, no further description will be given herein.
  • the bus interface provides an interface between the bus and the transceiver.
  • the transceiver may be one element or multiple elements, such as multiple receivers and transmitters, providing a unit for communicating with various other devices on the transmission medium.
  • the data processed by the processor 902 is transmitted on the wireless medium through the antenna, and further, the antenna also receives the data and transmits the data to the processor 902.
  • the processor 902 is responsible for managing the bus and general processing, and can also provide various functions, including timing, peripheral interfaces, voltage regulation, power management, and other control functions.
  • the memory 901 may be used to store data used by the processor 902 when performing operations.
  • the tenth implementation manner of the present application relates to a platform. As shown in FIG. 12, it includes at least one processor 1002; and, a memory 1001 communicatively connected with the at least one processor; wherein, the memory 1001 stores data that can be used by at least one processor 1002.
  • the executed instructions are executed by the at least one processor 1002, so that the at least one processor 1002 can execute the foregoing implementation of the cell search method.
  • the memory 1001 and the processor 1002 are connected in a bus manner, and the bus may include any number of interconnected buses and bridges, and the bus connects one or more various circuits of the processor 1002 and the memory 1001 together.
  • the bus can also connect various other circuits such as peripheral devices, voltage regulators, power management circuits, etc., which are all well-known in the art, and therefore, no further description will be given herein.
  • the bus interface provides an interface between the bus and the transceiver.
  • the transceiver may be one element or multiple elements, such as multiple receivers and transmitters, providing a unit for communicating with various other devices on the transmission medium.
  • the data processed by the processor 1002 is transmitted on the wireless medium through the antenna, and further, the antenna also receives the data and transmits the data to the processor 1002.
  • the processor 1002 is responsible for managing the bus and general processing, and can also provide various functions, including timing, peripheral interfaces, voltage regulation, power management, and other control functions.
  • the memory 1001 may be used to store data used by the processor 1002 when performing operations.
  • the eleventh embodiment of the present application relates to a computer-readable storage medium storing a computer program.
  • the computer program is executed by the processor, the above method embodiment is realized.
  • the program is stored in a storage medium and includes several instructions to enable a device ( It may be a single-chip microcomputer, a chip, etc.) or a processor (processor) that executes all or part of the steps of the methods described in the embodiments of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disks or optical disks and other media that can store program codes. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Les modes de réalisation de la présente demande se rapportent au domaine des communications. Sont divulgué un procédé permettant à un terminal d'accéder à une plateforme de surveillance, et un dispositif électronique, une plateforme et un support de stockage. Dans la présente demande, le procédé fait appel aux étapes suivantes : la génération d'une première signature numérique selon des informations d'attribut d'un terminal et un code de vérification dynamique reçu en provenance d'une plateforme de surveillance pendant le processus d'ouverture de session en direction de la plateforme de surveillance ; l'envoi d'une demande d'accès comprenant la première signature numérique à la plateforme de surveillance, de sorte que la plateforme de surveillance authentifie la première signature numérique selon les informations d'attribut liées à un compte d'ouverture de session du terminal et le code de vérification dynamique émis ; et la réception d'un message de réponse émis par la plateforme de surveillance après que l'authentification a réussi, et l'accès à la plateforme de surveillance.
PCT/CN2020/135292 2019-12-12 2020-12-10 Procédé permettant à un terminal d'accéder à une plateforme de surveillance, et dispositif électronique, plateforme et support de stockage WO2021115381A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911272818.8A CN112995991A (zh) 2019-12-12 2019-12-12 终端接入监控平台的方法、电子设备、平台及存储介质
CN201911272818.8 2019-12-12

Publications (1)

Publication Number Publication Date
WO2021115381A1 true WO2021115381A1 (fr) 2021-06-17

Family

ID=76329590

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/135292 WO2021115381A1 (fr) 2019-12-12 2020-12-10 Procédé permettant à un terminal d'accéder à une plateforme de surveillance, et dispositif électronique, plateforme et support de stockage

Country Status (2)

Country Link
CN (1) CN112995991A (fr)
WO (1) WO2021115381A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102740141A (zh) * 2012-05-31 2012-10-17 董爱平 一种移动互联即时视频隐私保护方法及系统
CN106130996A (zh) * 2016-06-30 2016-11-16 武汉斗鱼网络科技有限公司 一种网站防攻击验证系统及方法
CN107465838A (zh) * 2017-09-22 2017-12-12 潘荣昌 一种室内安防监控app系统
US20180247053A1 (en) * 2017-02-24 2018-08-30 Adt Us Holdings, Inc. Automatic password reset using a security system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102740141A (zh) * 2012-05-31 2012-10-17 董爱平 一种移动互联即时视频隐私保护方法及系统
CN106130996A (zh) * 2016-06-30 2016-11-16 武汉斗鱼网络科技有限公司 一种网站防攻击验证系统及方法
US20180247053A1 (en) * 2017-02-24 2018-08-30 Adt Us Holdings, Inc. Automatic password reset using a security system
CN107465838A (zh) * 2017-09-22 2017-12-12 潘荣昌 一种室内安防监控app系统

Also Published As

Publication number Publication date
CN112995991A (zh) 2021-06-18

Similar Documents

Publication Publication Date Title
CN110049016B (zh) 区块链的数据查询方法、装置、系统、设备及存储介质
KR102219756B1 (ko) 연결된 디바이스의 상태를 관리하기 위한 방법
WO2019109809A1 (fr) Procédé de traitement de données multimédia, dispositif informatique et support de stockage
US9762567B2 (en) Wireless communication of a user identifier and encrypted time-sensitive data
CN106789841B (zh) 业务处理方法、终端、服务器以及系统
US10638422B2 (en) Data asset transfers via energy efficient communications
CN111131416A (zh) 业务服务的提供方法和装置、存储介质、电子装置
CN114448727B (zh) 基于工业互联网标识解析体系的信息处理方法及系统
CN112436936B (zh) 一种具备量子加密功能的云存储方法及系统
CN105376059A (zh) 基于电子钥匙进行应用签名的方法和系统
CN110972136A (zh) 物联网安全通信模组、终端、安全控制系统及认证方法
CN110598429A (zh) 数据加密存储和读取的方法、终端设备及存储介质
CN104104650A (zh) 数据文件访问方法及终端设备
CN112039857B (zh) 一种公用基础模块的调用方法和装置
CN212649500U (zh) 基于卡体信息的身份证识读系统
KR102321405B1 (ko) 블록체인 및 생체정보를 이용한 보안 서비스 제공 시스템 및 방법
CN113240836A (zh) 采用二维码的蓝牙锁连接方法及相关配置系统
US20240039707A1 (en) Mobile authenticator for performing a role in user authentication
KR101745482B1 (ko) 스마트홈 시스템에서의 통신 방법 및 그 장치
WO2021115381A1 (fr) Procédé permettant à un terminal d'accéder à une plateforme de surveillance, et dispositif électronique, plateforme et support de stockage
CN116366289A (zh) 无人机遥感数据的安全监管方法及装置
US11516215B2 (en) Secure access to encrypted data of a user terminal
CN115118426A (zh) 区块链系统的数据处理方法、装置、设备及存储介质
CN112118210B (zh) 一种认证密钥配置方法、设备、系统及存储介质
CN113065160A (zh) 智慧法院数据传输方法及系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20900536

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20900536

Country of ref document: EP

Kind code of ref document: A1