[go: up one dir, main page]

TWI880712B - Terminal device authenticity detection method, device, equipment, system and medium - Google Patents

Terminal device authenticity detection method, device, equipment, system and medium Download PDF

Info

Publication number
TWI880712B
TWI880712B TW113113860A TW113113860A TWI880712B TW I880712 B TWI880712 B TW I880712B TW 113113860 A TW113113860 A TW 113113860A TW 113113860 A TW113113860 A TW 113113860A TW I880712 B TWI880712 B TW I880712B
Authority
TW
Taiwan
Prior art keywords
terminal device
tasks
task
under test
challenge
Prior art date
Application number
TW113113860A
Other languages
Chinese (zh)
Other versions
TW202507541A (en
Inventor
侯騰
于文海
陳成錢
劉紅寶
楊陽
孫權
楊燕明
Original Assignee
大陸商中國銀聯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大陸商中國銀聯股份有限公司 filed Critical 大陸商中國銀聯股份有限公司
Publication of TW202507541A publication Critical patent/TW202507541A/en
Application granted granted Critical
Publication of TWI880712B publication Critical patent/TWI880712B/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Computer Security & Cryptography (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Telephone Function (AREA)
  • Debugging And Monitoring (AREA)

Abstract

本發明公開了一種終端設備真實性的檢測方法、裝置、設備、系統及介質,涉及電子資訊領域。該方法包括:通過目標檢測應用生成三個以上的挑戰任務,三個以上的挑戰任務中包括第一類任務和第二類任務,第一類任務包括至少兩個相同的挑戰任務,第二類任務包括與第一類任務不同的挑戰任務;通過目標檢測應用觸發被測終端設備執行三個以上的挑戰任務,並獲取感測器採集到的被測終端設備產生的與挑戰任務對應的回應信號;通過目標檢測應用基於第一類任務對應的回應信號和第二類任務對應的回應信號進行對比,根據對比結果確定被測終端設備為真實物理終端設備或虛擬終端設備。根據本發明實施例能夠區分真實物理終端設備和虛擬終端設備。 The present invention discloses a method, device, equipment, system and medium for detecting the authenticity of terminal equipment, and relates to the field of electronic information. The method includes: generating more than three challenge tasks through a target detection application, wherein the more than three challenge tasks include a first type of tasks and a second type of tasks, wherein the first type of tasks include at least two identical challenge tasks, and the second type of tasks include challenge tasks different from the first type of tasks; triggering a terminal device under test to execute more than three challenge tasks through the target detection application, and obtaining response signals corresponding to the challenge tasks generated by the terminal device under test and collected by a sensor; comparing the response signals corresponding to the first type of tasks with the response signals corresponding to the second type of tasks through the target detection application, and determining whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison result. According to the embodiment of the present invention, it is possible to distinguish between real physical terminal devices and virtual terminal devices.

Description

終端設備真實性的檢測方法、裝置、設備、系統及介質 Method, device, equipment, system and medium for detecting authenticity of terminal equipment

本發明屬於電子資訊領域,尤其涉及一種終端設備真實性的檢測方法、裝置、設備、系統及介質。 The present invention belongs to the field of electronic information, and in particular relates to a method, device, equipment, system and medium for detecting the authenticity of terminal equipment.

隨著雲技術的不斷發展,基於雲技術提供的監控能力和遷移能力,可將雲技術運用於終端設備業務領域,通過雲伺服器運行終端設備的功能,實現雲終端設備的概念。雲終端設備的軟體環境可做到與真實的物理終端設備的軟體環境一致,雲終端設備的介面參數的注入與修改也非常便捷。但存在一些不法分子利用雲終端的軟體環境的真實性和介面參數調節的便捷性發起攻擊,降低了終端設備業務的安全性。因此,區分終端設備為真實物理終端設備還是虛擬終端設備成為了終端設備業務領域的一大難題。 With the continuous development of cloud technology, based on the monitoring and migration capabilities provided by cloud technology, cloud technology can be applied to the terminal equipment business field, and the functions of terminal equipment can be run through cloud servers to realize the concept of cloud terminal equipment. The software environment of cloud terminal equipment can be consistent with the software environment of real physical terminal equipment, and the injection and modification of interface parameters of cloud terminal equipment are also very convenient. However, there are some criminals who use the authenticity of the cloud terminal software environment and the convenience of adjusting interface parameters to launch attacks, reducing the security of terminal equipment business. Therefore, distinguishing whether the terminal equipment is a real physical terminal equipment or a virtual terminal equipment has become a major problem in the terminal equipment business field.

本發明實施例提供一種終端設備真實性的檢測方法、裝置、設備、系統及介質,能夠區分真實物理終端設備和虛擬終端設備。 The embodiment of the present invention provides a method, device, equipment, system and medium for detecting the authenticity of a terminal device, which can distinguish between a real physical terminal device and a virtual terminal device.

第一方面,本發明實施例提供一種終端設備真實性的檢測方法,應用於被測終端設備,被測終端設備具有感測器和目標檢測應用,該方法包括:通過目標檢測應用生成三個以上的挑戰任務,三個以上的挑戰任務中包括第一類任務和第二類任務,第一類任務包括至少兩個相同的挑戰任務,第二類任務包括與第一類任務不同的挑戰任務;通過目標檢測應用觸發被測終端設備執行三個以上的挑戰任務,並獲取感測器採集到的被測終端設備產生的與挑戰任務對應的回應信號;通過目標檢測應用基於第 一類任務對應的回應信號和第二類任務對應的回應信號進行對比,根據對比結果確定被測終端設備為真實物理終端設備或虛擬終端設備。 In a first aspect, an embodiment of the present invention provides a method for detecting the authenticity of a terminal device, which is applied to a terminal device under test, wherein the terminal device under test has a sensor and a target detection application, and the method comprises: generating three or more challenge tasks through the target detection application, wherein the three or more challenge tasks include a first category of tasks and a second category of tasks, wherein the first category of tasks includes at least two identical challenge tasks, and the second category of tasks includes at least two identical challenge tasks with the first category of tasks. Different challenge tasks; trigger the terminal device under test to execute more than three challenge tasks through the target detection application, and obtain the response signal corresponding to the challenge task generated by the terminal device under test collected by the sensor; compare the response signal corresponding to the first type of task with the response signal corresponding to the second type of task through the target detection application, and determine whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the comparison results.

第二方面,本發明實施例提供一種終端設備真實性的檢測方法,應用於被測終端設備,被測終端設備具有感測器和目標檢測應用,該方法包括:接收目標檢測應用的後台伺服器生成並發送的三個以上的挑戰任務,三個以上的挑戰任務中包括第一類任務和第二類任務,第一類任務包括至少兩個相同的挑戰任務,第二類任務包括與第一類任務不同的挑戰任務;通過目標檢測應用觸發被測終端設備執行三個以上的挑戰任務,並獲取感測器採集到的被測終端設備產生的與挑戰任務對應的回應信號;向後台伺服器發送回應信號,以使後台伺服器基於第一類任務對應的回應信號和第二類任務對應的回應信號進行對比,根據對比結果確定被測終端設備為真實物理終端設備或虛擬終端設備。 In a second aspect, an embodiment of the present invention provides a method for detecting the authenticity of a terminal device, which is applied to a terminal device under test, wherein the terminal device under test has a sensor and a target detection application, and the method comprises: receiving three or more challenge tasks generated and sent by a background server of the target detection application, wherein the three or more challenge tasks include a first category of tasks and a second category of tasks, wherein the first category of tasks includes at least two identical challenge tasks, and the second category of tasks includes tasks that are different from the first category of tasks. The target detection application triggers the terminal device under test to execute more than three challenge tasks, and obtains the response signal corresponding to the challenge task generated by the terminal device under test collected by the sensor; the response signal is sent to the background server, so that the background server compares the response signal corresponding to the first type of task with the response signal corresponding to the second type of task, and determines whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison result.

第三方面,本發明實施例提供一種終端設備真實性的檢測方法,應用於目標檢測應用的後台伺服器,被測終端設備具有感測器和目標檢測應用,該方法包括:生成並向被測終端設備發送三個以上的挑戰任務,三個以上的挑戰任務中包括第一類任務和第二類任務,第一類任務包括至少兩個相同的挑戰任務,第二類任務包括與第一類任務不同的挑戰任務;接收被測終端設備發送的回應信號,回應信號由感測器在目標檢測應用觸發被測終端設備執行三個以上的挑戰任務的情況下採集得到;基於第一類任務對應的回應信號和第二類任務對應的回應信號進行對比,根據對比結果確定被測終端設備為真實物理終端設備或虛擬終端設備。 In a third aspect, an embodiment of the present invention provides a method for detecting the authenticity of a terminal device, which is applied to a background server of a target detection application. The terminal device under test has a sensor and a target detection application. The method comprises: generating and sending three or more challenge tasks to the terminal device under test, wherein the three or more challenge tasks include a first category of tasks and a second category of tasks, wherein the first category of tasks includes at least two identical challenge tasks, and the second category of tasks includes at least two identical challenge tasks. The tasks include challenge tasks different from the first type of tasks; receiving response signals sent by the terminal device under test, the response signals are collected by the sensor when the target detection application triggers the terminal device under test to execute more than three challenge tasks; comparing the response signals corresponding to the first type of tasks with the response signals corresponding to the second type of tasks, and determining whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison results.

第四方面,本發明實施例提供一種終端設備真實性的檢測裝置,應用於被測終端設備,被測終端裝置具有感測器和目標檢測應用,該檢測裝置包括:挑戰任務生成模組,用於生成三個以上的挑戰任務,三個以上的挑戰任務中包括第一類任務和第二類任務,第一類任務包括至少兩個相同的挑戰任務,第二類任務包括與第一類任務不同的挑戰任務;資訊收集模組,用於觸發被測終端設備執行三個以上的挑戰任務,並獲取感測 器採集到的被測終端設備產生的與挑戰任務對應的回應信號;資料處理模組,用於基於第一類任務對應的回應信號和第二類任務對應的回應信號進行對比,根據對比結果確定被測終端設備為真實物理終端設備或虛擬終端設備。 In a fourth aspect, an embodiment of the present invention provides a terminal device authenticity detection device, which is applied to a terminal device under test, wherein the terminal device under test has a sensor and a target detection application, and the detection device includes: a challenge task generation module, which is used to generate more than three challenge tasks, wherein the more than three challenge tasks include a first category of tasks and a second category of tasks, wherein the first category of tasks includes at least two identical challenge tasks, and the second category of tasks includes at least two identical challenge tasks, and the second category of tasks includes at least two identical challenge tasks. The information collection module is used to trigger the terminal device under test to execute more than three challenge tasks and obtain the response signals corresponding to the challenge tasks generated by the terminal device under test collected by the sensor; the data processing module is used to compare the response signals corresponding to the first type of tasks with the response signals corresponding to the second type of tasks, and determine whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the comparison results.

第五方面,本發明實施例提供一種終端設備真實性的檢測裝置,應用於被測終端設備,被測終端設備具有感測器和目標檢測應用,該檢測裝置包括:接收模組,用於接收目標檢測應用的後台伺服器生成並發送的三個以上的挑戰任務,三個以上的挑戰任務中包括第一類任務和第二類任務,第一類任務包括至少兩個相同的挑戰任務,第二類任務包括與第一類任務不同的挑戰任務;資訊收集模組,用於觸發被測終端設備執行三個以上的挑戰任務,並獲取感測器採集到的被測終端設備產生的與挑戰任務對應的回應信號;發送模組,用於向後台伺服器發送回應信號,以使後台伺服器基於第一類任務對應的回應信號和第二類任務對應的回應信號進行對比,根據對比結果確定被測終端設備為真實物理終端設備或虛擬終端設備。 In a fifth aspect, an embodiment of the present invention provides a terminal device authenticity detection device, which is applied to a terminal device under test, wherein the terminal device under test has a sensor and a target detection application, and the detection device includes: a receiving module, which is used to receive more than three challenge tasks generated and sent by a background server of the target detection application, wherein the more than three challenge tasks include a first category of tasks and a second category of tasks, wherein the first category of tasks includes at least two identical challenge tasks, and the second category of tasks includes at least two identical challenge tasks with the first category of tasks. Different challenge tasks; information collection module, used to trigger the tested terminal device to execute more than three challenge tasks, and obtain the response signal corresponding to the challenge task generated by the tested terminal device collected by the sensor; sending module, used to send the response signal to the background server, so that the background server can compare the response signal corresponding to the first type of task with the response signal corresponding to the second type of task, and determine whether the tested terminal device is a real physical terminal device or a virtual terminal device according to the comparison result.

第六方面,本發明實施例提供一種終端設備真實性的檢測裝置,應用於目標檢測應用的後台伺服器,被測終端設備具有感測器和目標檢測應用,該檢測裝置包括:挑戰任務生成模組,用於生成三個以上的挑戰任務,三個以上的挑戰任務中包括第一類任務和第二類任務,第一類任務包括至少兩個相同的挑戰任務,第二類任務包括與第一類任務不同的挑戰任務;發送模組,用於向被測終端設備發送三個以上的挑戰任務;接收模組,用於接收被測終端設備發送的回應信號,回應信號由感測器在目標檢測應用觸發被測終端設備執行三個以上的挑戰任務的情況下採集得到;資料處理模組,用於基於第一類任務對應的回應信號和第二類任務對應的回應信號進行對比,根據對比結果確定被測終端設備為真實物理終端設備或虛擬終端設備。 In a sixth aspect, an embodiment of the present invention provides a terminal device authenticity detection device, which is applied to a background server of a target detection application, wherein the terminal device under test has a sensor and a target detection application, and the detection device comprises: a challenge task generation module, which is used to generate more than three challenge tasks, wherein the more than three challenge tasks include a first category of tasks and a second category of tasks, wherein the first category of tasks includes at least two identical challenge tasks, and the second category of tasks includes challenge tasks different from the first category of tasks; a sending module; A group is used to send more than three challenge tasks to the terminal device under test; a receiving module is used to receive the response signal sent by the terminal device under test, and the response signal is collected by the sensor when the target detection application triggers the terminal device under test to execute more than three challenge tasks; a data processing module is used to compare the response signal corresponding to the first type of task with the response signal corresponding to the second type of task, and determine whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison result.

第七方面,本發明實施例提供一種終端設備,包括:處理器 以及存儲有電腦程式指令的記憶體;處理器執行電腦程式指令時實現第一方面的終端設備真實性的檢測方法。 In the seventh aspect, the embodiment of the present invention provides a terminal device, including: a processor and a memory storing computer program instructions; when the processor executes the computer program instructions, the authenticity detection method of the terminal device of the first aspect is implemented.

第八方面,本發明實施例提供一種終端設備,包括:處理器以及存儲有電腦程式指令的記憶體;處理器執行電腦程式指令時實現第二方面的終端設備真實性的檢測方法。 In the eighth aspect, an embodiment of the present invention provides a terminal device, comprising: a processor and a memory storing computer program instructions; and a method for detecting the authenticity of the terminal device of the second aspect when the processor executes the computer program instructions.

第九方面,本發明實施例提供一種伺服器,包括:處理器以及存儲有電腦程式指令的記憶體;處理器執行電腦程式指令時實現第三方面的終端設備真實性的檢測方法。 In the ninth aspect, an embodiment of the present invention provides a server, comprising: a processor and a memory storing computer program instructions; when the processor executes the computer program instructions, the method for detecting the authenticity of the terminal device of the third aspect is implemented.

第十方面,本發明實施例提供一種終端設備真實性的檢測系統,包括第八方面的終端設備和第九方面的伺服器。 In the tenth aspect, an embodiment of the present invention provides a terminal device authenticity detection system, including the terminal device of the eighth aspect and the server of the ninth aspect.

第十一方面,本發明實施例提供一種電腦可讀存儲介質,電腦可讀存儲介質上存儲有電腦程式指令,電腦程式指令被處理器執行時實現第一方面的終端設備真實性的檢測方法、第二方面的終端設備真實性的檢測方法或第三方面的終端設備真實性的檢測方法。 In the eleventh aspect, an embodiment of the present invention provides a computer-readable storage medium, on which computer program instructions are stored, and when the computer program instructions are executed by a processor, the terminal device authenticity detection method of the first aspect, the terminal device authenticity detection method of the second aspect, or the terminal device authenticity detection method of the third aspect is implemented.

本發明實施例提供一種終端設備真實性的檢測方法、裝置、設備、系統及介質,被測終端設備可執行預先生成的三個以上的挑戰任務,三個以上的挑戰任務中包括相同的挑戰任務即第一類任務以及與第一類任務不同的挑戰任務即第二類任務,根據被測終端設備的感測器採集到的被測終端設備執行第一類任務和第二類任務產生的回應信號的對比確定被測終端設備為真實物理終端設備或虛擬終端設備。物理不可克隆函數可使得真實物理終端設備對挑戰任務產生不可克隆的唯一輸出,回應信號能夠體現物理不可克隆函數的特徵,真實物理終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號體現的物理不可克隆函數的特徵具有一定的規律,而虛擬終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號體現的物理不可克隆函數的特徵難以具有規律或規律與真實物理終端設備不同,而且,模擬虛擬終端設備的第三方無法得知挑戰任務的內容和虛擬終端設備執行挑戰任務的時間,也無法模擬真實物理終端設備執 行相同的挑戰任務以及不同的挑戰任務產生的回應信號所能體現的物理不可克隆函數的特徵,從而可根據回應信號準確地確定被測終端設備是真實物理終端設備或虛擬終端設備,實現真實物理終端設備和虛擬終端設備的區分。 The embodiments of the present invention provide a method, apparatus, device, system and medium for detecting the authenticity of a terminal device. The terminal device under test can execute more than three pre-generated challenge tasks, wherein the more than three challenge tasks include the same challenge tasks, i.e., first-category tasks, and challenge tasks different from the first-category tasks, i.e., second-category tasks. The terminal device under test is determined to be a real physical terminal device or a virtual terminal device based on a comparison of response signals generated by the terminal device under test executing the first-category tasks and the second-category tasks, which are collected by the sensor of the terminal device under test. The physical unclonable function can make the real physical terminal device produce a unique output that cannot be cloned for the challenge task, and the response signal can reflect the characteristics of the physical unclonable function. The characteristics of the physical unclonable function reflected by the response signals generated by the real physical terminal device when executing the same challenge task and different challenge tasks have certain regularities, while the characteristics of the physical unclonable function reflected by the response signals generated by the virtual terminal device when executing the same challenge task and different challenge tasks are difficult to have regularities or the regularities are different from those of the virtual terminal device. The real physical terminal device is different. Moreover, the third party simulating the virtual terminal device cannot know the content of the challenge task and the time when the virtual terminal device executes the challenge task, nor can it simulate the response signal generated by the real physical terminal device executing the same challenge task and different challenge tasks to reflect the characteristics of the physical unclonable function. Therefore, it can accurately determine whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the response signal, and realize the distinction between real physical terminal devices and virtual terminal devices.

1002:伺服器 1002: Server

20,51:被測終端設備 20,51: Tested terminal equipment

21,521,601,801:挑戰任務生成模組 21,521,601,801:Challenge mission generation module

22,511,602,702:資訊收集模組 22,511,602,702: Information collection module

23,522,603,804:資料處理模組 23,522,603,804: Data processing module

24,512:目標檢測應用 24,512: Target detection applications

25,513:感測器 25,513:Sensor

26,514:中央處理器及記憶體等晶片 26,514: Central processing unit and memory chips

52:後台伺服器 52:Backend server

53:雲端應用服務 53: Cloud application services

600,700,800:終端設備真實性的檢測裝置 600,700,800: Device for testing the authenticity of terminal equipment

701,803:接收模組 701,803: receiving module

703,802:發送模組 703,802: Send module

900,1001:終端設備 900,1001: terminal equipment

901:記憶體 901:Memory

902:處理器 902: Processor

903:通信介面 903: Communication interface

904:匯流排 904:Bus

a1,a2,a3,a4,a5,a6,a7,a8,S101,S102,S103,S1031,S1032,S1033,S1034,S301,S302,S303,S401,S402,S403,S4031,S4032,S4033,S4034:步驟 steps

C1,C2,C3,C4,C5:挑戰任務 C1,C2,C3,C4,C5: Challenging missions

R1,R2,R3:非相關性資訊 R1, R2, R3: Non-relevant information

為了更清楚地說明本發明實施例的技術方案,下面將對本發明實施例中所需要使用的圖式作簡單的介紹,對於本領域普通技術人員來講,在不付出進步性勞動的前提下,還可以根據這些圖式獲得其他的圖式。 In order to more clearly explain the technical solution of the embodiment of the present invention, the following will briefly introduce the diagrams required for use in the embodiment of the present invention. For ordinary technicians in this field, other diagrams can be obtained based on these diagrams without making any progressive labor.

圖1為本發明第一方面一實施例提供的終端設備真實性的檢測方法的流程圖; Figure 1 is a flow chart of a method for detecting the authenticity of a terminal device provided in an embodiment of the first aspect of the present invention;

圖2為本發明第一方面另一實施例提供的終端設備真實性的檢測方法的流程圖; Figure 2 is a flow chart of a method for detecting the authenticity of a terminal device provided by another embodiment of the first aspect of the present invention;

圖3為本發明實施例提供的終端設備真實性的檢測方法應用於被測終端設備的一示例的架構示意圖; Figure 3 is a schematic diagram of an example of the terminal device authenticity detection method provided by an embodiment of the present invention being applied to the terminal device under test;

圖4為本發明第二方面一實施例提供的終端設備真實性的檢測方法的流程圖; Figure 4 is a flow chart of a method for detecting the authenticity of a terminal device provided in an embodiment of the second aspect of the present invention;

圖5為本發明第三方面一實施例提供的終端設備真實性的檢測方法的流程圖; Figure 5 is a flow chart of a method for detecting the authenticity of a terminal device provided in an embodiment of the third aspect of the present invention;

圖6為本發明第三方面另一實施例提供的終端設備真實性的檢測方法的流程圖; Figure 6 is a flow chart of a method for detecting the authenticity of a terminal device provided by another embodiment of the third aspect of the present invention;

圖7為本發明實施例提供的終端設備真實性的檢測方法應用於被測終端設備和後台伺服器的一示例的架構示意圖; FIG7 is a schematic diagram of an example of the architecture of the terminal device authenticity detection method provided by an embodiment of the present invention applied to the tested terminal device and the background server;

圖8為本發明實施例提供的終端設備真實性的檢測流程的一示例的流程圖; Figure 8 is a flowchart of an example of the process of detecting the authenticity of the terminal device provided by an embodiment of the present invention;

圖9為本發明第四方面一實施例提供的終端設備真實性的檢測裝置的結構示意圖; Figure 9 is a schematic diagram of the structure of a terminal device authenticity detection device provided in an embodiment of the fourth aspect of the present invention;

圖10為本發明第五方面一實施例提供的終端設備真實性的檢測裝置的 結構示意圖; Figure 10 is a schematic structural diagram of a terminal device authenticity detection device provided in an embodiment of the fifth aspect of the present invention;

圖11為本發明第六方面一實施例提供的終端設備真實性的檢測裝置的結構示意圖; Figure 11 is a schematic diagram of the structure of a terminal device authenticity detection device provided in the first embodiment of the sixth aspect of the present invention;

圖12為本發明第七方面一實施例提供的終端設備的結構示意圖; Figure 12 is a schematic diagram of the structure of the terminal device provided in the first embodiment of the seventh aspect of the present invention;

圖13為本發明第十方面一實施例提供的終端設備真實性的檢測系統的結構示意圖。 Figure 13 is a schematic diagram of the structure of a terminal device authenticity detection system provided in the first embodiment of the tenth aspect of the present invention.

下面將詳細描述本發明的各個方面的特徵和示例性實施例,為了使本發明的目的、技術方案及優點更加清楚明白,以下結合圖式及具體實施例,對本發明進行進一步詳細描述。應理解,此處所描述的具體實施例僅意在解釋本發明,而不是限定本發明。對於本領域技術人員來說,本發明可以在不需要這些具體細節中的一些細節的情況下實施。下面對實施例的描述僅僅是為了通過示出本發明的示例來提供對本發明更好的理解。需要說明的是,本發明實施例中對資訊、資料的獲取、存儲、使用、處理等均得到用戶或相關機構的授權,符合國家法律法規的相關規定。 The features and exemplary embodiments of various aspects of the present invention will be described in detail below. In order to make the purpose, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below in combination with the drawings and specific embodiments. It should be understood that the specific embodiments described here are only intended to explain the present invention, not to limit the present invention. For those skilled in the art, the present invention can be implemented without some of these specific details. The following description of the embodiments is only to provide a better understanding of the present invention by showing examples of the present invention. It should be noted that the acquisition, storage, use, and processing of information and data in the embodiments of the present invention are authorized by users or relevant institutions and comply with the relevant provisions of national laws and regulations.

隨著雲技術的不斷發展,基於雲技術提供的監控能力和遷移能力,可將雲技術運用於終端設備業務領域,通過雲伺服器運行終端設備的功能,實現雲終端設備的概念。雲終端設備的軟體環境可做到與真實的物理終端設備的軟體環境一致,雲終端設備的介面參數的注入與修改也非常便捷。但存在一些不法分子利用雲終端的軟體環境的真實性和介面參數調節的便捷性發起攻擊,降低了終端設備業務的安全性。因此,區分終端設備為真實物理終端設備還是虛擬終端設備成為了終端設備業務領域的一大難題。 With the continuous development of cloud technology, based on the monitoring and migration capabilities provided by cloud technology, cloud technology can be applied to the terminal equipment business field, and the functions of terminal equipment can be run through cloud servers to realize the concept of cloud terminal equipment. The software environment of cloud terminal equipment can be consistent with the software environment of real physical terminal equipment, and the injection and modification of interface parameters of cloud terminal equipment are also very convenient. However, there are some criminals who use the authenticity of the cloud terminal software environment and the convenience of adjusting interface parameters to launch attacks, reducing the security of terminal equipment business. Therefore, distinguishing whether the terminal equipment is a real physical terminal equipment or a virtual terminal equipment has become a major problem in the terminal equipment business field.

本發明提供一種終端設備真實性的檢測方法、裝置、設備、系統及介質,通過觸發被測終端設備執行挑戰任務,從而得到能夠體現被測終端設備的物理不可克隆函數(Physical Unclonable Function,PUF)的特徵的回應資訊,利用被測終端設備的回應資訊確定被測終端設備為真實 物理終端設備或虛擬終端設備。物理不可克隆函數基於設備中器件製造等過程中自然發生的獨特物理變化形成,想要偽造或克隆設備的物理不可克隆函數,在技術上幾乎難以實現。虛擬終端設備無法模擬出能夠體現真實物理終端設備的物理不可克隆函數的特徵的回應信號,利用回應信號能夠有效地區分真實物理終端設備和虛擬終端設備。 The present invention provides a method, device, equipment, system and medium for detecting the authenticity of a terminal device. By triggering the terminal device under test to perform a challenge task, response information that can reflect the characteristics of the physical unclonable function (PUF) of the terminal device under test is obtained, and the response information of the terminal device under test is used to determine whether the terminal device under test is a real physical terminal device or a virtual terminal device. The physical unclonable function is formed based on the unique physical changes that occur naturally in the process of device manufacturing in the device. It is technically almost impossible to forge or clone the physical unclonable function of the device. Virtual terminal devices cannot simulate response signals that can reflect the characteristics of the physical unclonable function of real physical terminal devices. The response signals can effectively distinguish between real physical terminal devices and virtual terminal devices.

本發明實施例中終端設備真實性的檢測方法可由被測終端設備執行實現,也可由被測終端設備與伺服器的交互實現,在此並不限定。 The method for detecting the authenticity of the terminal device in the embodiment of the present invention can be implemented by the terminal device under test, or can be implemented by the interaction between the terminal device under test and the server, which is not limited here.

為了便於理解,這裡先對被測終端設備和伺服器進行簡單的說明。被測終端設備包括需要區分是真實物理終端設備還是虛擬終端設備的終端設備。被測終端設備可包括手機、平板電腦、智慧手錶等設備,在此並不限定被測終端設備的具體類型。被測終端設備可能是真實物理終端設備,也有可能是虛擬終端設備。真實物理終端設備為真實的具有物理硬體且由物理硬體運行實現功能的終端設備,例如,運行程式所需的中央處理器(Central Processing Unit,CPU)、記憶體、感測器等為物理硬體。虛擬終端設備為運行實現功能的器件為虛擬器件的終端設備,例如,運行程式所需的中央處理器、記憶體、感測器等為伺服器等設備模擬出的虛擬器件。虛擬終端設備可為雲終端設備,也可為通過模型模擬得到的虛擬裝置。被測終端設備具有目標檢測應用,可通過目標檢測應用引入終端設備真實性的檢測方法,從而使被測終端設備執行被測終端設備側的終端設備真實性的檢測方法。被測終端設備還具有感測器,真實物理終端設備中的感測器為真實物理感測器,虛擬終端設備中的感測器為虛擬感測器。感測器可感應被測終端設備的信號,感測器可感應的信號的種類與感測器的種類相關,在此並不限定感測器的種類,物聯網設備可用的感測器都可在本發明的保護範圍內。在一些示例中,感測器可包括但不限於以下一類或兩類以上:磁力感測器、語音感測器、重力感測器、陀螺儀、螢幕感測器。 For ease of understanding, a brief description of the terminal device under test and the server is first given here. The terminal device under test includes terminal devices that need to be distinguished as real physical terminal devices or virtual terminal devices. The terminal device under test may include mobile phones, tablets, smart watches and other devices, and the specific type of the terminal device under test is not limited here. The terminal device under test may be a real physical terminal device or a virtual terminal device. A real physical terminal device is a real terminal device with physical hardware and whose functions are implemented by physical hardware. For example, the central processing unit (CPU), memory, sensors, etc. required to run the program are physical hardware. A virtual terminal device is a terminal device whose function is realized by running a virtual device. For example, the central processing unit, memory, sensor, etc. required to run the program are virtual devices simulated by devices such as servers. A virtual terminal device can be a cloud terminal device or a virtual device obtained by model simulation. The terminal device under test has a target detection application, and a detection method for the authenticity of the terminal device can be introduced through the target detection application, so that the terminal device under test executes the detection method for the authenticity of the terminal device on the side of the terminal device under test. The terminal device under test also has a sensor. The sensor in the real physical terminal device is a real physical sensor, and the sensor in the virtual terminal device is a virtual sensor. The sensor can sense the signal of the terminal device under test. The type of signal that the sensor can sense is related to the type of sensor. The type of sensor is not limited here. The sensors available for the IoT device can be within the protection scope of the present invention. In some examples, the sensor may include but is not limited to one or more of the following categories: magnetic sensor, voice sensor, gravity sensor, gyroscope, screen sensor.

在本發明實施例中終端設備真實性的檢測方法由被測終端設備與伺服器的交互實現的情況下,伺服器為目標檢測應用的後台伺服器。 該後台伺服器可執行後台伺服器側的終端設備真實性的檢測方法。 In the embodiment of the present invention, the authenticity detection method of the terminal device is implemented by the interaction between the terminal device under test and the server, and the server is the background server of the target detection application. The background server can execute the authenticity detection method of the terminal device on the background server side.

下面對本發明提供的終端設備真實性的檢測方法、裝置、設備、系統及介質分別進行說明。 The following describes the terminal device authenticity detection method, device, equipment, system and medium provided by the present invention.

本發明第一方面提供一種終端設備真實性的檢測方法,應用於被測終端設備,該終端設備真實性的檢測方法可由被測終端設備獨立執行。被測終端設備具有感測器和目標檢測應用。圖1為本發明第一方面一實施例提供的終端設備真實性的檢測方法的流程圖,如圖1所示,該終端設備真實性的檢測方法可包括步驟S101至步驟S103。 The first aspect of the present invention provides a method for detecting the authenticity of a terminal device, which is applied to a terminal device under test, and the method for detecting the authenticity of the terminal device can be independently executed by the terminal device under test. The terminal device under test has a sensor and a target detection application. FIG1 is a flow chart of a method for detecting the authenticity of a terminal device provided by an embodiment of the first aspect of the present invention. As shown in FIG1, the method for detecting the authenticity of the terminal device may include steps S101 to S103.

在步驟S101中,通過目標檢測應用生成三個以上的挑戰任務。 In step S101, more than three challenge tasks are generated by applying target detection.

目標檢測應用具有生成挑戰任務的功能。挑戰任務為被測終端設備可執行的任務,在一些示例中,挑戰任務可包括計算,例如,挑戰任務可包括對兩個矩陣做乘法運算。可由目標檢測應用隨機選取指定的計算,生成挑戰任務。在一些示例中,可預先設置任務列表,該任務列表可包括多個挑戰任務,可在該任務列表中隨機選取三個以上的挑戰任務來生成。三個以上的挑戰任務中包括第一類任務和第二類任務。第一類任務包括至少兩個相同的挑戰任務。第二類任務包括與第一類任務不同的挑戰任務。也就是說,通過目標檢測應用生成的三個以上的挑戰任務中包括相同的挑戰任務和不同的挑戰任務。例如,通過目標檢測應用生成三個挑戰任務C1、C2和C3,其中,挑戰任務C1和挑戰任務C2的任務內容相同,挑戰任務C3和挑戰任務C1的任務內容不同,則第一類任務包括挑戰任務C1和挑戰任務C2,第二類任務包括挑戰任務C3。需要說明的是,第一類任務和第二類任務是相對而言的,例如,通過目標檢測應用生成五個挑戰任務C1、C2、C3、C4和C5,其中,挑戰任務C1和挑戰任務C2的任務內容相同,挑戰任務C3和挑戰任務C2的任務內容不同,挑戰任務C4和挑戰任務C5的任務內容相同,挑戰任務C4和挑戰任務C1的任務內容不同,挑戰任務C3的和挑戰任務C4的任務內容不同,則挑戰任務C1和挑戰任 務C2相對於彼此而言屬於第一類任務,挑戰任務C3相對於挑戰任務C1、挑戰任務C2、挑戰任務C4和挑戰任務C5而言屬於第二類任務,挑戰任務C4和挑戰任務C5相對於彼此而言屬於第一類任務,挑戰任務C4現對於挑戰任務C1和挑戰任務C2而言屬於第二類任務。 The target detection application has the function of generating challenge tasks. Challenge tasks are tasks that can be executed by the terminal device under test. In some examples, the challenge tasks may include calculations. For example, the challenge tasks may include multiplication operations on two matrices. The target detection application may randomly select a specified calculation to generate a challenge task. In some examples, a task list may be pre-set, and the task list may include multiple challenge tasks. Three or more challenge tasks may be randomly selected from the task list to generate. The three or more challenge tasks include a first category of tasks and a second category of tasks. The first category of tasks includes at least two identical challenge tasks. The second category of tasks includes challenge tasks that are different from the first category of tasks. That is to say, the three or more challenge tasks generated by the target detection application include the same challenge tasks and different challenge tasks. For example, three challenge tasks C1, C2, and C3 are generated through the target detection application, among which the task content of challenge task C1 and challenge task C2 is the same, and the task content of challenge task C3 is different from that of challenge task C1. Then the first category of tasks includes challenge task C1 and challenge task C2, and the second category of tasks includes challenge task C3. It should be noted that the first category of tasks and the second category of tasks are relative. For example, five challenge tasks C1, C2, C3, C4, and C5 are generated through the target detection application, among which the task content of challenge task C1 and challenge task C2 is the same, the task content of challenge task C3 is different from that of challenge task C2, the task content of challenge task C4 and challenge task C5 is the same, the task content of challenge task C4 is different from that of challenge task C1, and challenge task C3 is different from that of challenge task C1. The content of Challenge Task C1 and Challenge Task C2 are different from each other, Challenge Task C3 is a second-class task relative to Challenge Task C1, Challenge Task C2, Challenge Task C4, and Challenge Task C5, Challenge Task C4 and Challenge Task C5 are first-class tasks relative to each other, and Challenge Task C4 is a second-class task relative to Challenge Task C1 and Challenge Task C2.

在步驟S102中,通過目標檢測應用觸發被測終端設備執行三個以上的挑戰任務,並獲取感測器採集到的被測終端設備產生的與挑戰任務對應的回應信號。 In step S102, the target detection application triggers the terminal device under test to execute more than three challenge tasks, and obtains the response signal corresponding to the challenge task generated by the terminal device under test collected by the sensor.

目標檢測應用可觸發被測終端設備執行上述生成的挑戰任務。被測終端設備執行挑戰任務,內部程式激發會產生回應信號,該回應信號受到被測終端設備中的電路佈局等方面的影響,每個終端設備的電路佈局等方面均具有獨特的特性,對應的,每個終端設備執行挑戰任務所產生的回應信號也具有獨特的特性。不同的被測終端設備對於相同的挑戰任務所產生的回應信號具有可明確區分的差異,同一被測終端設備對於不同挑戰任務所產生的回應信號也具有可明確區分的差異,同一被測終端設備對於相同的挑戰任務所產生的回應信號基本一致,即使有所不同,該差異也在可接收的誤差範圍內。在一些示例中,上述實施例中的回應信號可包括電磁信號。 The target detection application can trigger the terminal device under test to execute the challenge task generated above. When the terminal device under test executes the challenge task, the internal program triggers a response signal, which is affected by the circuit layout and other aspects of the terminal device under test. The circuit layout and other aspects of each terminal device have unique characteristics. Correspondingly, the response signal generated by each terminal device executing the challenge task also has unique characteristics. The response signals generated by different tested terminal devices for the same challenge task have clearly distinguishable differences, and the response signals generated by the same tested terminal device for different challenge tasks also have clearly distinguishable differences. The response signals generated by the same tested terminal device for the same challenge task are basically the same, and even if there are differences, the differences are within the acceptable error range. In some examples, the response signal in the above embodiment may include an electromagnetic signal.

被測終端設備的感測器可採集得到該回應信號,可通過目標檢測應用從感測器獲取該回應信號,以便後續對該回應信號進行進一步處理。 The sensor of the terminal device under test can collect the response signal, and the target detection application can obtain the response signal from the sensor so as to further process the response signal.

在步驟S103中,通過目標檢測應用基於第一類任務對應的回應信號和第二類任務對應的回應信號進行對比,根據對比結果確定被測終端設備為真實物理終端設備或虛擬終端設備。 In step S103, the target detection application compares the response signal corresponding to the first type of task with the response signal corresponding to the second type of task, and determines whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the comparison result.

回應信號可體現物理不可克隆函數。回應信號中包括可體現物理不可克隆函數的特徵的資訊,也包括除體現物理不可克隆函數的特徵的資訊以外的其他資訊。真實物理終端設備和虛擬終端設備所產生的回應信號的不同,主要體現在回應信號體現的物理不可克隆函數的特徵的不同。 在本發明實施例中,可通過回應信號體現的物理不可克隆函數的特徵不可克隆的唯一性來進行真實物理終端設備和虛擬終端設備的判斷。 The response signal can reflect the physical unclonable function. The response signal includes information that can reflect the characteristics of the physical unclonable function, and also includes other information in addition to the information that reflects the characteristics of the physical unclonable function. The difference between the response signals generated by the real physical terminal device and the virtual terminal device is mainly reflected in the difference in the characteristics of the physical unclonable function reflected by the response signal. In the embodiment of the present invention, the real physical terminal device and the virtual terminal device can be judged by the unclonable uniqueness of the characteristics of the physical unclonable function reflected by the response signal.

在一些示例中,在對比第一類任務對應的回應信號和第二類任務對應的回應信號的過程中,可先對回應信號進行通用的去噪處理,排除背景雜訊對回應信號體現的物理不可克隆函數的特徵的影響。 In some examples, in the process of comparing the response signals corresponding to the first type of tasks with the response signals corresponding to the second type of tasks, the response signals may first be subjected to a general denoising process to eliminate the influence of background noise on the characteristics of the physical non-clonable function embodied by the response signals.

物理不可克隆函數利用真實物理終端設備的固有差異,使真實物理終端設備針對挑戰任務產生不可克隆的唯一輸出,且物理不可克隆函數是基於真實物理終端設備中真實的物理器件的製造等過程中自然發生的獨特物理變化,因此想要偽造或克隆真實物理終端設備的物理不可克隆函數,在技術上幾乎是難以實現的。同一真實物理終端設備執行相同的挑戰任務所產生的回應信號體現物理不可克隆函數的特徵是一致的,即,同一真實物理終端設備執行相同的挑戰任務所產生的回應信號體現的物理不可克隆函數的特徵之間的差異是非常小的,在可接受的誤差範圍內。同一真實物理終端設備執行不同的挑戰任務所產生的回應信號體現的物理不可克隆函數的特徵是不一致的,即,同一真實物理終端設備執行相同的挑戰任務所產生的回應信號體現的物理不可克隆函數的特徵之間的差異較大,不在可接受的誤差範圍內。虛擬終端設備執行相同的挑戰任務和不同的挑戰任務所產生的回應信號體現的物理不可克隆函數的特徵的規律與真實物理終端設備執行相同的挑戰任務和不同的挑戰任務所產生的回應信號體現的物理不可克隆函數的特徵的規律不同,虛擬終端設備無法模擬出真實物理終端執行挑戰任務所產生的回應信號所能體現的物理不可克隆函數的特徵。通過第一類任務對應的回應信號和第二類任務對應的回應信號,可確定被測終端設備是真實物理終端設備還是虛擬終端設備。 The physical unclonable function utilizes the inherent differences of real physical terminal devices to make the real physical terminal devices produce unique outputs that cannot be cloned for the challenge task. The physical unclonable function is based on the unique physical changes that occur naturally during the manufacturing process of real physical devices in the real physical terminal devices. Therefore, it is almost technically difficult to forge or clone the physical unclonable function of the real physical terminal device. The response signal generated by the same real physical terminal device executing the same challenge task reflects the same characteristics of the physical unclonable function, that is, the difference between the characteristics of the physical unclonable function reflected by the response signal generated by the same real physical terminal device executing the same challenge task is very small and within the acceptable error range. The characteristics of the physical unclonable function embodied by the response signals generated by the same real physical terminal device when executing different challenge tasks are inconsistent, that is, the differences between the characteristics of the physical unclonable function embodied by the response signals generated by the same real physical terminal device when executing the same challenge task are large and are not within the acceptable error range. The regularity of the characteristics of the physical unclonable function reflected by the response signals generated by the virtual terminal device when executing the same challenge task and different challenge tasks is different from the regularity of the characteristics of the physical unclonable function reflected by the response signals generated by the real physical terminal device when executing the same challenge task and different challenge tasks. The virtual terminal device cannot simulate the characteristics of the physical unclonable function reflected by the response signals generated by the real physical terminal when executing the challenge task. Through the response signals corresponding to the first type of tasks and the response signals corresponding to the second type of tasks, it can be determined whether the terminal device under test is a real physical terminal device or a virtual terminal device.

在本發明實施例中,被測終端設備可執行預先生成的三個以上的挑戰任務,三個以上的挑戰任務中包括相同的挑戰任務即第一類任務以及與第一類任務不同的挑戰任務即第二類任務,根據被測終端設備的感測器採集到的被測終端設備執行第一類任務和第二類任務產生的回應信號 的對比確定被測終端設備為真實物理終端設備或虛擬終端設備。物理不可克隆函數可使得真實物理終端設備對挑戰任務產生不可克隆的唯一輸出,回應信號能夠體現物理不可克隆函數的特徵,真實物理終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號體現的物理不可克隆函數的特徵具有一定的規律,而虛擬終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號體現的物理不可克隆函數的特徵難以具有規律或規律與真實物理終端設備不同,而且,模擬虛擬終端設備的第三方無法得知挑戰任務的內容和虛擬終端設備執行挑戰任務的時間,也無法模擬真實物理終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號所能體現的物理不可克隆函數的特徵,從而可根據回應信號準確地確定被測終端設備是真實物理終端設備或虛擬終端設備,實現真實物理終端設備和虛擬終端設備的區分。 In the embodiment of the present invention, the terminal device under test can execute more than three pre-generated challenge tasks, wherein the more than three challenge tasks include the same challenge tasks, i.e., first-type tasks, and challenge tasks different from the first-type tasks, i.e., second-type tasks. The terminal device under test is determined to be a real physical terminal device or a virtual terminal device based on the comparison of response signals generated by the terminal device under test executing the first-type tasks and the second-type tasks collected by the sensor of the terminal device under test. The physical unclonable function can make the real physical terminal device produce a unique output that cannot be cloned for the challenge task, and the response signal can reflect the characteristics of the physical unclonable function. The characteristics of the physical unclonable function reflected by the response signals generated by the real physical terminal device when executing the same challenge task and different challenge tasks have certain regularities, while the characteristics of the physical unclonable function reflected by the response signals generated by the virtual terminal device when executing the same challenge task and different challenge tasks are difficult to have regularities or the regularities are different from those of the virtual terminal device. The real physical terminal device is different. Moreover, the third party simulating the virtual terminal device cannot know the content of the challenge task and the time when the virtual terminal device executes the challenge task. It is also impossible to simulate the characteristics of the physical unclonable function reflected by the response signal generated by the real physical terminal device executing the same challenge task and different challenge tasks. Therefore, it can accurately determine whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the response signal, and realize the distinction between real physical terminal devices and virtual terminal devices.

在一些實施例中,回應信號可包括非相關性資訊,非相關性資訊用於表達物理不可克隆函數的特徵,可基於第一類任務對應的非相關性資訊之間的差異,以及第一類任務對應的非相關性資訊和第二類任務對應的非相關性資訊之間的差異,區分真實物理終端設備和虛擬終端設備。圖2為本發明第一方面另一實施例提供的終端設備真實性的檢測方法的流程圖,圖2與圖1的不同之處在於,圖1中的步驟S103可具體細化為圖2中的步驟S1031至步驟S1034。 In some embodiments, the response signal may include irrelevant information, which is used to express the characteristics of the physical unclonable function, and can be based on the difference between the irrelevant information corresponding to the first type of task, and the difference between the irrelevant information corresponding to the first type of task and the irrelevant information corresponding to the second type of task, to distinguish between the real physical terminal device and the virtual terminal device. FIG2 is a flow chart of a method for detecting the authenticity of a terminal device provided by another embodiment of the first aspect of the present invention. The difference between FIG2 and FIG1 is that step S103 in FIG1 can be specifically refined into steps S1031 to S1034 in FIG2.

步驟S1031中,獲取影響感測器的共有特徵因素。 In step S1031, the common characteristic factors affecting the sensor are obtained.

感測器的共有特徵因素包括可影響這一種類感測器的共有的特徵因素。例如,若感測器包括磁力感測器,則感測器的共有特徵因素可包括被測終端設備的地理位置;若感測器包括語音感測器,則感測器的共有特徵因素可包括輸入被測終端設備的語音語句的內容;若感測器包括重力感測器和/或陀螺儀,則感測器的共有特徵因素可包括被測終端設備的姿態資訊等。 The common characteristic factors of the sensors include the common characteristic factors that may affect this type of sensor. For example, if the sensor includes a magnetic sensor, the common characteristic factors of the sensor may include the geographical location of the terminal device under test; if the sensor includes a voice sensor, the common characteristic factors of the sensor may include the content of the voice sentence input into the terminal device under test; if the sensor includes a gravity sensor and/or a gyroscope, the common characteristic factors of the sensor may include the posture information of the terminal device under test, etc.

感測器採集的回應信號中會存在被感測器的共有特徵因素影 響的資訊,這部分資訊是回應信號的一部分。共有特徵因素並不是每個感測器特有的特徵因素,共有特徵在回應信號中產生影響的部分對於區分真實物理終端設備和虛擬終端設備的作用非常小。 The response signal collected by the sensor contains information affected by the common characteristic factors of the sensor. This information is part of the response signal. The common characteristic factors are not unique to each sensor. The part of the response signal affected by the common characteristics has little effect on distinguishing between real physical terminal devices and virtual terminal devices.

步驟S1032中,根據共有特徵因素,分離回應信號得到相關性資訊和非相關性資訊。 In step S1032, the response signal is separated based on the common characteristic factors to obtain relevant information and irrelevant information.

相關性資訊根據共有特徵因素計算得到,相關性資訊體現的是一類感測器所受到的共有特徵因素的影響。可根據共有特徵因素計算得到相關性資訊,將相關性資訊從回應信號中分離出來,回應信號剩餘的部分即為非相關性資訊。例如,若感測器包括磁力感測器,共有特徵因素包括地理位置,可根據被測終端設備的地理位置,計算得到被測終端設備位於該地理位置的地磁資訊,可將計算得到的地磁資訊確定為相關性資訊,將地磁資訊從回應信號中分離,回應信號中剩餘的部分為非相關性資訊。 The correlation information is calculated based on the common characteristic factors. The correlation information reflects the influence of the common characteristic factors on a type of sensor. The correlation information can be calculated based on the common characteristic factors, and the correlation information can be separated from the response signal. The remaining part of the response signal is the irrelevant information. For example, if the sensor includes a magnetic sensor, and the common characteristic factors include the geographical location, the geomagnetic information of the tested terminal device at the geographical location can be calculated based on the geographical location of the tested terminal device. The calculated geomagnetic information can be determined as the correlation information, and the geomagnetic information can be separated from the response signal. The remaining part of the response signal is the irrelevant information.

相關性資訊的特徵是線性的。非相關資訊的特徵是非線性的,非相關性資訊可體現感測器自身所特有的特徵,從而體現被測終端設備自身所特有的特徵。非相關性資訊也可包括兩部分,一部分是感測器自身由於細微差異所產生的非線性特徵資訊,另一部分是被測終端設備執行挑戰任務的輸入帶有隨機雜訊導致感測器採集的回應信號中出現的非線性特徵資訊。非相關性資訊用於表達物理不可克隆函數的特徵,非相關性資訊是無法通過建模的模擬手段模擬得到的。 The characteristic of relevant information is linear. The characteristic of irrelevant information is nonlinear. Relevant information can reflect the unique characteristics of the sensor itself, thereby reflecting the unique characteristics of the terminal device under test. Relevant information can also include two parts. One part is the nonlinear characteristic information generated by the slight difference of the sensor itself, and the other part is the nonlinear characteristic information in the response signal collected by the sensor due to the random noise in the input of the terminal device under test when performing the challenge task. Relevant information is used to express the characteristics of the physical non-clonable function. Relevant information cannot be simulated by modeling simulation means.

在一些示例中,在步驟S1031之前,還可對回應信號進行通用去噪處理,得到通用去噪處理後的回應信號。通用去噪處理可用於去除背景雜訊。在一些示例中,可利用差分信號去除回應信號中的背景雜訊。在步驟S1032中,可分離去噪處理後的回應信號得到相關性資訊和非相關性資訊。 In some examples, before step S1031, the response signal may be subjected to general denoising to obtain a response signal subjected to general denoising. General denoising may be used to remove background noise. In some examples, a differential signal may be used to remove background noise in the response signal. In step S1032, the response signal subjected to denoising may be separated to obtain relevant information and irrelevant information.

在步驟S1033中,對比第一類任務對應的非相關性資訊,以及,對比第一類任務對應的非相關性資訊和第二類任務對應的非相關性資訊,得到對比結果。 In step S1033, the non-relevant information corresponding to the first type of tasks is compared, and the non-relevant information corresponding to the first type of tasks and the non-relevant information corresponding to the second type of tasks are compared to obtain a comparison result.

非相關性資訊可表達物理不可克隆函數的特徵。真實物理終端設備執行相同的挑戰任務產生的回應信號中的非相關性資訊一致,執行不同的挑戰任務產生的回應信號中的非相關性資訊不一致。因此,可通過第一類任務對應的非相關性資訊之間的對比,以及,第一類任務對應的非相關性資訊和第二類任務對應的非相關性資訊之間的對比,得到能夠判斷被測終端設備的真實性的對比結果。對比結果可表徵第一類任務對應的非相關性資訊之間是否一致,以及,第一類任務對應的非相關性資訊和第二類任務對應的非相關性資訊之間是否一致。 Irrelevant information can express the characteristics of physical unclonable functions. The irrelevant information in the response signals generated by the real physical terminal device executing the same challenge task is consistent, and the irrelevant information in the response signals generated by executing different challenge tasks is inconsistent. Therefore, by comparing the irrelevant information corresponding to the first type of task, and comparing the irrelevant information corresponding to the first type of task with the irrelevant information corresponding to the second type of task, the comparison results that can judge the authenticity of the terminal device under test can be obtained. The comparison results can indicate whether the irrelevant information corresponding to the first type of task is consistent, and whether the irrelevant information corresponding to the first type of task is consistent with the irrelevant information corresponding to the second type of task.

在步驟S1034中,根據對比結果,確定被測終端設備為真實物理終端設備或虛擬終端設備。 In step S1034, based on the comparison result, it is determined whether the terminal device under test is a real physical terminal device or a virtual terminal device.

在第一類任務對應的非相關性資訊之間的差異在預設誤差範圍內,且第二類任務對應的非相關性資訊與第一類任務對應的非相關性資訊之間的差異在預設誤差範圍外的情況下,確定被測終端設備為真實物理終端設備。 When the difference between the non-relevant information corresponding to the first type of task is within the preset error range, and the difference between the non-relevant information corresponding to the second type of task and the non-relevant information corresponding to the first type of task is outside the preset error range, it is determined that the terminal device under test is a real physical terminal device.

預設誤差範圍為判斷非相關性資訊一致的可接受的誤差範圍,其取值可根據場景、需求、經驗等設定,在此並不限定。任意兩個挑戰任務各自對應的回應信號中的非相關性資訊之間的差異在預設誤差範圍內,可認為這兩個挑戰任務各自對應的回應信號中的非相關性資訊是一致的。同理,任意兩個挑戰任務各自對應的回應信號中的非相關性資訊之間的差異在預設誤差範圍外,可認為這兩個挑戰任務各自對應的回應信號中的非相關性資訊是不一致的。 The default error range is the acceptable error range for judging the consistency of irrelevant information. Its value can be set according to the scene, demand, experience, etc., and is not limited here. If the difference between the irrelevant information in the response signals corresponding to any two challenge tasks is within the default error range, it can be considered that the irrelevant information in the response signals corresponding to the two challenge tasks is consistent. Similarly, if the difference between the irrelevant information in the response signals corresponding to any two challenge tasks is outside the default error range, it can be considered that the irrelevant information in the response signals corresponding to the two challenge tasks is inconsistent.

同一真實物理終端設備執行相同的挑戰任務所產生的回應信號中的非相關性資訊是一致的,同一真實物理終端設備執行不同的挑戰任務所產生的回應信號中的非相關性資訊是不一致的。因此,若第一類任務對應的非相關性資訊之間的差異在預設誤差範圍內,第二類任務對應的非相關性資訊與第一類任務對應的非相關性資訊之間的差異在預設誤差範圍外,可確定被測終端設備符合真實物理終端設備的特徵,該被測終端設備 為真實物理終端設備。 The non-correlated information in the response signal generated by the same real physical terminal device executing the same challenge task is consistent, and the non-correlated information in the response signal generated by the same real physical terminal device executing different challenge tasks is inconsistent. Therefore, if the difference between the non-correlated information corresponding to the first type of task is within the preset error range, and the difference between the non-correlated information corresponding to the second type of task and the non-correlated information corresponding to the first type of task is outside the preset error range, it can be determined that the terminal device under test meets the characteristics of a real physical terminal device, and the terminal device under test is a real physical terminal device.

在第一類任務對應的非相關性資訊之間的差異在預設誤差範圍外,和/或,第二類任務對應的非相關性資訊與第一類任務對應的非相關性資訊之間的差異在預設誤差範圍內的情況下,確定被測終端設備為虛擬終端設備。 When the difference between the irrelevant information corresponding to the first type of task is outside the preset error range, and/or the difference between the irrelevant information corresponding to the second type of task and the irrelevant information corresponding to the first type of task is within the preset error range, the terminal device under test is determined to be a virtual terminal device.

第一類任務對應的非相關性資訊之間的差異在預設誤差範圍外,表示被測終端執行相同的挑戰任務產生的回應信號中的非相關性資訊不一致。第二類任務對應的非相關性資訊與第一類任務對應的非相關性資訊之間的差異在預設誤差範圍內,表示被測終端執行不同的挑戰任務產生的回應信號中的非相關性資訊一致。上述兩種情況出現其中至少一種,即可確定被測終端設備不符合真實物理終端設備的特徵,被測終端設備為虛擬終端設備,被測終端設備的操作有可能是資料注入攻擊或其他異常行為。 The difference between the non-correlated information corresponding to the first type of task is outside the preset error range, indicating that the non-correlated information in the response signal generated by the tested terminal executing the same challenge task is inconsistent. The difference between the non-correlated information corresponding to the second type of task and the non-correlated information corresponding to the first type of task is within the preset error range, indicating that the non-correlated information in the response signal generated by the tested terminal executing different challenge tasks is consistent. If at least one of the above two situations occurs, it can be determined that the tested terminal device does not meet the characteristics of a real physical terminal device, the tested terminal device is a virtual terminal device, and the operation of the tested terminal device may be a data injection attack or other abnormal behavior.

例如,被測終端設備分別執行挑戰任務C1、挑戰任務C2和挑戰任務C3,其中,挑戰任務C1和挑戰任務C2的任務內容相同,挑戰任務C3和挑戰任務C2的任務內容不同。感測器採集到的被測終端設備執行挑戰任務C1產生的回應信號中的非相關性資訊為R1,感測器採集到的被測終端設備執行挑戰任務C2產生的回應信號中的非相關性資訊為R2,感測器採集到的被測終端設備執行挑戰任務C3產生的回應信號中的非相關性資訊為R3。若非相關性資訊R1與非相關性資訊R2的差異在預設誤差範圍內,非相關性資訊R2與非相關性資訊R3的差異在預設誤差範圍外,可確定被測終端設備為真實物理終端設備。若非相關性資訊R1與非相關性資訊R2的差異在預設誤差範圍外,和/或,非相關性資訊R2與非相關性資訊R3的差異在預設誤差範圍內,可確定被測終端設備為虛擬終端設備。 For example, the terminal device under test executes challenge task C1, challenge task C2, and challenge task C3 respectively, wherein the task contents of challenge task C1 and challenge task C2 are the same, and the task contents of challenge task C3 and challenge task C2 are different. The irrelevant information in the response signal generated by the terminal device under test executing challenge task C1 collected by the sensor is R1, the irrelevant information in the response signal generated by the terminal device under test executing challenge task C2 collected by the sensor is R2, and the irrelevant information in the response signal generated by the terminal device under test executing challenge task C3 collected by the sensor is R3. If the difference between the irrelevant information R1 and the irrelevant information R2 is within the preset error range, and the difference between the irrelevant information R2 and the irrelevant information R3 is outside the preset error range, it can be determined that the terminal device under test is a real physical terminal device. If the difference between the irrelevant information R1 and the irrelevant information R2 is outside the preset error range, and/or the difference between the irrelevant information R2 and the irrelevant information R3 is within the preset error range, it can be determined that the terminal device under test is a virtual terminal device.

在一些實施例中,在多個被測終端設備為虛擬終端設備的情況下,還可進一步判斷多個虛擬終端設備是否由同一雲平台模擬,以便採取相應的安全保護措施。可在預設時間段內確定多個被測終端設備為虛擬終端設備的情況下,通過目標檢測應用,根據每個被測終端設備執行的三 個以上的挑戰任務對應的回應信號,得到多個被測終端設備的物理不可克隆函數的特徵;若多個被測終端設備的物理不可克隆函數的特徵之間的差異在預設特徵誤差範圍內,確定多個被測終端設備基於同一雲平台模擬得到。 In some embodiments, when multiple tested terminal devices are virtual terminal devices, it can be further determined whether the multiple virtual terminal devices are simulated by the same cloud platform, so as to take corresponding security protection measures. When multiple tested terminal devices are determined to be virtual terminal devices within a preset time period, the characteristics of the physical unclonable function of the multiple tested terminal devices are obtained through the target detection application according to the response signals corresponding to more than three challenge tasks executed by each tested terminal device; if the difference between the characteristics of the physical unclonable function of the multiple tested terminal devices is within the preset characteristic error range, it is determined that the multiple tested terminal devices are simulated based on the same cloud platform.

在發現多個虛擬終端設備的情況下,多個虛擬終端設備可能屬於同一雲終端設備池,雲終端設備池中的虛擬終端設備基於同一雲平台生成。同一雲平台模擬生成大量的虛擬終端設備,存在利用大量虛擬終端設備進行異常攻擊的風險,識別同一雲平台生成的虛擬終端設備可便於後續對同一雲平台生成的虛擬終端設備的業務進行監控。同一雲平台模擬的虛擬終端設備的物理不可克隆函數的特徵非常相似,可根據虛擬終端設備執行挑戰任務得到的回應信號,得到能夠表徵虛擬終端設備自身特點的物理不可克隆函數的特徵。若多個虛擬終端設備的物理不可克隆函數的特徵一致,可確定多個虛擬終端設備基於同一雲平台模擬得到。物理不可克隆函數的特徵一致可包括物理不可克隆函數的特徵相似的情況和物理不可克隆函數的特徵相同的情況。預設特徵誤差範圍為判斷物理不可克隆函數的特徵一致的可接受的誤差範圍,其取值可根據場景、需求、經驗等設定,在此並不限定。多個虛擬終端設備的物理不可克隆函數的特徵之間的差異在預設特徵誤差範圍內,表示多個虛擬終端設備的物理不可克隆函數的特徵一致。 When multiple virtual terminal devices are discovered, they may belong to the same cloud terminal device pool, and the virtual terminal devices in the cloud terminal device pool are generated based on the same cloud platform. The same cloud platform simulates and generates a large number of virtual terminal devices, which may lead to the risk of using a large number of virtual terminal devices to carry out abnormal attacks. Identifying virtual terminal devices generated by the same cloud platform can facilitate the subsequent monitoring of the services of virtual terminal devices generated by the same cloud platform. The characteristics of the physical unclonable function of the virtual terminal devices simulated by the same cloud platform are very similar. The characteristics of the physical unclonable function that can characterize the characteristics of the virtual terminal devices themselves can be obtained based on the response signals obtained when the virtual terminal devices execute the challenge tasks. If the characteristics of the physical unclonable functions of multiple virtual terminal devices are consistent, it can be determined that the multiple virtual terminal devices are simulated based on the same cloud platform. The consistency of the characteristics of the physical unclonable function may include the situation where the characteristics of the physical unclonable function are similar and the situation where the characteristics of the physical unclonable function are the same. The default feature error range is the acceptable error range for judging the consistency of the characteristics of the physical unclonable function. Its value can be set according to the scenario, requirements, experience, etc., and is not limited here. The differences between the characteristics of the physical unclonable functions of multiple virtual terminal devices are within the preset characteristic error range, indicating that the characteristics of the physical unclonable functions of multiple virtual terminal devices are consistent.

在一些示例中,在終端設備真實性的檢測方法由被測終端設備獨立執行的情況下,被測終端設備可包括挑戰任務生成模組、資訊收集模組和資料處理模組等功能模組。圖3為本發明實施例提供的終端設備真實性的檢測方法應用於被測終端設備的一示例的架構示意圖,如圖3所示,被測終端設備20可包括挑戰任務生成模組21、資訊收集模組22和資料處理模組23,挑戰任務生成模組21、資訊收集模組22和資料處理模組23的功能可集成在目標檢測應用24中,被測終端設備20還可包括感測器25、中央處理器及記憶體等晶片26。資訊收集模組22可與挑戰任務生成模組 21、資料處理模組23、感測器25、中央處理器及記憶體等晶片26通信交互。挑戰任務生成模組21用於生成挑戰任務,並將挑戰任務的編號傳輸至資訊收集模組22;中央處理器及記憶體等晶片26可用於在資訊收集模組22的觸發下執行挑戰任務;感測器25可用於採集回應信號;資訊收集模組22可用於向中央處理器及記憶體等晶片26發起挑戰任務,從感測器25獲取回應信號以及將回應信號傳輸給資料處理模組23;資料處理模組23可用於根據回應信號區分真實物理終端設備和虛擬終端設備。 In some examples, when the authenticity detection method of the terminal device is independently executed by the terminal device under test, the terminal device under test may include functional modules such as a challenge task generation module, an information collection module, and a data processing module. FIG3 is a schematic diagram of an example of the terminal device authenticity detection method provided by an embodiment of the present invention applied to the terminal device under test. As shown in FIG3, the terminal device under test 20 may include a challenge task generation module 21, an information collection module 22, and a data processing module 23. The functions of the challenge task generation module 21, the information collection module 22, and the data processing module 23 may be integrated in the target detection application 24. The terminal device under test 20 may also include a sensor 25, a central processing unit, a memory, and other chips 26. The information collection module 22 can communicate and interact with the challenge task generation module 21, the data processing module 23, the sensor 25, the central processing unit and the memory chip 26. The challenge task generation module 21 is used to generate the challenge task and transmit the challenge task number to the information collection module 22; the central processing unit and memory chips 26 can be used to execute the challenge task under the triggering of the information collection module 22; the sensor 25 can be used to collect the response signal; the information collection module 22 can be used to initiate the challenge task to the central processing unit and memory chips 26, obtain the response signal from the sensor 25 and transmit the response signal to the data processing module 23; the data processing module 23 can be used to distinguish the real physical terminal device and the virtual terminal device according to the response signal.

終端設備真實性的檢測方法可由被測終端設備和後台伺服器交互實現,本發明第二方面提供一種終端設備真實性的檢測方法,該終端設備真實性的檢測方法應用於與後台伺服器交互的被測終端設備。被測終端設備具有感測器和目標檢測應用。圖4為本發明第二方面一實施例提供的終端設備真實性的檢測方法的流程圖,如圖4所示,該終端設備真實性的檢測方法可包括步驟S301至步驟S303。 The authenticity detection method of the terminal device can be implemented by the interaction between the terminal device under test and the background server. The second aspect of the present invention provides a terminal device authenticity detection method, which is applied to the terminal device under test that interacts with the background server. The terminal device under test has a sensor and a target detection application. FIG4 is a flow chart of the authenticity detection method of the terminal device provided by an embodiment of the second aspect of the present invention. As shown in FIG4, the authenticity detection method of the terminal device may include steps S301 to S303.

在步驟S301中,接收目標檢測應用的後台伺服器生成並發送的三個以上的挑戰任務。 In step S301, three or more challenge tasks generated and sent by the background server of the target detection application are received.

後台伺服器生成三個以上的挑戰任務,併發送給被測終端設備。三個以上的挑戰任務中包括第一類任務和第二類任務。第一類任務包括至少兩個相同的挑戰任務。第二類任務包括與第一類任務不同的挑戰任務。 The background server generates more than three challenge tasks and sends them to the terminal device under test. The more than three challenge tasks include first-category tasks and second-category tasks. The first-category tasks include at least two identical challenge tasks. The second-category tasks include challenge tasks different from the first-category tasks.

在步驟S302中,通過目標檢測應用觸發被測終端設備執行三個以上的挑戰任務,並獲取感測器採集到的被測終端設備產生的與挑戰任務對應的回應信號。 In step S302, the target detection application triggers the terminal device under test to execute more than three challenge tasks, and obtains the response signal corresponding to the challenge task generated by the terminal device under test collected by the sensor.

在步驟S303中,向後台伺服器發送回應信號,以使後台伺服器基於第一類任務對應的回應信號和第二類任務對應的回應信號進行對比,根據對比結果確定被測終端設備為真實物理終端設備或虛擬終端設備。 In step S303, a response signal is sent to the background server, so that the background server compares the response signal corresponding to the first type of task with the response signal corresponding to the second type of task, and determines whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison result.

本發明第二方面實施例中終端設備真實性的檢測方法與第一方面實施例中終端設備真實性的檢測方法相比,將第一方面實施例中原本 由被測終端設備執行的部分步驟交給後台伺服器執行,除執行主體以外,步驟的細節內容基本一致,上述步驟S301至步驟S303的具體內容可參考上述實施例中的相關說明,在此不再贅述。 Compared with the method for detecting the authenticity of the terminal device in the first embodiment, the method for detecting the authenticity of the terminal device in the second embodiment of the present invention is to hand over some steps originally executed by the terminal device under test in the first embodiment to the background server for execution. Except for the execution body, the details of the steps are basically the same. The specific contents of the above steps S301 to S303 can refer to the relevant descriptions in the above embodiments, and will not be repeated here.

在本發明實施例中,後台伺服器可生成三個以上的挑戰任務,被測終端設備可執行這三個以上的挑戰任務,三個以上的挑戰任務中包括相同的挑戰任務即第一類任務以及與第一類任務不同的挑戰任務即第二類任務,被測終端設備可將感測器採集到的被測終端設備執行挑戰任務產生的回應信號發送給後台伺服器,由後台伺服器根據回應信號確定被測終端設備為真實物理終端設備或虛擬終端設備。物理不可克隆函數可使得真實物理終端設備對挑戰任務產生不可克隆的唯一輸出,回應信號能夠體現物理不可克隆函數的特徵,真實物理終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號體現的物理不可克隆函數的特徵具有一定的規律,而虛擬終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號體現的物理不可克隆函數的特徵難以具有規律或規律與真實物理終端設備不同,而且,模擬虛擬終端設備的第三方無法得知挑戰任務的內容和虛擬終端設備執行挑戰任務的時間,也無法模擬真實物理終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號所能體現的物理不可克隆函數的特徵,從而可根據回應信號準確地確定被測終端設備是真實物理終端設備或虛擬終端設備,實現真實物理終端設備和虛擬終端設備的區分,也提高了終端設備真實性的檢測方法的抗攻擊性。 In an embodiment of the present invention, the background server can generate more than three challenge tasks, and the terminal device under test can execute the three or more challenge tasks. The three or more challenge tasks include the same challenge tasks, i.e., first-category tasks, and challenge tasks different from the first-category tasks, i.e., second-category tasks. The terminal device under test can send a response signal generated by the terminal device under test executing the challenge task collected by the sensor to the background server, and the background server determines whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the response signal. The physical unclonable function can make the real physical terminal device produce a unique output that cannot be cloned for the challenge task, and the response signal can reflect the characteristics of the physical unclonable function. The characteristics of the physical unclonable function reflected by the response signals generated by the real physical terminal device when executing the same challenge task and different challenge tasks have certain regularities, while the characteristics of the physical unclonable function reflected by the response signals generated by the virtual terminal device when executing the same challenge task and different challenge tasks are difficult to have regularities or the regularities are different from those of the real physical terminal device. Moreover, the third party simulating the virtual terminal device cannot know the content of the challenge task and the time when the virtual terminal device executes the challenge task, nor can it simulate the characteristics of the physical unclonable function reflected by the response signals generated by the real physical terminal device executing the same challenge task and different challenge tasks. Therefore, it can accurately determine whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the response signal, realize the distinction between real physical terminal devices and virtual terminal devices, and also improve the anti-attack ability of the terminal device authenticity detection method.

在一些示例中,回應信號包括非相關性資訊,非相關性資訊用於表達物理不可克隆函數的特徵。在所述第一類任務對應的非相關性資訊之間的差異在預設誤差範圍內,且所述第二類任務對應的非相關性資訊與所述第一類任務對應的非相關性資訊之間的差異在所述預設誤差範圍外的情況下,所述被測終端設備為真實物理終端設備。在所述第一類任務對應的非相關性資訊之間的差異在預設誤差範圍外,和/或,所述第二類任務對應的非相關性資訊與所述第一類任務對應的非相關性資訊之間的差異在 所述預設誤差範圍內的情況下,所述被測終端設備為虛擬終端設備。具體內容可參見上述實施例中的相關說明,在此不再贅述。 In some examples, the response signal includes non-correlated information, and the non-correlated information is used to express the characteristics of the physical unclonable function. When the difference between the non-correlated information corresponding to the first type of task is within a preset error range, and the difference between the non-correlated information corresponding to the second type of task and the non-correlated information corresponding to the first type of task is outside the preset error range, the terminal device under test is a real physical terminal device. When the difference between the non-correlated information corresponding to the first type of task is outside the preset error range, and/or the difference between the non-correlated information corresponding to the second type of task and the non-correlated information corresponding to the first type of task is within the preset error range, the terminal device under test is a virtual terminal device. For the specific content, please refer to the relevant description in the above embodiment, which will not be elaborated here.

在一些示例中,回應信號由後台伺服器分離為相關性資訊和非相關性資訊,相關性資訊由後台伺服器根據感測器的共有特徵因素計算得到。具體內容可參見上述實施例中的相關說明,在此不再贅述。 In some examples, the response signal is separated into relevant information and irrelevant information by the background server, and the relevant information is calculated by the background server based on the common characteristic factors of the sensors. For the specific content, please refer to the relevant description in the above embodiment, which will not be repeated here.

在一些示例中,被分離為相關性資訊和非相關性資訊的回應信號為由後台伺服器進行通用去噪處理後的回應信號。具體內容可參見上述實施例中的相關說明,在此不再贅述。 In some examples, the response signal separated into relevant information and irrelevant information is the response signal after general denoising processing by the background server. For the specific content, please refer to the relevant description in the above embodiment, which will not be repeated here.

在一些示例中,在確定多個被測終端設備為虛擬終端設備的情況下,若多個被測終端設備的物理不可克隆函數的特徵之間的差異在預設特徵誤差範圍內,則多個被測終端設備基於同一雲平台模擬得到,物理不可克隆函數的特徵由後台伺服器根據多個被測終端設備執行的三個以上的挑戰任務對應的回應信號得到。具體內容可參見上述實施例中的相關說明,在此不再贅述。 In some examples, when it is determined that multiple terminal devices under test are virtual terminal devices, if the difference between the characteristics of the physical unclonable function of the multiple terminal devices under test is within the preset characteristic error range, the multiple terminal devices under test are simulated based on the same cloud platform, and the characteristics of the physical unclonable function are obtained by the background server according to the response signals corresponding to more than three challenge tasks executed by the multiple terminal devices under test. For the specific content, please refer to the relevant description in the above embodiment, which will not be repeated here.

終端設備真實性的檢測方法可由被測終端設備和後台伺服器交互實現,本發明第三方面提供一種終端設備真實性的檢測方法,該終端設備真實性的檢測方法應用於與被測終端設備交互的後台伺服器,該後台伺服器為被測終端設備中目標檢測應用的後台伺服器。圖5為本發明第三方面一實施例提供的終端設備真實性的檢測方法的流程圖,如圖5所示,該終端設備真實性的檢測方法可包括步驟S401至步驟S403。 The authenticity detection method of the terminal device can be implemented by the interaction between the terminal device under test and the background server. The third aspect of the present invention provides a terminal device authenticity detection method, which is applied to the background server interacting with the terminal device under test, and the background server is the background server for target detection application in the terminal device under test. Figure 5 is a flow chart of the authenticity detection method of the terminal device provided by an embodiment of the third aspect of the present invention. As shown in Figure 5, the authenticity detection method of the terminal device may include steps S401 to S403.

在步驟S401中,生成並向被測終端設備發送三個以上的挑戰任務。 In step S401, more than three challenge tasks are generated and sent to the terminal device under test.

三個以上的挑戰任務中包括第一類任務和第二類任務。第一類任務包括至少兩個相同的挑戰任務。第二類任務包括與第一類任務不同的挑戰任務。 The three or more challenge tasks include first-category tasks and second-category tasks. The first-category tasks include at least two identical challenge tasks. The second-category tasks include challenge tasks that are different from the first-category tasks.

在步驟S402中,接收被測終端設備發送的回應信號。 In step S402, a response signal sent by the terminal device under test is received.

回應信號由感測器在目標檢測應用觸發被測終端設備執行三 個以上的挑戰任務的情況下採集得到。 The response signal is collected by the sensor when the target detection application triggers the terminal device under test to perform more than three challenging tasks.

在步驟S403中,基於第一類任務對應的回應信號和第二類任務對應的回應信號進行對比,根據對比結果確定被測終端設備為真實物理終端設備或虛擬終端設備。 In step S403, the response signal corresponding to the first type of task is compared with the response signal corresponding to the second type of task, and the terminal device under test is determined to be a real physical terminal device or a virtual terminal device according to the comparison result.

本發明第三方面實施例中終端設備真實性的檢測方法與第一方面實施例中終端設備真實性的檢測方法相比,由後台伺服器執行第一方面實施例原本由被測終端設備執行的部分步驟,除執行主體不同以外,步驟的細節內容基本一致,上述步驟S401至步驟S403的具體內容可參考上述實施例中的相關說明,在此不再贅述。 Compared with the method for detecting the authenticity of the terminal device in the first embodiment, the method for detecting the authenticity of the terminal device in the third embodiment of the present invention is that the background server executes some steps of the first embodiment that were originally executed by the terminal device under test. Except for the different execution subjects, the details of the steps are basically the same. The specific contents of the above steps S401 to S403 can refer to the relevant descriptions in the above embodiments, and will not be repeated here.

在本發明實施例中,後台伺服器可生成三個以上的挑戰任務,被測終端設備可執行這三個以上的挑戰任務,三個以上的挑戰任務中包括相同的挑戰任務即第一類任務以及與第一類任務不同的挑戰任務即第二類任務,被測終端設備可將感測器採集到的被測終端設備執行挑戰任務產生的回應信號發送給後台伺服器,由後台伺服器根據回應信號確定被測終端設備為真實物理終端設備或虛擬終端設備。物理不可克隆函數可使得真實物理終端設備這對挑戰任務產生不可克隆的唯一輸出,回應信號能夠體現物理不可克隆函數的特徵,真實物理終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號體現的物理不可克隆函數的特徵具有一定的規律,而虛擬終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號體現的物理不可克隆函數的特徵難以具有規律或規律與真實物理終端設備不同,而且,模擬虛擬終端設備的第三方無法得知挑戰任務的內容和虛擬終端設備執行挑戰任務的時間,也無法模擬真實物理終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號所能體現的物理不可克隆函數的特徵,從而可根據回應信號準確地確定被測終端設備是真實物理終端設備或虛擬終端設備,實現真實物理終端設備和虛擬終端設備的區分,也提高了終端設備真實性的檢測方法的抗攻擊性。 In an embodiment of the present invention, the background server can generate more than three challenge tasks, and the terminal device under test can execute the three or more challenge tasks. The three or more challenge tasks include the same challenge tasks, i.e., first-category tasks, and challenge tasks different from the first-category tasks, i.e., second-category tasks. The terminal device under test can send a response signal generated by the terminal device under test executing the challenge task collected by the sensor to the background server, and the background server determines whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the response signal. The physical unclonable function can make the real physical terminal device produce a unique output that cannot be cloned for the challenge task, and the response signal can reflect the characteristics of the physical unclonable function. The characteristics of the physical unclonable function reflected by the response signals generated by the real physical terminal device when executing the same challenge task and different challenge tasks have certain regularities, while the characteristics of the physical unclonable function reflected by the response signals generated by the virtual terminal device when executing the same challenge task and different challenge tasks are difficult to have regularities or the regularities are different from those of the real physical terminal device. Moreover, the third party simulating the virtual terminal device cannot know the content of the challenge task and the time when the virtual terminal device executes the challenge task, nor can it simulate the characteristics of the physical unclonable function reflected by the response signal generated by the real physical terminal device executing the same challenge task and different challenge tasks. Therefore, it can accurately determine whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the response signal, realize the distinction between real physical terminal devices and virtual terminal devices, and also improve the anti-attack ability of the terminal device authenticity detection method.

在一些實施例中,所述回應信號包括非相關性資訊,所述非 相關性資訊用於表達物理不可克隆函數的特徵,可基於第一類任務對應的回應信號中非相關性資訊之間的差異,以及第一類任務對應的回應信號中非相關性資訊和第二類任務對應的回應信號中非相關性資訊之間的差異,區分真實物理終端設備和虛擬終端設備。圖6為本發明第三方面另一實施例提供的終端設備真實性的檢測方法的流程圖,圖6與圖5的不同之處在於,圖5中的步驟S403可具體細化為圖6中的步驟S4031至步驟S4034。 In some embodiments, the response signal includes irrelevant information, and the irrelevant information is used to express the characteristics of the physical unclonable function. Based on the difference between the irrelevant information in the response signal corresponding to the first type of task, and the difference between the irrelevant information in the response signal corresponding to the first type of task and the irrelevant information in the response signal corresponding to the second type of task, the real physical terminal device and the virtual terminal device can be distinguished. FIG6 is a flow chart of a method for detecting the authenticity of a terminal device provided by another embodiment of the third aspect of the present invention. The difference between FIG6 and FIG5 is that step S403 in FIG5 can be specifically refined into steps S4031 to S4034 in FIG6.

在步驟S4031中,獲取影響感測器的共有特徵因素。 In step S4031, the common characteristic factors affecting the sensors are obtained.

在步驟S4032中,根據共有特徵因素,分離回應信號得到相關性資訊和非相關性資訊。 In step S4032, the response signal is separated based on the common characteristic factors to obtain relevant information and irrelevant information.

相關性資訊根據共有特徵因素計算得到。 The correlation information is calculated based on the shared characteristic factors.

在一些示例中,在步驟S4032之前,還可對回應信號進行通用去噪處理,得到通用去噪處理後的回應信號。對應地,步驟S4032中可根據共有特徵因素,分離通用去噪處理後的回應信號得到相關性資訊和非相關性資訊。 In some examples, before step S4032, the response signal may be subjected to general denoising to obtain a response signal subjected to general denoising. Correspondingly, in step S4032, the response signal subjected to general denoising may be separated according to common characteristic factors to obtain relevant information and irrelevant information.

在步驟S4033中,對比第一類任務對應的非相關性資訊,以及,對比第一類任務對應的非相關性資訊和第二類任務對應的非相關性資訊,得到對比結果。 In step S4033, the non-relevant information corresponding to the first type of tasks is compared, and the non-relevant information corresponding to the first type of tasks and the non-relevant information corresponding to the second type of tasks are compared to obtain a comparison result.

在步驟S4034中,根據對比結果,確定被測終端設備為真實物理終端設備或虛擬終端設備。 In step S4034, based on the comparison result, it is determined whether the terminal device under test is a real physical terminal device or a virtual terminal device.

在第一類任務對應的非相關性資訊之間的差異在預設誤差範圍內,且第二類任務對應的非相關性資訊與第一類任務對應的非相關性資訊之間的差異在預設誤差範圍外的情況下,確定被測終端設備為真實物理終端設備。 When the difference between the non-relevant information corresponding to the first type of task is within the preset error range, and the difference between the non-relevant information corresponding to the second type of task and the non-relevant information corresponding to the first type of task is outside the preset error range, it is determined that the terminal device under test is a real physical terminal device.

在第一類任務對應的非相關性資訊之間的差異在預設誤差範圍外,和/或,第二類任務對應的非相關性資訊與第一類任務對應的非相關性資訊之間的差異在預設誤差範圍內的情況下,確定被測終端設備為虛擬終端設備。 When the difference between the irrelevant information corresponding to the first type of task is outside the preset error range, and/or the difference between the irrelevant information corresponding to the second type of task and the irrelevant information corresponding to the first type of task is within the preset error range, the terminal device under test is determined to be a virtual terminal device.

上述步驟S4031至步驟S4034的具體內容可參見上述實施例中的相關說明,在此不再贅述。 The specific contents of the above steps S4031 to S4034 can be found in the relevant descriptions in the above embodiments, and will not be elaborated here.

在一些實施例中,後台伺服器還可在確定多個被測終端設備為虛擬終端設備的情況下,根據每個被測終端設備執行的三個以上的挑戰任務對應的回應信號,得到多個被測終端設備的物理不可克隆函數的特徵;若多個被測終端設備的物理不可克隆函數的特徵之間的差異在預設特徵誤差範圍內,確定多個被測終端設備基於同一雲平台模擬得到。具體內容可參見上述實施例中的相關說明,在此不再贅述。 In some embodiments, the backend server can also obtain the characteristics of the physical unclonable functions of the multiple tested terminal devices according to the response signals corresponding to more than three challenge tasks executed by each tested terminal device when it is determined that the multiple tested terminal devices are virtual terminal devices; if the difference between the characteristics of the physical unclonable functions of the multiple tested terminal devices is within the preset characteristic error range, it is determined that the multiple tested terminal devices are simulated based on the same cloud platform. For the specific content, please refer to the relevant description in the above embodiment, which will not be repeated here.

在一些示例中,在終端設備真實性的檢測方法由被測終端設備和後台伺服器交互實現的情況下,被測終端設備可包括資訊收集模組等功能模組,後台伺服器可包括挑戰任務生成模組和資料處理模組等功能模組。圖7為本發明實施例提供的終端設備真實性的檢測方法應用於被測終端設備和後台伺服器的一示例的架構示意圖,如圖7所示,被測終端設備51可包括資訊收集模組511,資訊收集模組511可集成在目標檢測應用512中,被測終端設備51還可包括感測器513、中央處理器及記憶體等晶片514;目標檢測應用512的後台伺服器52可包括挑戰任務生成模組521和資料處理模組522,後台伺服器52可以為雲端伺服器,後台伺服器52可通過雲端應用服務53與被測終端設備51進行業務通信。資訊收集模組511可與挑戰任務生成模組521、資料處理模組522、感測器513、中央處理器及記憶體等晶片514通信交互。被測終端設備51可通過雲端應用服務53向後台伺服器52提出檢測請求;挑戰任務生成模組521用於生成挑戰任務,並將挑戰任務的編號傳輸至資訊收集模組511;中央處理器及記憶體等晶片514可用於在資訊收集模組511的觸發下執行挑戰任務;感測器513可用於採集回應信號;資訊收集模組511可用於向中央處理器及記憶體等晶片514發起挑戰任務,從感測器513獲取回應信號以及將回應信號傳輸給資料處理模組522;資料處理模組522可用於根據回應信號區分真實物理終端設備和虛擬終端設備。 In some examples, when the authenticity detection method of the terminal device is implemented by the interaction between the terminal device under test and the background server, the terminal device under test may include functional modules such as an information collection module, and the background server may include functional modules such as a challenge task generation module and a data processing module. FIG7 is a schematic diagram of an example of the architecture of a terminal device authenticity detection method provided by an embodiment of the present invention applied to a terminal device under test and a background server. As shown in FIG7 , the terminal device under test 51 may include an information collection module 511, which may be integrated in a target detection application 512. The terminal device under test 51 may also include a sensor 513, a central processing unit, a memory and other chips 514; the background server 52 of the target detection application 512 may include a challenge task generation module 521 and a data processing module 522. The background server 52 may be a cloud server, and the background server 52 may communicate with the terminal device under test 51 via a cloud application service 53. The information collection module 511 can communicate and interact with the challenge task generation module 521, the data processing module 522, the sensor 513, and the central processing unit and memory chip 514. The terminal device 51 under test can make a detection request to the background server 52 through the cloud application service 53; the challenge task generation module 521 is used to generate a challenge task and transmit the challenge task number to the information collection module 511; the central processing unit and the memory chip 514 can be used to execute the challenge task under the triggering of the information collection module 511; the sensor 513 can be used to collect the response signal; the information collection module 511 can be used to initiate the challenge task to the central processing unit and the memory chip 514, obtain the response signal from the sensor 513 and transmit the response signal to the data processing module 522; the data processing module 522 can be used to distinguish the real physical terminal device and the virtual terminal device according to the response signal.

為了便於理解,在此以一示例對被測終端設備與後台伺服器交互實現的終端設備真實性的檢測流程進行說明。圖8為本發明實施例提供的終端設備真實性的檢測流程的一示例的流程圖,如圖8所示,被測終端設備包括執行部分和資訊收集模組,執行部分主要包括感測器、中央處理器及記憶體等用於執行挑戰任務的部分;後台伺服器包括挑戰任務生成模組和資料處理模組。該終端設備真實性的檢測流程可包括步驟a1至步驟a8。 For ease of understanding, an example is used here to illustrate the authenticity detection process of the terminal device under test implemented by the interaction between the terminal device under test and the background server. FIG8 is a flowchart of an example of the authenticity detection process of the terminal device provided by the embodiment of the present invention. As shown in FIG8, the terminal device under test includes an execution part and an information collection module. The execution part mainly includes sensors, central processing units, and memory for executing challenge tasks; the background server includes a challenge task generation module and a data processing module. The authenticity detection process of the terminal device may include steps a1 to a8.

步驟a1,挑戰任務生成模組隨機生成挑戰任務C1、C2和C3,並將挑戰任務C1、C2和C3傳輸至資訊收集模組。 Step a1, the challenge task generation module randomly generates challenge tasks C1, C2 and C3, and transmits challenge tasks C1, C2 and C3 to the information collection module.

挑戰任務C1和挑戰任務C2相同,挑戰任務C3和挑戰任務C2不同。 Challenge Mission C1 is the same as Challenge Mission C2, but Challenge Mission C3 is different from Challenge Mission C2.

步驟a2,資訊收集模組將挑戰任務C1、C2、C3以及隨機雜訊作為輸入,激發執行部分執行挑戰任務C1、C2和C3。 In step a2, the information collection module takes challenge tasks C1, C2, C3 and random noise as input to trigger the execution part to execute challenge tasks C1, C2 and C3.

步驟a3,執行部分採集執行挑戰任務C1、C2和C3所產生的回應信號,並將回應信號傳輸至資訊收集模組。 Step a3, the execution part collects the response signals generated by executing the challenge tasks C1, C2 and C3, and transmits the response signals to the information collection module.

步驟a4,資訊收集模組將回應信號上送至資料處理模組。 Step a4, the information collection module sends the response signal to the data processing module.

步驟a5,資料處理模組對回應信號進行動態計算,去除背景雜音。 Step a5: The data processing module dynamically calculates the response signal and removes background noise.

步驟a6,資料處理模組對回應信號進行分離,得到相關性部分與非相關性部分,從而得到非相關性資訊R1、R2和R3。 Step a6, the data processing module separates the response signal to obtain the relevant part and the irrelevant part, thereby obtaining the irrelevant information R1, R2 and R3.

非相關性部分為非相關性資訊。非相關性資訊R1與挑戰任務C1對應,非相關性資訊R2與挑戰任務C2對應,非相關性資訊R3與挑戰任務C3對應。 The irrelevant part is irrelevant information. The irrelevant information R1 corresponds to the challenge task C1, the irrelevant information R2 corresponds to the challenge task C2, and the irrelevant information R3 corresponds to the challenge task C3.

步驟a7,資料處理模組對比非相關性資訊R1、R2和R3,確定是否滿足R1=R2≠R3,得到被測終端設備的檢測結果。 Step a7, the data processing module compares the non-correlated information R1, R2 and R3, determines whether R1=R2≠R3 is satisfied, and obtains the detection result of the terminal device under test.

R1=R2指的是非相關性資訊R1與非相關性資訊R2之間的差異在預設誤差範圍內,R2≠R3指的是非相關性資訊R2與非相關性資訊R3 之間的差異在預設誤差範圍外。檢測結果可表徵被測終端設備是真實物理終端設備或虛擬終端設備。 R1=R2 means that the difference between irrelevant information R1 and irrelevant information R2 is within the preset error range, and R2≠R3 means that the difference between irrelevant information R2 and irrelevant information R3 is outside the preset error range. The test results can indicate whether the tested terminal device is a real physical terminal device or a virtual terminal device.

步驟a8,資料處理模組將檢測結果下發至資訊收集模組。 Step a8, the data processing module sends the detection results to the information collection module.

上述步驟a1至步驟a8的具體內容可參見上述實施例中的相關說明,在此不再贅述。 The specific contents of the above steps a1 to a8 can be found in the relevant descriptions in the above embodiments, and will not be elaborated here.

本發明第四方面提供一種終端設備真實性的檢測裝置,與本發明第一方面提供的終端設備真實性的檢測方法對應,可應用於被測終端設備。被測終端設備具有感測器和目標檢測應用。圖9為本發明第四方面一實施例提供的終端設備真實性的檢測裝置的結構示意圖,如圖9所示,終端設備真實性的檢測裝置600可包括挑戰任務生成模組601、資訊收集模組602和資料處理模組603。 The fourth aspect of the present invention provides a terminal device authenticity detection device, which corresponds to the terminal device authenticity detection method provided in the first aspect of the present invention and can be applied to the terminal device under test. The terminal device under test has a sensor and a target detection application. FIG9 is a structural schematic diagram of the terminal device authenticity detection device provided in an embodiment of the fourth aspect of the present invention. As shown in FIG9, the terminal device authenticity detection device 600 may include a challenge task generation module 601, an information collection module 602 and a data processing module 603.

挑戰任務生成模組601可用於生成三個以上的挑戰任務,三個以上的挑戰任務中包括第一類任務和第二類任務,第一類任務包括至少兩個相同的挑戰任務,第二類任務包括與第一類任務不同的挑戰任務。 The challenge task generation module 601 can be used to generate more than three challenge tasks, wherein the more than three challenge tasks include first-category tasks and second-category tasks, wherein the first-category tasks include at least two identical challenge tasks, and the second-category tasks include challenge tasks different from the first-category tasks.

資訊收集模組602可用於觸發被測終端設備執行三個以上的挑戰任務,並獲取感測器採集到的被測終端設備產生的與挑戰任務對應的回應信號。 The information collection module 602 can be used to trigger the terminal device under test to execute more than three challenge tasks, and obtain the response signal corresponding to the challenge task generated by the terminal device under test collected by the sensor.

資料處理模組603可用於基於第一類任務對應的回應信號和第二類任務對應的回應信號進行對比,根據對比結果確定被測終端設備為真實物理終端設備或虛擬終端設備。 The data processing module 603 can be used to compare the response signal corresponding to the first type of task with the response signal corresponding to the second type of task, and determine whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the comparison result.

在本發明實施例中,被測終端設備可執行預先生成的三個以上的挑戰任務,三個以上的挑戰任務中包括相同的挑戰任務即第一類任務以及與第一類任務不同的挑戰任務即第二類任務,根據被測終端設備的感測器採集到的被測終端設備執行第一類任務和第二類任務產生的回應信號的對比確定被測終端設備為真實物理終端設備或虛擬終端設備。物理不可克隆函數可使得真實物理終端設備對挑戰任務產生不可克隆的唯一輸出,回應信號能夠體現物理不可克隆函數的特徵,真實物理終端設備執行相同 的挑戰任務以及不同的挑戰任務產生的回應信號體現的物理不可克隆函數的特徵具有一定的規律,而虛擬終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號體現的物理不可克隆函數的特徵難以具有規律或規律與真實物理終端設備不同,而且,模擬虛擬終端設備的第三方無法得知挑戰任務的內容和虛擬終端設備執行挑戰任務的時間,也無法模擬真實物理終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號所能體現的物理不可克隆函數的特徵,從而可根據回應信號準確地確定被測終端設備是真實物理終端設備或虛擬終端設備,實現真實物理終端設備和虛擬終端設備的區分,也提高了終端設備真實性的檢測方法的抗攻擊性。 In an embodiment of the present invention, the terminal device under test can execute more than three pre-generated challenge tasks, wherein the more than three challenge tasks include the same challenge tasks, i.e., first-category tasks, and challenge tasks different from the first-category tasks, i.e., second-category tasks. The terminal device under test is determined to be a real physical terminal device or a virtual terminal device based on a comparison of response signals generated by the terminal device under test executing the first-category tasks and the second-category tasks, which are collected by the sensor of the terminal device under test. The physical unclonable function can make the real physical terminal device produce a unique output that cannot be cloned for the challenge task, and the response signal can reflect the characteristics of the physical unclonable function. The characteristics of the physical unclonable function reflected by the response signals generated by the real physical terminal device when executing the same challenge task and different challenge tasks have certain regularities, while the characteristics of the physical unclonable function reflected by the response signals generated by the virtual terminal device when executing the same challenge task and different challenge tasks are difficult to have regularities or the regularities are different from those of the real physical terminal device. Moreover, the third party simulating the virtual terminal device cannot know the content of the challenge task and the time when the virtual terminal device executes the challenge task, nor can it simulate the characteristics of the physical unclonable function reflected by the response signal generated by the real physical terminal device executing the same challenge task and different challenge tasks. Therefore, it can accurately determine whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the response signal, realize the distinction between real physical terminal devices and virtual terminal devices, and also improve the anti-attack ability of the terminal device authenticity detection method.

在一些示例中,回應信號包括非相關性資訊,非相關性資訊用於表達物理不可克隆函數的特徵。在第一類任務對應的非相關性資訊之間的差異在預設誤差範圍內,且第二類任務對應的非相關性資訊與第一類任務對應的非相關性資訊之間的差異在預設誤差範圍外的情況下,被測終端設備為真實物理終端設備;在第一類任務對應的非相關性資訊之間的差異在預設誤差範圍外,和/或,第二類任務對應的非相關性資訊與第一類任務對應的非相關性資訊之間的差異在預設誤差範圍內的情況下,被測終端設備為虛擬終端設備。 In some examples, the response signal includes irrelevant information, and the irrelevant information is used to express the characteristics of the physical unclonable function. When the difference between the irrelevant information corresponding to the first type of task is within the preset error range, and the difference between the irrelevant information corresponding to the second type of task and the irrelevant information corresponding to the first type of task is outside the preset error range, the terminal device under test is a real physical terminal device; when the difference between the irrelevant information corresponding to the first type of task is outside the preset error range, and/or the difference between the irrelevant information corresponding to the second type of task and the irrelevant information corresponding to the first type of task is within the preset error range, the terminal device under test is a virtual terminal device.

在一些示例中,資料處理模組603可具體用於:獲取影響感測器的共有特徵因素;根據共有特徵因素,分離回應信號得到相關性資訊和非相關性資訊,相關性資訊根據共有特徵因素計算得到,非相關性資訊用於表達物理不可克隆函數的特徵;對比第一類任務對應的非相關性資訊,以及,對比第一類任務對應的非相關性資訊和第二類任務對應的非相關性資訊,得到對比結果;根據對比結果,確定被測終端設備為真實物理終端設備或虛擬終端設備。 In some examples, the data processing module 603 can be specifically used to: obtain common characteristic factors affecting the sensor; separate the response signal according to the common characteristic factors to obtain relevant information and irrelevant information, the relevant information is calculated according to the common characteristic factors, and the irrelevant information is used to express the characteristics of the physical unclonable function; compare the irrelevant information corresponding to the first type of task, and compare the irrelevant information corresponding to the first type of task with the irrelevant information corresponding to the second type of task to obtain a comparison result; determine whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison result.

在一些示例中,資料處理模組603還可用於:在根據共有特徵因素,分離回應信號得到相關性資訊和非相關性資訊之前,對回應信號進行通用去噪處理,得到通用去噪處理後的回應信號。 In some examples, the data processing module 603 can also be used to: before separating the response signal to obtain relevant information and irrelevant information based on the common characteristic factors, perform universal denoising on the response signal to obtain a response signal after universal denoising.

在一些實施例中,資料處理模組603還可用於:在確定多個被測終端設備為虛擬終端設備的情況下,根據每個被測終端設備執行的三個以上的挑戰任務對應的回應信號,得到多個被測終端設備的物理不可克隆函數的特徵;若多個被測終端設備的物理不可克隆函數的特徵之間的差異在預設特徵誤差範圍內,確定多個被測終端設備基於同一雲平台模擬得到。 In some embodiments, the data processing module 603 can also be used to: when it is determined that multiple terminal devices under test are virtual terminal devices, obtain the characteristics of the physical unclonable function of the multiple terminal devices under test according to the response signals corresponding to more than three challenge tasks executed by each terminal device under test; if the difference between the characteristics of the physical unclonable function of the multiple terminal devices under test is within the preset characteristic error range, determine that the multiple terminal devices under test are simulated based on the same cloud platform.

本發明第五方面提供一種終端設備真實性的檢測裝置,與本發明第二方面提供的終端設備真實性的檢測方法對應,可應用於被測終端設備。被測終端設備具有感測器和目標檢測應用。圖10為本發明第五方面一實施例提供的終端設備真實性的檢測裝置的結構示意圖,如圖10所示,終端設備真實性的檢測裝置700可包括接收模組701、資訊收集模組702和發送模組703。 The fifth aspect of the present invention provides a terminal device authenticity detection device, which corresponds to the terminal device authenticity detection method provided in the second aspect of the present invention and can be applied to the terminal device under test. The terminal device under test has a sensor and a target detection application. FIG10 is a structural schematic diagram of the terminal device authenticity detection device provided in an embodiment of the fifth aspect of the present invention. As shown in FIG10, the terminal device authenticity detection device 700 may include a receiving module 701, an information collection module 702 and a sending module 703.

接收模組701可用於接收目標檢測應用的後台伺服器生成並發送的三個以上的挑戰任務,三個以上的挑戰任務中包括第一類任務和第二類任務,第一類任務包括至少兩個相同的挑戰任務,第二類任務包括與第一類任務不同的挑戰任務。 The receiving module 701 can be used to receive more than three challenge tasks generated and sent by the background server of the target detection application. The more than three challenge tasks include first-category tasks and second-category tasks. The first-category tasks include at least two identical challenge tasks, and the second-category tasks include challenge tasks different from the first-category tasks.

資訊收集模組702可用於觸發被測終端設備執行三個以上的挑戰任務,並獲取感測器採集到的被測終端設備產生的與挑戰任務對應的回應信號。 The information collection module 702 can be used to trigger the terminal device under test to execute more than three challenge tasks, and obtain the response signal corresponding to the challenge task generated by the terminal device under test collected by the sensor.

發送模組703可用於向後台伺服器發送回應信號,以使後台伺服器基於第一類任務對應的回應信號和第二類任務對應的回應信號進行對比,根據對比結果確定被測終端設備為真實物理終端設備或虛擬終端設備。 The sending module 703 can be used to send a response signal to the background server, so that the background server can compare the response signal corresponding to the first type of task with the response signal corresponding to the second type of task, and determine whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison result.

在本發明實施例中,後台伺服器可生成三個以上的挑戰任務,被測終端設備可執行這三個以上的挑戰任務,三個以上的挑戰任務中包括相同的挑戰任務即第一類任務以及與第一類任務不同的挑戰任務即第二類任務,被測終端設備可將感測器採集到的被測終端設備執行挑戰任務產生 的回應信號發送給後台伺服器,由後台伺服器根據回應信號確定被測終端設備為真實物理終端設備或虛擬終端設備。物理不可克隆函數可使得真實物理終端設備對挑戰任務產生不可克隆的唯一輸出,回應信號能夠體現物理不可克隆函數的特徵,真實物理終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號體現的物理不可克隆函數的特徵具有一定的規律,而虛擬終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號體現的物理不可克隆函數的特徵難以具有規律或規律與真實物理終端設備不同,而且,模擬虛擬終端設備的第三方無法得知挑戰任務的內容和虛擬終端設備執行挑戰任務的時間,也無法模擬真實物理終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號所能體現的物理不可克隆函數的特徵,從而可根據回應信號準確地確定被測終端設備是真實物理終端設備或虛擬終端設備,實現真實物理終端設備和虛擬終端設備的區分,也提高了終端設備真實性的檢測方法的抗攻擊性。 In the embodiment of the present invention, the background server can generate more than three challenge tasks, and the terminal device under test can execute the three or more challenge tasks. The three or more challenge tasks include the same challenge tasks, i.e., the first type of tasks, and challenge tasks different from the first type of tasks, i.e., the second type of tasks. The terminal device under test can send the response signal generated by the terminal device under test executing the challenge tasks collected by the sensor to the background server, and the background server determines whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the response signal. The physical unclonable function can make the real physical terminal device produce a unique output that cannot be cloned for the challenge task, and the response signal can reflect the characteristics of the physical unclonable function. The characteristics of the physical unclonable function reflected by the response signals generated by the real physical terminal device when executing the same challenge task and different challenge tasks have certain regularities, while the characteristics of the physical unclonable function reflected by the response signals generated by the virtual terminal device when executing the same challenge task and different challenge tasks are difficult to have regularities or the regularities are different from those of the real physical terminal device. Moreover, the third party simulating the virtual terminal device cannot know the content of the challenge task and the time when the virtual terminal device executes the challenge task, nor can it simulate the characteristics of the physical unclonable function reflected by the response signals generated by the real physical terminal device executing the same challenge task and different challenge tasks. Therefore, it can accurately determine whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the response signal, realize the distinction between real physical terminal devices and virtual terminal devices, and also improve the anti-attack ability of the terminal device authenticity detection method.

在一些示例中,回應信號包括非相關性資訊,非相關性資訊用於表達物理不可克隆函數的特徵。在第一類任務對應的非相關性資訊之間的差異在預設誤差範圍內,且第二類任務對應的非相關性資訊與第一類任務對應的非相關性資訊之間的差異在預設誤差範圍外的情況下,被測終端設備為真實物理終端設備。在第一類任務對應的非相關性資訊之間的差異在預設誤差範圍外,和/或,第二類任務對應的非相關性資訊與第一類任務對應的非相關性資訊之間的差異在預設誤差範圍內的情況下,被測終端設備為虛擬終端設備。 In some examples, the response signal includes irrelevant information, which is used to express the characteristics of the physical unclonable function. When the difference between the irrelevant information corresponding to the first type of task is within the preset error range, and the difference between the irrelevant information corresponding to the second type of task and the irrelevant information corresponding to the first type of task is outside the preset error range, the terminal device under test is a real physical terminal device. When the difference between the irrelevant information corresponding to the first type of task is outside the preset error range, and/or the difference between the irrelevant information corresponding to the second type of task and the irrelevant information corresponding to the first type of task is within the preset error range, the terminal device under test is a virtual terminal device.

在一些示例中,回應信號由後台伺服器分離為相關性資訊和非相關性資訊,相關性資訊由後台伺服器根據感測器的共有特徵因素計算得到,非相關性資訊用於表達物理不可克隆函數的特徵。對比結果由後台伺服器對比第一類任務對應的非相關性資訊,以及,對比第一類任務對應的非相關性資訊和第二類任務對應的非相關性資訊得到。 In some examples, the response signal is separated into relevant information and irrelevant information by the background server, the relevant information is calculated by the background server based on the common characteristic factors of the sensors, and the irrelevant information is used to express the characteristics of the physical non-clonable function. The comparison result is obtained by the background server comparing the irrelevant information corresponding to the first type of task, and comparing the irrelevant information corresponding to the first type of task with the irrelevant information corresponding to the second type of task.

在一些示例中,被分離為相關性資訊和非相關性資訊的回應 信號為由後台伺服器進行通用去噪處理後的回應信號。 In some examples, the response signal separated into relevant information and irrelevant information is the response signal after general denoising processing by the background server.

在一些示例中,在確定多個被測終端設備為虛擬終端設備的情況下,若多個被測終端設備的物理不可克隆函數的特徵之間的差異在預設特徵誤差範圍內,則多個被測終端設備基於同一雲平台模擬得到,物理不可克隆函數的特徵由後台伺服器根據多個被測終端設備執行的三個以上的挑戰任務對應的回應信號得到。 In some examples, when it is determined that multiple terminal devices under test are virtual terminal devices, if the difference between the characteristics of the physical unclonable function of the multiple terminal devices under test is within the preset characteristic error range, the multiple terminal devices under test are simulated based on the same cloud platform, and the characteristics of the physical unclonable function are obtained by the background server according to the response signals corresponding to more than three challenge tasks executed by the multiple terminal devices under test.

本發明第六方面提供一種終端設備真實性的檢測裝置,與本發明第三方面提供的終端設備真實性的檢測方法對應,可應用於目標檢測應用的後台伺服器。圖11為本發明第六方面一實施例提供的終端設備真實性的檢測裝置的結構示意圖,如圖11所示,終端設備真實性的檢測裝置800可包括挑戰任務生成模組801、發送模組802、接收模組803和資料處理模組804。 The sixth aspect of the present invention provides a terminal device authenticity detection device, which corresponds to the terminal device authenticity detection method provided in the third aspect of the present invention and can be applied to the background server of the target detection application. FIG11 is a structural schematic diagram of the terminal device authenticity detection device provided in an embodiment of the sixth aspect of the present invention. As shown in FIG11, the terminal device authenticity detection device 800 may include a challenge task generation module 801, a sending module 802, a receiving module 803 and a data processing module 804.

挑戰任務生成模組801可用於生成三個以上的挑戰任務,三個以上的挑戰任務中包括第一類任務和第二類任務,第一類任務包括至少兩個相同的挑戰任務,第二類任務包括與第一類任務不同的挑戰任務。 The challenge task generation module 801 can be used to generate more than three challenge tasks, wherein the more than three challenge tasks include first-category tasks and second-category tasks, wherein the first-category tasks include at least two identical challenge tasks, and the second-category tasks include challenge tasks different from the first-category tasks.

發送模組802可用於向被測終端設備發送三個以上的挑戰任務。被測終端設備具有感測器和目標檢測應用。 The sending module 802 can be used to send more than three challenge tasks to the terminal device under test. The terminal device under test has a sensor and a target detection application.

接收模組803可用於接收被測終端設備發送的回應信號,回應信號由感測器在目標檢測應用觸發被測終端設備執行三個以上的挑戰任務的情況下採集得到。 The receiving module 803 can be used to receive the response signal sent by the terminal device under test. The response signal is collected by the sensor when the target detection application triggers the terminal device under test to perform more than three challenge tasks.

資料處理模組804可用於基於第一類任務對應的回應信號和第二類任務對應的回應信號進行對比,根據對比結果確定被測終端設備為真實物理終端設備或虛擬終端設備。 The data processing module 804 can be used to compare the response signal corresponding to the first type of task with the response signal corresponding to the second type of task, and determine whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the comparison result.

在本發明實施例中,後台伺服器可生成三個以上的挑戰任務,被測終端設備可執行這三個以上的挑戰任務,三個以上的挑戰任務中包括相同的挑戰任務即第一類任務以及與第一類任務不同的挑戰任務即第二類任務,被測終端設備可將感測器採集到的被測終端設備執行挑戰任務產生 的回應信號發送給後台伺服器,由後台伺服器根據回應信號確定被測終端設備為真實物理終端設備或虛擬終端設備。物理不可克隆函數可使得真實物理終端設備這對挑戰任務產生不可克隆的唯一輸出,回應信號能夠體現物理不可克隆函數的特徵,真實物理終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號體現的物理不可克隆函數的特徵具有一定的規律,而虛擬終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號體現的物理不可克隆函數的特徵難以具有規律或規律與真實物理終端設備不同,而且,模擬虛擬終端設備的第三方無法得知挑戰任務的內容和虛擬終端設備執行挑戰任務的時間,也無法模擬真實物理終端設備執行相同的挑戰任務以及不同的挑戰任務產生的回應信號所能體現的物理不可克隆函數的特徵,從而可根據回應信號準確地確定被測終端設備是真實物理終端設備或虛擬終端設備,實現真實物理終端設備和虛擬終端設備的區分,也提高了終端設備真實性的檢測方法的抗攻擊性。 In the embodiment of the present invention, the background server can generate more than three challenge tasks, and the terminal device under test can execute the three or more challenge tasks. The three or more challenge tasks include the same challenge tasks, i.e., the first type of tasks, and challenge tasks different from the first type of tasks, i.e., the second type of tasks. The terminal device under test can send the response signal generated by the terminal device under test executing the challenge tasks collected by the sensor to the background server, and the background server determines whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the response signal. The physical unclonable function can make the real physical terminal device produce a unique output that cannot be cloned for the challenge task, and the response signal can reflect the characteristics of the physical unclonable function. The characteristics of the physical unclonable function reflected by the response signals generated by the real physical terminal device when executing the same challenge task and different challenge tasks have certain regularities, while the characteristics of the physical unclonable function reflected by the response signals generated by the virtual terminal device when executing the same challenge task and different challenge tasks are difficult to have regularities or the regularities are different from those of the real physical terminal device. Moreover, the third party simulating the virtual terminal device cannot know the content of the challenge task and the time when the virtual terminal device executes the challenge task, nor can it simulate the characteristics of the physical unclonable function reflected by the response signal generated by the real physical terminal device executing the same challenge task and different challenge tasks. Therefore, it can accurately determine whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the response signal, realize the distinction between real physical terminal devices and virtual terminal devices, and also improve the anti-attack ability of the terminal device authenticity detection method.

在一些示例中,回應信號包括非相關性資訊,非相關性資訊用於表達物理不可克隆函數的特徵。在第一類任務對應的非相關性資訊之間的差異在預設誤差範圍內,且第二類任務對應的非相關性資訊與第一類任務對應的非相關性資訊之間的差異在預設誤差範圍外的情況下,被測終端設備為真實物理終端設備;在第一類任務對應的非相關性資訊之間的差異在預設誤差範圍外,和/或,第二類任務對應的非相關性資訊與第一類任務對應的非相關性資訊之間的差異在預設誤差範圍內的情況下,被測終端設備為虛擬終端設備。 In some examples, the response signal includes irrelevant information, and the irrelevant information is used to express the characteristics of the physical unclonable function. When the difference between the irrelevant information corresponding to the first type of task is within the preset error range, and the difference between the irrelevant information corresponding to the second type of task and the irrelevant information corresponding to the first type of task is outside the preset error range, the terminal device under test is a real physical terminal device; when the difference between the irrelevant information corresponding to the first type of task is outside the preset error range, and/or the difference between the irrelevant information corresponding to the second type of task and the irrelevant information corresponding to the first type of task is within the preset error range, the terminal device under test is a virtual terminal device.

在一些示例中,資料處理模組804可具體用於:獲取影響感測器的共有特徵因素;根據共有特徵因素,分離回應信號得到相關性資訊和非相關性資訊,相關性資訊根據共有特徵因素計算得到,非相關性資訊用於表達物理不可克隆函數的特徵;對比第一類任務對應的非相關性資訊,以及,對比第一類任務對應的非相關性資訊和第二類任務對應的非相關性資訊,得到對比結果;根據對比結果,確定被測終端設備為真實物理終端 設備或虛擬終端設備。 In some examples, the data processing module 804 can be specifically used to: obtain common characteristic factors affecting the sensor; separate the response signal according to the common characteristic factors to obtain relevant information and irrelevant information, the relevant information is calculated according to the common characteristic factors, and the irrelevant information is used to express the characteristics of the physical unclonable function; compare the irrelevant information corresponding to the first type of task, and compare the irrelevant information corresponding to the first type of task with the irrelevant information corresponding to the second type of task to obtain a comparison result; determine whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison result.

在一些示例中,資料處理模組804還可用於:在根據共有特徵因素,分離回應信號得到相關性資訊和非相關性資訊之前,對回應信號進行通用去噪處理,得到通用去噪處理後的回應信號。 In some examples, the data processing module 804 can also be used to: before separating the response signal to obtain relevant information and irrelevant information based on the common characteristic factors, perform universal denoising on the response signal to obtain a response signal after universal denoising.

在一些實施例中,資料處理模組804還可用於:在確定多個被測終端設備為虛擬終端設備的情況下,根據每個被測終端設備執行的三個以上的挑戰任務對應的回應信號,得到多個被測終端設備的物理不可克隆函數的特徵;若多個被測終端設備的物理不可克隆函數的特徵之間的差異在預設特徵誤差範圍內,確定多個被測終端設備基於同一雲平台模擬得到。 In some embodiments, the data processing module 804 can also be used to: when it is determined that multiple terminal devices under test are virtual terminal devices, obtain the characteristics of the physical unclonable function of the multiple terminal devices under test according to the response signals corresponding to more than three challenge tasks executed by each terminal device under test; if the difference between the characteristics of the physical unclonable function of the multiple terminal devices under test is within the preset characteristic error range, determine that the multiple terminal devices under test are simulated based on the same cloud platform.

本發明第七方面還提供了一種終端設備。圖12為本發明第七方面一實施例提供的終端設備的結構示意圖。如圖12所示,終端設備900包括記憶體901、處理器902及存儲在記憶體901上並可在處理器902上運行的電腦程式。 The seventh aspect of the present invention also provides a terminal device. FIG12 is a schematic diagram of the structure of the terminal device provided in an embodiment of the seventh aspect of the present invention. As shown in FIG12, the terminal device 900 includes a memory 901, a processor 902, and a computer program stored in the memory 901 and executable on the processor 902.

在一些示例中,上述處理器902可以包括中央處理器(Central Processing Unit,CPU),或者特殊應用積體電路(Application Specific Integrated Circuit,ASIC),或者可以被配置成實施本發明實施例的一個或多個積體電路。 In some examples, the processor 902 may include a central processing unit (CPU), or an application specific integrated circuit (ASIC), or may be configured to implement one or more integrated circuits of the embodiments of the present invention.

記憶體901可包括唯讀記憶體(Read-Only Memory,ROM),隨機存取記憶體(Random Access Memory,RAM),磁片存儲介質設備,光存儲介質設備,快閃記憶體設備,電氣、光學或其他物理/有形的記憶體存放裝置。因此,通常,記憶體包括一個或多個編碼有包括電腦可執行指令的軟體的有形(非暫態)電腦可讀存儲介質(例如,記憶體設備),並且當該軟體被執行(例如,由一個或多個處理器)時,其可操作來執行參考根據本發明第一方面實施例中終端設備真實性的檢測方法所描述的操作。 The memory 901 may include a read-only memory (ROM), a random access memory (RAM), a magnetic disk storage medium device, an optical storage medium device, a flash memory device, an electrical, optical or other physical/tangible memory storage device. Therefore, generally, the memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., a memory device) encoded with software including computer-executable instructions, and when the software is executed (e.g., by one or more processors), it is operable to perform the operations described with reference to the method for detecting the authenticity of the terminal device in the embodiment according to the first aspect of the present invention.

處理器902通過讀取記憶體901中存儲的可執行程式碼來運行與可執行程式碼對應的電腦程式,以用於實現上述第一方面實施例中的 終端設備真實性的檢測方法。 The processor 902 runs the computer program corresponding to the executable program code by reading the executable program code stored in the memory 901, so as to implement the method for detecting the authenticity of the terminal device in the first aspect of the embodiment.

在一些示例中,終端設備900還可包括通信介面903和匯流排904。其中,如圖12所示,記憶體901、處理器902、通信介面903通過匯流排904連接並完成相互間的通信。 In some examples, the terminal device 900 may also include a communication interface 903 and a bus 904. As shown in FIG12 , the memory 901, the processor 902, and the communication interface 903 are connected through the bus 904 and communicate with each other.

通信介面903,主要用於實現本發明實施例中各模組、裝置、單元和/或設備之間的通信。也可通過通信介面903接入輸入裝置和/或輸出設備。 The communication interface 903 is mainly used to realize the communication between the modules, devices, units and/or equipment in the embodiment of the present invention. The input device and/or output device can also be connected through the communication interface 903.

匯流排904包括硬體、軟體或兩者,將終端設備900的部件彼此耦接在一起。舉例來說而非限制,匯流排904可包括加速圖形埠(Accelerated Graphics Port,AGP)或其他圖形匯流排、增強工業標準架構(Enhanced Industry Standard Architecture,EISA)匯流排、前側匯流排(Front Side Bus,FSB)、超傳送標準(Hyper Transport,HT)互連、工業標準架構(Industry Standard Architecture,ISA)匯流排、無限頻寬互連、低接腳計數(Low Pin Count,LPC)匯流排、記憶體匯流排、微通道架構(Micro Channel Architecture,MCA)匯流排、周邊組件互連(Peripheral Component Interconnect,PCI)匯流排、快速周邊組件互連(Peripheral Component Interconnect Express,PCI-E)匯流排、串列進階技術附接(Serial Advanced Technology Attachment,SATA)匯流排、視訊電子標準協會區域(Video Electronics Standards Association Local Bus,VLB)匯流排或其他合適的匯流排或者兩個或更多個以上這些的組合。在合適的情況下,匯流排904可包括一個或多個匯流排。儘管本發明實施例描述和示出了特定的匯流排,但本發明考慮任何合適的匯流排或互連。 The bus 904 includes hardware, software, or both, coupling the components of the terminal device 900 to each other. By way of example and not limitation, bus 904 may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hyper Transport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an InfiniBand interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a Peripheral Component Interconnect Express (PCI) bus, or a 10-bit x86 bus. Express (PCI-E) bus, Serial Advanced Technology Attachment (SATA) bus, Video Electronics Standards Association Local Bus (VLB) bus or other suitable bus or a combination of two or more of the above. Where appropriate, bus 904 may include one or more buses. Although the embodiments of the present invention describe and illustrate specific buses, the present invention contemplates any suitable bus or interconnect.

本發明第八方面還提供了一種終端設備,該終端設備包括記憶體、處理器及存儲在記憶體上並可在處理器上運行的電腦程式。記憶體包括一個或多個編碼有包括電腦可執行指令的軟體的有形(非暫態)電腦可讀存儲介質(例如,記憶體設備),並且當該軟體被執行(例如,由一個或多個處理器)時,其可操作來執行參考根據本發明第二方面實施例中 終端設備真實性的檢測方法所描述的操作。處理器通過讀取記憶體中存儲的可執行程式碼來運行與可執行程式碼對應的電腦程式,以用於實現上述第二方面實施例中的終端設備真實性的檢測方法。 The eighth aspect of the present invention also provides a terminal device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor. The memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., a memory device) encoded with software including computer-executable instructions, and when the software is executed (e.g., by one or more processors), it is operable to perform the operations described in the method for detecting the authenticity of the terminal device in the embodiment according to the second aspect of the present invention. The processor runs the computer program corresponding to the executable program code by reading the executable program code stored in the memory, so as to implement the method for detecting the authenticity of the terminal device in the above-mentioned second aspect embodiment.

在一些示例中,終端設備還可包括通信介面和匯流排。記憶體、處理器、通信介面通過匯流排連接並完成相互間的通信。 In some examples, the terminal device may also include a communication interface and a bus. The memory, processor, and communication interface are connected via the bus and communicate with each other.

本發明第八方面的終端設備中記憶體、處理器、通信介面、匯流排的連接以及實體選取可參見第七方面的終端設備的相關說明,在此不再贅述。 The connection and entity selection of the memory, processor, communication interface, bus in the terminal device of the eighth aspect of the present invention can be found in the relevant description of the terminal device of the seventh aspect, and will not be elaborated here.

本發明第九方面還提供了一種伺服器,該伺服器包括記憶體、處理器及存儲在記憶體上並可在處理器上運行的電腦程式。記憶體包括一個或多個編碼有包括電腦可執行指令的軟體的有形(非暫態)電腦可讀存儲介質(例如,記憶體設備),並且當該軟體被執行(例如,由一個或多個處理器)時,其可操作來執行參考根據本發明第三方面實施例中終端設備真實性的檢測方法所描述的操作。處理器通過讀取記憶體中存儲的可執行程式碼來運行與可執行程式碼對應的電腦程式,以用於實現上述第三方面實施例中的終端設備真實性的檢測方法。 The ninth aspect of the present invention also provides a server, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor. The memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software including computer-executable instructions, and when the software is executed (e.g., by one or more processors), it can be operated to perform the operations described with reference to the method for detecting the authenticity of the terminal device in the embodiment according to the third aspect of the present invention. The processor runs the computer program corresponding to the executable program code by reading the executable program code stored in the memory, so as to implement the method for detecting the authenticity of the terminal device in the above-mentioned third aspect embodiment.

在一些示例中,伺服器還可包括通信介面和匯流排。記憶體、處理器、通信介面通過匯流排連接並完成相互間的通信。 In some examples, the server may also include a communication interface and a bus. The memory, processor, and communication interface are connected via the bus and communicate with each other.

本發明第九方面的伺服器中記憶體、處理器、通信介面、匯流排的連接以及實體選取可參見第七方面的終端設備的相關說明,在此不再贅述。 The memory, processor, communication interface, bus connection and entity selection in the server of the ninth aspect of the present invention can be found in the relevant description of the terminal device of the seventh aspect, and will not be elaborated here.

本發明第十方面提供一種終端設備真實性的檢測系統。圖13為本發明第十方面一實施例提供的終端設備真實性的檢測系統的結構示意圖,如圖13所示,該終端設備真實性的檢測系統包括第八方面實施例中的終端設備1001和第九方面實施例中的伺服器1002,終端設備1001和伺服器1002的具體內容可參見上述實施例中的相關說明,且能達到相同的技術效果,為避免重複,這裡不再贅述。 The tenth aspect of the present invention provides a terminal device authenticity detection system. FIG13 is a schematic diagram of the structure of the terminal device authenticity detection system provided by the tenth aspect of the present invention. As shown in FIG13, the terminal device authenticity detection system includes the terminal device 1001 in the eighth aspect embodiment and the server 1002 in the ninth aspect embodiment. The specific contents of the terminal device 1001 and the server 1002 can refer to the relevant descriptions in the above embodiments, and can achieve the same technical effects. To avoid repetition, they will not be repeated here.

本發明第十一方面還提供一種電腦可讀存儲介質,該電腦可讀存儲介質上存儲有電腦程式指令,該電腦程式指令被處理器執行時可實現上述第一方面實施例中的終端設備真實性的檢測方法、第二方面實施例中的終端設備真實性的檢測方法或第三方面實施例中的終端設備真實性的檢測方法,且能達到相同的技術效果,為避免重複,這裡不再贅述。其中,上述電腦可讀存儲介質可包括非暫態電腦可讀存儲介質,如唯讀記憶體(Read-Only Memory,簡稱ROM)、隨機存取記憶體(Random Access Memory,簡稱RAM)、磁碟或者光碟等,在此並不限定。 The eleventh aspect of the present invention also provides a computer-readable storage medium, on which a computer program instruction is stored. When the computer program instruction is executed by the processor, the terminal device authenticity detection method in the first aspect embodiment, the terminal device authenticity detection method in the second aspect embodiment, or the terminal device authenticity detection method in the third aspect embodiment can be implemented, and the same technical effect can be achieved. To avoid repetition, it is not repeated here. Among them, the above-mentioned computer-readable storage medium may include a non-transient computer-readable storage medium, such as a read-only memory (ROM), a random access memory (RAM), a disk or an optical disk, etc., which is not limited here.

本發明實施例還提供一種電腦程式產品,該電腦程式產品中的指令由電子設備的處理器執行時,使得電子設備可執行上述第一方面實施例中的終端設備真實性的檢測方法、第二方面實施例中的終端設備真實性的檢測方法或第三方面實施例中的終端設備真實性的檢測方法,且能達到相同的技術效果,為避免重複,這裡不再贅述。 The embodiment of the present invention also provides a computer program product. When the instructions in the computer program product are executed by the processor of the electronic device, the electronic device can execute the terminal device authenticity detection method in the first embodiment, the terminal device authenticity detection method in the second embodiment, or the terminal device authenticity detection method in the third embodiment, and can achieve the same technical effect. To avoid repetition, it will not be repeated here.

需要明確的是,本說明書中的各個實施例均採用遞進的方式描述,各個實施例之間相同或相似的部分互相參見即可,每個實施例重點說明的都是與其他實施例的不同之處。對於裝置實施例、終端設備實施例、伺服器實施例、系統實施例、電腦可讀存儲介質實施例、電腦程式產品實施例而言,相關之處可以參見方法實施例的說明部分,方法實施例之間也可相互參考。本發明並不局限於上文所描述並在圖中示出的特定步驟和結構。本領域的技術人員可以在領會本發明的精神之後,作出各種改變、修改和添加,或者改變步驟之間的順序。並且,為了簡明起見,這裡省略對已知方法技術的詳細描述。 It should be made clear that each embodiment in this specification is described in a progressive manner, and the same or similar parts between the embodiments can refer to each other, and each embodiment focuses on the differences from other embodiments. For the device embodiment, terminal device embodiment, server embodiment, system embodiment, computer-readable storage medium embodiment, and computer program product embodiment, the relevant parts can refer to the description part of the method embodiment, and the method embodiments can also refer to each other. The present invention is not limited to the specific steps and structures described above and shown in the figures. After understanding the spirit of the present invention, technical personnel in this field can make various changes, modifications and additions, or change the order between the steps. In addition, for the sake of brevity, a detailed description of known method technologies is omitted here.

上面參考根據本發明的實施例的方法、裝置(系統)和電腦程式產品的流程圖和/或框圖描述了本發明的各方面。應當理解,流程圖和/或框圖中的每個方框以及流程圖和/或框圖中各方框的組合可以由電腦程式指令實現。這些電腦程式指令可被提供給通用電腦、專用電腦、或其它可程式設計資料處理裝置的處理器,以產生一種機器,使得經由電腦或其 它可程式設計資料處理裝置的處理器執行的這些指令使能對流程圖和/或框圖的一個或多個方框中指定的功能/動作的實現。這種處理器可以是但不限於是通用處理器、專用處理器、特殊應用處理器或者現場可程式設計邏輯電路。還可理解,框圖和/或流程圖中的每個方框以及框圖和/或流程圖中的方框的組合,也可以由執行指定的功能或動作的專用硬體來實現,或可由專用硬體和電腦指令的組合來實現。 Aspects of the present invention are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing device to produce a machine that enables processing via the computer or other programmable data processing device. It may be programmed that the instructions executed by the processor of the data processing device enable implementation of the functions/actions specified in one or more blocks of the flowchart and/or block diagram. Such a processor may be, but is not limited to, a general-purpose processor, a special-purpose processor, a special application processor, or a field-programmable logic circuit. It is also understood that each box in the block diagram and/or flowchart and the combination of boxes in the block diagram and/or flowchart can also be implemented by dedicated hardware that performs the specified function or action, or can be implemented by a combination of dedicated hardware and computer instructions.

本領域技術人員應能理解,上述實施例均是示例性而非限制性的。在不同實施例中出現的不同技術特徵可以進行組合,以取得有益效果。本領域技術人員在研究圖式、說明書及申請專利範圍的基礎上,應能理解並實現所揭示的實施例的其他變化的實施例。在申請專利範圍中,術語“包括”並不排除其他裝置或步驟;數量詞“一個”不排除多個;術語“第一”、“第二”用於標示名稱而非用於表示任何特定的順序。請求項中的任何圖式標記均不應被理解為對保護範圍的限制。請求項中出現的多個部分的功能可以由一個單獨的硬體或軟體模組來實現。某些技術特徵出現在不同的從屬請求項中並不意味著不能將這些技術特徵進行組合以取得有益效果。 Those skilled in the art should understand that the above embodiments are exemplary and not restrictive. Different technical features appearing in different embodiments can be combined to achieve beneficial effects. Based on the study of the drawings, the specification and the scope of the patent application, those skilled in the art should be able to understand and implement other variations of the disclosed embodiments. In the scope of the patent application, the term "including" does not exclude other devices or steps; the quantifier "one" does not exclude multiple; the terms "first" and "second" are used to identify names rather than to indicate any specific order. Any diagrammatic marks in the claims should not be construed as limiting the scope of protection. The functions of multiple parts appearing in the claims can be implemented by a single hardware or software module. The appearance of certain technical features in different subordinate claims does not mean that these technical features cannot be combined to achieve beneficial effects.

S101,S102,S103:步驟 S101, S102, S103: Steps

Claims (23)

一種終端設備真實性的檢測方法,其特徵在於,應用於被測終端設備,所述被測終端設備具有感測器和目標檢測應用,所述方法包括:所述被測終端設備通過所述目標檢測應用生成三個以上的挑戰任務,所述三個以上的挑戰任務中包括第一類任務和第二類任務,所述第一類任務包括至少兩個相同的挑戰任務,所述第二類任務包括與所述第一類任務不同的挑戰任務;所述被測終端設備通過所述目標檢測應用觸發所述被測終端設備執行所述三個以上的挑戰任務,並獲取所述感測器採集到的所述被測終端設備產生的與挑戰任務對應的回應信號;所述被測終端設備通過所述目標檢測應用基於所述第一類任務對應的所述回應信號和所述第二類任務對應的所述回應信號進行對比,根據對比結果確定所述被測終端設備為真實物理終端設備或虛擬終端設備。 A method for detecting the authenticity of a terminal device, characterized in that it is applied to a terminal device under test, the terminal device under test having a sensor and a target detection application, and the method comprises: the terminal device under test generates three or more challenge tasks through the target detection application, the three or more challenge tasks include a first category of tasks and a second category of tasks, the first category of tasks includes at least two identical challenge tasks, and the second category of tasks includes challenge tasks different from the first category of tasks; the terminal device under test generates three or more challenge tasks through the target detection application, the three or more challenge tasks include a first category of tasks and a second category of tasks; the first category of tasks includes at least two identical challenge tasks, and the second category of tasks includes challenge tasks different from the first category of tasks; The terminal device triggers the terminal device under test to execute the three or more challenge tasks through the target detection application, and obtains the response signal corresponding to the challenge task generated by the terminal device under test collected by the sensor; the terminal device under test compares the response signal corresponding to the first type of task with the response signal corresponding to the second type of task through the target detection application, and determines whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison result. 如請求項1所述的方法,其中,所述回應信號包括非相關性資訊,所述非相關性資訊用於表達物理不可克隆函數的特徵;在所述第一類任務對應的所述非相關性資訊之間的差異在預設誤差範圍內,且所述第二類任務對應的所述非相關性資訊與所述第一類任務對應的所述非相關性資訊之間的差異在所述預設誤差範圍外的情況下,所述被測終端設備為真實物理終端設備;在所述第一類任務對應的所述非相關性資訊之間的差異在預設誤差範圍外,和/或,所述第二類任務對應的所述非相關性資訊與所述第一類任務對應的所述非相關性資訊之間的差異在所述預設誤差範圍內的情況下,所述被測終端設備為虛擬終端設備。 A method as described in claim 1, wherein the response signal includes irrelevant information, the irrelevant information is used to express the characteristics of a physical unclonable function; the difference between the irrelevant information corresponding to the first type of task is within a preset error range, and the difference between the irrelevant information corresponding to the second type of task and the irrelevant information corresponding to the first type of task is within the preset error range. When the difference between the irrelevant information corresponding to the first type of task is outside the preset error range, and/or the difference between the irrelevant information corresponding to the second type of task and the irrelevant information corresponding to the first type of task is within the preset error range, the terminal device under test is a virtual terminal device. 如請求項1所述的方法,其中,所述被測終端設備通過所述目標檢測應用基於所述第一類任務對應的所述回應信號和所述第二類 任務對應的所述回應信號進行對比,根據對比結果確定所述被測終端設備為真實物理終端設備或虛擬終端設備,包括:所述被測終端設備獲取影響所述感測器的共有特徵因素;所述被測終端設備根據所述共有特徵因素,分離所述回應信號得到相關性資訊和非相關性資訊,所述相關性資訊根據所述共有特徵因素計算得到,所述非相關性資訊用於表達物理不可克隆函數的特徵;所述被測終端設備對比所述第一類任務對應的所述非相關性資訊,以及,對比所述第一類任務對應的所述非相關性資訊和所述第二類任務對應的所述非相關性資訊,得到對比結果;所述被測終端設備根據所述對比結果,確定所述被測終端設備為真實物理終端設備或虛擬終端設備。 The method of claim 1, wherein the terminal device under test compares the response signal corresponding to the first type of task with the response signal corresponding to the second type of task through the target detection application, and determines whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison result, including: the terminal device under test obtains common characteristic factors affecting the sensor; the terminal device under test separates the response signal according to the common characteristic factors to obtain relevant information and irrelevant information. The relevant information is calculated based on the common characteristic factors, and the irrelevant information is used to express the characteristics of the physical unclonable function; the terminal device under test compares the irrelevant information corresponding to the first type of task, and compares the irrelevant information corresponding to the first type of task with the irrelevant information corresponding to the second type of task to obtain a comparison result; the terminal device under test determines whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison result. 如請求項3所述的方法,其中,在所述被測終端設備根據所述共有特徵因素,分離所述回應信號得到相關性資訊和非相關性資訊之前,還包括:所述被測終端設備對所述回應信號進行通用去噪處理,得到通用去噪處理後的所述回應信號。 As described in claim 3, before the terminal device under test separates the response signal from the relevant information and the irrelevant information according to the common characteristic factors, the method further includes: the terminal device under test performs universal denoising processing on the response signal to obtain the response signal after the universal denoising processing. 如請求項1所述的方法,其中,還包括:在確定多個所述被測終端設備為虛擬終端設備的情況下,所述被測終端設備通過所述目標檢測應用,根據每個所述被測終端設備執行的所述三個以上的挑戰任務對應的所述回應信號,得到多個所述被測終端設備的物理不可克隆函數的特徵;若多個所述被測終端設備的物理不可克隆函數的特徵之間的差異在預設特徵誤差範圍內,所述被測終端設備確定多個所述被測終端設備基於同一雲平台模擬得到。 The method of claim 1, further comprising: when it is determined that the plurality of the tested terminal devices are virtual terminal devices, the tested terminal devices obtain the characteristics of the physical unclonable functions of the plurality of the tested terminal devices through the target detection application according to the response signals corresponding to the three or more challenge tasks executed by each of the tested terminal devices; if the difference between the characteristics of the physical unclonable functions of the plurality of the tested terminal devices is within a preset characteristic error range, the tested terminal device determines that the plurality of the tested terminal devices are simulated based on the same cloud platform. 一種終端設備真實性的檢測方法,其特徵在於,應用於被測終端設備,所述被測終端設備具有感測器和目標檢測應用,所述方法包括: 所述被測終端設備接收所述目標檢測應用的後台伺服器生成並發送的三個以上的挑戰任務,所述三個以上的挑戰任務中包括第一類任務和第二類任務,所述第一類任務包括至少兩個相同的挑戰任務,所述第二類任務包括與所述第一類任務不同的挑戰任務;所述被測終端設備通過所述目標檢測應用觸發所述被測終端設備執行所述三個以上的挑戰任務,並獲取所述感測器採集到的所述被測終端設備產生的與挑戰任務對應的回應信號;所述被測終端設備向所述後台伺服器發送所述回應信號,以使所述後台伺服器基於所述第一類任務對應的所述回應信號和所述第二類任務對應的所述回應信號進行對比,根據對比結果確定所述被測終端設備為真實物理終端設備或虛擬終端設備。 A method for detecting the authenticity of a terminal device, characterized in that it is applied to a terminal device under test, the terminal device under test having a sensor and a target detection application, and the method comprises: the terminal device under test receives three or more challenge tasks generated and sent by a background server of the target detection application, the three or more challenge tasks include a first category of tasks and a second category of tasks, the first category of tasks includes at least two identical challenge tasks, and the second category of tasks includes challenge tasks different from the first category of tasks; the terminal device under test The device triggers the tested terminal device to execute the three or more challenge tasks through the target detection application, and obtains the response signal corresponding to the challenge task generated by the tested terminal device collected by the sensor; the tested terminal device sends the response signal to the background server, so that the background server compares the response signal corresponding to the first type of task with the response signal corresponding to the second type of task, and determines whether the tested terminal device is a real physical terminal device or a virtual terminal device according to the comparison result. 如請求項6所述的方法,其中,所述回應信號包括非相關性資訊,所述非相關性資訊用於表達物理不可克隆函數的特徵,在所述第一類任務對應的所述非相關性資訊之間的差異在預設誤差範圍內,且所述第二類任務對應的所述非相關性資訊與所述第一類任務對應的所述非相關性資訊之間的差異在所述預設誤差範圍外的情況下,所述被測終端設備為真實物理終端設備;在所述第一類任務對應的所述非相關性資訊之間的差異在預設誤差範圍外,和/或,所述第二類任務對應的所述非相關性資訊與所述第一類任務對應的所述非相關性資訊之間的差異在所述預設誤差範圍內的情況下,所述被測終端設備為虛擬終端設備。 A method as described in claim 6, wherein the response signal includes irrelevant information, the irrelevant information is used to express the characteristics of a physical unclonable function, the difference between the irrelevant information corresponding to the first type of task is within a preset error range, and the difference between the irrelevant information corresponding to the second type of task and the irrelevant information corresponding to the first type of task is within the preset error range. When the difference between the irrelevant information corresponding to the first type of task is outside the preset error range, and/or the difference between the irrelevant information corresponding to the second type of task and the irrelevant information corresponding to the first type of task is within the preset error range, the terminal device under test is a virtual terminal device. 如請求項6所述的方法,其中,所述回應信號由所述後台伺服器分離為相關性資訊和非相關性資訊,所述相關性資訊由所述後台伺服器根據所述感測器的共有特徵因素計算得到,體現一類所述感測器所受到的共有特徵因素的影響,所述非相關性資訊用於表達物理不可克隆函數的特徵,在所述感測器包括磁力感測器的情況下,所述相關性資訊包括根據所述被測終端設備的地理位置計算得到所 述被測終端設備位於該地理位置的地磁資訊;所述對比結果由所述後台伺服器對比所述第一類任務對應的所述非相關性資訊,以及,對比所述第一類任務對應的所述非相關性資訊和所述第二類任務對應的所述非相關性資訊得到。 As described in claim 6, the response signal is separated into relevant information and irrelevant information by the background server, the relevant information is calculated by the background server according to the common characteristic factors of the sensors, reflecting the influence of the common characteristic factors on a class of the sensors, the irrelevant information is used to express the characteristics of the physical unclonable function, and when the sensor includes a magnetic sensor, the relevant information includes the geomagnetic information of the tested terminal device at the geographical location calculated according to the geographical location of the tested terminal device; the comparison result is obtained by the background server comparing the irrelevant information corresponding to the first type of tasks, and comparing the irrelevant information corresponding to the first type of tasks with the irrelevant information corresponding to the second type of tasks. 如請求項8所述的方法,其中,被分離為所述相關性資訊和所述非相關性資訊的所述回應信號為由所述後台伺服器進行通用去噪處理後的所述回應信號。 The method as claimed in claim 8, wherein the response signal separated into the relevant information and the irrelevant information is the response signal after general denoising processing is performed by the background server. 如請求項6所述的方法,其中,在確定多個所述被測終端設備為虛擬終端設備的情況下,若多個所述被測終端設備的物理不可克隆函數的特徵之間的差異在預設特徵誤差範圍內,則多個所述被測終端設備基於同一雲平台模擬得到,物理不可克隆函數的特徵由後台伺服器根據多個所述被測終端設備執行的所述三個以上的挑戰任務對應的所述回應信號得到。 The method of claim 6, wherein, when it is determined that the plurality of the tested terminal devices are virtual terminal devices, if the difference between the characteristics of the physical unclonable function of the plurality of the tested terminal devices is within a preset characteristic error range, the plurality of the tested terminal devices are simulated based on the same cloud platform, and the characteristics of the physical unclonable function are obtained by the background server according to the response signals corresponding to the three or more challenge tasks executed by the plurality of the tested terminal devices. 一種終端設備真實性的檢測方法,其特徵在於,應用於目標檢測應用的後台伺服器,被測終端設備具有感測器和所述目標檢測應用,所述方法包括:所述後台伺服器生成並向所述被測終端設備發送三個以上的挑戰任務,所述三個以上的挑戰任務中包括第一類任務和第二類任務,所述第一類任務包括至少兩個相同的挑戰任務,所述第二類任務包括與所述第一類任務不同的挑戰任務;所述後台伺服器接收所述被測終端設備發送的回應信號,所述回應信號由所述感測器在所述目標檢測應用觸發所述被測終端設備執行所述三個以上的挑戰任務的情況下採集得到;所述後台伺服器基於所述第一類任務對應的所述回應信號和所述第二類任務對應的所述回應信號進行對比,根據對比結果確定所述被測終端設備為真實物理終端設備或虛擬終端設備。 A method for detecting the authenticity of a terminal device, characterized in that the method is applied to a background server of a target detection application, and the terminal device under test has a sensor and the target detection application. The method comprises: the background server generates and sends three or more challenge tasks to the terminal device under test, wherein the three or more challenge tasks include a first category of tasks and a second category of tasks, wherein the first category of tasks includes at least two identical challenge tasks, and the second category of tasks includes at least two different challenge tasks from the first category of tasks. The backend server receives a response signal sent by the tested terminal device, and the response signal is collected by the sensor when the target detection application triggers the tested terminal device to execute the three or more challenge tasks; the backend server compares the response signal corresponding to the first type of task with the response signal corresponding to the second type of task, and determines whether the tested terminal device is a real physical terminal device or a virtual terminal device according to the comparison result. 如請求項11所述的方法,其中,所述回應信號包括非 相關性資訊,所述非相關性資訊用於表達物理不可克隆函數的特徵;在所述第一類任務對應的所述非相關性資訊之間的差異在預設誤差範圍內,且所述第二類任務對應的所述非相關性資訊與所述第一類任務對應的所述非相關性資訊之間的差異在所述預設誤差範圍外的情況下,所述被測終端設備為真實物理終端設備;在所述第一類任務對應的所述非相關性資訊之間的差異在預設誤差範圍外,和/或,所述第二類任務對應的所述非相關性資訊與所述第一類任務對應的所述非相關性資訊之間的差異在所述預設誤差範圍內的情況下,所述被測終端設備為虛擬終端設備。 The method of claim 11, wherein the response signal includes non-correlated information, the non-correlated information is used to express the characteristics of the physical unclonable function; the difference between the non-correlated information corresponding to the first type of task is within a preset error range, and the difference between the non-correlated information corresponding to the second type of task and the non-correlated information corresponding to the first type of task is within the preset error range. When the difference between the irrelevant information corresponding to the first type of task is outside the preset error range, and/or the difference between the irrelevant information corresponding to the second type of task and the irrelevant information corresponding to the first type of task is within the preset error range, the terminal device under test is a virtual terminal device. 如請求項11所述的方法,其中,所述後台伺服器基於所述第一類任務對應的所述回應信號和所述第二類任務對應的所述回應信號進行對比,根據對比結果確定所述被測終端設備為真實物理終端設備或虛擬終端設備,包括:所述後台伺服器獲取影響所述感測器的共有特徵因素;所述後台伺服器根據所述共有特徵因素,分離所述回應信號得到相關性資訊和非相關性資訊,所述相關性資訊根據所述共有特徵因素計算得到,體現一類所述感測器所受到的共有特徵因素的影響,所述非相關性資訊用於表達物理不可克隆函數的特徵,在所述感測器包括磁力感測器的情況下,所述相關性資訊包括根據所述被測終端設備的地理位置計算得到所述被測終端設備位於該地理位置的地磁資訊;所述後台伺服器對比所述第一類任務對應的所述非相關性資訊,以及,對比所述第一類任務對應的所述非相關性資訊和所述第二類任務對應的所述非相關性資訊,得到對比結果;所述後台伺服器根據所述對比結果,確定所述被測終端設備為真實物理終端設備或虛擬終端設備。 The method as claimed in claim 11, wherein the background server compares the response signal corresponding to the first type of task with the response signal corresponding to the second type of task, and determines whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison result, including: the background server obtains the common characteristic factors affecting the sensor; the background server separates the response signal according to the common characteristic factors to obtain relevant information and irrelevant information, the relevant information is calculated according to the common characteristic factors, and reflects the influence of the common characteristic factors on a type of the sensor; The non-relevant information is used to express the characteristics of the physical non-clonable function. When the sensor includes a magnetic sensor, the relevant information includes the geomagnetic information of the terminal device under test at the geographical location calculated according to the geographical location of the terminal device under test; the background server compares the non-relevant information corresponding to the first type of task, and compares the non-relevant information corresponding to the first type of task with the non-relevant information corresponding to the second type of task to obtain a comparison result; the background server determines whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison result. 如請求項13所述的方法,其中,在所述後台伺服器根據所述共有特徵因素,分離所述回應信號得到相關性資訊和非相關性資訊 之前,還包括:所述後台伺服器對所述回應信號進行通用去噪處理,得到通用去噪處理後的所述回應信號。 As described in claim 13, before the background server separates the response signal into relevant information and irrelevant information based on the common characteristic factors, it also includes: the background server performs universal denoising processing on the response signal to obtain the response signal after universal denoising processing. 如請求項11所述的方法,其中,還包括:在確定多個所述被測終端設備為虛擬終端設備的情況下,所述後台伺服器根據每個所述被測終端設備執行的所述三個以上的挑戰任務對應的所述回應信號,得到多個所述被測終端設備的物理不可克隆函數的特徵;若多個所述被測終端設備的物理不可克隆函數的特徵之間的差異在預設特徵誤差範圍內,確定多個所述被測終端設備基於同一雲平台模擬得到。 The method of claim 11, further comprising: when it is determined that the plurality of the tested terminal devices are virtual terminal devices, the backend server obtains the characteristics of the physical unclonable function of the plurality of the tested terminal devices according to the response signals corresponding to the three or more challenge tasks executed by each of the tested terminal devices; if the difference between the characteristics of the physical unclonable function of the plurality of the tested terminal devices is within a preset characteristic error range, it is determined that the plurality of the tested terminal devices are simulated based on the same cloud platform. 一種終端設備真實性的檢測裝置,其特徵在於,應用於被測終端設備,所述被測終端設備具有感測器和目標檢測應用,所述檢測裝置包括:挑戰任務生成模組,用於生成三個以上的挑戰任務,所述三個以上的挑戰任務中包括第一類任務和第二類任務,所述第一類任務包括至少兩個相同的挑戰任務,所述第二類任務包括與所述第一類任務不同的挑戰任務;資訊收集模組,用於觸發所述被測終端設備執行所述三個以上的挑戰任務,並獲取所述感測器採集到的所述被測終端設備產生的與挑戰任務對應的回應信號;資料處理模組,用於基於所述第一類任務對應的所述回應信號和所述第二類任務對應的所述回應信號進行對比,根據對比結果確定所述被測終端設備為真實物理終端設備或虛擬終端設備。 A detection device for detecting the authenticity of a terminal device, characterized in that it is applied to a terminal device under test, the terminal device under test has a sensor and a target detection application, and the detection device comprises: a challenge task generation module, which is used to generate more than three challenge tasks, the more than three challenge tasks include a first category of tasks and a second category of tasks, the first category of tasks includes at least two identical challenge tasks, and the second category of tasks includes challenges different from the first category of tasks. Task; an information collection module, used to trigger the terminal device under test to execute the three or more challenge tasks, and obtain the response signal corresponding to the challenge task generated by the terminal device under test collected by the sensor; a data processing module, used to compare the response signal corresponding to the first type of task with the response signal corresponding to the second type of task, and determine whether the terminal device under test is a real physical terminal device or a virtual terminal device based on the comparison result. 一種終端設備真實性的檢測裝置,其特徵在於,應用於被測終端設備,所述被測終端設備具有感測器和目標檢測應用,所述檢測裝置包括:接收模組,用於接收所述目標檢測應用的後台伺服器生成並發送的三個以上的挑戰任務,所述三個以上的挑戰任務中包括第一類任務和第二類任務,所述第一類任務包括至少兩個相同的挑戰任務,所述第二類任務包 括與所述第一類任務不同的挑戰任務;資訊收集模組,用於觸發所述被測終端設備執行所述三個以上的挑戰任務,並獲取所述感測器採集到的所述被測終端設備產生的與挑戰任務對應的回應信號;發送模組,用於向所述後台伺服器發送所述回應信號,以使所述後台伺服器基於所述第一類任務對應的所述回應信號和所述第二類任務對應的所述回應信號進行對比,根據對比結果確定所述被測終端設備為真實物理終端設備或虛擬終端設備。 A terminal device authenticity detection device is characterized in that it is applied to a terminal device under test, the terminal device under test has a sensor and a target detection application, and the detection device comprises: a receiving module, which is used to receive more than three challenge tasks generated and sent by a background server of the target detection application, wherein the more than three challenge tasks include a first category of tasks and a second category of tasks, the first category of tasks includes at least two identical challenge tasks, and the second category of tasks includes challenge tasks different from the first category of tasks; The signal collection module is used to trigger the terminal device under test to execute the three or more challenge tasks and obtain the response signal corresponding to the challenge task generated by the terminal device under test collected by the sensor; the sending module is used to send the response signal to the background server, so that the background server compares the response signal corresponding to the first type of task with the response signal corresponding to the second type of task, and determines whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison result. 一種終端設備真實性的檢測裝置,其特徵在於,應用於目標檢測應用的後台伺服器,被測終端設備具有感測器和所述目標檢測應用,所述檢測裝置包括:挑戰任務生成模組,用於生成三個以上的挑戰任務,所述三個以上的挑戰任務中包括第一類任務和第二類任務,所述第一類任務包括至少兩個相同的挑戰任務,所述第二類任務包括與所述第一類任務不同的挑戰任務;發送模組,用於向所述被測終端設備發送所述三個以上的挑戰任務;接收模組,用於接收所述被測終端設備發送的回應信號,所述回應信號由所述感測器在所述目標檢測應用觸發所述被測終端設備執行所述三個以上的挑戰任務的情況下採集得到;資料處理模組,用於基於所述第一類任務對應的所述回應信號和所述第二類任務對應的所述回應信號進行對比,根據對比結果確定所述被測終端設備為真實物理終端設備或虛擬終端設備。 A detection device for detecting the authenticity of a terminal device, characterized in that it is applied to a background server of a target detection application, the terminal device under test has a sensor and the target detection application, and the detection device comprises: a challenge task generation module, used to generate more than three challenge tasks, the more than three challenge tasks include a first category of tasks and a second category of tasks, the first category of tasks includes at least two identical challenge tasks, and the second category of tasks includes challenge tasks different from the first category of tasks; a sending module, used to send the challenge tasks to the terminal under test; The device sends the three or more challenge tasks; the receiving module is used to receive the response signal sent by the terminal device under test, and the response signal is collected by the sensor when the target detection application triggers the terminal device under test to execute the three or more challenge tasks; the data processing module is used to compare the response signal corresponding to the first type of task with the response signal corresponding to the second type of task, and determine whether the terminal device under test is a real physical terminal device or a virtual terminal device according to the comparison result. 一種終端設備,其特徵在於,包括:處理器以及存儲有電腦程式指令的記憶體;所述處理器執行所述電腦程式指令時實現如請求項1至5中任意一項所述的終端設備真實性的檢測方法。 A terminal device, characterized in that it includes: a processor and a memory storing computer program instructions; when the processor executes the computer program instructions, the method for detecting the authenticity of the terminal device as described in any one of claims 1 to 5 is implemented. 一種終端設備,其特徵在於,包括:處理器以及存儲有電腦程式指令的記憶體; 所述處理器執行所述電腦程式指令時實現如請求項6至10中任意一項所述的終端設備真實性的檢測方法。 A terminal device, characterized in that it includes: a processor and a memory storing computer program instructions; When the processor executes the computer program instructions, the method for detecting the authenticity of the terminal device as described in any one of claims 6 to 10 is implemented. 一種伺服器,其特徵在於,包括:處理器以及存儲有電腦程式指令的記憶體;所述處理器執行所述電腦程式指令時實現如請求項11至15中任意一項所述的終端設備真實性的檢測方法。 A server, characterized in that it includes: a processor and a memory storing computer program instructions; when the processor executes the computer program instructions, the method for detecting the authenticity of the terminal device as described in any one of claim items 11 to 15 is implemented. 一種終端設備真實性的檢測系統,其特徵在於,包括如請求項20所述的終端設備和如請求項21所述的伺服器。 A terminal device authenticity detection system, characterized in that it includes the terminal device as described in claim 20 and the server as described in claim 21. 一種電腦可讀存儲介質,其特徵在於,所述電腦可讀存儲介質上存儲有電腦程式指令,所述電腦程式指令被處理器執行時實現如請求項1至15中任意一項所述的終端設備真實性的檢測方法。 A computer-readable storage medium, characterized in that a computer program instruction is stored on the computer-readable storage medium, and when the computer program instruction is executed by a processor, a method for detecting the authenticity of a terminal device as described in any one of claims 1 to 15 is implemented.
TW113113860A 2023-08-09 2024-04-12 Terminal device authenticity detection method, device, equipment, system and medium TWI880712B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202311002733.4A CN117034243A (en) 2023-08-09 2023-08-09 Method, device, equipment, system and medium for detecting authenticity of terminal equipment
CN2023110027334 2023-08-09

Publications (2)

Publication Number Publication Date
TW202507541A TW202507541A (en) 2025-02-16
TWI880712B true TWI880712B (en) 2025-04-11

Family

ID=88631222

Family Applications (1)

Application Number Title Priority Date Filing Date
TW113113860A TWI880712B (en) 2023-08-09 2024-04-12 Terminal device authenticity detection method, device, equipment, system and medium

Country Status (3)

Country Link
CN (1) CN117034243A (en)
TW (1) TWI880712B (en)
WO (1) WO2025030864A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117034243A (en) * 2023-08-09 2023-11-10 中国银联股份有限公司 Method, device, equipment, system and medium for detecting authenticity of terminal equipment
CN119004437B (en) * 2024-07-25 2025-10-21 中国银联股份有限公司 Terminal device authenticity detection method, device, equipment and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170024500A1 (en) * 2015-07-21 2017-01-26 Tata Elxsi Limited System and method for enhanced emulation of connected vehicle applications
CN108229975A (en) * 2017-12-29 2018-06-29 珠海市君天电子科技有限公司 Method, terminal device and the computer readable storage medium of terminal authentication
TW202011273A (en) * 2018-09-03 2020-03-16 優票股份有限公司 Electronic Ticket Admission Verification Anti-Counterfeiting System and Method Thereof

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130187764A1 (en) * 2012-01-20 2013-07-25 Alien Technology Corporation Dynamic analog authentication
DE102012219112A1 (en) * 2012-10-19 2014-04-24 Siemens Aktiengesellschaft Use of a PUF for checking an authentication, in particular for protection against unauthorized access to a function of an IC or control unit
US11211140B1 (en) * 2019-09-24 2021-12-28 Facebook Technologies, Llc Device authentication based on inconsistent responses
KR102325988B1 (en) * 2020-02-28 2021-11-12 이화여자대학교 산학협력단 Authentication method and apparatus of user terminal using physical unclonable function
CN114039732B (en) * 2021-11-08 2024-01-19 中国人民解放军国防科技大学 Physical layer authentication method, system, equipment and computer readable storage medium
CN117034243A (en) * 2023-08-09 2023-11-10 中国银联股份有限公司 Method, device, equipment, system and medium for detecting authenticity of terminal equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170024500A1 (en) * 2015-07-21 2017-01-26 Tata Elxsi Limited System and method for enhanced emulation of connected vehicle applications
CN108229975A (en) * 2017-12-29 2018-06-29 珠海市君天电子科技有限公司 Method, terminal device and the computer readable storage medium of terminal authentication
TW202011273A (en) * 2018-09-03 2020-03-16 優票股份有限公司 Electronic Ticket Admission Verification Anti-Counterfeiting System and Method Thereof

Also Published As

Publication number Publication date
TW202507541A (en) 2025-02-16
CN117034243A (en) 2023-11-10
WO2025030864A1 (en) 2025-02-13

Similar Documents

Publication Publication Date Title
TWI880712B (en) Terminal device authenticity detection method, device, equipment, system and medium
CN107391359B (en) Service testing method and device
CN110298662B (en) Automatic detection method and device for transaction repeated submission
CN106789844B (en) Malicious user identification method and device
CN108763071A (en) A kind of webpage test method and terminal device
TW202032454A (en) Risk identification-based account transfer request processing method and device
CN111383651A (en) Voice noise reduction method and device and terminal equipment
CN112506798B (en) Performance test method and device for blockchain platform, terminal and storage medium
CN109145651B (en) Data processing method and device
CN105704133A (en) Data synchronization method, terminal and server
CN107154930B (en) Method and system for testing vulnerability
CN118035986A (en) Security compliance detection method and device, electronic equipment and storage medium
CN111639033B (en) Software security threat analysis method and system
CN113553202B (en) Verification method, device and storage medium for combined message sequence
CN117215924A (en) Test data generation method, device, equipment and storage medium
CN105389205B (en) A kind of information processing method and electronic equipment
CN112688947B (en) Internet-based intelligent monitoring method and system for network communication information
CN114637684A (en) Application program identification method and device, electronic equipment and storage medium
CN116340127A (en) A method and device for interface testing
CN115766293A (en) Risk file detection method and device, electronic equipment and storage medium
CN112822164A (en) Method, system and related products for securely accessing data in big data system
CN119996257B (en) Chip performance evaluation method, device, equipment and storage medium
CN119442224B (en) Data leakage disposal method and device, storage medium and electronic equipment
CN113962715B (en) Comment method and device for information page, computer equipment and readable storage medium
US9473440B1 (en) Hyperlink validation