CN111131300B - Communication method, terminal and server - Google Patents
Communication method, terminal and server Download PDFInfo
- Publication number
- CN111131300B CN111131300B CN201911407635.2A CN201911407635A CN111131300B CN 111131300 B CN111131300 B CN 111131300B CN 201911407635 A CN201911407635 A CN 201911407635A CN 111131300 B CN111131300 B CN 111131300B
- Authority
- CN
- China
- Prior art keywords
- server
- terminal
- mac
- token
- identification information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 67
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000012795 verification Methods 0.000 claims abstract description 52
- 230000004913 activation Effects 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 abstract description 16
- 238000013461 design Methods 0.000 description 27
- 238000010586 diagram Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 3
- 239000002699 waste material Substances 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000003190 augmentative effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000001356 surgical procedure Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a communication method, a terminal and a server, which are applied to a network consisting of the server and the terminal, wherein the method comprises the following steps: sending the identification information to a server; receiving MAC information fed back by the server according to the identification information; comparing the MAC information with a locally stored MAC label, if the comparison result is matched, determining that the security authentication between the MAC information and the server is passed, and sending a verification passing request to the server; and establishing communication with the server through the token sent by the server. By the method, the data transmission safety between the server and the terminal can be effectively improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a communication method, a terminal and a server.
Background
With the rapid development of the internet of things industry, the data interaction amount between the internet of things terminal and the server is also larger and larger.
In the prior art, a secret key sharing mode is generally adopted to encrypt data transmitted between an internet of things terminal and a server. However, the encryption mode easily causes key leakage, so that the terminal and the server of the internet of things are attacked by hackers, and the security of data transmission is threatened.
Disclosure of Invention
The embodiment of the invention provides a communication method, a terminal and a server, and aims to solve the problem that in the prior art, the data transmission safety between the terminal and the server is poor.
The first aspect of the present invention provides a communication method, applied in a network formed by a server and a terminal, the method comprising:
sending the identification information to a server;
receiving MAC information fed back by the server according to the identification information;
comparing the MAC information with a locally stored MAC label, if the comparison result is matched, determining that the security authentication between the MAC information and the server is passed, and sending a verification passing request to the server;
and establishing communication with the server through the token sent by the server.
In one possible design, the sending the identification information to the server includes:
sending an HTTP request to the server, wherein the HTTP request contains identification information of the terminal, and the identification information comprises: the equipment IMEI number.
In one possible design, before sending the identification information to the server, the method further includes:
and finishing the information registration of the terminal in the server.
In one possible design, the completing, in the server, information registration of the terminal includes:
performing initialization activation setting through a serial port tool;
sending the matched key and the equipment information of the terminal to the server; the device information comprises the identification information;
and receiving and storing the MAC label sent by the server.
In one possible design, establishing communication with the server via a token sent by the server includes:
receiving a token sent by the server according to the verification passing request;
a connection request sent to the server, wherein the connection request comprises the token;
and after the server verifies that the connection request passes according to the corresponding relation between the token and the terminal stored in the database of the server, establishing communication with the server.
In one possible design, before the connection request sent to the server, the method further includes:
and detecting whether the validity period of the token is expired, and if so, re-performing security authentication with the server.
In one possible design, further comprising:
encrypting the service data by adopting a symmetric encryption algorithm to obtain encrypted data;
and sending the encrypted data to the server.
The second aspect of the present invention provides a communication method, applied to a network formed by a server and a terminal, the method including:
receiving identification information sent by a terminal;
verifying the identification information, and if the identification information passes the verification, sending MAC information to the terminal;
receiving a verification passing request fed back by the terminal;
sending a token to the terminal according to the verification passing request;
and establishing communication with the terminal by checking the token carried by the terminal during access.
In one possible design, before verifying the identification information, the method further includes:
receiving a matching key sent by the terminal and equipment information of the terminal, and finishing registration of the terminal;
generating a MAC label by a hashing algorithm and the matching key according to label parameters of the server, the label parameters including: the MAC address of the service, the serial number of the mainboard;
and sending the MAC label to the terminal.
In one possible design, further comprising: storing the corresponding relation between the token and the terminal in a database; the establishing communication with the terminal by checking the token carried by the terminal during access comprises:
receiving a connection request sent by the terminal;
extracting the token from the connection request;
and checking the extracted token according to the corresponding relation between the token and the terminal stored in the database of the token, and if the checking is passed and the validity period of the token is not expired, establishing communication with the terminal.
In one possible design, further comprising:
receiving encrypted data sent by the terminal;
and decrypting the encrypted data through a symmetric encryption algorithm to obtain service data.
A third aspect of the present invention provides a terminal, comprising:
a transceiver for transmitting the identification information to the server; receiving MAC information fed back by the server according to the identification information;
the processor is used for comparing the MAC information with a locally stored MAC label, if the comparison result is matched, the security authentication between the processor and the server is determined to be passed, and a verification passing request is sent to the server; and establishing communication with the server through the token sent by the server.
In one possible design, the transceiver is specifically configured to:
sending an HTTP request to the server, wherein the HTTP request contains identification information of the terminal, and the identification information comprises: the equipment IMEI number.
In one possible design, the processor is further to:
and finishing the information registration of the terminal in the server.
In one possible design, the processor is specifically configured to:
performing initialization activation setting through a serial port tool;
sending the matched key and the equipment information of the terminal to the server; the device information comprises the identification information;
and receiving and storing the MAC label sent by the server.
In one possible design, the processor is specifically configured to:
receiving a token sent by the server according to the verification passing request;
a connection request sent to the server, wherein the connection request comprises the token;
and after the server verifies the connection request according to the corresponding relation between the token and the terminal stored in the database of the server, establishing communication with the server.
In one possible design, the processor is further configured to:
and detecting whether the validity period of the token is expired, and if so, re-performing security authentication with the server.
In one possible design, the processor is further configured to:
encrypting the service data by adopting a symmetric encryption algorithm to obtain encrypted data;
and sending the encrypted data to the server.
A fourth aspect of the present invention provides a server comprising:
the transceiver is used for receiving the identification information sent by the terminal;
the processor is used for verifying the identification information, and if the identification information passes the verification, the processor sends MAC information to the terminal;
the transceiver is used for receiving the verification passing request fed back by the terminal; sending a token to the terminal according to the verification passing request;
and the processor is used for establishing communication with the terminal by checking the token carried by the terminal during access.
In one possible design of the system, the system may be,
the transceiver is also used for receiving the matching key sent by the terminal and the equipment information of the terminal and finishing the registration of the terminal;
a processor further configured to generate a MAC tag by a hashing algorithm and the matching key according to tag parameters of the server, the tag parameters including: the MAC address of the service, the serial number of the mainboard;
a transceiver further configured to transmit the MAC tag to the terminal.
In one possible design, the processor is specifically configured to:
storing the corresponding relation between the token and the terminal in a database;
receiving a connection request sent by the terminal;
extracting the token from the connection request;
and checking the extracted token according to the corresponding relation between the token and the terminal stored in the database of the token, and if the check is passed and the validity period of the token is not expired, establishing communication with the terminal.
In one possible design of the system, the system may be,
the transceiver is also used for receiving the encrypted data sent by the terminal;
the processor is further configured to decrypt the encrypted data through a symmetric encryption algorithm to obtain service data.
A fifth aspect of the present invention provides an electronic apparatus comprising: a memory and a processor; the memory has stored therein a computer program, and the processing is for executing the communication method according to any one of the first aspect when the processor executes the computer program stored in the memory.
A sixth aspect of the present invention provides a service platform, comprising: a memory and a processor; the memory has stored therein a computer program, and the processing is for executing the communication method according to any one of the second aspect when the processor executes the computer program stored in the memory.
A seventh aspect of the present invention provides a storage medium having stored thereon a computer program comprising: which program, when executed by a processor, implements the communication method of any one of the first aspect.
An eighth aspect of the present invention provides a storage medium having stored thereon a computer program comprising: which program, when executed by a processor, implements the communication method of any one of the second aspects.
The communication method, the terminal and the server provided by the invention are applied to a network consisting of the server and the terminal, and the identification information is sent to the server; receiving MAC information fed back by the server according to the identification information; comparing the MAC information with a locally stored MAC label, if the comparison result is matched, determining that the security authentication between the MAC information and the server is passed, and sending a verification passing request to the server; and establishing communication with the server through the token sent by the server. By the method, the data transmission safety between the server and the terminal can be effectively improved.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the following briefly introduces the drawings needed to be used in the description of the embodiments or the prior art, and obviously, the drawings in the following description are some embodiments of the present invention, and those skilled in the art can obtain other drawings according to the drawings without inventive labor.
Fig. 1 is a schematic view of a scenario of a communication method according to an embodiment of the present application;
fig. 2 is a flowchart of a communication method according to an embodiment of the present application;
fig. 3 is a flowchart of a communication method according to a second embodiment of the present invention;
fig. 4 is a flowchart of a communication method according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of a terminal according to a fourth embodiment of the present invention;
fig. 6 is a schematic structural diagram of a server according to a fifth embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
With the rapid development of the internet of things industry, the data interaction amount between the internet of things terminal and the server is also larger and larger.
In the prior art, a secret key sharing mode is generally adopted to encrypt data transmitted between an internet of things terminal and a server. However, the encryption mode easily causes key leakage, so that the terminal and the server of the internet of things are attacked by hackers, and the security of data transmission is threatened.
In order to solve the above problem, embodiments of the present application provide a communication method, an apparatus, a terminal, and a storage medium, so as to solve the problem in the prior art that security of data transmission between a terminal and a server is poor.
Fig. 1 is a scene schematic diagram of a communication method according to an embodiment of the present application. As shown in fig. 1, the terminal device 10 and the server 20 are included. The terminal device 10 and the server 20 perform double authentication through the unique identification information of the terminal device and the MAC information of the server, so that the data transmission security between the server and the terminal can be effectively improved. The unique identification may be a device IMEI number, or other unique identification.
The Terminal device 10 may also be referred to as an internet of things Terminal, a Terminal, a User Equipment (UE), a Mobile Station (MS), a Mobile Terminal (MT), or the like. The terminal device 10 may be a mobile phone (mobile phone), a tablet (pad), a computer with a wireless transceiving function, a Virtual Reality (VR) terminal device, an Augmented Reality (AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in self driving (self driving), a wireless terminal in remote surgery (remote medical supply), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety (transportation safety), a wireless terminal in smart city (smart city), a wireless terminal in smart home (smart home), and the like.
In an alternative embodiment, the terminal device 10 may include a transceiver and a processor. A transceiver for transmitting the identification information to the server; receiving MAC information fed back by the server according to the identification information; the processor is used for comparing the MAC information with the MAC label stored locally, if the comparison result is matched, the security authentication between the processor and the server is confirmed to be passed, and a verification passing request is sent to the server; and establishing communication with the server through the token sent by the server.
The server 20 may be a cloud service platform, an IOT platform, an internet of things platform, a service platform, or the like, and the server 20 may establish connection with a plurality of terminal devices 10 and perform authentication.
It should be noted that the application scenario in the technical solution of the present application may be the application scenario in fig. 1, but is not limited to this, and may also be applied to other scenarios that need to perform communication.
The following describes the technical solutions of the embodiments of the present application in detail by taking a terminal device integrated or installed with a relevant execution code as an example, with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
Fig. 2 is a flowchart of a communication method according to an embodiment of the present application, where the embodiment may be applied to a network composed of a server and a terminal. As shown in fig. 2, the method includes:
s101, sending identification information to a server.
In this embodiment, the internet of things terminal sends an HTTP request to the server, where the HTTP request includes identification information of the terminal, and the identification information includes: equipment IMEI number.
Specifically, the terminal of the internet of things transmits the unique identifier of the terminal through an HTTP request, and the unique identifier may be an IMEI number of the device or another unique identifier. This identification will serve as the basis for a secure authentication with the server.
Preferably, before sending the identification information to the server, the method further includes: and finishing the information registration of the terminal in the server. Initialization activation setting can be carried out through a serial port tool; sending the matched key and the equipment information of the terminal to a server; the equipment information comprises identification information; and receiving and storing the MAC label sent by the server.
Specifically, the terminal of the internet of things performs initialization activation setting through a serial port tool, and the terminal of the internet of things sends a matching key and equipment information to a server for matching registration. After the registration is successful, the server sends a series of label parameters such as the MAC address of the server, the mainboard serial number and the like to generate an MAC label to the terminal of the Internet of things by using a hash algorithm and a shared public key, and the terminal of the Internet of things stores the MAC label locally.
And S102, receiving the MAC information fed back by the server according to the identification information.
In this embodiment, the server may verify the identification information, and after the verification is passed, the server may feed back the MAC information to the terminal of the internet of things. And the terminal of the Internet of things receives the MAC information returned by the server and verifies the MAC information at the end of the Internet of things.
S103, comparing the MAC information with the MAC label stored locally, if the comparison result is matched, determining that the security authentication between the server is passed, and sending a verification passing request to the server.
In this embodiment, the terminal of the internet of things compares the MAC information returned by the server with the MAC tag locally stored during the initialization activation, and authenticates the server. And if the security authentication passes, sending a verification passing request to the server.
And S104, establishing communication with the server through the token sent by the server.
In the embodiment, the internet of things terminal receives a token sent by the server according to the verification passing request; and sending a connection request to the server, wherein the connection request comprises the token. The server checks the extracted token according to the corresponding relation between the token and the terminal stored in the database of the server, and if the check is passed and the validity period of the token is not expired, communication with the terminal is established.
Specifically, the internet of things terminal sends a verification passing request to the server again, the server authentication module responds and returns a token (token), the server authentication module maintains the relationship between the token and the internet of things terminal in a redis database, the token needs to be taken each time the internet of things terminal is connected, and the server conducts verification through the token. After the authentication is passed, the terminal of the internet of things is connected to the server through the TCP protocol, and the connection does not need to be authenticated again, so that the waste of server resources is greatly reduced.
Preferably, before the connection request sent to the server, the method further includes: and detecting whether the valid period of the token is expired, and if so, re-performing security authentication with the server.
In particular, the token has a validity period, so it is necessary to detect whether the validity period of the token has expired before the connection request is sent to the server. If the token is valid, the terminal of the Internet of things is connected to the server through the TCP protocol, and at the moment, the connection does not need to be authenticated again, so that the waste of server resources is greatly reduced. And if the server is expired, carrying out security authentication with the server again according to the steps.
Preferably, a symmetric encryption algorithm is adopted to encrypt the service data to obtain encrypted data; the encrypted data is sent to the server.
Specifically, in order to prevent data leakage in the data transmission process, when data transmission is performed between the internet of things terminal and the server, all data sending parties encrypt data to be sent by using a symmetric encryption algorithm before data transmission, and a data receiving party decrypts the received encrypted data by using a data decryption algorithm, so that the data security can be effectively improved.
The embodiment is applied to a network consisting of a server and a terminal, and identification information is sent to the server; receiving MAC information fed back by the server according to the identification information; comparing the MAC information with a locally stored MAC label, if the comparison result is matched, determining that the security authentication between the server and the MAC label is passed, and sending a verification passing request to the server; and establishing communication with the server through the token sent by the server. By the method, the data transmission safety between the server and the terminal can be effectively improved.
Fig. 3 is a flowchart of a communication method according to a second embodiment of the present invention, and as shown in fig. 3, the method in this embodiment may include:
s201, receiving the identification information sent by the terminal.
In this embodiment, the server receives the unique identifier sent by the terminal, where the unique identifier may be an IMEI number of the device, or another unique identifier. This identification will serve as the basis for a secure authentication with the server.
S202, the identification information is verified, and if the identification information passes the verification, the MAC information is sent to the terminal.
In this embodiment, the server may verify the identification information, and if the verification is passed, send the MAC information of the server to the terminal. The MAC information of the server is provided to the terminal so that the terminal can perform authentication.
Preferably, before verifying the identification information, the method further comprises: receiving a matching key and equipment information of the terminal sent by the terminal, and finishing the registration of the terminal; generating a MAC label by a hashing algorithm and a matching key according to label parameters of a server, wherein the label parameters comprise: MAC address of service, motherboard serial number.
Specifically, the terminal of the internet of things performs initialization activation setting through a serial port tool, and the terminal of the internet of things sends a matching key and equipment information to a server for matching registration. After the registration is successful, the server sends a series of label parameters such as the MAC address of the server, the mainboard serial number and the like to generate an MAC label to the terminal of the Internet of things by using a hash algorithm and a shared public key, and the terminal of the Internet of things stores the MAC label locally.
And S203, receiving a verification passing request fed back by the terminal.
In this embodiment, the terminal compares the MAC information returned by the server with the MAC locally stored when the server is initialized and activated, and authenticates the server. And if the security authentication passes, sending a verification passing request to the server. And the server receives a verification passing request fed back by the terminal.
And S204, sending the token to the terminal according to the verification passing request.
In this embodiment, the server authentication module responds and returns a token (token), and the module maintains the relationship between the token and the internet of things terminal in a redis database.
S205, communication with the terminal is established by checking the token carried by the terminal during access.
In this embodiment, a server receives a connection request sent by a terminal; extracting a token from the connection request; and checking the extracted token according to the corresponding relation between the token and the terminal stored in the database, and if the checking is passed and the validity period of the token is not expired, establishing communication with the terminal.
Specifically, the token is required to be taken every time the internet of things terminal is connected, and the server checks through the token. After the authentication is passed, the terminal of the Internet of things is connected to the platform of the Internet of things through the TCP protocol, and the connection does not need to be authenticated again, so that the waste of server resources is greatly reduced.
Preferably, the encrypted data sent by the terminal is received; and decrypting the encrypted data through a symmetric encryption algorithm to obtain the service data.
Specifically, in order to prevent data leakage in the data transmission process, all data sending parties are encrypted by using a symmetric encryption algorithm, and a data receiving party is decrypted by using a data decryption algorithm, so that the data security can be effectively improved.
The embodiment is applied to a network consisting of a server and a terminal, and identification information sent by the terminal is received; verifying the identification information, and if the identification information passes the verification, sending MAC information to the terminal; receiving a verification passing request fed back by the terminal; sending a token to the terminal according to the verification passing request; and establishing communication with the terminal by checking the token carried by the terminal when the terminal is accessed. By the method, the data transmission safety between the server and the terminal can be effectively improved.
Fig. 4 is a flowchart of a communication method provided in a third embodiment of the present invention, and as shown in fig. 4, the method in this embodiment may include:
s301, the terminal sends identification information to the server.
S302, the server receives the identification information sent by the terminal.
S303, the server verifies the identification information, and if the verification is passed, the server sends the MAC information to the terminal.
S304, the terminal receives the MAC information fed back by the server according to the identification information.
S305, the terminal compares the MAC information with the MAC label stored locally, if the comparison result is matched, the security authentication between the terminal and the server is confirmed to be passed, and a verification passing request is sent to the server.
S306, the server receives the verification passing request fed back by the terminal.
And S307, the server sends the token to the terminal according to the verification passing request.
And S308, the terminal establishes communication with the server through the token sent by the server.
In this embodiment, for concrete implementation processes and technical principles of step S301, step S304, step S305, and step S308, reference is made to relevant descriptions in step S101 to step S104 in the method shown in fig. 2, and details are not described here again.
In this embodiment, for concrete implementation processes and technical principles of step S302, step S303, step S306, and step S307, reference is made to relevant descriptions in step S201 to step S204 in the method shown in fig. 3, and details are not described here again.
In this embodiment, the server may establish a connection with a plurality of terminals and perform authentication.
The embodiment is applied to a network consisting of a server and a terminal, and identification information is sent to the server; receiving MAC information fed back by the server according to the identification information; comparing the MAC information with a locally stored MAC label, if the comparison result is matched, determining that the security authentication between the server and the MAC label passes, and sending a verification passing request to the server; and establishing communication with the server through the token sent by the server. By the method, the data transmission safety between the server and the terminal can be effectively improved.
Fig. 5 is a schematic structural diagram of a terminal according to a fourth embodiment of the present invention, and as shown in fig. 5, the terminal according to this embodiment may include:
a transceiver 31 for transmitting identification information to a server; receiving MAC information fed back by the server according to the identification information;
the processor 32 is configured to compare the MAC information with a locally stored MAC tag, and if the comparison result matches the locally stored MAC tag, determine that the security authentication with the server passes, and send a verification passing request to the server; and establishing communication with the server through the token sent by the server.
In one possible design, the transceiver 31 is specifically configured to:
sending an HTTP request to a server, wherein the HTTP request contains identification information of a terminal, and the identification information comprises: the equipment IMEI number.
In one possible design, processor 32 may be further configured to:
and finishing the information registration of the terminal in the server.
In one possible design, processor 32 is specifically configured to:
performing initialization activation setting through a serial port tool;
sending the matched key and the equipment information of the terminal to a server; the equipment information comprises identification information;
and receiving and storing the MAC label sent by the server.
In one possible design, processor 32 is specifically configured to:
receiving a token sent by the server according to the verification passing request;
a connection request is sent to a server, wherein the connection request comprises a token;
and after the server verifies the connection passing request according to the corresponding relation between the token and the terminal stored in the database of the server, establishing communication with the server.
In one possible design, processor 32 is further configured to:
and detecting whether the valid period of the token is expired, and if so, re-performing security authentication with the server.
In one possible design, processor 32 is further configured to:
encrypting the service data by adopting a symmetric encryption algorithm to obtain encrypted data;
the encrypted data is sent to the server.
The terminal of this embodiment may execute the technical solution in the method shown in fig. 2, and for the specific implementation process and the technical principle, reference is made to the relevant description in the method shown in fig. 2, which is not described herein again.
The embodiment is applied to a network consisting of a server and a terminal, and identification information is sent to the server; receiving MAC information fed back by the server according to the identification information; comparing the MAC information with a locally stored MAC label, if the comparison result is matched, determining that the security authentication between the server and the MAC label passes, and sending a verification passing request to the server; and establishing communication with the server through the token sent by the server. By the method, the data transmission safety between the server and the terminal can be effectively improved.
Fig. 6 is a schematic structural diagram of a server according to a fifth embodiment of the present invention, and as shown in fig. 6, a terminal according to this embodiment may include:
a transceiver 41 for receiving the identification information transmitted by the terminal;
a processor 42, configured to verify the identification information, and if the verification passes, send MAC information to the terminal;
a transceiver 41, configured to receive a verification passing request fed back by the terminal; sending a token to the terminal according to the verification passing request;
and the processor 42 is used for establishing communication with the terminal by checking the token carried by the terminal during access.
In one possible design of the system, the system may be,
the transceiver 41 is further configured to receive the matching key sent by the terminal and the device information of the terminal, and complete registration of the terminal;
the processor 42 is further configured to generate a MAC tag by a hash algorithm and a matching key according to tag parameters of the server, the tag parameters including: the MAC address of the service, the serial number of the mainboard;
and a transceiver 41 for transmitting the MAC tag to the terminal.
In one possible design, processor 42 is specifically configured to:
storing the corresponding relation between the token and the terminal in a database;
receiving a connection request sent by a terminal;
extracting a token from the connection request;
and checking the extracted token according to the corresponding relation between the token and the terminal stored in the database, and if the checking is passed and the validity period of the token is not expired, establishing communication with the terminal.
In one possible design of the system, the system may be,
a transceiver 41, further configured to receive encrypted data sent by the terminal;
and the processor 42 is further configured to decrypt the encrypted data through a symmetric encryption algorithm to obtain the service data.
The server in this embodiment may execute the technical solution in the method shown in fig. 3, and for the specific implementation process and the technical principle, reference is made to the relevant description in the method shown in fig. 3, which is not described herein again.
The embodiment is applied to a network consisting of a server and a terminal, and identification information sent by the terminal is received; verifying the identification information, and if the identification information passes the verification, sending MAC information to the terminal; receiving a verification passing request fed back by the terminal; sending a token to the terminal according to the verification passing request; and establishing communication with the terminal by checking the token carried by the terminal when the terminal is accessed. By the method, the data transmission safety between the server and the terminal can be effectively improved.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 7, the data querying device may include: at least one processor 51 and a memory 52. Fig. 7 shows an electronic device as an example of a processor.
And a memory 52 for storing programs. In particular, the program may include program code comprising computer operating instructions.
The memory 52 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The processor 51 is used for executing computer-executable instructions stored in the memory 52 to implement the above-mentioned communication method;
the processor 51 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement the embodiments of the present Application.
Alternatively, in a specific implementation, if the communication interface, the memory 52 and the processor 51 are implemented independently, the communication interface, the memory 52 and the processor 51 may be connected to each other through a bus and perform communication with each other. The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. Buses may be classified as address buses, data buses, control buses, etc., but do not represent only one bus or type of bus.
Alternatively, in a specific implementation, if the communication interface, the memory 52 and the processor 51 are integrated into a chip, the communication interface, the memory 52 and the processor 51 may complete communication through an internal interface.
The present invention also provides a computer-readable storage medium, which may include: various media that can store program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and in particular, the computer readable storage medium stores program instructions, and the program instructions are used for the method in the foregoing embodiments.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (11)
1. A communication method, applied to a network consisting of a server and a terminal, the method comprising:
sending the identification information to a server;
receiving MAC information fed back by the server according to the identification information;
comparing the MAC information with a locally stored MAC label, if the comparison result is matched, determining that the security authentication between the MAC information and the server is passed, and sending a verification passing request to the server;
receiving a token sent by the server according to the verification passing request;
a connection request sent to the server, wherein the connection request comprises the token;
after the server verifies the connection request according to the corresponding relation between the token and the terminal stored in the database of the server, communication with the server is established;
before sending the identification information to the server, the method further comprises the following steps:
performing initialization activation setting through a serial port tool;
sending the matched key and the equipment information of the terminal to the server; the device information comprises the identification information;
receiving and storing the MAC label sent by the server, wherein the MAC label is a label generated by the server through a hash algorithm and a matching key according to label parameters, and the label parameters comprise: the MAC address of the server and the serial number of the mainboard.
2. The method of claim 1, wherein sending identification information to the server comprises:
sending an HTTP request to the server, wherein the HTTP request contains identification information of the terminal, and the identification information comprises: the equipment IMEI number.
3. The method of claim 1, wherein prior to the connection request sent to the server, further comprising:
and detecting whether the validity period of the token is expired, and if so, re-performing security authentication with the server.
4. The method of claim 1 or 2, further comprising:
encrypting the service data by adopting a symmetric encryption algorithm to obtain encrypted data;
and sending the encrypted data to the server.
5. A communication method, applied to a network consisting of a server and a terminal, the method comprising:
receiving identification information sent by a terminal;
verifying the identification information, and if the identification information passes the verification, sending MAC information to the terminal;
receiving a verification passing request fed back by the terminal;
sending a token to the terminal according to the verification passing request;
receiving a connection request sent by the terminal;
establishing communication with the terminal by checking a token carried by the terminal when the terminal is accessed;
before verifying the identification information, further comprising:
receiving a matching key sent by the terminal and equipment information of the terminal, and finishing registration of the terminal;
generating a MAC label by a hashing algorithm and the matching key according to label parameters of the server, the label parameters including: the MAC address of the service, the serial number of the mainboard;
and sending the MAC label to the terminal.
6. The method of claim 5, further comprising: storing the corresponding relation between the token and the terminal in a database; the establishing communication with the terminal by checking the token carried by the terminal during access comprises:
receiving a connection request sent by the terminal;
extracting the token from the connection request;
and checking the extracted token according to the corresponding relation between the token and the terminal stored in the database of the token, and if the check is passed and the validity period of the token is not expired, establishing communication with the terminal.
7. The method of claim 5 or 6, further comprising:
receiving encrypted data sent by the terminal;
and decrypting the encrypted data through a symmetric encryption algorithm to obtain service data.
8. A terminal, comprising:
a transceiver for transmitting identification information to a server; receiving MAC information fed back by the server according to the identification information;
the processor is used for comparing the MAC information with a locally stored MAC label, if the comparison result is matched, the security authentication between the processor and the server is determined to be passed, and a verification passing request is sent to the server; establishing communication with the server through the token sent by the server;
the processor is also used for carrying out initialization activation setting through a serial port tool;
sending the matched key and the equipment information of the terminal to the server; the device information comprises the identification information;
the transceiver is further configured to receive and store a MAC tag sent by the server, where the MAC tag is a tag generated by the server according to a tag parameter through a hash algorithm and a matching key, and the tag parameter includes: the MAC address of the server and the mainboard serial number.
9. A server, comprising:
the transceiver is used for receiving the identification information sent by the terminal;
the processor is used for verifying the identification information, and if the identification information passes the verification, the processor sends MAC information to the terminal;
the transceiver is used for receiving the verification passing request fed back by the terminal; sending a token to the terminal according to the verification passing request;
the processor is used for establishing communication with the terminal by checking a token carried by the terminal during access;
the transceiver is further configured to receive the matching key sent by the terminal and the device information of the terminal, and complete registration of the terminal;
the processor is further configured to generate a MAC tag through a hash algorithm and the matching key according to tag parameters of the server, where the tag parameters include: the MAC address of the service, the serial number of the mainboard;
the transceiver is further configured to send the MAC tag to the terminal.
10. An electronic device, comprising: a memory and a processor; the memory has stored therein a computer program, which when executed by the processor is operative to perform the communication method of any one of claims 1-4.
11. A service platform, comprising: a memory and a processor; the memory has stored therein a computer program, which when executed by the processor is adapted to perform the communication method according to any of claims 5-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911407635.2A CN111131300B (en) | 2019-12-31 | 2019-12-31 | Communication method, terminal and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911407635.2A CN111131300B (en) | 2019-12-31 | 2019-12-31 | Communication method, terminal and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111131300A CN111131300A (en) | 2020-05-08 |
| CN111131300B true CN111131300B (en) | 2022-06-17 |
Family
ID=70506110
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911407635.2A Active CN111131300B (en) | 2019-12-31 | 2019-12-31 | Communication method, terminal and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111131300B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113127337A (en) * | 2020-12-30 | 2021-07-16 | 中国农业银行股份有限公司 | Debugging method and device for individually starting mobile terminal |
| CN112669192B (en) * | 2021-01-14 | 2025-01-07 | 视联动力信息技术股份有限公司 | A watermark acquisition method, device, terminal equipment and storage medium |
| CN114624751B (en) * | 2022-01-29 | 2024-07-26 | 上海移为通信技术股份有限公司 | Auxiliary positioning method, auxiliary positioning device, electronic equipment and storage medium |
| CN118872233A (en) * | 2022-03-25 | 2024-10-29 | Oppo广东移动通信有限公司 | Security implementation method, device, terminal equipment, network element, and credential generation device |
| CN115296890B (en) * | 2022-08-02 | 2024-03-12 | 浙江浙科信息技术有限公司 | Method and system for safely interacting data between terminal applications |
| CN118300819A (en) * | 2022-08-22 | 2024-07-05 | 超聚变数字技术有限公司 | Data transmission method, data transmission method and computing device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW201218729A (en) * | 2010-10-22 | 2012-05-01 | Hon Hai Prec Ind Co Ltd | System and method for performing a bi-verification for a handheld device |
| CN104125565A (en) * | 2013-04-23 | 2014-10-29 | 中兴通讯股份有限公司 | Method for realizing terminal authentication based on OMA DM, terminal and server |
| CN105391695A (en) * | 2015-10-20 | 2016-03-09 | 山东泰信电子股份有限公司 | Terminal registration method and verification method |
| CN109286599A (en) * | 2017-07-20 | 2019-01-29 | 北京展讯高科通信技术有限公司 | Data security protection method, smart machine, server and readable storage medium storing program for executing |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| ZA201301790B (en) * | 2012-03-08 | 2015-09-30 | Oltio (Pty) Ltd | A method of authenticating a device and encrypting data transmitted between the device and a server |
| JP6190188B2 (en) * | 2013-07-05 | 2017-08-30 | クラリオン株式会社 | Information distribution system and server, in-vehicle terminal, communication terminal used therefor |
-
2019
- 2019-12-31 CN CN201911407635.2A patent/CN111131300B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW201218729A (en) * | 2010-10-22 | 2012-05-01 | Hon Hai Prec Ind Co Ltd | System and method for performing a bi-verification for a handheld device |
| CN104125565A (en) * | 2013-04-23 | 2014-10-29 | 中兴通讯股份有限公司 | Method for realizing terminal authentication based on OMA DM, terminal and server |
| CN105391695A (en) * | 2015-10-20 | 2016-03-09 | 山东泰信电子股份有限公司 | Terminal registration method and verification method |
| CN109286599A (en) * | 2017-07-20 | 2019-01-29 | 北京展讯高科通信技术有限公司 | Data security protection method, smart machine, server and readable storage medium storing program for executing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111131300A (en) | 2020-05-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111131300B (en) | Communication method, terminal and server | |
| CN106657152B (en) | Authentication method, server and access control device | |
| KR101904177B1 (en) | Data processing method and apparatus | |
| CN103136463B (en) | System and method for temporary secure boot process of electronic device | |
| CN104185176B (en) | A kind of long-range initial method of Internet of Things virtual user identification module card and system | |
| CN106789841B (en) | Service processing method, terminal, server and system | |
| CN105337740B (en) | A kind of auth method, client, trunking and server | |
| CN112202772A (en) | Authorization management method and device | |
| CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
| JP2012530311A5 (en) | ||
| CN112615834B (en) | Security authentication method and system | |
| CN112351037B (en) | Information processing method and device for secure communication | |
| CN106548338B (en) | Method and system for transferring resource numerical value | |
| CN114143108A (en) | Session encryption method, device, equipment and storage medium | |
| JP2008535427A (en) | Secure communication between data processing device and security module | |
| CN106161224B (en) | Method for interchanging data, device and equipment | |
| CN110611679A (en) | Data transmission method, device, equipment and system | |
| CN106411520B (en) | Method, device and system for processing virtual resource data | |
| CN109451504B (en) | Internet of things module authentication method and system | |
| CN104796262A (en) | Data encryption method and terminal system | |
| US20240106633A1 (en) | Account opening methods, systems, and apparatuses | |
| JP2003234734A (en) | Mutual authentication method, server device, client device, mutual authentication program and storage medium stored with mutual authentication program | |
| CN114297597B (en) | Account management method, system, equipment and computer readable storage medium | |
| CN106789076B (en) | Interaction method and device for server and intelligent equipment | |
| CN114338173B (en) | Account registration method, system, equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |