[go: up one dir, main page]

WO2012109985A1 - Java-based mobile terminal authentication system and method, server and terminal - Google Patents

Java-based mobile terminal authentication system and method, server and terminal Download PDF

Info

Publication number
WO2012109985A1
WO2012109985A1 PCT/CN2012/071155 CN2012071155W WO2012109985A1 WO 2012109985 A1 WO2012109985 A1 WO 2012109985A1 CN 2012071155 W CN2012071155 W CN 2012071155W WO 2012109985 A1 WO2012109985 A1 WO 2012109985A1
Authority
WO
WIPO (PCT)
Prior art keywords
identification code
mobile terminal
mapping data
authentication
authentication server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2012/071155
Other languages
French (fr)
Chinese (zh)
Inventor
郑瑜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huizhou TCL Mobile Communication Co Ltd
Original Assignee
Huizhou TCL Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huizhou TCL Mobile Communication Co Ltd filed Critical Huizhou TCL Mobile Communication Co Ltd
Publication of WO2012109985A1 publication Critical patent/WO2012109985A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present invention relates to the field of mobile communication technologies, and in particular, to a JAVA-based mobile terminal authentication system and method, a server, and a terminal.
  • the mobile phone will have an international mobile equipment identification code (International Mobile Equipment).
  • Identity Number International Mobile Equipment
  • IMEI International Mobile Equipment
  • the JAVA application needs the IMEI number of the mobile phone for legality authentication and user number statistics.
  • the IMEI number itself is a publicly available message on a mobile device that is simple in format and easy to copy in large quantities. Therefore, the IMEI is directly based on the basis of authentication and business statistics. There are inherent technical defects, and neither legal nor commercial can directly be used as the statistical basis for litigation.
  • the technical problem to be solved by the present invention is to provide a JAVA-based mobile terminal authentication system and method, a server and a terminal, so as to implement authentication of a JAVA-based mobile terminal and avoid illegal access of a JAVA-based mobile terminal.
  • the technical solution adopted by the present invention to solve the technical problem is to provide a JAVA-based mobile terminal authentication system, the system comprising at least one mobile terminal, and an authentication server.
  • the mobile terminal acquires an identification code of the mobile terminal by using an internal JAVA program, encrypts the identification code according to an encryption algorithm, generates mapping data, and uses the JAVA program to map the identification code and the mapping Data is sent to the authentication server;
  • the authentication server receives the identification code and the mapping data, and determines whether the identification code is an identification code in the database on the authentication server that meets the authorization range, and if so, encrypts the identification code, if Encrypting obtains the same mapping data as the received mapping data, and notifying the mobile terminal to pass authentication authentication.
  • the identifier is an IMEI number of the mobile terminal.
  • the length of the mapping data is greater than or equal to the length of the identification code.
  • the authentication server does not store the same identification code, or encrypts the identification code, and cannot generate the same mapping data as the received mapping data, it determines that the authentication fails, and records the failed authentication. Identification code.
  • the technical solution adopted by the present invention to solve the technical problem is to provide a mobile terminal, where the terminal includes:
  • An identifier obtaining module configured to acquire an identifier of the mobile terminal by using an internal JAVA program thereof;
  • a first encryption module configured to encrypt the identification code according to an encryption algorithm to generate mapping data
  • a sending module configured to send the identifier and the mapping data to the authentication server by using the JAVA program.
  • the identifier is an IMEI number of the mobile terminal.
  • the technical solution adopted by the present invention to solve the technical problem is to provide an authentication server, where the server includes:
  • a receiving module configured to receive an identifier and mapping data from a JAVA-based mobile terminal
  • a determining module configured to determine whether the identification code is an identification code in the database on the authentication server that meets an authorization range
  • a second encryption module configured to encrypt the identifier when the identifier is an identifier of an authorized range in the database on the authentication server;
  • the determining module determines whether the second encryption module can encrypt the same mapping data as the received mapping data
  • the notification module is configured to notify the mobile terminal to pass the authentication when the second encryption module can encrypt the same mapping data as the received mapping data.
  • the server further includes:
  • An information recording module configured to: when the identification code does not belong to an identifier of an authorized range in a database on the authentication server, or the second encryption module cannot encrypt the same mapping data as the received mapping data, record the The identification code of the mobile terminal.
  • the technical solution adopted by the present invention to solve the technical problem is to provide a JAVA-based mobile terminal authentication method, and the method includes the following steps:
  • the mobile terminal acquires the identification code of the mobile terminal through its internal JAVA program, encrypts the identification code according to an encryption algorithm, generates mapping data, and uses the JAVA program to set the identification code and the mapping data. Sent to the authentication server;
  • the authentication server receives the identification code and the mapping data, and determines whether the identification code is an identification code in the database on the authentication server that meets the authorization range, and if so, encrypts the identification code, if Encrypting obtains the same mapping data as the received mapping data, and notifying the mobile terminal to pass authentication authentication.
  • the method further comprises the following steps:
  • the identification code does not belong to the identification code in the database on the authentication server that meets the authorization range, or the same mapping data as the received mapping data cannot be encrypted, it is determined that the authentication fails, and the identification of the unauthenticated authentication is recorded. code.
  • the mobile terminal encrypts the identification code, generates mapping data, and sends the identification code and the mapping data to the authentication server, and the authentication server first determines whether the identification code belongs to the database in the authentication server and meets the authorization scope.
  • the identification code if it belongs, encrypts the identification code according to a predetermined algorithm, determines whether the same mapping data as the received mapping data can be encrypted, and if so, determines that the mobile terminal passes the authentication, and the present invention is extremely The legitimacy of authenticating the mobile terminal identification code is improved, and the illegal access of the JAVA-based mobile terminal is avoided.
  • FIG. 1 is a schematic structural diagram of a JAVA-based mobile terminal authentication system according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a JAVA system of a mobile terminal according to an embodiment of the present invention
  • FIG. 3 is a flowchart of a JAVA-based mobile terminal authentication method according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a mobile terminal according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of an authentication server according to an embodiment of the present invention.
  • FIG. 1 shows a structure of a JAVA-based mobile terminal authentication system according to an embodiment of the present invention.
  • the system includes at least one mobile terminal 11 and an authentication server 12.
  • the mobile terminal 11 obtains the identification code of the mobile terminal 11 through its internal JAVA program.
  • the present invention takes the identification code as the IMEI number as an example, and may of course be other identification codes, which are not enumerated here.
  • the mobile terminal 11 encrypts the identification code, generates mapping data, and transmits the identification code and the mapping data to the authentication server 12 through the JAVA program.
  • the length of the mapping data is greater than or equal to the length of the identification code.
  • the authentication server 12 receives the identification code and the mapping data, and determines whether the identification code is an identification code in the database on the authentication server 12 that meets the authorization range. If yes, the identification code is encrypted, if it can be encrypted. Obtaining the same mapping data as the received mapping data, notifying the mobile terminal to pass the authentication authentication, if not, determining that the authentication has not passed, and recording the identification code that has not passed the authentication.
  • the mobile terminal 11 is a mobile phone, and may of course be other mobile devices, which are not enumerated here.
  • the mobile terminal 11 stores an encryption algorithm F (IMEI, which has a reversible operation. y), whose input parameters are the IMEI number (ie the identification code) and an optional key y.
  • the strength of the key y and the encryption algorithm F together determine the degree of confidentiality.
  • the JAVA application inside the mobile terminal 11 extracts the IMEI number from the mobile terminal platform, and the mobile terminal platform reads the IMEI number of the mobile terminal from its own memory, and performs an operation on the IMEI number to obtain Map data X.
  • the mobile terminal platform then returns the IMEI+X to the JAVA application.
  • the JAVA application transmits the IMEI+X to the authentication server 12 as a whole.
  • the working principle of the authentication server 12 provided by the embodiment of the present invention is described as follows:
  • the authentication server 12 receives the identification code and mapping data transmitted by the mobile terminal 11 through the JAVA application.
  • the IMEI number is false, so the authentication fails, and the response to the mobile terminal is not passed, according to the service deployment. If the authentication system requires it, record the IMEI number for which the authentication failed.
  • FIG. 3 is a flowchart of a JAVA-based mobile terminal authentication method according to an embodiment of the present invention.
  • step S301 an authentication server and at least one mobile terminal are provided.
  • step S302 the mobile terminal acquires the identification code of the mobile terminal through its internal JAVA program.
  • step S303 the mobile terminal encrypts the identification code, generates mapping data, and transmits the identification code and the mapping data to the authentication server through the JAVA program.
  • step S304 the authentication server receives the identification code and the mapping data, and determines whether the identification code is an identification code in the database on the authentication server that meets the authorization range. If yes, step S305 is performed; otherwise, step S307 is performed.
  • step S305 the authentication server encrypts the identification code to determine whether the same mapping data can be encrypted, and if yes, proceeds to step S306, otherwise proceeds to step S307.
  • step S306 authentication is authenticated.
  • step S307 it is determined that the authentication has not passed, and the identification code that has not passed the authentication is recorded.
  • the length of the mapping data is greater than or equal to the length of the identification code.
  • the mobile terminal is a mobile phone, and of course, other terminal devices, which are not enumerated here.
  • FIG. 4 shows the structure of a mobile terminal provided by an embodiment of the present invention.
  • the identifier acquisition module 41 acquires the identification code of the mobile terminal through its internal JAVA program.
  • the first encryption module 42 encrypts the identification code according to an encryption algorithm to generate mapping data.
  • the sending module 43 sends the identification code and the mapping data to the authentication server through the JAVA program.
  • the identification code is an IMEI number of the mobile terminal.
  • FIG. 5 shows the structure of an authentication server provided by an embodiment of the present invention.
  • the receiving module 51 receives the to-be-authenticated data string from the JAVA-based mobile terminal.
  • the data to be authenticated refers to the identification code and mapping data sent by the mobile terminal to the receiving module 51.
  • the determining module 52 determines whether the identification code is an identification code in the database on the authentication server that meets the authorization range.
  • the second encryption module 53 encrypts the identification code, and the determining module 52 determines whether the second encryption module can encrypt the same mapping. data.
  • the notification module 54 notifies the mobile terminal to pass the authentication.
  • the information recording module 55 records the mobile terminal. Identifier.
  • the invention greatly improves the legality of authenticating the identification code of the mobile terminal, avoids the illegal access of the mobile terminal based on JAVA, and is beneficial to the promotion of mobile terminals such as mobile phones.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

The present invention provides a Java-based mobile terminal authentication system and method, server, and terminal. The mobile terminal obtains its own identity number via the internal Java program, encrypts the identity number according to an encryption algorithm, generates mapping data, and sends the identity number and the mapping data to the authentication server via the Java program; the authentication server receives the identity number and the mapping data and determines whether the identity number conforms to the authorization range of the database on the authentication server; an identity number which does so conform is then encrypted, and if the mapping data obtained through encryption is the same as the received mapping data, the mobile terminal is then notified of an authentication success. The present invention increases the legitimacy of mobile terminal identity number authentication, and avoids illegal access by a Java-based mobile terminal.

Description

基于JAVA的移动终端鉴权系统和方法、服务器及终端 JAVA-based mobile terminal authentication system and method, server and terminal

【技术领域】[Technical Field]

本发明涉及移动通信技术领域,特别涉及基于JAVA的移动终端鉴权系统和方法、服务器及终端。 The present invention relates to the field of mobile communication technologies, and in particular, to a JAVA-based mobile terminal authentication system and method, a server, and a terminal.

【背景技术】 【Background technique】

随着移动终端技术的不断普及,用户对移动终端功能的要求也越来越高。With the continuous popularization of mobile terminal technologies, users have increasingly higher requirements for mobile terminal functions.

以手机为例,手机都会有国际移动装备辨识码(International Mobile Equipment Identity number,IMEI),因为IMEI被3GPP组织设计成移动设备的唯一标识码,因此,JAVA应用需要手机的IMEI号进行使用合法性鉴权和用户数统计。Taking a mobile phone as an example, the mobile phone will have an international mobile equipment identification code (International Mobile Equipment). Identity Number, IMEI), because IMEI is designed by the 3GPP organization as the unique identification code of the mobile device, therefore, the JAVA application needs the IMEI number of the mobile phone for legality authentication and user number statistics.

但是, IMEI号本身是一个位于移动设备上的公开的信息,格式简单,便于被大批量的复制。因此,将IMEI直接作为鉴权依据和商业计数统计的基础有先天的技术缺陷,且法律和商业上都不能直接作为诉讼的数据统计依据。 but, The IMEI number itself is a publicly available message on a mobile device that is simple in format and easy to copy in large quantities. Therefore, the IMEI is directly based on the basis of authentication and business statistics. There are inherent technical defects, and neither legal nor commercial can directly be used as the statistical basis for litigation.

如何提高对移动终端辨识码进行鉴权的合法性,避免基于JAVA的移动终端的非法接入,是移动终端技术领域研究的方向之一。How to improve the legality of authenticating the mobile terminal identification code and avoid the illegal access of the mobile terminal based on JAVA is one of the research directions in the field of mobile terminal technology.

【发明内容】 [Summary of the Invention]

本发明所要解决的技术问题是提供基于JAVA的移动终端鉴权系统和方法、服务器及终端,以实现对基于JAVA的移动终端进行鉴权,避免基于JAVA的移动终端的非法接入。The technical problem to be solved by the present invention is to provide a JAVA-based mobile terminal authentication system and method, a server and a terminal, so as to implement authentication of a JAVA-based mobile terminal and avoid illegal access of a JAVA-based mobile terminal.

本发明为解决技术问题而采用的技术方案是提供一种基于JAVA的移动终端鉴权系统,所述系统包括至少一个的移动终端,还包括鉴权服务器,The technical solution adopted by the present invention to solve the technical problem is to provide a JAVA-based mobile terminal authentication system, the system comprising at least one mobile terminal, and an authentication server.

所述移动终端,通过其内部的JAVA程序获取所述移动终端的识别码,将所述识别码按照加密算法进行加密,生成映射数据,并通过所述JAVA程序将所述识别码和所述映射数据发送至所述鉴权服务器;The mobile terminal acquires an identification code of the mobile terminal by using an internal JAVA program, encrypts the identification code according to an encryption algorithm, generates mapping data, and uses the JAVA program to map the identification code and the mapping Data is sent to the authentication server;

所述鉴权服务器,接收所述识别码和所述映射数据,判断所述识别码是否为鉴权服务器上数据库中符合授权范围的识别码,若是,则对所述识别码进行加密,若能加密得到与接收到的映射数据相同的映射数据,则通知所述移动终端通过鉴权认证。The authentication server receives the identification code and the mapping data, and determines whether the identification code is an identification code in the database on the authentication server that meets the authorization range, and if so, encrypts the identification code, if Encrypting obtains the same mapping data as the received mapping data, and notifying the mobile terminal to pass authentication authentication.

其中,所述识别码为所述移动终端的IMEI号。The identifier is an IMEI number of the mobile terminal.

其中,所述映射数据的长度大于或者等于所述识别码的长度。The length of the mapping data is greater than or equal to the length of the identification code.

其中,若所述鉴权服务器没有存储同样的识别码,或者对所述识别码进行加密,不能生成与接收到的映射数据相同的映射数据,则判定鉴权未通过,记录该未通过鉴权的识别码。If the authentication server does not store the same identification code, or encrypts the identification code, and cannot generate the same mapping data as the received mapping data, it determines that the authentication fails, and records the failed authentication. Identification code.

本发明为解决技术问题而采用的技术方案是提供一种移动终端,所述终端包括:The technical solution adopted by the present invention to solve the technical problem is to provide a mobile terminal, where the terminal includes:

识别码获取模块,用于通过其内部的JAVA程序获取所述移动终端的识别码;An identifier obtaining module, configured to acquire an identifier of the mobile terminal by using an internal JAVA program thereof;

第一加密模块,用于将所述识别码按照加密算法进行加密,生成映射数据;a first encryption module, configured to encrypt the identification code according to an encryption algorithm to generate mapping data;

发送模块,用于通过所述JAVA程序将所述识别码和所述映射数据发送至鉴权服务器。 And a sending module, configured to send the identifier and the mapping data to the authentication server by using the JAVA program.

其中,所述识别码为所述移动终端的IMEI号。The identifier is an IMEI number of the mobile terminal.

本发明为解决技术问题而采用的技术方案是提供一种鉴权服务器,所述服务器包括:The technical solution adopted by the present invention to solve the technical problem is to provide an authentication server, where the server includes:

接收模块,用于接收来自基于JAVA的移动终端的识别码和映射数据;a receiving module, configured to receive an identifier and mapping data from a JAVA-based mobile terminal;

判断模块,用于判断所述识别码是否为鉴权服务器上数据库中符合授权范围的识别码;a determining module, configured to determine whether the identification code is an identification code in the database on the authentication server that meets an authorization range;

第二加密模块,用于在所述识别码为鉴权服务器上数据库中符合授权范围的识别码时,对所述识别码进行加密;a second encryption module, configured to encrypt the identifier when the identifier is an identifier of an authorized range in the database on the authentication server;

所述判断模块,判断所述第二加密模块是否能加密得到与接收到的映射数据相同的映射数据;The determining module determines whether the second encryption module can encrypt the same mapping data as the received mapping data;

通知模块,用于在所述第二加密模块能加密得到与接收到的映射数据相同的映射数据时,通知所述移动终端通过鉴权认证。The notification module is configured to notify the mobile terminal to pass the authentication when the second encryption module can encrypt the same mapping data as the received mapping data.

其中,所述服务器还包括:The server further includes:

信息记录模块,用于在所述识别码不属于鉴权服务器上数据库中符合授权范围的识别码,或者第二加密模块不能加密得到与接收到的映射数据相同的映射数据时,记录所述来自移动终端的识别码。An information recording module, configured to: when the identification code does not belong to an identifier of an authorized range in a database on the authentication server, or the second encryption module cannot encrypt the same mapping data as the received mapping data, record the The identification code of the mobile terminal.

本发明为解决技术问题而采用的技术方案是提供一种基于JAVA的移动终端鉴权方法,所述方法包括以下步骤:The technical solution adopted by the present invention to solve the technical problem is to provide a JAVA-based mobile terminal authentication method, and the method includes the following steps:

提供鉴权服务器以及至少一个的移动终端;Providing an authentication server and at least one mobile terminal;

所述移动终端通过其内部的JAVA程序获取所述移动终端的识别码,将所述识别码按照加密算法进行加密,生成映射数据,并通过所述JAVA程序将所述识别码和所述映射数据发送至所述鉴权服务器; The mobile terminal acquires the identification code of the mobile terminal through its internal JAVA program, encrypts the identification code according to an encryption algorithm, generates mapping data, and uses the JAVA program to set the identification code and the mapping data. Sent to the authentication server;

所述鉴权服务器接收所述识别码和所述映射数据,判断所述识别码是否为鉴权服务器上数据库中符合授权范围的识别码,若属于,则对所述识别码进行加密,若能加密得到与接收到的映射数据相同的映射数据,则通知所述移动终端通过鉴权认证。The authentication server receives the identification code and the mapping data, and determines whether the identification code is an identification code in the database on the authentication server that meets the authorization range, and if so, encrypts the identification code, if Encrypting obtains the same mapping data as the received mapping data, and notifying the mobile terminal to pass authentication authentication.

其中,所述方法还包括以下步骤:Wherein, the method further comprises the following steps:

若所述识别码不属于鉴权服务器上数据库中符合授权范围的识别码,或者不能加密得到与接收到的映射数据相同的映射数据,则判定鉴权未通过,记录该未通过鉴权的识别码。If the identification code does not belong to the identification code in the database on the authentication server that meets the authorization range, or the same mapping data as the received mapping data cannot be encrypted, it is determined that the authentication fails, and the identification of the unauthenticated authentication is recorded. code.

本发明实施例中,移动终端将识别码加密,生成映射数据,将识别码和映射数据发送至鉴权服务器,鉴权服务器首先判断所述识别码是否属于鉴权服务器上数据库中符合授权范围的识别码,若属于,则按照预定算法对所述识别码进行加密,判断是否能加密得到与接收到的映射数据相同的映射数据,若能,则判断移动终端鉴权通过,本发明极大的提高了对移动终端辨识码进行鉴权的合法性,避免了基于JAVA的移动终端的非法接入。In the embodiment of the present invention, the mobile terminal encrypts the identification code, generates mapping data, and sends the identification code and the mapping data to the authentication server, and the authentication server first determines whether the identification code belongs to the database in the authentication server and meets the authorization scope. The identification code, if it belongs, encrypts the identification code according to a predetermined algorithm, determines whether the same mapping data as the received mapping data can be encrypted, and if so, determines that the mobile terminal passes the authentication, and the present invention is extremely The legitimacy of authenticating the mobile terminal identification code is improved, and the illegal access of the JAVA-based mobile terminal is avoided.

【附图说明】 [Description of the Drawings]

图1是本发明实施例提供的基于JAVA的移动终端鉴权系统的结构示意图;1 is a schematic structural diagram of a JAVA-based mobile terminal authentication system according to an embodiment of the present invention;

图2是本发明实施例提供的移动终端的JAVA系统示意图;2 is a schematic diagram of a JAVA system of a mobile terminal according to an embodiment of the present invention;

图3是本发明实施例提供的基于JAVA的移动终端鉴权方法的流程图;3 is a flowchart of a JAVA-based mobile terminal authentication method according to an embodiment of the present invention;

图4是本发明实施例提供的移动终端的结构示意图;4 is a schematic structural diagram of a mobile terminal according to an embodiment of the present invention;

图5是本发明实施例提供的鉴权服务器的结构示意图。FIG. 5 is a schematic structural diagram of an authentication server according to an embodiment of the present invention.

【具体实施方式】 【detailed description】

下面结合附图和实施例对本发明进行详细说明。The invention will now be described in detail in conjunction with the drawings and embodiments.

图1示出了本发明实施例提供的基于JAVA的移动终端鉴权系统的结构。其中,所述系统包括至少一个移动终端11,还包括鉴权服务器12。FIG. 1 shows a structure of a JAVA-based mobile terminal authentication system according to an embodiment of the present invention. The system includes at least one mobile terminal 11 and an authentication server 12.

其中,移动终端11通过其内部的JAVA程序获取移动终端11的识别码,为便于说明,本发明以识别码为IMEI号为例,当然也可以是其它的识别码,此处不一一列举。The mobile terminal 11 obtains the identification code of the mobile terminal 11 through its internal JAVA program. For convenience of description, the present invention takes the identification code as the IMEI number as an example, and may of course be other identification codes, which are not enumerated here.

之后,移动终端11将识别码加密,生成映射数据,并通过JAVA程序将识别码和映射数据发送至鉴权服务器12。Thereafter, the mobile terminal 11 encrypts the identification code, generates mapping data, and transmits the identification code and the mapping data to the authentication server 12 through the JAVA program.

在本发明实施例中,映射数据的长度大于或者等于识别码的长度。In the embodiment of the present invention, the length of the mapping data is greater than or equal to the length of the identification code.

鉴权服务器12接收所述识别码和所述映射数据,判断所述识别码是否为鉴权服务器12上数据库中符合授权范围的识别码,若是,则对所述识别码进行加密,若能加密得到与接收到的映射数据相同的映射数据,则通知所述移动终端通过鉴权认证,若不能,则判定鉴权未通过,并记录该未通过鉴权的识别码。The authentication server 12 receives the identification code and the mapping data, and determines whether the identification code is an identification code in the database on the authentication server 12 that meets the authorization range. If yes, the identification code is encrypted, if it can be encrypted. Obtaining the same mapping data as the received mapping data, notifying the mobile terminal to pass the authentication authentication, if not, determining that the authentication has not passed, and recording the identification code that has not passed the authentication.

优选的,移动终端11为手机,当然也可以是其他的移动设备,此处不一一列举。Preferably, the mobile terminal 11 is a mobile phone, and may of course be other mobile devices, which are not enumerated here.

下面结合图2对关于移动终端11的工作过程进行如下描述:The working process regarding the mobile terminal 11 will be described below with reference to FIG. 2 as follows:

移动终端11内存储有一具有可逆运算的加密算法F(IMEI, y),其输入参数为IMEI号(即识别码)和一个可选的密钥y。其中,密钥y和加密算法F的强度共同决定保密程度。The mobile terminal 11 stores an encryption algorithm F (IMEI, which has a reversible operation. y), whose input parameters are the IMEI number (ie the identification code) and an optional key y. The strength of the key y and the encryption algorithm F together determine the degree of confidentiality.

在具体实施过程中,移动终端11对IMEI号扩展为IMEI+X,X为映射数据,X=F(IMEI,y),IMEI号长度为15位,在本发明实施例中,X的长度大于等于15。In the specific implementation process, the mobile terminal 11 expands the IMEI number to IMEI+X, X is mapping data, X=F(IMEI, y), and the length of the IMEI number is 15 bits. In the embodiment of the present invention, the length of X is greater than Equal to 15.

在移动终端11需要进行鉴权时,移动终端11内部的JAVA应用程序向移动终端平台提取IMEI号,移动终端平台从自身的记忆体中读取移动终端的IMEI号,并对IMEI号进行运算,得到映射数据X。之后,移动终端平台将IMEI+X返回给JAVA应用程序。JAVA应用程序将IMEI+X整体传送给鉴权服务器12。When the mobile terminal 11 needs to perform authentication, the JAVA application inside the mobile terminal 11 extracts the IMEI number from the mobile terminal platform, and the mobile terminal platform reads the IMEI number of the mobile terminal from its own memory, and performs an operation on the IMEI number to obtain Map data X. The mobile terminal platform then returns the IMEI+X to the JAVA application. The JAVA application transmits the IMEI+X to the authentication server 12 as a whole.

关于本发明实施例提供的鉴权服务器12的工作原理描述如下: The working principle of the authentication server 12 provided by the embodiment of the present invention is described as follows:

鉴权服务器12接收移动终端11通过JAVA应用程序发送的识别码和映射数据。The authentication server 12 receives the identification code and mapping data transmitted by the mobile terminal 11 through the JAVA application.

鉴权服务器12在本地的IMEI数据库内查询是否有相同的识别码,如果不能在本地数据库里找到相同的识别码,说明该移动终端本身不属于被授权的范围,比如是一个其他制造商制造的终端设备,按照服务部署的情况,如果鉴权系统需要,则记录鉴权未通过的IMEI号。如果能够找到相同的识别码,则对识别码进行加密,即X’=F(IMEI,y)。The authentication server 12 queries the local IMEI database for the same identification code. If the same identification code cannot be found in the local database, the mobile terminal itself does not belong to the authorized range, such as that manufactured by another manufacturer. The terminal device records the IMEI number that the authentication fails if the authentication system requires it. If the same identification code can be found, the identification code is encrypted, ie X' = F(IMEI, y).

如果X=X’,说明移动终端本身既支持该加密算法F,也掌握密钥y,所以该移动终端可以判断为授权终端,因此可答复移动终端为通过鉴权。如果X与X’不同,则说明移动终端没有掌握正确的加密算法F和密钥y,该IMEI号为伪冒,所以鉴权不通过,答复移动终端请求为不通过,按照服务部署的情况,如果鉴权系统需要,则记录鉴权未通过的IMEI号。If X=X', it means that the mobile terminal itself supports both the encryption algorithm F and the key y, so the mobile terminal can determine that it is an authorized terminal, and therefore can reply to the mobile terminal to pass the authentication. If X and X' are different, it means that the mobile terminal does not have the correct encryption algorithm F and the key y. The IMEI number is false, so the authentication fails, and the response to the mobile terminal is not passed, according to the service deployment. If the authentication system requires it, record the IMEI number for which the authentication failed.

图3示出了本发明实施例提供的基于JAVA的移动终端鉴权方法的流程。FIG. 3 is a flowchart of a JAVA-based mobile terminal authentication method according to an embodiment of the present invention.

在步骤S301中,提供鉴权服务器以及至少一个的移动终端。In step S301, an authentication server and at least one mobile terminal are provided.

在步骤S302中,移动终端通过其内部的JAVA程序获取移动终端的识别码。In step S302, the mobile terminal acquires the identification code of the mobile terminal through its internal JAVA program.

在步骤S303中,移动终端将识别码加密,生成映射数据,并通过JAVA程序将识别码和映射数据发送至鉴权服务器。In step S303, the mobile terminal encrypts the identification code, generates mapping data, and transmits the identification code and the mapping data to the authentication server through the JAVA program.

在步骤S304中,鉴权服务器接收识别码和映射数据,判断所述识别码是否为鉴权服务器上数据库中符合授权范围的识别码,若是,则进行步骤S305,否则进行步骤S307。In step S304, the authentication server receives the identification code and the mapping data, and determines whether the identification code is an identification code in the database on the authentication server that meets the authorization range. If yes, step S305 is performed; otherwise, step S307 is performed.

在步骤S305中,鉴权服务器对所述识别码进行加密,判断是否能加密得到相同的映射数据,若是则进行步骤S306,否则进行步骤S307。In step S305, the authentication server encrypts the identification code to determine whether the same mapping data can be encrypted, and if yes, proceeds to step S306, otherwise proceeds to step S307.

在步骤S306中,通过鉴权认证。In step S306, authentication is authenticated.

在步骤S307中,判定鉴权未通过,将该未通过鉴权的识别码记录。In step S307, it is determined that the authentication has not passed, and the identification code that has not passed the authentication is recorded.

优选的,映射数据的长度大于或者等于识别码的长度。Preferably, the length of the mapping data is greater than or equal to the length of the identification code.

优选的,移动终端为手机,当然也可以是其它的终端设备,此处不一一列举。Preferably, the mobile terminal is a mobile phone, and of course, other terminal devices, which are not enumerated here.

图4示出了本发明实施例提供的移动终端的结构。FIG. 4 shows the structure of a mobile terminal provided by an embodiment of the present invention.

其中,识别码获取模块41通过其内部的JAVA程序获取所述移动终端的识别码。The identifier acquisition module 41 acquires the identification code of the mobile terminal through its internal JAVA program.

第一加密模块42将所述识别码按照加密算法进行加密,生成映射数据。The first encryption module 42 encrypts the identification code according to an encryption algorithm to generate mapping data.

发送模块43通过所述JAVA程序将所述识别码和映射数据发送至鉴权服务器。 The sending module 43 sends the identification code and the mapping data to the authentication server through the JAVA program.

优选的,所述识别码为所述移动终端的IMEI号。Preferably, the identification code is an IMEI number of the mobile terminal.

图5示出了本发明实施例提供的鉴权服务器的结构。FIG. 5 shows the structure of an authentication server provided by an embodiment of the present invention.

其中,接收模块51接收来自基于JAVA的移动终端的待鉴权数据串。其中,待鉴权数据串即是指所述移动终端发送给接收模块51的识别码和映射数据。The receiving module 51 receives the to-be-authenticated data string from the JAVA-based mobile terminal. The data to be authenticated refers to the identification code and mapping data sent by the mobile terminal to the receiving module 51.

判断模块52判断所述识别码是否为鉴权服务器上数据库中符合授权范围的识别码。The determining module 52 determines whether the identification code is an identification code in the database on the authentication server that meets the authorization range.

若所述识别码为鉴权服务器上数据库中符合授权范围的识别码,第二加密模块53按照对所述识别码进行加密,判断模块52判断所述第二加密模块是否能加密得到同样的映射数据。If the identification code is an identification code in the database on the authentication server that meets the authorization range, the second encryption module 53 encrypts the identification code, and the determining module 52 determines whether the second encryption module can encrypt the same mapping. data.

若所述第二加密模块53能加密得到同样的映射数据时,通知模块54通知所述移动终端通过鉴权认证。If the second encryption module 53 can encrypt the same mapping data, the notification module 54 notifies the mobile terminal to pass the authentication.

在判断模块52判断所述识别码不属于鉴权服务器上数据库中符合授权范围的识别码,或者第二加密模块53不能加密得到同样的映射数据时,信息记录模块55记录所述来自移动终端的识别码。When the determining module 52 determines that the identification code does not belong to the identification code of the authorized range in the database on the authentication server, or the second encryption module 53 cannot encrypt the same mapping data, the information recording module 55 records the mobile terminal. Identifier.

本发明极大地提高了对移动终端辨识码进行鉴权的合法性,避免了基于JAVA的移动终端的非法接入,利于手机等移动终端的推广。The invention greatly improves the legality of authenticating the identification code of the mobile terminal, avoids the illegal access of the mobile terminal based on JAVA, and is beneficial to the promotion of mobile terminals such as mobile phones.

在上述实施例中,仅对本发明进行了示范性描述,但是本领域技术人员在阅读本专利申请后可以在不脱离本发明的精神和范围的情况下对本发明进行各种修改。In the above-described embodiments, the present invention has been exemplarily described, and various modifications of the present invention may be made without departing from the spirit and scope of the invention.

Claims (10)

一种基于JAVA的移动终端鉴权系统,其特征在于,所述系统包括至少一个的移动终端,还包括鉴权服务器,A JAVA-based mobile terminal authentication system, characterized in that the system comprises at least one mobile terminal, and further comprises an authentication server, 所述移动终端,通过其内部的JAVA程序获取所述移动终端的识别码,将所述识别码按照加密算法进行加密,生成映射数据,并通过所述JAVA程序将所述识别码和所述映射数据发送至所述鉴权服务器;The mobile terminal acquires an identification code of the mobile terminal by using an internal JAVA program, encrypts the identification code according to an encryption algorithm, generates mapping data, and uses the JAVA program to map the identification code and the mapping Data is sent to the authentication server; 所述鉴权服务器,接收所述识别码和所述映射数据,判断所述识别码是否为鉴权服务器上数据库中符合授权范围的识别码,若是,则对所述识别码进行加密,若能加密得到与接收到的映射数据相同的映射数据,则通知所述移动终端通过鉴权认证。The authentication server receives the identification code and the mapping data, and determines whether the identification code is an identification code in the database on the authentication server that meets the authorization range, and if so, encrypts the identification code, if Encrypting obtains the same mapping data as the received mapping data, and notifying the mobile terminal to pass authentication authentication. 如权利要求1所述的基于JAVA的移动终端鉴权系统,其特征在于,所述识别码为所述移动终端的IMEI号。The JAVA-based mobile terminal authentication system according to claim 1, wherein the identification code is an IMEI number of the mobile terminal. 如权利要求1所述的基于JAVA的移动终端鉴权系统,其特征在于,所述映射数据的长度大于或者等于所述识别码的长度。 The JAVA-based mobile terminal authentication system according to claim 1, wherein the length of the mapping data is greater than or equal to the length of the identification code. 如权利要求1所述的基于JAVA的移动终端鉴权系统,其特征在于,若所述识别码不属于鉴权服务器上数据库中符合授权范围的识别码,或者对所述识别码进行加密,不能加密得到与接收到的映射数据相同的映射数据,则判定鉴权未通过,记录该未通过鉴权的识别码。The JAVA-based mobile terminal authentication system according to claim 1, wherein if the identification code does not belong to an identification code in the database on the authentication server that meets the authorization range, or the identification code is encrypted, If the same mapping data as the received mapping data is obtained by encryption, it is determined that the authentication fails, and the identification code that has not passed the authentication is recorded. 一种移动终端,其特征在于,所述终端包括:A mobile terminal, characterized in that the terminal comprises: 识别码获取模块,用于通过其内部的JAVA程序获取所述移动终端的识别码;An identifier obtaining module, configured to acquire an identifier of the mobile terminal by using an internal JAVA program thereof; 第一加密模块,用于将所述识别码按照加密算法进行加密,生成映射数据;a first encryption module, configured to encrypt the identification code according to an encryption algorithm to generate mapping data; 发送模块,用于通过所述JAVA程序将所述识别码和所述映射数据发送至鉴权服务器。 And a sending module, configured to send the identifier and the mapping data to the authentication server by using the JAVA program. 如权利要求5所述的移动终端,其特征在于,所述识别码为所述移动终端的IMEI号。  The mobile terminal of claim 5, wherein the identification code is an IMEI number of the mobile terminal. 一种鉴权服务器,其特征在于,所述服务器包括:An authentication server, characterized in that the server comprises: 接收模块,用于接收来自基于JAVA的移动终端的识别码和映射数据;a receiving module, configured to receive an identifier and mapping data from a JAVA-based mobile terminal; 判断模块,用于判断所述识别码是否为鉴权服务器上数据库中符合授权范围的识别码;a determining module, configured to determine whether the identification code is an identification code in the database on the authentication server that meets an authorization range; 第二加密模块,用于在所述识别码为鉴权服务器上数据库中符合授权范围的识别码时,对所述识别码进行加密;a second encryption module, configured to encrypt the identifier when the identifier is an identifier of an authorized range in the database on the authentication server; 所述判断模块,判断所述第二加密模块是否能加密得到与接收到的映射数据相同的映射数据;The determining module determines whether the second encryption module can encrypt the same mapping data as the received mapping data; 通知模块,用于在所述第二加密模块能加密得到与接收到的映射数据相同的映射数据时,通知所述移动终端通过鉴权认证。The notification module is configured to notify the mobile terminal to pass the authentication when the second encryption module can encrypt the same mapping data as the received mapping data. 如权利要求7所述的服务器,其特征在于,所述服务器还包括:The server of claim 7, wherein the server further comprises: 信息记录模块,用于在所述识别码不属于鉴权服务器上数据库中符合授权范围的识别码,或者第二加密模块不能加密得到与接收到的映射数据相同的映射数据时,记录所述来自移动终端的识别码。An information recording module, configured to: when the identification code does not belong to an identifier of an authorized range in a database on the authentication server, or the second encryption module cannot encrypt the same mapping data as the received mapping data, record the The identification code of the mobile terminal. 一种基于JAVA的移动终端鉴权方法,其特征在于,所述方法包括以下步骤:A JAVA-based mobile terminal authentication method, characterized in that the method comprises the following steps: 提供鉴权服务器以及至少一个的移动终端;Providing an authentication server and at least one mobile terminal; 所述移动终端通过其内部的JAVA程序获取所述移动终端的识别码,将所述识别码按照加密算法进行加密,生成映射数据,并通过所述JAVA程序将所述识别码和所述映射数据发送至所述鉴权服务器; The mobile terminal acquires the identification code of the mobile terminal through its internal JAVA program, encrypts the identification code according to an encryption algorithm, generates mapping data, and uses the JAVA program to set the identification code and the mapping data. Sent to the authentication server; 所述鉴权服务器接收所述识别码和所述映射数据,判断所述识别码是否为鉴权服务器上数据库中符合授权范围的识别码,若属于,则对所述识别码进行加密,若能加密得到与接收到的映射数据相同的映射数据,则通知所述移动终端通过鉴权认证。The authentication server receives the identification code and the mapping data, and determines whether the identification code is an identification code in the database on the authentication server that meets the authorization range, and if so, encrypts the identification code, if Encrypting obtains the same mapping data as the received mapping data, and notifying the mobile terminal to pass authentication authentication. 如权利要求9所述的基于JAVA的移动终端鉴权方法,其特征在于,所述方法还包括以下步骤:The JAVA-based mobile terminal authentication method according to claim 9, wherein the method further comprises the following steps: 若所述识别码不属于鉴权服务器上数据库中符合授权范围的识别码,或者不能加密得到与接收到的映射数据相同的映射数据,则判定鉴权未通过,记录该未通过鉴权的识别码。If the identification code does not belong to the identification code in the database on the authentication server that meets the authorization range, or the same mapping data as the received mapping data cannot be encrypted, it is determined that the authentication fails, and the identification of the unauthenticated authentication is recorded. code.
PCT/CN2012/071155 2011-02-18 2012-02-15 Java-based mobile terminal authentication system and method, server and terminal Ceased WO2012109985A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110040770.5A CN102158863B (en) 2011-02-18 2011-02-18 Based on the mobile terminal authentication system and method for JAVA, server and terminal
CN201110040770.5 2011-02-18

Publications (1)

Publication Number Publication Date
WO2012109985A1 true WO2012109985A1 (en) 2012-08-23

Family

ID=44439977

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/071155 Ceased WO2012109985A1 (en) 2011-02-18 2012-02-15 Java-based mobile terminal authentication system and method, server and terminal

Country Status (2)

Country Link
CN (1) CN102158863B (en)
WO (1) WO2012109985A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102158863B (en) * 2011-02-18 2016-04-13 惠州Tcl移动通信有限公司 Based on the mobile terminal authentication system and method for JAVA, server and terminal
CN103488467B (en) * 2012-06-12 2017-12-15 华为终端(东莞)有限公司 A kind of processing method and processing device of JAVA applications
CN103686707A (en) * 2013-11-25 2014-03-26 上海斐讯数据通信技术有限公司 Mobile phone root password differentiation implementation method based on IMEI/MEID number and applicable mobile phone
CN103914520B (en) * 2014-03-18 2022-01-25 小米科技有限责任公司 Data query method, terminal device and server
CN103997731A (en) * 2014-05-13 2014-08-20 刘洪明 Method and system for intelligently recognizing Bluetooth low-power-consumption equipment
US11126752B2 (en) 2019-09-04 2021-09-21 Fresenius Medical Care Holdings, Inc. Authentication of medical device computing systems by using metadata signature

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007072001A1 (en) * 2005-12-21 2007-06-28 Cronto Limited System and method for dynamic multifactor authentication
CN101103358A (en) * 2005-01-11 2008-01-09 恩凯普公司 Secure code generation method and use method and programmable device therefor
CN101146261A (en) * 2007-10-19 2008-03-19 吕利勇 A realization method for digital protection of electronic media
CN102158863A (en) * 2011-02-18 2011-08-17 惠州Tcl移动通信有限公司 System and method for authenticating JAVA-based mobile terminal, server and terminal
CN102158856A (en) * 2011-02-21 2011-08-17 惠州Tcl移动通信有限公司 Mobile terminal identification code authentication system and method, server and terminal

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1330353A (en) * 2000-06-20 2002-01-09 北京华诺信息技术有限公司 Information encryption method and system
CN1863042B (en) * 2005-12-13 2011-05-04 华为技术有限公司 Method for information encryption and decryption
CN101841814B (en) * 2010-04-06 2014-07-02 中兴通讯股份有限公司 Terminal authentication method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101103358A (en) * 2005-01-11 2008-01-09 恩凯普公司 Secure code generation method and use method and programmable device therefor
WO2007072001A1 (en) * 2005-12-21 2007-06-28 Cronto Limited System and method for dynamic multifactor authentication
CN101146261A (en) * 2007-10-19 2008-03-19 吕利勇 A realization method for digital protection of electronic media
CN102158863A (en) * 2011-02-18 2011-08-17 惠州Tcl移动通信有限公司 System and method for authenticating JAVA-based mobile terminal, server and terminal
CN102158856A (en) * 2011-02-21 2011-08-17 惠州Tcl移动通信有限公司 Mobile terminal identification code authentication system and method, server and terminal

Also Published As

Publication number Publication date
CN102158863B (en) 2016-04-13
CN102158863A (en) 2011-08-17

Similar Documents

Publication Publication Date Title
WO2017082697A1 (en) Method and apparatus for downloading profile on embedded universal integrated circuit card of terminal
WO2012109985A1 (en) Java-based mobile terminal authentication system and method, server and terminal
US12167239B2 (en) Identity authentication method and apparatus
WO2019024126A1 (en) Blockchain-based knowledge management method, and terminal and server
WO2016010312A1 (en) Method and device for installing profile of euicc
WO2014044065A1 (en) Method and system for securely accessing portable hotspot of smart phones
EP3824594A1 (en) Apparatus and method for ssp device and server to negotiate digital certificates
WO2020224246A1 (en) Block chain-based data management method and apparatus, device and storage medium
WO2013036010A1 (en) Certification method using an embedded uicc certificate, provisioning and mno changing methods using the certification method, embedded uicc therefor, mno system, and recording medium
WO2013048084A2 (en) Profile management method, embedded uicc, and device provided with the embedded uicc
WO2016153281A1 (en) Method and apparatus for downloading profile in wireless communication system
WO2013170653A1 (en) Unlocking system and method for screen lock
WO2014193181A1 (en) Method and apparatus for installing profile
WO2013025060A2 (en) Device and method for puf-based inter-device security authentication in machine-to-machine communication
WO2019132272A1 (en) Id as blockchain based service
WO2014063455A1 (en) Instant messaging method and system
WO2021112603A1 (en) Method and electronic device for managing digital keys
WO2013189230A1 (en) Method using mobile terminal to implement cloud searching
CN112887971B (en) Data transmission method and device
WO2013149548A1 (en) Cell phone data encryption method and decryption method
WO2018072261A1 (en) Information encryption method and device, information decryption method and device, and terminal
CN101771992A (en) Method, equipment and system for protection of confidentiality of international mobile subscriber identifier IMSI
WO2016176967A1 (en) Mobile payment system and mobile payment method therefor
WO2012099330A2 (en) System and method for issuing an authentication key for authenticating a user in a cpns environment
WO2020171466A1 (en) Electronic device, and authentication method in electronic device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12747748

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12747748

Country of ref document: EP

Kind code of ref document: A1