Method and apparatus of verifying terminal and medium

US 10,019,604 B2
Filed: 08/31/2015
Issued: 07/10/2018
Est. Priority Date: 10/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method for verifying a terminal, comprising:

writing terminal hardware parameters into a secure element in the terminal before an operating system is loaded to the terminal, wherein the secure element comprises a secure card;

establishing a secure channel with a server through the secure element in the terminal after mutual authentication by performing the following steps;

receiving a selection command from the server according to a request for establishing the secure channel through the secure element, and responding to the selection command, the selection command being configured to instruct the server to communicate with the secure element;

receiving a first verification information from the server through the secure element, the first verification information including an initialization update command and a first key value;

generating a second verification information after a verification of the first key value is passed by the secure element, and sending the second verification information to the server, the second verification information including a card ciphertext and a second key value generated according to the initialization update command;

receiving an external authentication command from the server through the secure element, the external authentication command carrying a host ciphertext that is generated and sent from the server after a verification of the card ciphertext and the second key value is passed; and

determining that mutual verification between the secure element and the server is satisfied after verification of the host ciphertext by the secure element;

sending the terminal hardware parameters in the secure element to the server through the secure channel, wherein the terminal hardware parameters are stored in memory of the terminal and comprise a model number, a serial number, and an International Mobile Equipment Identity (IMEI) number, and the terminal has no authority to read the terminal hardware parameters, wherein the server is configured to feed back identification information according to the terminal hardware parameters; and

determining a verification result of an authenticity of the terminal according to the identification information fed back by the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and an apparatus of verifying a terminal are provided in the field of computer technology. In the method, the terminal establishes a secure channel with a server through a secure element in the terminal. The terminal sends original terminal hardware parameters in the secure element to the server through the secure channel by using the secure element, where the server is configured to feed back identification information according to the terminal hardware parameters. The terminal then determines a verification result of an authenticity of the terminal according to the identification information fed back by the server. The apparatus includes: a channel establishing module, a parameter sending module and a result determining module. The present disclosure solves the problem that the verification application program cannot identify the authenticity of the terminal due to the degradation of the terminal performance, and achieves the effect that the accuracy of the authenticity of verifying the terminal is improved.

43 Citations

12 Claims

1. A method for verifying a terminal, comprising:
- writing terminal hardware parameters into a secure element in the terminal before an operating system is loaded to the terminal, wherein the secure element comprises a secure card;
  
  establishing a secure channel with a server through the secure element in the terminal after mutual authentication by performing the following steps;
  
  receiving a selection command from the server according to a request for establishing the secure channel through the secure element, and responding to the selection command, the selection command being configured to instruct the server to communicate with the secure element;
  
  receiving a first verification information from the server through the secure element, the first verification information including an initialization update command and a first key value;
  
  generating a second verification information after a verification of the first key value is passed by the secure element, and sending the second verification information to the server, the second verification information including a card ciphertext and a second key value generated according to the initialization update command;
  
  receiving an external authentication command from the server through the secure element, the external authentication command carrying a host ciphertext that is generated and sent from the server after a verification of the card ciphertext and the second key value is passed; and
  
  determining that mutual verification between the secure element and the server is satisfied after verification of the host ciphertext by the secure element;
  
  sending the terminal hardware parameters in the secure element to the server through the secure channel, wherein the terminal hardware parameters are stored in memory of the terminal and comprise a model number, a serial number, and an International Mobile Equipment Identity (IMEI) number, and the terminal has no authority to read the terminal hardware parameters, wherein the server is configured to feed back identification information according to the terminal hardware parameters; and
  
  determining a verification result of an authenticity of the terminal according to the identification information fed back by the server.
- View Dependent Claims (2, 3, 4)
- - 2. The method according to claim 1, further comprising:
    - setting the terminal hardware parameters in a read-only state when the terminal hardware parameters are written into the secure element of the terminal before the operating system is loaded.
  - 3. The method according to claim 1, wherein determining the verification result of an authenticity of the terminal according to the identification information comprises:
    - when the identification information comprise the terminal hardware parameters, comparing the terminal hardware parameters with reference hardware parameters, and determining the verification result of the authenticity of the terminal according to a comparison result.
  - 4. The method according to claim 1, wherein determining the verification result of an authenticity of the terminal according to the identification information comprises:
    - when the identification information comprises a comparison result generated by the server after the server compares the terminal hardware parameters with reference hardware parameters, determining the verification result of the authenticity of the terminal according to the comparison result generated by the server.

5. An apparatus of verifying a terminal, comprising:
- a processor; and
  
  a memory for storing instructions executable by the processor;
  
  wherein the processor is configured to;
  
  write terminal hardware parameters into a secure element in the terminal before an operating system is loaded to the terminal, wherein the secure element comprises a secure card;
  
  establish a secure channel with a server through the secure element in the terminal after mutual authentication by performing the following steps;
  
  receiving a selection command from the server according to a request for establishing the secure channel through the secure element, and responding to the selection command, the selection command being configured to instruct the server to communicate with the secure element;
  
  receiving a first verification information from the server through the secure element, the first verification information including an initialization update command and a first key value;
  
  generating a second verification information after a verification of the first key value is passed by the secure element, and sending the second verification information to the server, the second verification information including a card ciphertext and a second key value generated according to the initialization update command;
  
  receiving an external authentication command from the server through the secure element, the external authentication command carrying a host ciphertext that is generated and sent from the server after a verification of the card ciphertext and the second key value is passed; and
  
  determining that mutual verification between the secure element and the server is satisfied after verification of the host ciphertext by the secure element;
  
  send the terminal hardware parameters in the secure element to the server through the secure channel, wherein the terminal hardware parameters are stored in memory of the terminal and comprise a model number, a serial number, and an International Mobile Equipment Identity (IMEI) number, and the terminal has no authority to read the terminal hardware parameters, wherein the server being is configured to feed back identification information according to the terminal hardware parameters; and
  
  determine a verification result of an authenticity of the terminal according to the identification information fed back by the server.
- View Dependent Claims (6, 7, 8)
- - 6. The apparatus according to claim 5, wherein the terminal hardware parameters are set in a read-only state when the terminal hardware parameters are written into the secure element of the terminal before the operating system is loaded.
  - 7. The apparatus according to claim 5, wherein determining the verification result of an authenticity of the terminal according to the identification information fed back by the server comprises:
    - when the identification information comprise the terminal hardware parameters, comparing the terminal hardware parameters with reference hardware parameters, and determining the verification result of the authenticity of the terminal according to the comparison result.
  - 8. The apparatus according to claim 5, wherein determining the verification result of an authenticity of the terminal according to the identification information fed back by the server comprises:
    - when the identification information comprises a comparison result generated by the server after the server compares the terminal hardware parameters with the reference hardware parameters, determining the verification result of the authenticity of the terminal according to the comparison result generated by the server.

9. A non-transitory computer readable storage medium, when instructions in the storage medium are executed by the processor of a terminal, the terminal may execute acts for verifying the terminal, the acts comprising:
- writing terminal hardware parameters into a secure element in the terminal before an operating system is loaded to the terminal, wherein the secure element comprises a secure card;
  
  establishing a secure channel with a server through the secure element in the terminal after mutual authentication by performing the following steps;
  
  receiving a selection command from the server according to a request for establishing the secure channel through the secure element, and responding to the selection command, the selection command being configured to instruct the server to communicate with the secure element;
  
  receiving a first verification information from the server through the secure element, the first verification information including an initialization update command and a first key value;
  
  generating a second verification information after a verification of the first key value is passed by the secure element, and sending the second verification information to the server, the second verification information including a card ciphertext and a second key value generated according to the initialization update command;
  
  receiving an external authentication command from the server through the secure element, the external authentication command carrying a host ciphertext that is generated and sent from the server after a verification of the card ciphertext and the second key value is passed; and
  
  determining that mutual verification between the secure element and the server is satisfied after verification of the host ciphertext by the secure element;
  
  sending the terminal hardware parameters in the secure element to the server through the secure channel, wherein the terminal hardware parameters are stored in memory of the terminal and comprise a model number, a serial number, and an International Mobile Equipment Identity (IMEI) number, and the terminal has no authority to read the terminal hardware parameters, wherein the server is configured to feed back identification information according to the terminal hardware parameters; and
  
  determining a verification result of an authenticity of the terminal according to the identification information fed back by the server.
- View Dependent Claims (10, 11, 12)
- - 10. The non-transitory computer readable storage medium according to claim 9, the acts further comprising:
    - setting the terminal hardware parameters are in a read-only state when the terminal hardware parameters are written into the secure element of the terminal before the operating system is loaded.
  - 11. The non-transitory computer readable storage medium according to claim 9, wherein determining the verification result of an authenticity of the terminal according to the identification information fed back by the server comprises:
    - when the identification information comprise the terminal hardware parameters, comparing the terminal hardware parameters with reference hardware parameters, and determining the verification result of the authenticity of the terminal according to a comparison result.
  - 12. The non-transitory computer readable storage medium according to claim 9, wherein determining the verification result of an authenticity of the terminal according to the identification information fed back by the server comprises:
    - When the identification information comprises a comparison result generated by the server after the server compares the terminal hardware parameters with the reference hardware parameters, determining the verification result of the authenticity of the terminal according to the comparison result generated by the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xiaomi Inc. (Xiaomi Corp.)
Original Assignee
Xiaomi Inc. (Xiaomi Corp.)
Inventors
Hong, Feng, Lin, Junqi, Zhu, Yifan
Primary Examiner(s)
Lynch, Sharon

Application Number

US14/841,098
Publication Number

US 20160125203A1
Time in Patent Office

1,044 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 21/57   Certifying or maintaining t...

G06F 21/606   by securing the transmissio...

G06F 21/73   by creating or determining ...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

Method and apparatus of verifying terminal and medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus of verifying terminal and medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links