Summary of the invention
In view of above-mentioned one or more problems, the invention provides a kind of method that prevents the application program of illegal update mobile terminal.
The method of the application program of illegal update mobile terminal that prevents according to the present invention may further comprise the steps: S102, and portable terminal and application program updating device are upgraded alternately; S104, portable terminal application programs update device verify, if the application program updating device carries out following steps by checking, otherwise finish with the upgrading of application program updating device mutual; S106, portable terminal is verified the application program updating version that is stored in the application program updating device, if the application program updating version is by checking, then portable terminal is from application program updating device down load application program upgrade version, otherwise finishes with the upgrading of application program updating device mutual.
Wherein, step S104 may further comprise the steps: S1042, application program updating device use the right PKI of a RSA (Rivest Shamir Adleman) key that the public information of portable terminal is encrypted; S1044, portable terminal uses the right private key of first RSA key to being decrypted through the public information of encrypting, if correctly decipher public information, then the identity of application upgrade device is legal, portable terminal carries out step S106, otherwise portable terminal finishes and the upgrading of application program updating device is mutual.
Wherein, step S106 may further comprise the steps: S1062, application program updating device use the version information of the right PKI application programs upgraded version of second RSA key to encrypt; S1068, portable terminal uses the right private key of second RSA key to being decrypted through the version information of encrypting, and the version information that decrypts is verified according to the version proof rule, if the application program updating version is legal version, then portable terminal is from application program updating device down load application program upgrade version, otherwise that portable terminal finishes with the upgrading of application program updating device is mutual.
Wherein, step S106 is further comprising the steps of: S1064, and the application program updating device will be kept in the application program updating version through the version information of encrypting; S1066, portable terminal obtain the version information through encrypting from the application program updating version.
Wherein, portable terminal and application program updating device communicate by the custom instruction of expansion.Portable terminal is mobile phone and/or PDA.The mobile phone of different model has different public informations.Public information is the IMEI number of mobile phone.
Adopt the method according to this invention, can control effectively, thereby realize preventing to adopt software mode to carry out the purpose that illegal cell phone software is downloaded mobile phone-downloaded software link.Mechanism principle among the present invention can be generalized to the mobile phone of various standards, has very wide versatility.In addition, the method according to this invention combines many-sided knowledge of mobile phone development, and the ingenious RSA cryptographic algorithms of having introduced, thereby has increased the anti-attack ability of cell phone software, has guaranteed the fail safe of cell phone software system.
Embodiment
Below with reference to accompanying drawing, describe the specific embodiment of the present invention in detail.
The present invention adopts cryptographic algorithm, and in conjunction with the mobile communication ability, has proposed a kind of method of the application program that prevents illegal update mobile terminal newly.
RSA cryptographic algorithms is a kind of PKIX (Public Key Infrastructure, be called for short PKI) technology, it is the asymmetric arithmetic based on public-key cryptography, it adopts two very large prime numbers to produce diverse PKI (promptly, encryption key) and private key (that is decruption key).Adopt RSA Algorithm to encrypt and have very high anti-attack ability, in mobile phone, introduce this algorithm and carry out the design of secure context, can improve the security performance of mobile phone greatly with authentication.
Figure 1A to Fig. 1 C shows according to the method for the application program that prevents illegal update mobile terminal of the embodiment of the invention and the flow chart of step thereof.
Shown in Figure 1A, this method may further comprise the steps: S102, and portable terminal and application program updating device are upgraded alternately; S104, portable terminal application programs update device verify, if the application program updating device carries out following steps by checking, otherwise finish with the upgrading of application program updating device mutual; S106, portable terminal is verified the application program updating version that is stored in the application program updating device, if the application program updating version is by checking, then portable terminal is from application program updating device down load application program upgrade version, otherwise finishes with the upgrading of application program updating device mutual.
Shown in Figure 1B,, step S104 may further comprise the steps: S1042, application program updating device use the right PKI of first RSA key that the public information of portable terminal is encrypted; S1044, portable terminal uses the right private key of first RSA key to being decrypted through the public information of encrypting, if correctly decipher public information, then the identity of application upgrade device is legal, portable terminal carries out step S106, otherwise portable terminal finishes and the upgrading of application program updating device is mutual.
Shown in Fig. 1 C, step S106 may further comprise the steps: S1062, application program updating device use the version information of the right PKI application programs upgraded version of second RSA key to encrypt; S1068, portable terminal uses the right private key of second RSA key to being decrypted through the version information of encrypting, and the version information that decrypts is verified according to the version proof rule, if the application program updating version is legal version, then portable terminal is from application program updating device down load application program upgrade version, otherwise that portable terminal finishes with the upgrading of application program updating device is mutual.
Wherein, step S106 can also may further comprise the steps: S1064, and the application program updating device will be kept in the application program updating version through the version information of encrypting; S1066, portable terminal obtain the version information through encrypting from the application program updating version.
Wherein, portable terminal and application program updating device communicate by the custom instruction of expansion.Said herein portable terminal comprises mobile phone or PDA, but is not limited to mobile phone and PDA, and it can be any mobile device that can be used for communicating.Wherein, the mobile phone of different model has different public informations.Said herein public information can be the IMEI number of mobile phone.
Fig. 2 shows the flow chart of the method for the application program that prevents illegal update mobile terminal according to another embodiment of the present invention.Wherein, in method shown in Figure 2, portable terminal is a mobile phone.As shown in Figure 2, the method that prevents the application program of illegal update mobile phone comprises the following steps:
S202, the array space Array_ver of a fixed position of reservation is used to deposit the authentication information of encryption in the mobile phone code.Load description document by revising to distribute, the address of this reservation array space compiling is fixed and noted.Step S202 specifically comprises following content: in a specific file, in the empty array (adopting 128 RSA cryptographic algorithms) of the char type of one 128 of the forward location definitions of file; In distribute loading description document, the compiling address of this specific file is fixed as certain address; By the position of this array in this document, calculate this array compiling address and note.
S204 selects a pair of RSA key that Key1 is used for authentication, determines a kind of version proof rule, selects another that RSA key is used for the version checking to Key2.Key1 herein and Key2 can adopt with a pair of RSA key.Step S204 specifically comprises following content: determine a kind of version proof rule (for example, the version authorization information is certain number a, and having only the version authorization information b of new software version is b=a+1, could by authentication); It is right to utilize the RSA instrument to generate two pairs of RSA keys at random: Key1 and Key2; Version authorization information a is kept in the cell phone software code as constant, calls for subsequent step.Wherein, the PKI of Key1 and Key2 is encrypted for the PC side software and is used, and the private key of Key1 and Key2 uses for the deciphering of mobile phone side software.
S206 utilizes public information and key that Key1 is carried out authentication, adds the authentication code respectively in mobile phone side and PC side.Its principle is: the PC side software is encrypted the public information of mobile phone with the PKI of Key1, and the public information that the PC side software will be encrypted sends to cell phone software, and cell phone software is decrypted to verify the identity of PC side software it with the Key1 private key.Its fail safe has mainly utilized the authentication function of RSA Algorithm, and its fail safe guarantees by the fail safe of Key1.This step specifically comprises following content: public information generally can be considered the IMEI number of mobile phone.Each mobile phone all has a difference and unique IMEI number, and the PC side software can obtain the IMEI number of mobile phone by some interfaces.The PC side software sends to cell phone software after with the public key encryption of IMEI number with Key1.Cell phone software is decrypted this information with the private key of Key1, if can correctly decipher the IMEI number into mobile phone, represents that then the PC side software is a legal software, allows to carry out next step version information proof procedure.
S208 generates the version information of encrypting, and deposits in the Array_ver array space of new software version, is used for the version checking.This step specifically comprises following content: with the Key2 PKI version authorization information is carried out encryption, obtain the version information of a public key encryption.The version information of this encryption will be written in Array_ver array reservation, known location the space of cell phone software version file in download after the cell phone software version generates.
S210 utilizes version information and key that Key2 is carried out the version information checking, adds the version Validation Code respectively in mobile phone side and PC side.The PC side reads the encrypted data in the Array_ver array space of the redaction cell phone software file that will download, with its according to a preconcerted arrangement interface send to mobile phone by existing communication mechanism.Mobile phone is decrypted with the Key2 private key the encrypted data that receives, and verifies according to the version proof rule.
S212, whether the mobile phone side software enters normal downloading process according to authentication and version checking result decision, has only through authentication and version checking and could normally download cell phone software.This step specifically comprises following content: to carrying out authentication process itself and entering normally to download switch is set respectively.At first carry out authentication, by then opening the switch that carries out the checking of next step version, otherwise directly return miscue, failed download when carrying out authentication as authentication.According to version checking result, whether decision is opened and is entered the switch that normally downloads.
Fig. 3 is the flow chart of PC side software in the method shown in Figure 2 and the cell phone software information interaction of carrying out.As shown in Figure 3, PC side software and cell phone software carry out mutual process and may further comprise the steps:
S302, the PC side reads the public information (as IMEI number, the IMEI number of each mobile phone all is unique, has individual difference) of mobile phone from the mobile phone side by instruction.
S304, the PC side software carries out encryption with the Key1 PKI to the public information IMEI number that obtains, because the Key1 key is to maintaining secrecy, and each mobile phone IMEI number difference, so its encrypted result is also different, encrypted result has the authentication function, is used to discern illegal download software.
S306, the mobile phone side judges that to the legal identity of PC side software as legal, then downloading relevant treatment can go on, otherwise subsequent treatment all will be refused by the mobile phone side.Can the result that PC side adversary pusher side returns judges to determine whether it can carry out next step operation, carry out next step operation and be decided by the mobile phone side.
S308, the PC side software reads the 128byte version information of having crossed with the Key2 public key encryption the mobile phone from the reserved location of new cell phone software version file.Send to cell phone software, cell phone software is decrypted this version information.Can judge according to version proof rule mobile phone side whether new cell phone software version is legal version.Because with the Key2 public key encryption mistake of maintaining secrecy, so this enciphered message is safe not having under the right situation of key.
S310, the mobile phone side judges the legitimacy of new software version, as the legal switch of then opening normal download, otherwise can't enter the subsequent operation of normal download.Can the result that PC side adversary pusher side returns judges to determine whether it can carry out next step operation, carry out next step operation and be decided by the mobile phone side.
S312, downloading flow process all is closed condition in the ordinary course of things.
S314 has only the PC side software that has passed through authentication and version checking just can enter normal download flow process.Download being provided with in the critical workflow that the position should be located at download of flow process switch.
In sum, the invention provides a kind of method of the application program that prevents the illegal download portable terminal newly.In the method, introduced RSA Algorithm, the mode that adopts authentication and version to verify has guaranteed the legitimacy of software upgrading version.When making mobile terminal software edition, release content is added the version authorization information by RSA Algorithm.Simultaneously, before download, portable terminal need carry out identity to the PC side software by the key mode and differentiate.Can not stop it to enter normal download state by the illegal software of authentication and version checking.Because proof rule, identity information and version information self have confidentiality, add the high security that adopts RSA Algorithm, and then can come the legitimacy of controlling application program upgrading, thereby improved its anti-ability that cracks from mobile terminal side and PC side two aspects.The realization principle thinking of the method according to this invention mainly comprises following content: portable terminal and PC side software carry out communication by the custom instruction of expansion, realize the mutual of both sides' information; Adopt the RSA key algorithm,, realize the authentication of portable terminal, download the legitimacy of software to judge this PC side to the PC side software in conjunction with public information; The additional version information of having encrypted is verified this downloaded software version according to the version proof rule, to judge the legitimacy of this mobile terminal software edition in mobile terminal software edition; According to above checking result is whether legal downloading process is provided with switch, with normally carrying out that control is downloaded.
Wherein, the mode of portable terminal and the communication of PC side software can realize in different ways along with each platform character is different.Wherein, communication instruction must have autgmentability to satisfy the mutual of PC side and mobile terminal side information in this method, and this is an essential condition.The ability of free extended instruction has also improved the fail safe of this method.
Wherein, public information refers to the information that portable terminal is disclosed and the PC side software obtains easily.This public information should select to have the information of portable terminal individual difference, utilizes the public information with portable terminal individual difference to carry out authentication and can improve it and crack difficulty.RSA Algorithm is the most frequently used and reliable a kind of algorithm of realizing authentication function, has very strong anti-attack ability, also can adopt other alternative algorithm to realize according to actual conditions.This part fail safe of checking of placing oneself mainly guarantees by the fail safe of algorithm.
Wherein, the version proof rule at this place and version information can define according to user's needs, and the fail safe at this place relies on version information, version proof rule and algorithm to come multiple assurance.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.