CN109905366B - Terminal equipment safety verification method and device, readable storage medium and terminal equipment - Google Patents
Terminal equipment safety verification method and device, readable storage medium and terminal equipment Download PDFInfo
- Publication number
- CN109905366B CN109905366B CN201910041442.3A CN201910041442A CN109905366B CN 109905366 B CN109905366 B CN 109905366B CN 201910041442 A CN201910041442 A CN 201910041442A CN 109905366 B CN109905366 B CN 109905366B
- Authority
- CN
- China
- Prior art keywords
- terminal device
- terminal
- connection
- equipment
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention belongs to the technical field of computers, and particularly relates to a terminal device security verification method and device, a computer readable storage medium and a terminal device. The method comprises the following steps: a first terminal device receives a device connection instruction issued by a user, wherein the device connection instruction comprises a device identifier of a second terminal device; sending a historical connection record query request to a preset server, wherein the historical connection record query request comprises the equipment identifier of the second terminal equipment; receiving a historical connection record of the second terminal equipment fed back by the server, and calculating a security index of the second terminal equipment according to the historical connection record; and if the safety index is larger than a preset threshold value, sending a device connection request to the second terminal device to establish device connection with the second terminal device, wherein the device connection request comprises a device identifier of the first terminal device. Greatly reducing the risk of economic loss caused by illegal invasion.
Description
Technical Field
The invention belongs to the technical field of computers, and particularly relates to a terminal device security verification method and device, a computer readable storage medium and a terminal device.
Background
With the continuous development of the internet of things technology, the intercommunication and interconnection among various terminal devices such as mobile phones, tablet computers, smart watches/bracelets, smart glasses and smart home appliances has become a trend. In the process that a user uses the terminal device, besides establishing device connection with the terminal device owned by the user, the user often encounters the situation that device connection with the terminal device of other people is needed, and under the scene, the user often has difficulty in evaluating the security of the terminal device of the other party, and is easy to be invaded by some malicious terminal devices, so that huge economic loss is caused.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for verifying security of a terminal device, a computer-readable storage medium, and a terminal device, so as to solve the problem that when a device is connected to a terminal device of another person, the terminal device is easily invaded by some malicious terminal devices, which causes huge economic loss.
A first aspect of an embodiment of the present invention provides a method for verifying security of a terminal device, where the method may include:
a first terminal device receives a device connection instruction issued by a user, wherein the device connection instruction comprises a device identifier of a second terminal device;
sending a historical connection record query request to a preset server, wherein the historical connection record query request comprises the equipment identifier of the second terminal equipment;
receiving a historical connection record of the second terminal equipment fed back by the server, and calculating a security index of the second terminal equipment according to the historical connection record;
and if the safety index is larger than a preset threshold value, sending a device connection request to the second terminal device to establish device connection with the second terminal device, wherein the device connection request comprises a device identifier of the first terminal device.
A second aspect of an embodiment of the present invention provides a terminal device security verification apparatus, which may include:
the device connection instruction receiving module is used for receiving a device connection instruction issued by a user by a first terminal device, wherein the device connection instruction comprises a device identifier of a second terminal device;
the query request sending module is used for sending a historical connection record query request to a preset server, wherein the historical connection record query request comprises the equipment identifier of the second terminal equipment;
a connection record receiving module, configured to receive a historical connection record of the second terminal device, where the historical connection record is fed back by the server;
the safety index calculation module is used for calculating the safety index of the second terminal equipment according to the historical connection record;
and the first connection request sending module is configured to send a device connection request to the second terminal device to establish a device connection with the second terminal device if the security index is greater than a preset threshold, where the device connection request includes a device identifier of the first terminal device.
A third aspect of embodiments of the present invention provides a computer-readable storage medium storing computer-readable instructions, which when executed by a processor implement the steps of:
a first terminal device receives a device connection instruction issued by a user, wherein the device connection instruction comprises a device identifier of a second terminal device;
sending a historical connection record query request to a preset server, wherein the historical connection record query request comprises the equipment identifier of the second terminal equipment;
receiving a historical connection record of the second terminal equipment fed back by the server, and calculating a security index of the second terminal equipment according to the historical connection record;
and if the safety index is larger than a preset threshold value, sending a device connection request to the second terminal device to establish device connection with the second terminal device, wherein the device connection request comprises a device identifier of the first terminal device.
A fourth aspect of the embodiments of the present invention provides a terminal device, including a memory, a processor, and computer-readable instructions stored in the memory and executable on the processor, where the processor executes the computer-readable instructions to implement the following steps:
a first terminal device receives a device connection instruction issued by a user, wherein the device connection instruction comprises a device identifier of a second terminal device;
sending a historical connection record query request to a preset server, wherein the historical connection record query request comprises the equipment identifier of the second terminal equipment;
receiving a historical connection record of the second terminal equipment fed back by the server, and calculating a security index of the second terminal equipment according to the historical connection record;
and if the safety index is larger than a preset threshold value, sending a device connection request to the second terminal device to establish device connection with the second terminal device, wherein the device connection request comprises a device identifier of the first terminal device.
Compared with the prior art, the embodiment of the invention has the following beneficial effects: after receiving a device connection instruction (including a device identifier of a second terminal device) issued by a user, a first terminal device in the embodiment of the present invention first sends a historical connection record query request (including the device identifier of the second terminal device) to a preset server, then receives a historical connection record of the second terminal device fed back by the server, and calculates a security index of the second terminal device according to the historical connection record. And if the safety index is larger than a preset threshold value, sending a device connection request to the second terminal device so as to establish device connection with the second terminal device. In the embodiment of the invention, the historical connection record is used as a basis for evaluating the safety of the terminal equipment to be connected, so that malicious terminal equipment is identified in advance, and the risk of economic loss caused by illegal invasion is greatly reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a flowchart of an embodiment of a method for verifying security of a terminal device according to an embodiment of the present invention;
fig. 2 is a flowchart of another embodiment of a method for verifying security of a terminal device according to an embodiment of the present invention;
fig. 3 is a structural diagram of an embodiment of a security verification apparatus for a terminal device according to an embodiment of the present invention;
fig. 4 is a schematic block diagram of a terminal device in an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the embodiments described below are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, an embodiment of a method for verifying security of a terminal device according to an embodiment of the present invention may include:
step S101, the first terminal equipment receives an equipment connection instruction issued by a user.
The device connection instruction comprises a device identifier of the second terminal device. In this embodiment, the device identifier of a certain terminal device may be an International Mobile Equipment Identity (IMEI) of the terminal device or a Media Access Control Address (MAC) of the terminal device.
When a user of a first terminal device wants to establish a device connection between the first terminal device and a second terminal device, a list of the terminal devices which can be currently connected can be opened in a human-computer interaction interface provided by the first terminal device, the list includes all other terminal devices which can detect signals at the current moment by the first terminal device, and the user can check the second terminal device which wants to be connected, namely, a device connection instruction carrying a device identifier of the second terminal device can be issued to the first terminal device.
And step S102, sending a historical connection record inquiry request to a preset server.
The historical connection record inquiry request comprises the equipment identification of the second terminal equipment.
Step S103, receiving the historical connection record of the second terminal equipment fed back by the server, and calculating the security index of the second terminal equipment according to the historical connection record.
First, feedback information of a device connection process between each reference terminal device pair and the second terminal device is extracted from the history connection record.
The reference device terminal is a terminal device which establishes device connection with the second terminal device, and in the interaction process between the reference device terminal and the second terminal device, a preset regular expression can be continuously used for matching information sent by the second terminal device so as to judge whether a security risk exists.
The process of matching information using regular expressions is actually a process of filtering information using accurately defined filtering conditions, and the following is given as an example:
example 1, using the regular expression "etc. -, (shadow | passswd)" to match text like "etc + (arbitrary characters) + shadow or passswd", in a linux environment/etc/shadow and/etc/passswd records sensitive local user and password information. The request with the text in the malicious request attempts to acquire the following valuable information through the malicious request under a system with a leak: whether the target environment is a linux system; the target environment http server has any instruction execution vulnerability; all local user names of the target host; hash information of all users local to the target host, and the like.
Example 2, text shaped like ". sql or www or wwwoot. tar or gz or zip or rar or bak", such as mydata. sql. tar, wwwoot. zip, is matched using the regular expression "\\" (sql | www | wwwoot) \\ "(tar | gz | zip | rar | bak)". The malicious request carries the text, and the malicious request is used for acquiring the following valuable information under a system with a leak: whether any file range loophole exists in the target host or not; whether a specific packed file left in the updating process exists on the target host (in the process of massive front-end updating, the old environment is packed first so as to roll back the environment after the updating fails), and the like.
Example 3, using the regular expression "(\\ (|% 28) (\ + | 20%) (\\) |% 29) (\{ |% 7B) +\; (% 20) (\\\\\ 7D |% 7D) \; "to match text, such as CVE-2014-6271 vulnerability of great famous tripod, can achieve the purpose of executing any command by submitting a specific character string, and causes great influence on the internet in 2014. The above expression can be matched with the form () { }; such special character combinations. The malicious request carries the texts, and whether the target host has the CVE-2014-6271 loophole or not is obtained through the malicious request.
And when the regular expression is used for matching the corresponding information, the reference equipment terminal considers that the second terminal equipment has the safety risk and sends negative feedback information to the server, otherwise, when the regular expression is used for not matching the corresponding information, the reference equipment terminal considers that the second terminal equipment does not have the safety risk and sends positive feedback information to the server.
Then, counting the number of positive feedback information and the number of negative feedback information respectively, and calculating the security index of the second terminal device according to the following formula:
the PosFbNum is the number of the positive feedback information, the NegFbNum is the number of the negative feedback information, BaseNum is a preset reference number, which can be set to 10, 20, 50 or other values according to actual conditions, BaseIdx is a preset reference index, which can be set to 60%, 65%, 70% or other values according to actual conditions, Ceil is an upward rounding function, Min is a minimum value solving function, and SafeIdx is a security index of the second terminal device.
If the security index is greater than the preset threshold, continuing to execute step S104, and if the security index is less than or equal to the threshold, it may be determined that the second terminal device has a greater security risk and is not suitable to establish a device connection with the second terminal device.
The threshold may be set according to practical situations, for example, it may be set to 80%, 85%, 90%, or other values.
Step S104, sending a device connection request to the second terminal device to establish device connection with the second terminal device.
The device connection request includes a device identifier of the first terminal device.
After receiving the device connection request sent by the first terminal device, the second terminal device may also determine whether the first terminal device has a security risk through a process similar to that in step S102 and step S103, and if the second terminal device determines that the first terminal device has a security risk, the second terminal device may reject the connection request, and if the second terminal device determines that the first terminal device does not have a security risk, the second terminal device may accept the connection request and establish a device connection with the first terminal device.
Further, considering that if the above calculation process is required for each device connection, more system resources will be consumed, in order to reduce the calculation amount, a device white list may be set in each terminal device, the device identifiers of all terminal devices that have successfully established device connections with the terminal device are recorded in the white list, and for terminal devices that exist in the white list, it is not necessary to calculate their security indexes.
That is, after step S101, the first terminal device first searches for the device identifier of the second terminal device in a preset device white list.
The device identification of all terminal devices which have successfully established device connection with the first terminal device is recorded in the device white list locally stored in the first terminal device, and if the device identification of the second terminal device is found in the device white list, it indicates that the device connection between the first terminal device and the second terminal device has successfully established device connection, and at this time, the verification information corresponding to the second terminal device can be determined according to the device white list.
In this embodiment, in the process of establishing the device connection, not only the device identifier needs to be identified, but also security is further enhanced by introducing check information, for the first terminal device, each terminal device with which the device connection has been successfully established has a corresponding check information, the check information includes, but is not limited to, specific forms such as numbers, character strings, pictures, sounds, and the like, and the check information of different terminal devices is also different.
In the device white list, the correspondence between the device identifier of each terminal device and the verification information is stored, as shown in the following table:
the check information corresponding to the second terminal device may be determined by querying the device white list, for example, if the device identifier of the second terminal device is the device identifier C, the check information corresponding to the second terminal device may be determined to be the check information 3 by querying.
After determining the verification information corresponding to the second terminal device, the first terminal device may send a device connection request to the second terminal device, so as to establish a device connection with the second terminal device.
The device connection request includes the device identifier of the first terminal device and the verification information. Similar to the first terminal device, a device white list is also locally stored in the second terminal device, the device white list records all device identifiers of terminal devices which have successfully established device connection with the second terminal device, after the second terminal device receives a device connection request sent by the first terminal device, the device identifier of the first terminal device is searched in the locally stored device white list, if the device identifier of the first terminal device is searched in the device white list, the device connection between the first terminal device and the second terminal device is successfully established, and at this time, the verification information corresponding to the first terminal device can be determined according to the device white list. And finally, the second terminal equipment compares the check information determined from the equipment white list with the check information in the equipment connection request sent by the first terminal equipment, and if the check information determined from the equipment white list is consistent with the check information in the equipment connection request sent by the first terminal equipment, the first terminal equipment is trustable, and equipment connection with the first terminal equipment can be established.
It should be noted that, the above process is a case where the first terminal device has successfully established the device connection with the second terminal device, and if the device connection between the first terminal device and the second terminal device has not been successfully established, the first terminal device may not find the device identifier of the second bluetooth terminal in the device list, at this time, step S102 and subsequent steps shown in fig. 1 may be executed, and after the security index of the second terminal device is greater than the threshold value and the device connection between the first terminal device and the second terminal device is established, at this time, the first terminal device may execute the steps shown in fig. 2:
step S201, obtaining the device identifier of the first terminal device, and generating verification information according to the device identifier of the first terminal device and the device identifier of the second terminal device.
In this embodiment, a check information base is preset in the first terminal device, and the check information base includes a plurality of pieces of check information that can be allocated to other terminal devices.
After acquiring the device identifier of the first terminal device, the first terminal device may calculate the sequence number of the check information in the check information base according to the following formula:
CheckInfoSq=HashFunc[Linkage(EquipID1,EquipID2)]
wherein, EquipID1 is the device identifier of the first terminal device, EquipID2 is the device identifier of the second terminal device, link (EquipID1, EquipID2) is a character string formed by sequentially connecting EquipID1 and EquipID2, HashFunc is a preset hash function, and CheckInfoSq is the sequence number of the check information obtained by calculation.
All hash functions have the following basic characteristics: if two hash values are not identical (according to the same hash function), then the original inputs for the two hash values are also not identical. This property gives the hash function a deterministic result. On the other hand, however, the input and output of a hash function are not unique correspondences, and if two hash values are the same, the two input values are likely to be the same, but may also be different, which is called "hash collision", which is usually two different input values, and the same output value is calculated intentionally. However, for the hash functions commonly used in the prior art, the probability of collision is very low and can be almost ignored, some data are input to calculate the hash value, then the input value is partially changed, and a hash function with strong confusion characteristics can generate a completely different hash value. The hash function in this embodiment may include, but is not limited to, any one of the hash functions commonly used in the prior art, such as MD4, MD5, SHA1, and the like.
After the calculation is completed, the first terminal device may search the check information corresponding to the calculated check information sequence number in the check information base.
Step S202, storing the corresponding relation between the second terminal device and the check information into the device white list.
Step S203, sending the verification information to the second terminal device, so that the second terminal device stores the corresponding relationship between the first terminal device and the verification information.
In this way, the corresponding relationship between the second terminal device and the check information is added to the device white list locally stored in the first terminal device, and the corresponding relationship between the first terminal device and the check information is added to the device white list locally stored in the second terminal device.
In the above process, the first terminal device is an initiator of the device connection, and when the first terminal device is a receiver of the device connection, the first terminal device may perform the following steps:
after receiving a device connection request sent by a third terminal device, the first terminal device first extracts a device identifier and verification information of the third terminal device from the device connection request.
The third terminal device may be the same terminal device as the second terminal device, or may be a terminal device different from the second terminal device.
If the device connection request does not include the verification information, it is indicated that the device connection between the first terminal device and the third terminal device is not successfully established, at this time, the first terminal device first sends a historical connection record query request to the server, where the historical connection record query request includes a device identifier of the third terminal device, then receives a historical connection record of the third terminal device fed back by the server, and calculates a security index of the third terminal device according to the historical connection record. If the security index is less than or equal to the threshold, the connection request may be rejected, and if the security index is greater than the threshold, the connection request may be accepted, and a device connection (a first connection between the two) with the third terminal device may be established. After the device connection is established, the first terminal device receives verification information generated and sent by a third terminal device, and adds the corresponding relation between the third terminal device and the verification information into a local device white list, so that when the first terminal device and the third terminal device perform the device connection again, the security can be confirmed by comparing the verification information.
If the device connection request includes the verification information, it indicates that the device connection between the first terminal device and the third terminal device has been successfully established, and at this time, the first terminal device may search the device identifier of the third terminal device in the device white list. If the device identifier of the third terminal device cannot be found in the device white list, it indicates that the third terminal device has potential safety hazard and is no longer in pairing connection with the third terminal device, and if the device identifier of the third terminal device is found in the device white list, it determines verification information corresponding to the third terminal device according to the device white list. If the check information in the device connection request is consistent with the check information determined according to the device white list, it indicates that the third terminal device is trustable, the device connection with the third terminal device can be established, and if the check information is inconsistent with the check information determined according to the device white list, it indicates that the third terminal device has potential safety hazard and is no longer in pairing connection with the third terminal device.
Further, it is considered that if the same check information is always repeatedly used between two terminal devices for check comparison, a risk of interception and forgery by a malicious device exists. In order to solve the problem, after the first terminal device and the second terminal device successfully establish the device connection for the first time, the first terminal device automatically generates a check information set instead of single check information, wherein the check information set comprises more than two check information.
Specifically, a check information base preset in the first terminal device includes a plurality of check information sets that can be allocated to other terminal devices, and the first terminal device may calculate, according to the following formula, a sequence number of the check information set corresponding to the second terminal device in the check information base:
CheckSetSq=HashFunc[Linkage(EquipID1,EquipID2)]
wherein, checkSetSq is the serial number of the check information set obtained by calculation.
After the calculation is completed, the first terminal device may search the check information set corresponding to the calculated check information set number in the check information base. Then, the first terminal device stores the corresponding relationship between the second terminal device and the check information set into the device white list, and sends the check information to the second terminal device, so that the second terminal device stores the corresponding relationship between the first terminal device and the check information set.
When the first terminal device receives a device connection instruction issued by a user and the first terminal device and the second terminal device perform device connection again, the device identifier of the second terminal device is firstly searched in a device white list, and a check information set corresponding to the second terminal device is further determined according to the device white list.
True random numbers are generated using physical phenomena such as coin rolls, dice, wheels, noise using electronic components, nuclear fission, and the like. Such random number generators are called physical random number generators and they have the disadvantage of relatively high technical requirements. In practical applications it is often sufficient to use pseudo random numbers. These series are "seemingly" random numbers, which are actually generated by a fixed, repeatable calculation. They are not truly random because they can actually be computed, but they have statistical characteristics similar to random numbers. In this embodiment, it is preferable to generate a random number by a preset pseudo random number generator, and then calculate the preferable check information corresponding to the random number in the check information set according to the following formula:
SelInfoSq=MOD(RandomNum,N)+1
wherein, MOD is a remainder function, RandomNum is the random number, N is the total number of the check information in the check information set, and sellnfosq is the sequence number of the preferred check information in the check information set.
For example, if the check information set is found as follows:
if the check information set is { check information 1, check information 2, check information 3, … …, and check information 100} and the random number is 876, the 77 th check information is selected as the finally determined preferred check information.
After the preferred verification information is determined, the first terminal device sends a device connection request to the second terminal device, wherein the device connection request comprises the device identification of the first terminal device, the verification information and the random number RandomNum. Similar to the first terminal device, a device white list is also stored locally in the second terminal device, the device white list records all device identifiers of terminal devices which have successfully established device connection with the second terminal device, after the second terminal device receives a device connection request sent by the first terminal device, the device identifier of the first terminal device is searched in the locally stored device white list, if the device identifier of the first terminal device is searched in the device white list, the device connection between the first terminal device and the second terminal device is successfully established, at this time, a verification information set corresponding to the first terminal device can be determined according to the device white list, preferred verification information is selected from the random number RandomNum, and finally, the verification information determined from the device white list is compared with the verification information in the device connection request sent by the first terminal device by the second terminal device, if the two are consistent, the first terminal device is trusted, and the device connection with the first terminal device can be established.
Through the mode, even if the malicious device intercepts the verification information used when the first terminal device is connected with the second terminal device at a certain time, the verification information at each time is random, the verification information at the next time is different from the verification information at the last time, and if the malicious device conducts verification by using the intercepted verification information, the malicious device can still be identified because the verification information cannot be successfully compared, so that the safety of device connection is greatly improved.
In summary, after receiving a device connection instruction (including a device identifier of a second terminal device) issued by a user, a first terminal device in the embodiments of the present invention first sends a historical connection record query request (including the device identifier of the second terminal device) to a preset server, then receives a historical connection record of the second terminal device fed back by the server, and calculates a security index of the second terminal device according to the historical connection record. And if the safety index is larger than a preset threshold value, sending a device connection request to the second terminal device so as to establish device connection with the second terminal device. In the embodiment of the invention, the historical connection record is used as a basis for evaluating the safety of the terminal equipment to be connected, so that malicious terminal equipment is identified in advance, and the risk of economic loss caused by illegal invasion is greatly reduced.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Fig. 3 shows a structure diagram of an embodiment of a terminal device security verification apparatus according to an embodiment of the present invention, which corresponds to the terminal device security verification method described in the foregoing embodiment.
In this embodiment, a terminal device security verification apparatus may include:
a device connection instruction receiving module 301, configured to receive, by a first terminal device, a device connection instruction issued by a user, where the device connection instruction includes a device identifier of a second terminal device;
a query request sending module 302, configured to send a historical connection record query request to a preset server, where the historical connection record query request includes a device identifier of the second terminal device;
a connection record receiving module 303, configured to receive a historical connection record of the second terminal device fed back by the server;
a security index calculation module 304, configured to calculate a security index of the second terminal device according to the historical connection record;
a first connection request sending module 305, configured to send a device connection request to the second terminal device to establish a device connection with the second terminal device if the security index is greater than a preset threshold, where the device connection request includes a device identifier of the first terminal device.
Further, the safety index calculation module may include:
a feedback information extraction unit, configured to extract, from the historical connection record, feedback information of a device connection process between each reference terminal device and the second terminal device, where the reference terminal device is a terminal device that has established a device connection with the second terminal device;
the number counting unit is used for respectively counting the number of the positive feedback information and the number of the negative feedback information;
a security index calculation unit, configured to calculate a security index of the second terminal device according to the following formula:
wherein, PosFbNum is the number of the positive feedback information, NegFbNum is the number of the negative feedback information, BaseNum is a preset reference number, BaseIdx is a preset reference index, Ceil is an upward rounding function, Min is a minimum function, and SafeIdx is a security index of the second terminal device.
Further, the terminal device security verification apparatus may further include:
the verification information generating module is used for acquiring the equipment identifier of the first terminal equipment and generating verification information according to the equipment identifier of the first terminal equipment and the equipment identifier of the second terminal equipment;
the verification information storage module is used for storing the corresponding relation between the second terminal equipment and the verification information into the equipment white list;
and the verification information sending module is used for sending the verification information to the second terminal equipment so as to enable the second terminal equipment to store the corresponding relation between the first terminal equipment and the verification information.
Further, the verification information generating module may include:
a sequence number calculating unit, configured to calculate a sequence number of the check information in a preset check information base according to the following formula:
CheckInfoSq=HashFunc[Linkage(EquipID1,EquipID2)]
wherein, EquipID1 is the device identifier of the first terminal device, EquipID2 is the device identifier of the second terminal device, link (EquipID1, EquipID2) is a character string formed by sequentially connecting EquipID1 and EquipID2, HashFunc is a preset hash function, and CheckInfoSq is a check information sequence number obtained by calculation;
and the checking information searching unit is used for searching the checking information corresponding to the checking information serial number in the checking information base.
Further, the terminal device security verification apparatus may further include:
the device identifier searching module is used for searching the device identifier of the second terminal device in a preset device white list;
a check information determining module, configured to determine, if the device identifier of the second terminal device is found in the device white list, check information corresponding to the second terminal device according to the device white list;
and the second connection request sending module is used for sending a device connection request to the second terminal device so as to establish device connection with the second terminal device, wherein the device connection request comprises the device identifier of the first terminal device and the verification information.
Further, the verification information determination module may include:
a check information set determining unit, configured to determine, according to the device white list, a check information set corresponding to the second terminal device, where the check information set includes more than two pieces of check information;
a random number generation unit for generating a random number by a preset pseudo random number generator;
a preferred check information selecting unit, configured to calculate preferred check information corresponding to the random number in the check information set according to the following formula:
SelInfoSq=MOD(RandomNum,N)+1
wherein, MOD is a remainder function, RandomNum is the random number, N is the total number of the check information in the check information set, and sellnfosq is the sequence number of the preferred check information in the check information set.
Further, the device connecting apparatus may further include:
a device connection request receiving module, configured to receive, by the first terminal device, a device connection request sent by a third terminal device, and extract a device identifier and verification information of the third terminal device from the device connection request;
a device identifier searching module, configured to search the device identifier of the third terminal device in the device white list;
a check information determining module, configured to determine, if the device identifier of the third terminal device is found in the device white list, check information corresponding to the third terminal device according to the device white list;
and the equipment connection establishing module is used for establishing equipment connection with the third terminal equipment if the verification information in the equipment connection request is consistent with the verification information determined according to the equipment white list.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses, modules and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Fig. 4 shows a schematic block diagram of a terminal device according to an embodiment of the present invention, and for convenience of description, only the parts related to the embodiment of the present invention are shown.
In this embodiment, the terminal device 4 may be a computing device such as a mobile phone, a notebook, a tablet computer, and the like. The terminal device 4 may include: a processor 40, a memory 41 and computer readable instructions 42 stored in said memory 41 and executable on said processor 40, for example computer readable instructions to perform the above described method for security authentication of a terminal device. The processor 40, when executing the computer readable instructions 42, implements the steps in the above-described embodiments of the terminal device security authentication method, such as the steps S101 to S104 shown in fig. 1. Alternatively, the processor 40, when executing the computer readable instructions 42, implements the functions of the modules/units in the above device embodiments, such as the functions of the modules 301 to 305 shown in fig. 3.
Illustratively, the computer readable instructions 42 may be partitioned into one or more modules/units that are stored in the memory 41 and executed by the processor 40 to implement the present invention. The one or more modules/units may be a series of computer-readable instruction segments capable of performing specific functions, which are used for describing the execution process of the computer-readable instructions 42 in the terminal device 4.
The Processor 40 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 41 may be an internal storage unit of the terminal device 4, such as a hard disk or a memory of the terminal device 4. The memory 41 may also be an external storage device of the terminal device 4, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the terminal device 4. Further, the memory 41 may also include both an internal storage unit and an external storage device of the terminal device 4. The memory 41 is used to store the computer readable instructions and other instructions and data required by the terminal device 4. The memory 41 may also be used to temporarily store data that has been output or is to be output.
Each functional unit in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes a plurality of computer readable instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and the like, which can store computer readable instructions.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (9)
1. A terminal device security verification method is characterized by comprising the following steps:
a first terminal device receives a device connection instruction issued by a user, wherein the device connection instruction comprises a device identifier of a second terminal device;
sending a historical connection record query request to a preset server, wherein the historical connection record query request comprises the equipment identifier of the second terminal equipment;
receiving a historical connection record of the second terminal equipment fed back by the server, and calculating a security index of the second terminal equipment according to the historical connection record;
if the safety index is larger than a preset threshold value, sending a device connection request to the second terminal device to establish device connection with the second terminal device, wherein the device connection request comprises a device identifier of the first terminal device;
the calculating the security index of the second terminal device according to the historical connection record comprises:
extracting feedback information of each reference terminal device in the device connection process between each reference terminal device and the second terminal device from the historical connection record, wherein the reference terminal device is the terminal device which has established device connection with the second terminal device;
counting the number of positive feedback information and the number of negative feedback information respectively;
calculating the security index of the second terminal device according to the following formula:
wherein, PosFbNum is the number of the positive feedback information, NegFbNum is the number of the negative feedback information, BaseNum is a preset reference number, BaseIdx is a preset reference index, Ceil is an upward rounding function, Min is a minimum function, and SafeIdx is a security index of the second terminal device.
2. The terminal device security authentication method according to claim 1, further comprising, after establishing the device connection with the second terminal device:
acquiring the equipment identifier of the first terminal equipment, and generating verification information according to the equipment identifier of the first terminal equipment and the equipment identifier of the second terminal equipment;
storing the corresponding relation between the second terminal equipment and the verification information into a preset equipment white list;
and sending the verification information to the second terminal equipment so that the second terminal equipment stores the corresponding relation between the first terminal equipment and the verification information.
3. The terminal device security verification method according to claim 2, wherein the generating of the verification information according to the device identifier of the first terminal device and the device identifier of the second terminal device comprises:
calculating the serial number of the check information in a preset check information base according to the following formula:
CheckInfoSq=HashFunc[Linkage(EquipID1,EquipID2)]
wherein, EquipID1 is the device identifier of the first terminal device, EquipID2 is the device identifier of the second terminal device, link (EquipID1, EquipID2) is a character string formed by sequentially connecting EquipID1 and EquipID2, HashFunc is a preset hash function, and CheckInfoSq is a check information sequence number obtained by calculation;
and searching the verification information corresponding to the verification information serial number in the verification information base.
4. The method for verifying the security of the terminal device according to claim 1, after receiving the device connection command issued by the user, further comprising:
searching the device identification of the second terminal device in a preset device white list;
if the device identifier of the second terminal device is found in the device white list, determining verification information corresponding to the second terminal device according to the device white list;
and sending a device connection request to the second terminal device to establish device connection with the second terminal device, wherein the device connection request comprises the device identifier of the first terminal device and the verification information.
5. The method for security verification of a terminal device according to claim 4, wherein the determining the verification information corresponding to the second terminal device according to the device white list includes:
determining a check information set corresponding to the second terminal device according to the device white list, wherein the check information set comprises more than two check information;
generating a random number through a preset pseudo-random number generator;
calculating preferred check information corresponding to the random number in the check information set according to the following formula:
SelInfoSq=MOD(RandomNum,N)+1
wherein, MOD is a remainder function, RandomNum is the random number, N is the total number of the check information in the check information set, and sellnfosq is the sequence number of the preferred check information in the check information set.
6. The terminal device security authentication method according to any one of claims 1 to 5, further comprising:
the first terminal equipment receives an equipment connection request sent by third terminal equipment, and extracts equipment identification and verification information of the third terminal equipment from the equipment connection request;
searching the device identifier of the third terminal device in the device white list;
if the device identifier of the third terminal device is found in the device white list, determining verification information corresponding to the third terminal device according to the device white list;
and if the check information in the equipment connection request is consistent with the check information determined according to the equipment white list, establishing equipment connection with the third terminal equipment.
7. A terminal device security verification apparatus, comprising:
the device connection instruction receiving module is used for receiving a device connection instruction issued by a user by a first terminal device, wherein the device connection instruction comprises a device identifier of a second terminal device;
the query request sending module is used for sending a historical connection record query request to a preset server, wherein the historical connection record query request comprises the equipment identifier of the second terminal equipment;
a connection record receiving module, configured to receive a historical connection record of the second terminal device, where the historical connection record is fed back by the server;
the safety index calculation module is used for calculating the safety index of the second terminal equipment according to the historical connection record;
a first connection request sending module, configured to send a device connection request to the second terminal device to establish a device connection with the second terminal device if the security index is greater than a preset threshold, where the device connection request includes a device identifier of the first terminal device;
the safety index calculation module comprises:
a feedback information extraction unit, configured to extract, from the historical connection record, feedback information of a device connection process between each reference terminal device and the second terminal device, where the reference terminal device is a terminal device that has established a device connection with the second terminal device;
the number counting unit is used for respectively counting the number of the positive feedback information and the number of the negative feedback information;
a security index calculation unit, configured to calculate a security index of the second terminal device according to the following formula:
wherein, PosFbNum is the number of the positive feedback information, NegFbNum is the number of the negative feedback information, BaseNum is a preset reference number, BaseIdx is a preset reference index, Ceil is an upward rounding function, Min is a minimum function, and SafeIdx is a security index of the second terminal device.
8. A computer readable storage medium storing computer readable instructions, wherein the computer readable instructions, when executed by a processor, implement the steps of the terminal device security authentication method according to any one of claims 1 to 6.
9. A terminal device comprising a memory, a processor and computer readable instructions stored in the memory and executable on the processor, wherein the processor when executing the computer readable instructions implements the steps of the terminal device security authentication method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910041442.3A CN109905366B (en) | 2019-01-16 | 2019-01-16 | Terminal equipment safety verification method and device, readable storage medium and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910041442.3A CN109905366B (en) | 2019-01-16 | 2019-01-16 | Terminal equipment safety verification method and device, readable storage medium and terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109905366A CN109905366A (en) | 2019-06-18 |
| CN109905366B true CN109905366B (en) | 2022-03-22 |
Family
ID=66943842
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910041442.3A Active CN109905366B (en) | 2019-01-16 | 2019-01-16 | Terminal equipment safety verification method and device, readable storage medium and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109905366B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110765082B (en) * | 2019-09-06 | 2023-11-24 | 深圳平安通信科技有限公司 | Hadoop file processing method and device, storage medium and server |
| CN114390506B (en) * | 2020-10-16 | 2023-10-27 | 海尔优家智能科技(北京)有限公司 | Egg frame connection method and device, storage medium and electronic device |
| CN115499199B (en) * | 2022-09-14 | 2024-07-16 | 重庆长安汽车股份有限公司 | Safety communication method and device for vehicle, vehicle and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105099705A (en) * | 2015-08-19 | 2015-11-25 | 同方计算机有限公司 | Safety communication method and system based on USB protocol |
| CN205029678U (en) * | 2015-08-19 | 2016-02-10 | 同方计算机有限公司 | Secure communication system based on USB agreement |
| WO2016062002A1 (en) * | 2014-10-20 | 2016-04-28 | 小米科技有限责任公司 | Connection management method and apparatus, electrical device |
| CN105933266A (en) * | 2015-08-20 | 2016-09-07 | 中国银联股份有限公司 | Verification method and server |
| CN106412909A (en) * | 2016-10-19 | 2017-02-15 | 广东欧珀移动通信有限公司 | Device connection method and device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4670950B2 (en) * | 2008-12-09 | 2011-04-13 | ソニー株式会社 | COMMUNICATION DEVICE, COMMUNICATION METHOD, AND PROGRAM |
| CN105991600B (en) * | 2015-02-25 | 2019-06-21 | 阿里巴巴集团控股有限公司 | Identity identifying method, device, server and terminal |
| CN115719224A (en) * | 2016-01-25 | 2023-02-28 | 创新先进技术有限公司 | Credit payment method and device based on mobile terminal card simulation |
-
2019
- 2019-01-16 CN CN201910041442.3A patent/CN109905366B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016062002A1 (en) * | 2014-10-20 | 2016-04-28 | 小米科技有限责任公司 | Connection management method and apparatus, electrical device |
| CN105099705A (en) * | 2015-08-19 | 2015-11-25 | 同方计算机有限公司 | Safety communication method and system based on USB protocol |
| CN205029678U (en) * | 2015-08-19 | 2016-02-10 | 同方计算机有限公司 | Secure communication system based on USB agreement |
| CN105933266A (en) * | 2015-08-20 | 2016-09-07 | 中国银联股份有限公司 | Verification method and server |
| CN106412909A (en) * | 2016-10-19 | 2017-02-15 | 广东欧珀移动通信有限公司 | Device connection method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109905366A (en) | 2019-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2019222729B2 (en) | Asset management method and apparatus, and electronic device | |
| CN110545190B (en) | Signature processing method, related device and equipment | |
| CN109905366B (en) | Terminal equipment safety verification method and device, readable storage medium and terminal equipment | |
| KR20140072886A (en) | Authenticating device users | |
| CN109587669B (en) | Bluetooth pairing method and device, readable storage medium and terminal equipment | |
| CN108494557B (en) | Social security digital certificate management method, computer readable storage medium and terminal device | |
| CN104980402B (en) | Method and device for identifying malicious operation | |
| WO2019080423A1 (en) | Resource value transfer method and apparatus, storage medium, and server | |
| CN110830445A (en) | Method and device for identifying abnormal access object | |
| CN109992986B (en) | Desensitization processing method and device for sensitive data | |
| CN106919816A (en) | A kind of user authen method and device, a kind of device for user authentication | |
| CN113961961A (en) | Privacy set intersection method and device based on scalable-ot | |
| CN115544579B (en) | Double-random data confusion query method, device and system | |
| CN109816543A (en) | A kind of image lookup method and device | |
| CN106685945B (en) | Service request processing method, service handling number verification method and terminal thereof | |
| CN105590044B (en) | A kind of information authentication method and device | |
| CN111027065B (en) | Leucavirus identification method and device, electronic equipment and storage medium | |
| CN113886242A (en) | Data processing method, device, terminal and storage medium | |
| WO2024103765A1 (en) | Sensitive data recognition model generation method and apparatus, and device and storage medium | |
| KR102264720B1 (en) | Method of User Authentication executed in authentication server, management server and user terminal | |
| CN112765588A (en) | Identity recognition method and device, electronic equipment and storage medium | |
| CN115037484B (en) | Digital collection receiving method and device and electronic equipment | |
| US12013830B2 (en) | System and method using bloom filters to improve system reliability | |
| CN117835240A (en) | Custom ROM identification method and device, electronic equipment and medium | |
| CN115567281A (en) | Data processing method and device and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |