CN112968889B - Host right management method, terminal, device and computer readable storage medium - Google Patents
Host right management method, terminal, device and computer readable storage medium Download PDFInfo
- Publication number
- CN112968889B CN112968889B CN202110174504.5A CN202110174504A CN112968889B CN 112968889 B CN112968889 B CN 112968889B CN 202110174504 A CN202110174504 A CN 202110174504A CN 112968889 B CN112968889 B CN 112968889B
- Authority
- CN
- China
- Prior art keywords
- host
- public key
- message
- server
- android device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method, a device and equipment for managing host authority and a computer readable storage medium, wherein the method for managing the host authority comprises the following steps: sending an authentication token message to a host, and receiving a signature message fed back by the host based on the received authentication token message; if the signature message is invalid, acquiring a host public key sent by the host, and acquiring a server public key fed back by a server corresponding to the android device based on the host public key; and if the host public key is matched with the server public key, authorizing the host. The method and the device improve the data security of the android device.
Description
Technical Field
The present invention relates to the field of communications network technologies, and in particular, to a host right management method, a terminal, a device, and a computer-readable storage medium.
Background
At present, public and private key authentication mechanisms are added to adb (debug bridge) in the market, and only an authorized host is allowed to use a USB debug interface. When the android device accesses an unauthorized host, an adb daemon (debug bridge process) on the host sends a host public key to the android device. And popping up an information box on the android device, and inquiring whether the host is allowed to use the debugging interface. If the choice is permanently allowed, the host public key will be saved to the handset. At present, more and more internet of things devices use android systems, but some devices in the internet of things cannot be authorized by clicking a popup window due to some special reasons. In order to solve the problem, an authentication mechanism is closed or a public key is built in a host to a specified path at present, and the host holding the public key automatically becomes an authorized device.
Disclosure of Invention
The invention mainly aims to provide a host authority management method, a host authority management device and a computer readable storage medium, and aims to solve the technical problems of improving the data security of android equipment and avoiding the data leakage.
In order to achieve the above object, the present invention provides a host right management method, which is applied to an android device, and comprises the following steps:
sending an authentication token message to a host, and receiving a signature message fed back by the host based on the received authentication token message;
if the signature message is invalid, acquiring a host public key sent by the host, and acquiring a server public key fed back by a server corresponding to the android device based on the host public key;
and if the host public key is matched with the server public key, authorizing the host.
Optionally, the step of obtaining, based on the host public key, a server public key fed back by a server corresponding to the android device includes:
starting a preset debugging program according to a framework layer in the android device, and sending a public key downloading instruction to a server corresponding to the android device according to the started debugging program;
and receiving a server public key fed back by the server based on the downloading public key instruction.
Optionally, if the signature packet is invalid, the step of obtaining the host public key sent by the host includes:
if the signature message is invalid, sending a new authentication token message to the host, receiving a new signature message fed back by the host based on the new authentication token message, and detecting whether the new signature message is an encrypted public key message;
and if so, extracting the host public key in the new signature message according to a preset decryption algorithm corresponding to the encrypted public key message.
Optionally, after the step of receiving the signature packet fed back by the host based on the received authentication token packet, the method includes:
analyzing and verifying the signature message according to a historical public key preset in the android device;
if the analysis and verification are successful, determining that the signature message is valid, and sending a connection message to the host; or the like, or a combination thereof,
and if the analysis and verification fails, determining that the signature message is invalid.
In addition, in order to achieve the above object, the present invention provides a host right management method, which is applied to a host, and the host right management includes the following steps:
acquiring a public key sent by a server corresponding to a host;
if an authentication token message sent by android equipment corresponding to the host is received, signing the authentication token message according to a private key corresponding to the public key to obtain a signature message, and sending the signature message to the android equipment;
and if a new authentication token message fed back by the android device based on the signature message is received, generating an encrypted public key message according to the public key, and sending the encrypted public key message to the android device.
Optionally, after the step of generating an encrypted public key message according to the public key if a new authentication token message fed back by the android device based on the signature message is received, the method includes:
if a new authentication token message fed back by the android device based on the signature message is received, determining whether a plurality of groups of private keys exist in the host;
if the public key exists, traversing each private key, and executing the step of signing the authentication token message according to the private key corresponding to the public key according to the traversed private key;
and if all the private keys are traversed and new authentication token messages corresponding to all the private keys are received, encrypting the public key sent by the server to generate an encrypted public key message.
In addition, to achieve the above object, the present invention provides a host right management apparatus, including:
the sending module is used for sending an authentication token message to the host and receiving a signature message fed back by the host based on the received authentication token message;
the first obtaining module is used for obtaining a host public key sent by the host if the signature message is invalid, and obtaining a server public key fed back by a server corresponding to the android device based on the host public key;
and the matching module is used for performing authorization processing on the host if the host public key is matched with the server public key.
In addition, to achieve the above object, the present invention also provides a host right management apparatus including:
the second acquisition module is used for acquiring the public key sent by the server corresponding to the host;
the signature module is used for signing the authentication token message according to a private key corresponding to the public key to obtain a signature message and sending the signature message to the android device if the authentication token message sent by the android device corresponding to the host is received;
and the generating module is used for generating an encrypted public key message according to the public key and sending the encrypted public key message to the android device if a new authentication token message fed back by the android device based on the signature message is received.
In addition, to achieve the above object, the present invention also provides a host right management device, including: the system comprises a memory, a processor and a host authority management program stored on the memory and capable of running on the processor, wherein the host authority management program realizes the steps of the host authority management method when being executed by the processor.
In addition, to achieve the above object, the present invention also provides a computer readable storage medium having a host right management program stored thereon, which when executed by a processor implements the steps of the host right management method as described above.
The invention sends an authentication token message to a host and receives a signature message fed back by the host based on the received authentication token message; if the signature message is invalid, acquiring a host public key sent by the host, and acquiring a server public key fed back by a server corresponding to the android device based on the host public key; and if the host public key is matched with the server public key, authorizing the host. By sending the authentication token message to the host and receiving the signature message fed back by the host, when the signature message is invalid, the server public key fed back by the server is obtained according to the obtained host public key, and when the host public key is matched with the server public key, the host is authorized, so that the phenomenon that data leakage of the android device is caused by the mode that an authentication mechanism or a built-in public key to a specified path needs to be closed when the host is authorized in the prior art is avoided, and the safety of the data of the android device is improved.
Drawings
FIG. 1 is a schematic diagram of a host rights management device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a host rights management method according to a first embodiment of the present invention;
FIG. 3 is a flowchart illustrating a host rights management method according to a third embodiment of the present invention;
FIG. 4 is a block diagram of a host rights management device according to the present invention;
FIG. 5 is a block diagram of another device module of the host rights management device of the present invention;
FIG. 6 is an interaction diagram of a host and an android device in the host permission management method of the present invention;
FIG. 7 is a schematic diagram illustrating a process of detecting a host public key in the host right management method according to the present invention;
fig. 8 is a schematic flow chart of a host obtaining a public key in the host right management method of the present invention.
The implementation, functional features and advantages of the present invention will be further described with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
As shown in fig. 1, fig. 1 is a schematic structural diagram of a host rights management device of a hardware operating environment according to an embodiment of the present invention.
The host right management device in the embodiment of the invention can be a terminal device such as a PC or a server (such as an X86 server) which is loaded with a virtualization platform.
As shown in fig. 1, the host right management device may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. The communication bus 1002 is used to implement connection communication among these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory such as a disk memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the terminal structure shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a host rights management program.
In the terminal shown in fig. 1, the network interface 1004 is mainly used for connecting to a backend server and performing data communication with the backend server; the user interface 1003 is mainly used for connecting a client (user side) and performing data communication with the client; and the processor 1001 may be configured to invoke a host rights management program stored in the memory 1005 and perform the operations of the following host rights configuration method embodiments of the security component.
Based on the above hardware structure, an embodiment of the host right management method of the present invention is provided as follows.
Referring to fig. 2, fig. 2 is a flowchart illustrating a host right management method according to a first embodiment of the present invention, where the host right management method includes:
step S10, sending an authentication token message to a host, and receiving a signature message fed back by the host based on the received authentication token message;
in this embodiment, the host right management method is applied to an android device. The android device can be a mobile phone, a tablet computer and the like with an android system, and the android device can be provided with or without a screen.
Because the two-clock scheme adopted aiming at the problem that part of equipment cannot be authorized exists in the Internet of things at present, namely the authentication mechanism is closed, any host can debug the android equipment after the authentication mechanism is closed, or a public key is built in to a specified path, and the host with the public key automatically becomes the authorized equipment. But any host computer of the first scheme can debug the android device, so that data in the android device is easy to leak, and potential safety hazards exist. In the second scheme, once the built-in public key is deleted, the host authorization can be invalid immediately, the execution efficiency of subsequent work is influenced, and once the built-in public key leaks, any host with the public key can be debugged, so that the data leakage of the android device is easily caused, and the data security of the android device is reduced. To avoid this phenomenon, in this embodiment, when the android device accesses the unauthorized host, a public key is downloaded from the server and stored in its memory, instead of being embedded in a specified path. And the host computer can download the same public key from the server, and the public key is used for authorization, so that the probability of mistakenly deleting the public key by the android device can be reduced. The public key on the server only needs to be managed, and the public key in the host computer is detected to leak, so that the public key can be replaced in time, the data leakage of the android device is effectively avoided, and the safety of the data of the android device is improved.
In addition, in this embodiment, the host downloads the public key in the server in advance, and then establishes connection with the android device, and the host may sequentially send all public and private key pairs downloaded from the server to the android device for verification, that is, sign the message through the private key and then send the signed message to the android device, so that the android device verifies the signed message, that is, the signed message, and if the verification is passed, it is directly determined that the host has the authority to debug the android device. If the verification fails, a new signature message is continuously sent, if all public and private key pairs have been sent to the android device and the android device is not successfully verified, the host can send an AUTH RSAPUBLICKEY message (namely an encrypted public key message) to the android device, the AUTH RSAPUBLICKEY message contains a public key downloaded by the host from the server in the latest time period, namely a host public key, the android device can actively download a corresponding public key from the server, whether the two public keys are the same or not is detected, if not, the host is not authorized, if so, the host is authorized, and the host can control data in the android device.
Therefore, in this embodiment, when the android device accesses an unauthorized host, the android device sends an authtoken message (i.e., an authentication TOKEN message) to the host. The authentication token message comprises a random token with preset bytes (such as 20 bytes), and the host signs the random token according to a private key of the host, places the random token in a signal message to be sent to the android device to obtain a SIGNATURE message, and sends the SIGNATURE message to the android device. That is, after sending the authentication token message to the host, the android device receives a signature message fed back by the host based on the received authentication token message, where the signature message carries a private key of the android device corresponding to a public key downloaded by the host from the server, so that the android device verifies the private key in the signature message.
And the android device can verify the signature message by analyzing and verifying the signature message through the existing historical public key in the android device, if the analysis and verification are successful, the signature message is determined to be valid, and if the analysis and verification are failed, the signature message is determined to be invalid. Wherein the historical public key is a public key that the android device has downloaded in the server before the current time.
Step S20, if the signature message is invalid, acquiring a host public key sent by the host, and acquiring a server public key fed back by a server corresponding to the android device based on the host public key;
when the signature message is found to be invalid through judgment, a new AUTH TOKEN message (namely a new authentication TOKEN message) is sent to the host again, after the host receives the new authentication TOKEN message, whether a plurality of public keys downloaded from the server exist or not is detected firstly, namely whether a plurality of groups of public and private key pairs exist in the host or not is detected, namely whether a plurality of groups of private keys exist in the host or not is determined, if the public keys do not exist, the host sends an AUTH RSAPUBLICKEY message to the android device, and the AUTH RSAPUBLICKEY message contains the public key downloaded from the server in the latest time period, namely the host public key. If a plurality of groups of private keys exist in the host, the host can sequentially send all the private keys to the android device, the android device can verify all the private keys in the same mode, if all the private keys do not pass the verification, the host can send an AUTH RSAPUBLICKEY message to the android device, and the AUTH RSAPUBLICKEY message contains a public key downloaded by the host from the server in the latest time period, namely, a host public key.
And the interactive process between the host and the android device may be as shown in fig. 6, the host sends a connection request to the android device, and after the connection between the android device and the host is established, the android device sends a token message, i.e., an authentication token message, the host sends a SIGNATUR message with a host signature, i.e., a signature message, based on the authentication token message, the android device verifies the signature in the signature message, if the verification passes, the host sends a CONNECT message, i.e., a communication connection message, if the verification fails, a new token message is sent to the host, and after all private keys of the host are sent, the host sends a rsaplickey message (encrypted public key message) with a public key of the host (i.e., a host public key) to the android device, so that the android device performs permission verification.
After the android device acquires a host public key sent by the host, the host public key is moved to a Framework layer through an adbd (namely, an adb tool and a Debugging bridge) in the android device, so that the Framework layer calls a Usb distribution Manager (a Debugging Manager) to carry out authorization verification processing on the host, and when the Usb distribution Manager is detected to be called, the android device actively downloads a public key from a server, namely, the server public key, so that the Usb distribution Manager detects the host public key according to the server public key, and whether the host is authorized or not is determined.
And step S30, if the host public key is matched with the server public key, authorizing the host.
In this embodiment, after the android device acquires the host public key sent by the host and the server public key downloaded from the server, it is detected whether the host public key and the server public key are matched, and if so, authorization processing is directly performed on the host, and it is determined that the host has the authority to control data in the android device. And if the host public key is not matched with the android device, directly determining that the host does not have the authority of controlling the data in the android device. For example, as shown in fig. 7, after receiving a host public key of a host through an adbd in an android device, the Usb distribution Manager in the android device may be started through a Framework in the android device, and when the Usb distribution Manager is called, a public key may be downloaded in a server, that is, a server public key is downloaded, and after the public key is downloaded successfully, a comparison operation may be performed to determine whether the host public key and the server public key match, if so, it is determined that authorization for the host succeeds, and if not, it is determined that authorization for the host fails.
In this embodiment, an authentication token message is sent to a host, and a signature message fed back by the host based on the received authentication token message is received; if the signature message is invalid, acquiring a host public key sent by the host, and acquiring a server public key fed back by a server corresponding to the android device based on the host public key; and if the host public key is matched with the server public key, authorizing the host. By sending the authentication token message to the host and receiving the signature message fed back by the host, when the signature message is invalid, the server public key fed back by the server is obtained according to the obtained host public key, and when the host public key is matched with the server public key, the host is authorized, so that the phenomenon that data leakage of the android device is caused by the mode that an authentication mechanism or a built-in public key to a specified path needs to be closed when the host is authorized in the prior art is avoided, and the safety of the data of the android device is improved.
Further, based on the first embodiment of the present invention, a second embodiment of the host right management method of the present invention is provided, in this embodiment, in step S20 in the above embodiment, the refinement of the step of obtaining, based on the host public key, a server public key fed back by a server corresponding to the android device includes:
step a, starting a preset debugging program according to a framework layer in the android device, and sending a public key downloading instruction to a server corresponding to the android device according to the started debugging program;
in this embodiment, after the android device receives the host public key of the host, the host public key is sent to the architecture layer of the android device through the adbd of the android device, and the android device starts a preset Debugging program, such as Usb debug Manager, and when the Usb debug Manager is called, a download public key instruction is sent to a server which establishes a communication connection with the android device, so that the android device downloads the public key in the server.
And b, receiving a server public key fed back by the server based on the download public key instruction.
In this embodiment, the server receives the download key instruction sent by the android device, and feeds back the public key corresponding to the host public key, that is, the server public key to the android device. That is, the android device feeds back the public key newly downloaded by the host as the server public key to the android device.
In this embodiment, the debugging program is started according to the architecture layer of the android device, the download public key instruction is sent to the server, and the server public key fed back by the server based on the download public key instruction is received, so that the effectiveness of the obtained server public key is guaranteed.
Further, if the signature packet is invalid, the step of obtaining the host public key sent by the host includes:
step c, if the signature message is invalid, sending a new authentication token message to the host, receiving a new signature message fed back by the host based on the new authentication token message, and detecting whether the new signature message is an encrypted public key message;
in this embodiment, when the android device receives the signature message sent by the host and detects that the signature message is invalid, a new authentication token message is sent to the host again, that is, a new authentication token message is sent to the host, and the new authentication token message also includes a random token with preset bytes (for example, 20 bytes), it should be noted that the random token in the new authentication token message is different from the random token in the authentication token message. And the host can determine the number of the private keys of the host, and if a plurality of private keys exist, the host signs the random token in the new authentication token message according to the new private key and feeds the signed random token back to the android device. If there is only one private key, the RSAPUBLICKEY message (namely, the encrypted public key message) with the own public key (namely, the host public key) is directly sent to the android device.
And the android device can detect whether the new signature message is the encrypted public key message or not when receiving a message fed back by the host based on the new authentication token message, namely the new signature message, so as to execute different operations according to different detection results.
And d, if so, extracting the host public key in the new signature message according to a preset decryption algorithm corresponding to the encrypted public key message.
And when the new signature message is found to be the encrypted public key message through judgment, the encrypted public key message is decrypted according to a preset decryption algorithm corresponding to the preset encrypted public key, and the host public key in the new signature message is extracted after the decryption is finished. And if the new signature message is not the encrypted public key message, continuously verifying the private key in the new signature message through the existing public key in the android device.
In this embodiment, when it is determined that the signature message is invalid, the new authentication token is sent to the host, the new signature message fed back by the host is received, and when the new signature message is an encrypted public key message, the host public key in the new signature message is extracted according to a preset decryption algorithm, so that the accuracy of the obtained host public key is ensured.
Further, after the step of receiving the signature packet fed back by the host based on the received authentication token packet, the method includes:
step e, analyzing and verifying the signature message according to a preset historical public key in the android device;
in this embodiment, after the android device receives the signature message sent by the host, the signature message may be analyzed and verified through the existing historical public key in the android device, that is, it is determined whether the signature message can be decrypted through the historical public key, and different operations are performed according to different analysis and verification results. Wherein the historical public key is a public key that the android device has downloaded in the server before the current time.
Step f, if the analysis and verification are successful, determining that the signature message is valid, and sending a connection message to the host; or the like, or, alternatively,
step h, if the analysis and verification fails, determining that the signature message is invalid.
In this embodiment, when it is determined that the signature message is successfully analyzed and verified through the historical public key, the validity of the signature message can be directly determined, and a connection message can be sent to the host to inform the host that the host has the authority to access and control the android device. Or, if the analysis and verification of the signature message through the historical public key fails, the signature message can be directly determined to be invalid, and a new authentication token message is sent to the host again.
In this embodiment, the signature message is analyzed and verified according to the historical public key in the android device, and when the analysis and verification are successful, the signature message is determined to be valid, and a connection message is sent to the host, or when the analysis and verification are failed, the signature message is determined to be invalid, so that the validity of the analysis and verification of the signature message is guaranteed.
Further, referring to fig. 3, fig. 3 is a flowchart illustrating a host right management method according to a third embodiment of the present invention, where the host right management method includes:
step S100, a public key sent by a server corresponding to the host is obtained;
in this embodiment, the host right management method is applied to the host. The host may be a terminal for commissioning android devices. Because the two-clock scheme adopted aiming at the problem that part of equipment cannot be authorized exists in the Internet of things at present, namely the authentication mechanism is closed, any host can debug the android equipment after the authentication mechanism is closed, or a public key is built in to a specified path, and the host with the public key automatically becomes the authorized equipment. But any host computer of the first scheme can debug the android device, so that data in the android device is easy to leak, and potential safety hazards exist. In the second scheme, once the built-in public key is deleted, the host authorization can be immediately invalid, the execution efficiency of subsequent work is influenced, and once the built-in public key is leaked, any host with the public key can be debugged, so that data leakage of the android device is easily caused, and the safety of the data of the android device is reduced. To avoid this phenomenon, in this embodiment, when the android device accesses the unauthorized host, a public key is downloaded from the server and stored in its memory, instead of being embedded in a specified path. And the host computer can download the same public key from the server, and the public key is used for authorization, so that the probability of mistakenly deleting the public key by the android device can be reduced. The public key in the host computer is detected to leak and is changed in time only by managing the public key on the server, so that the data leakage of the android device is effectively avoided, and the data security of the android device is improved.
Therefore, in this embodiment, the host downloads the public key in the server in advance, and then establishes connection with the android device, and the host may sequentially send all public and private key pairs downloaded from the server to the android device for verification, that is, sign the message through the private key and then send the message to the android device, so that the android device verifies the signed message, that is, the signed message, and if the verification is passed, it is directly determined that the host has the authority to debug the android device. If the verification fails, a new signature message is continuously sent, if all public and private key pairs have been sent to the android device and the android device is not successfully verified, the host can send an AUTH RSAPUBLICKEY message to the android device, the AUTH RSAPUBLICKEY message contains a public key downloaded by the host from the server in the recent time period, namely a host public key, the android device can actively download a corresponding public key from the server, and then whether the two public keys are the same is detected, if not, the AUTH RSUBLICKEY message is not authorized to the host, if so, the host is authorized, and the host can control data in the android device.
The process of downloading the public key from the server by the host may be, as shown in fig. 8, where the host sends an instruction to the server to request downloading of the public key, and the server returns the public key to the host according to the instruction, so as to complete the process of downloading the public key from the server by the host.
Step S200, if an authentication token message sent by android equipment corresponding to the host is received, signing the authentication token message according to a private key corresponding to the public key to obtain a signature message, and sending the signature message to the android equipment;
in this embodiment, when the host accesses the android device and receives an authentication token message sent by the android device corresponding to the host, the host determines a random token in the authentication token message, signs the random token through a private key corresponding to the public key, that is, a private key of the host itself, moves the signed random token into a SIGNAURE message of the android device to be sent, takes the SIGNAURE message with signature information as a signature message, and sends the signature message to the android device. And the android device can verify the signature message to determine whether the host has the authority of accessing and operating the data in the android device.
Step S300, if a new authentication token message fed back by the android device based on the signature message is received, generating an encrypted public key message according to the public key, and sending the encrypted public key message to the android device.
After receiving a new authentication token message fed back by the android device based on the signature message, and detecting that the host has only one private key, the host sends an AUTH RSAPUBLICKEY message (namely, an encrypted public key message) to the android device, wherein the AUTH RSAPUBLICKEY message contains a public key downloaded by the host from the server in the latest time period, namely, a host public key. And the host computer can generate an encrypted public key message according to the public key downloaded from the server and send the encrypted public key message to the android device.
Specifically, after the step of generating an encrypted public key message according to the public key if a new authentication token message fed back by the android device based on the signature message is received, the method includes:
step x, if a new authentication token message fed back by the android device based on the signature message is received, determining whether a plurality of groups of private keys exist in the host;
in this embodiment, when a new authentication token message fed back by the android device based on the signature message is received in the host, it is required to first detect whether a plurality of public keys downloaded by the host from the server exist, that is, detect whether a plurality of sets of public and private key pairs exist in the host, that is, determine whether a plurality of sets of private keys exist in the host, and execute different operations according to different determination results.
Step y, if the authentication token message exists, traversing each private key, and executing the step of signing the authentication token message according to the private key corresponding to the public key according to the traversed private key;
when a plurality of groups of private keys exist in the host computer, the private keys are traversed, the private keys which are sent to the android device are skipped when the private keys are traversed, then the random token in the authentication token message is signed according to the traversed private keys, and the signature message is generated according to the signature result and fed back to the android device, so that the android device can be checked.
And z, if all the private keys are traversed and new authentication token messages corresponding to all the private keys are received, encrypting the public key sent by the server to generate an encrypted public key message.
When detecting that all the private keys are traversed and completed and new authentication token messages corresponding to the private keys are received, namely when all the private keys are determined to be unsuccessfully verified at the android device, determining a public key downloaded in the host computer at the latest time from the current time node, encrypting the public key to produce an encrypted public key message, and sending the encrypted public key message to the android device so as to verify the authority of the android device.
In this embodiment, a public key sent by a server corresponding to the host is obtained; if an authentication token message sent by android equipment corresponding to the host is received, signing the authentication token message according to a private key corresponding to the public key to obtain a signature message, and sending the signature message to the android equipment; and if a new authentication token message fed back by the android device based on the signature message is received, generating an encrypted public key message according to the public key, and sending the encrypted public key message to the android device. Through the public key that obtains the server and send, and when receiving the authentication token message that android device sent, carry out signature processing, in order to obtain the signature message, and send the signature message to android device, if receive new authentication token message, generate the public key message of encryption according to the public key, and send it to android device, thereby when having avoided authorizing the host computer among the prior art, need close authentication mechanism or built-in public key to the mode of appointed route and lead to the phenomenon of data leakage of android device to take place, the security of the data of android device has been improved.
Referring to fig. 4, the present invention further provides a host right management apparatus, in this embodiment, the host right management apparatus includes:
a sending module a10, configured to send an authentication token message to a host, and receive a signature message fed back by the host based on the received authentication token message;
a first obtaining module a20, configured to obtain a host public key sent by the host if the signature packet is invalid, and obtain a server public key fed back by a server corresponding to the android device based on the host public key;
and a matching module a30, configured to perform authorization processing on the host if the host public key is matched with the server public key.
Optionally, the first obtaining module a20 is configured to:
starting a preset debugging program according to a framework layer in the android device, and sending a public key downloading instruction to a server corresponding to the android device according to the started debugging program;
and receiving a server public key fed back by the server based on the downloading public key instruction.
Optionally, the first obtaining module a20 is configured to:
if the signature message is invalid, sending a new authentication token message to the host, receiving a new signature message fed back by the host based on the new authentication token message, and detecting whether the new signature message is an encrypted public key message;
and if so, extracting the host public key in the new signature message according to a preset decryption algorithm corresponding to the encrypted public key message.
Optionally, the sending module a10 is configured to:
analyzing and verifying the signature message according to a historical public key preset in the android device;
if the analysis and verification are successful, determining that the signature message is valid, and sending a connection message to the host; or the like, or, alternatively,
and if the analysis verification fails, determining that the signature message is invalid.
Referring to fig. 5, the present invention further provides a host right management apparatus, in this embodiment, the host right management apparatus includes:
a second obtaining module a100, configured to obtain a public key sent by a server corresponding to a host;
the signature module a200 is configured to, if an authentication token message sent by an android device corresponding to the host is received, sign the authentication token message according to a private key corresponding to the public key to obtain a signature message, and send the signature message to the android device;
and a generating module a300, configured to generate an encrypted public key message according to the public key if a new authentication token message fed back by the android device based on the signature message is received, and send the encrypted public key message to the android device.
Optionally, the generating module a300 is configured to:
if a new authentication token message fed back by the android device based on the signature message is received, determining whether multiple groups of private keys exist in the host;
if the public key exists, traversing each private key, and executing the step of signing the authentication token message according to the private key corresponding to the public key according to the traversed private key;
and if all the private keys are traversed and new authentication token messages corresponding to all the private keys are received, encrypting the public key sent by the server to generate an encrypted public key message.
The method for implementing each functional module can refer to the embodiment of the host right management method of the present invention, and is not described herein again.
The present invention also provides a host right management device, including: a memory, a processor, a communication bus, and a host rights management program stored on the memory:
the communication bus is used for realizing connection communication between the processor and the memory;
the processor is configured to execute the host right management program to implement the steps of the embodiments of the host right management method.
The invention also provides a computer readable storage medium.
The computer readable storage medium of the present invention has stored thereon a host right management program, which when executed by a processor implements the steps of the host right management method as described above.
The method implemented when the host right management program running on the processor is executed may refer to each embodiment of the host right management method of the present invention, and details are not described here.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A host permission management method is applied to android equipment and comprises the following steps:
sending an authentication token message to a host, and receiving a signature message fed back by the host based on the received authentication token message, wherein after receiving the authentication token message, the host signs the authentication token according to a private key to obtain the signature message, and sends the signature message to the android device, and the private key is a private key corresponding to a public key obtained by the host from a server corresponding to the host;
if the signature message is invalid, acquiring a host public key sent by the host, and acquiring a server public key fed back by a server corresponding to the android device based on the host public key, wherein the host public key is a public key newly downloaded by the host from the server corresponding to the host;
and if the host public key is matched with the server public key, authorizing the host.
2. The host right management method according to claim 1, wherein the step of obtaining the server public key fed back by the server corresponding to the android device based on the host public key comprises:
starting a preset debugging program according to a framework layer in the android device, and sending a public key downloading instruction to a server corresponding to the android device according to the started debugging program;
and receiving a server public key fed back by the server based on the downloading public key instruction.
3. The host right management method according to claim 1, wherein the step of obtaining the host public key sent by the host if the signature packet is invalid comprises:
if the signature message is invalid, sending a new authentication token message to the host, receiving a new signature message fed back by the host based on the new authentication token message, and detecting whether the new signature message is an encrypted public key message;
and if so, extracting the host public key in the new signature message according to a preset decryption algorithm corresponding to the encrypted public key message.
4. The host rights management method of any of claims 1-3, wherein the step of receiving a signature message fed back by the host based on the received authentication token message is followed by:
analyzing and verifying the signature message according to a historical public key preset in the android device;
if the analysis and verification are successful, determining that the signature message is valid, and sending a connection message to the host; or the like, or, alternatively,
and if the analysis verification fails, determining that the signature message is invalid.
5. A host right management method is applied to a host, and comprises the following steps:
acquiring a public key sent by a server corresponding to a host;
if an authentication token message sent by android equipment corresponding to the host is received, signing the authentication token message according to a private key corresponding to the public key to obtain a signature message, and sending the signature message to the android equipment;
if a new authentication token message fed back by the android device based on the signature message is received, generating an encrypted public key message according to a host public key, sending the encrypted public key message to the android device, decrypting the encrypted public key message according to a preset decryption algorithm after the android device obtains the encrypted public key message, extracting the host public key from the decrypted encrypted public key message, obtaining a server public key fed back by a server corresponding to the android device based on the host public key, and authorizing the host when the host public key is matched with the server public key, wherein the host public key is a public key newly downloaded by the host from the server corresponding to the host.
6. The host right management method according to claim 5, wherein after the step of generating an encrypted public key packet according to the public key if a new authentication token packet fed back by the android device based on the signature packet is received, the method comprises:
if a new authentication token message fed back by the android device based on the signature message is received, determining whether multiple groups of private keys exist in the host;
if the public key exists, traversing each private key, and executing the step of signing the authentication token message according to the private key corresponding to the public key according to the traversed private key;
and if all the private keys are traversed and new authentication token messages corresponding to all the private keys are received, encrypting the public key sent by the server to generate an encrypted public key message.
7. A host rights management device, the host rights management device comprising:
the system comprises a sending module, a receiving module and a sending module, wherein the sending module is used for sending an authentication token message to a host and receiving a signature message fed back by the host based on the received authentication token message, after the host receives the authentication token message, the host signs the authentication token according to a private key to obtain the signature message, and sends the signature message to android equipment, and the private key is a private key corresponding to a public key obtained by the host from a server corresponding to the host;
a first obtaining module, configured to obtain a host public key sent by the host if the signature packet is invalid, and obtain a server public key fed back by a server corresponding to the android device based on the host public key, where the host public key is a public key that is newly downloaded by the host from the server corresponding to the host;
and the matching module is used for performing authorization processing on the host if the host public key is matched with the server public key.
8. A host rights management device, the host rights management device comprising:
the second acquisition module is used for acquiring the public key sent by the server corresponding to the host;
the signature module is used for signing the authentication token message according to a private key corresponding to the public key to obtain a signature message and sending the signature message to the android device if the authentication token message sent by the android device corresponding to the host is received;
and the generating module is used for generating an encrypted public key message according to a host public key if a new authentication token message fed back by the android device based on the signature message is received, sending the encrypted public key message to the android device so that the android device decrypts the encrypted public key message according to a preset decryption algorithm after acquiring the encrypted public key message, extracting the host public key from the decrypted encrypted public key message, acquiring a server public key fed back by a server corresponding to the android device based on the host public key, and authorizing the host when the host public key is matched with the server public key, wherein the host public key is a public key which is downloaded by the host from the server corresponding to the host most recently.
9. A host rights management device, comprising: memory, a processor and a host rights management program stored on the memory and executable on the processor, the host rights management program when executed by the processor implementing the steps of the host rights management method of any of claims 1 to 4 or 5 to 6.
10. A computer-readable storage medium, having stored thereon a host rights management program which, when executed by a processor, performs the steps of the host rights management method of any of claims 1-4 or 5-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110174504.5A CN112968889B (en) | 2021-02-08 | 2021-02-08 | Host right management method, terminal, device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110174504.5A CN112968889B (en) | 2021-02-08 | 2021-02-08 | Host right management method, terminal, device and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112968889A CN112968889A (en) | 2021-06-15 |
| CN112968889B true CN112968889B (en) | 2022-10-21 |
Family
ID=76284270
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110174504.5A Active CN112968889B (en) | 2021-02-08 | 2021-02-08 | Host right management method, terminal, device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112968889B (en) |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8438621B2 (en) * | 2007-12-21 | 2013-05-07 | General Instrument Corporation | Method and apparatus for secure management of debugging processes within communication devices |
| CN104967585B (en) * | 2014-04-15 | 2018-07-20 | 腾讯科技(深圳)有限公司 | A kind of method and apparatus of remote debugging mobile terminal |
| CN107766061A (en) * | 2017-11-20 | 2018-03-06 | 烽火通信科技股份有限公司 | The installation method and installation system of a kind of Android application program |
| CN109818742B (en) * | 2017-11-22 | 2023-04-25 | 中兴通讯股份有限公司 | Equipment debugging method, device and storage medium |
| CN108965315A (en) * | 2018-08-01 | 2018-12-07 | 深圳市中信网安认证有限公司 | A kind of authentic authentication method of terminal device, device and terminal device |
| JP7228977B2 (en) * | 2018-08-30 | 2023-02-27 | キヤノン株式会社 | Information processing device, authorization system and verification method |
| CN111813614B (en) * | 2020-09-03 | 2020-12-15 | 湖北芯擎科技有限公司 | Debugging processing method and device and debugging processing system |
-
2021
- 2021-02-08 CN CN202110174504.5A patent/CN112968889B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN112968889A (en) | 2021-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11784823B2 (en) | Object signing within a cloud-based architecture | |
| US20220209951A1 (en) | Authentication method, apparatus and device, and computer-readable storage medium | |
| CN110061846B (en) | Method, device and computer readable storage medium for identity authentication and confirmation of user node in block chain | |
| US9444806B2 (en) | Method, apparatus and server for identity authentication | |
| CN111666564B (en) | Application program safe starting method and device, computer equipment and storage medium | |
| CN111708991A (en) | Service authorization method, service authorization device, computer equipment and storage medium | |
| CN109284585B (en) | Script encryption method, script decryption operation method and related device | |
| CN111200593A (en) | Application login method and device and electronic equipment | |
| CN108200078B (en) | Downloading and installing method of signature authentication tool and terminal equipment | |
| CN112528257A (en) | Security debugging method and device, electronic equipment and storage medium | |
| WO2021137769A1 (en) | Method and apparatus for sending and verifying request, and device thereof | |
| JP4226556B2 (en) | Program execution control device, OS, client terminal, server, program execution control system, program execution control method, program execution control program | |
| CN111538977A (en) | Cloud API key management method, cloud platform access method, cloud API key management device, cloud platform access device and server | |
| KR100711722B1 (en) | Software authentication device of mobile communication terminal and method | |
| CN104992082A (en) | Software authorization method and device and electronic equipment | |
| CN112231674A (en) | A kind of URL address jump verification method, system and electronic device | |
| CN112559991A (en) | System secure login method, device, equipment and storage medium | |
| CN105100030B (en) | Access control method, system and device | |
| KR101711024B1 (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
| CN110417784B (en) | Authorization method and device of access control equipment | |
| CN105430022B (en) | A data input control method and terminal equipment | |
| CN112398787B (en) | Mailbox login verification method and device, computer equipment and storage medium | |
| CN112968889B (en) | Host right management method, terminal, device and computer readable storage medium | |
| CN112632589A (en) | Key escrow method, device, equipment and computer readable storage medium | |
| CN116233551B (en) | Set-top box synchronous upgrade method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |