CN101251883A - Method for performing safety controllable remote upgrade for software protecting device - Google Patents

Method for performing safety controllable remote upgrade for software protecting device Download PDF

Info

Publication number
CN101251883A
CN101251883A CN 200810101709 CN200810101709A CN101251883A CN 101251883 A CN101251883 A CN 101251883A CN 200810101709 CN200810101709 CN 200810101709 CN 200810101709 A CN200810101709 A CN 200810101709A CN 101251883 A CN101251883 A CN 101251883A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
function
module
information
new
update
Prior art date
Application number
CN 200810101709
Other languages
Chinese (zh)
Other versions
CN101251883B (en )
Inventor
孙吉平
勇 韩
Original Assignee
北京深思洛克数据保护中心
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Abstract

The invention provides a safe and controlled remote update method for a software protection device, the method is as follows: control information of a function module update pack is arranged at the terminal of a server and a new function module is obtained; the new function module is encrypted after the control information and the new function module are calculated to obtain calibration information, or after the new function module is encrypted, the control information and the encrypted new function module are calculated to obtain the calibration information; and then the control information, the encrypted new function module and the calibration information are combined to form the function module update pack which is sent to the software protection device; the software protection device check the control information in the received function module update pack, the new function module is obtained after decrypting, the calibration information in the update pack is validated according to the control information and the new function module, and the own update can be performed through using the new function module if the validation is passed. The function module in the function module update pack of the safe and controlled remote update method for a software protection device is all cryptograph in the transmission process, thus the safe and controlled remote update for the software protection device is effectively realized.

Description

一种对软件保护设备进行安全可控的远程升级的方法技术领域本发明涉及软件保护技术,具体涉及一种对软件保护设备的功能模块的代码或者数据进行安全可控的远程升级的方法。 TECHNICAL FIELD The kind of software protection devices secure remote controlled software upgrade of the present invention relates to protection techniques, particularly to a code or data for software protection device security function modules controlled remotely upgrade method. 背景技术首先给出如下定义:功能模块:软件开发商中从软件产品中提取出来的可以或者已经设置在软件保护设备中的供外部调用的代码或数据或两者的结合。 Binding code or data or both for external software developers are extracted from the software product can be or have been provided in the software protection device calls: Firstly, the background art are defined as follows: function module. 功能模块升级包:用于对软件保护设备中的功能^^莫块进行升级的数据包。 Function module upgrade package: for software protection device functions ^^ Mo block upgrade data packet. 软件保护设备:用户持有的软件开发商在其开发的某一款软件产品中和软件配套使用的设备。 Software protection devices: Users have is a developer of a software product in its development of equipment and software used. 随着经济技术的飞速发展,软件作为辅助工具已经深入到了各行各业当中。 With the rapid development of economy and technology, software as a supplementary tool which has been deep into all walks of life. 软件产品是软件设计者和软件编程人员智慧的结晶,软件开发商的生存和发展是软件产品充足供应的基础,因而,保护软件产品的版权,防止软件产品被盗版,具有很重要的现实意义。 Software product is the crystallization of software designers and software programmers wisdom, survival and development of software developers is an adequate supply of infrastructure software products, and thus, the copyright protection of software products against piracy of software products, has a very important practical significance. 在软件开发商已有的保护软件产品的众多策略中,多数采用了这样一种方式:提取出软件产品中的核心算法或密钥作为关键程序代码, 将所述关键程序代码及其所需数据设置在软件保护设备中,以作为软件保护设备的功能模块供外部软件调用。 In a number of strategies to protect existing software products software developers, most adopted such a way: to extract the core algorithm or key software products as key code, the key to the program code and data needed software protection device is provided, in a functional module as a software protection device calls for external software. 采用这种方式以后,当用户使用软件产品时,必须要有软件保护设备同时运行,否则将无法使用该软件产品。 After this way, when a user uses software products, software protection devices must be running at the same time, otherwise it will not be able to use the software product. 这种策略的优势是,软件产品的关键代码是设置在软件保护设备中的,软件破解者很难得到软件产品的关键程序代码,也很难克隆软件保护设备,也就很难破解该软件产品。 The advantage of this strategy is that the key source software products are provided in the software protection devices, software crackers difficult to get the key to the program code of software products, it is difficult to clone software protection device, it is difficult to crack the software product . 当然所述的软件保护设备的处理芯片必须是一个具有一定安全认证等级的智能卡芯片才可以防止被硬克隆。 Of course, the chip software protection devices have to be a certain level of security authentication smart card chip can be prevented from being hard cloned. 正因为有这种优势,国内外越来越多的软件开发商都采用了这种策略保护自己的软件产品。 It is precisely because of such advantages, more and more domestic and foreign software developers have adopted this strategy to protect their software products. 但是,软件开发商所生产的软件产品需要不断更新升级,因而对于使用该软件产品的用户来说,也需要同步地更新与软件产品配套的软件保护设备的功能模块。 However, software developers and production of software products need to constantly update, so for users to use the software product, it also needs to be updated synchronously with the software product software protection device functional modules. 这个看似简单的过程,对于软件开发商来说并不简单,他们可能需要通过上门分发或回收软件保护设备等方式来升级软件保护设备中的功能模块,从而增加了服务成本。 This seemingly simple process is not simple for software developers, they may need to distribute software through on-site recycling or protective equipment and other ways to upgrade the software protection device function module, thereby increasing the cost of services. 或者软件开发商将需要升级的功能模块打包成功能模块升级包,然后通过电信网络、因特网等不安全的信道发送到各用户的软件保护设备中,但是这样的话,功能模块升级包很容易被窃听与替换,从而给软件开发商造成极大的经济损失。 Or software developers will need to upgrade functional modules packaged into functional module upgrade package, and then sent to the respective user software protection device over an insecure channel a telecommunications network, the Internet, etc., but in this case, the functional module upgrade package is easily eavesdrop and replacement, resulting in great economic losses to software developers. 发明内容为了解决上述的软件开发商在升级软件保护设备的功能模块时遇到的种种问题,本发明提供一种对软件保护设备进行安全可控的远程升级的方法,其特征在于,包括以下步骤: a、服务器端:al、设置软件功能模块升级包的控制信息并获取新的功能模块;a2 、对所述控制信息和新的功能模块计算校验信息;a3、对新的功能模块进行加密后,将所述控制信息、所述经加密的新的功能模块以及所述校验信息组合为功能模块升级包并发送给所述软件保护设备;b、软件保护设备端:bl、检查所接收的所述功能模块升级包中的控制信息以判断该功能模块升级包是否适用于升级自身的功能模块,如果适用则进入b2步骤,否则结束升级流程;b2、对所述功能模块升级包中的经加密的新的功能模块进行解密后得到新的功能模块,并根据所述控制信息和所述解密 SUMMARY OF THE INVENTION To solve the above problems encountered in software developers to upgrade the software protection device functional module, the present invention provides a software protection device safe and controlled remotely upgrade method, characterized by comprising the steps of : a, the server side: al, setup software upgrade package function module control information and obtain a new functional module; a2, computation of parity information for the control information and the new functional module; a3, new encryption function module after the control information, the encrypted new functional modules and the verification information for the combination function module and send the software upgrade package protection device; B, software protection device side: bl, checks the received the update function module control packet to determine whether the function module upgrade package apply to upgrade own function modules, if applicable, the process proceeds to step b2, otherwise, ends the upgrade process; b2, the function module upgrade package encrypted new modules after decrypted new functional module, according to the control information and the decryption 后得到的新的功能模块来验证所述的校验信息;b3、如果验证通过则使用所述新的功能模块对所述软件保护设备中的已有功能模块进行升级,否则结束升级流程。 The new functional module obtained after the verification information to verify; B3, if the verification of the new modules of the software protection device to upgrade the existing functional module, or by using the end of the upgrade process. 本发明另一方面提供一种对软件保护设备进行安全可控的远程升级的方法,包括以下步骤:a、月l务器端:al 、设置软件功能模块升级包的控制信息并获取新的功能模块;a2、对所述新的功能模块加密,并对所述控制信息和经加密的新的功能模块计算校验信息;a3、将所述控制信息、所述经加密的新的功能模块以及所述校验信息组合为功能模块升级包并发送给所述软件保护设备;b、软件保护设备端:b 1 、检查所接收的所述功能模块升级包中的控制信息以判断该功能模块升级包是否适用于升级自身的功能模块,如果适用则进入b2步骤,否则结束升级流程;b2、根据所接收的所述功能模块升级包中的所述控制信息和经加密的新的功能模块来验证所述校验信息,如果验证通过则进入b3步骤, 否则结束升级流程;b3 、对该经加密的新的功能模块进行解密后得 Another aspect the present invention provides a software protection device safe and controlled remotely upgrade method comprising the steps of: a, l month service end: al, setup software upgrade package function module control information and acquires new features module; A2, the new encryption function module, and the control information and the encrypted new functional module calculates the check information; A3, the control information, the encrypted new modules and the check information is the combination function module and send the software upgrade package protection devices; b, software protection device side: a control information b 1, functional module checks the received upgrade package to determine whether the function module upgrade package is applicable to upgrade own function modules, if applicable, the process proceeds to step b2, otherwise, ends the upgrade process; b2, according to the received upgrade package function module control information and the encrypted new modules to verify the verification information, if the verification proceeds to step b3, otherwise, ends the upgrade process; b3 after, the encrypted new modules have decrypting 新的功能模块, 并使用所述新的功能模块对所述软件保护设备中的已有功能模块进行升级。 The new functional module, and using the new modules of the software protection device to upgrade the existing functional module. 上述的两种远程升级的方法的区别在于:第一种方法,是对明文的控制信息和明文的新的功能模块计算校验信息之后再对所述新的功能模块进行加密,所以校验信息的计算可以使用不需要密钥参与的算法,可以减少密钥管理的成本,例如,单向散列算法。 Difference between the two methods is that the remote upgrade: a first method, new control information and the plain text of the plain text of the functional module of the new re-encrypted after the function module calculates the checksum information, verification information It can be calculated using the algorithm does not require participation of the key, the key management cost can be reduced, for example, a one-way hash algorithm. 由于破解者没有办法得到明文的新的功能模块,所以也无法伪造校验信息。 Because the attacker is no way to get new modules plaintext, so it can not be forged check information. 当然也可以使用有密钥参与的算法。 Of course, there can also be used to participate in key algorithm. 如MAC, HMAC,非对称的数字签名算法;第二种方法,是对明文的控制信息和加密后的新的功能模块计算校验码,这种方法,校验信息的计算必须使用需要密钥参与的算法, 如MAC, HMAC,非对称的数字签名算法。 The MAC, HMAC, asymmetric digital signature algorithm; second method is to calculate the checksum for the new modules after the control information and the encrypted plaintext, this method, computation of parity information requires a key to be used algorithm involved, such as MAC, HMAC, asymmetric digital signature algorithm. 否则,破解者就可以伪造校验信息。 Otherwise, the attacker can forge check information. 使用上述的本发明的构造功能模块升级包的方法具有如下优点: Using the above-described configuration of the present invention, functional module upgrade package method has the following advantages:

1、 构造的功能模块升级包中,控制信息始终以是明文(未加密) 形式存在的,这样在升级软件保护设备的过程中,首先可直接确定该功能模块升级包是否适用于被升级的软件保护设备。 1, the functional module upgrade package configuration, the control information is always be a clear (unencrypted) form exists, so that the process of upgrading the protection device, the first functional module may be directly determined whether the upgrade package is adapted to be upgraded software protective equipment. 减少了对功能模块升级包的操作;其次可以在软件保护设备的外部增加对功能模块的适用范围的判断,减少对软件保护设备不必要的操作,从而减少了可能对软件保护设备内的功能模块造成影响的风险。 It reduces the operating function module upgrade package; secondly to increase judgment function module applies the external software protection equipment, software protection devices reduce the unnecessary operation, thereby reducing the possible functions of the software module within the protective device the risk of impact. 当然软件保护设备内部也需要对功能模块升级包的适用范围进行判断,用来防止破解者绕过外部的功能模块升级包的适用范围的检查过程。 Of course, software protection devices also require the internal scope of the functional module upgrade package is determined, the range for preventing the crack to bypass the checking process applies an external functional module upgrade package.

2、 对功能模块升级包的控制信息和加密前的或者加密后的新的功能模块计算校验信息,可以防止破解者对明文的控制信息或者对加密后的新的功能模块进行篡改。 2, before the control information and the encryption function modules or upgrade package encrypted new modules computation of parity information, control information can be prevented from cracking by the new plaintext or encrypted function modules tampering. 如果破解者篡改了控制信息,则在验证校验信息时用的控制信息和开发商端计算校验信息时用的控制信息不一致。 Control information and the control information computation of parity information if the developer ends cracker tampering control information is used when the authentication check information are inconsistent. 验证必然会失败。 Verification is bound to fail. 如果破解者篡改了加密后的新的功能模块, 在软件保护设备中解密得到的新的功能模块是错误的,则同样在验证校验信息时会失败。 Will fail if the attacker tampered with new modules encrypted, new functional modules in software protection device decrypted is wrong, the same information in the validation check.

3、 对新的功能模块加密防止功能模块泄漏,只有拥有正确密钥的软件保护设备才能解密得到明文的新的功能模块。 3, new encryption function module function module to prevent leaks, only those with the correct key can decrypt software protection devices get new modules plaintext. 可见,在本发明提供了一种实现了软件开发商安全的可控的对软件保护设备中的功能^^块进行远程升级的方法。 Be seen, the present invention provides a method to achieve a controlled software protection device function blocks ^^ remotely upgrade software developers of security. 附图说明图1为本发明的对软件保护设备进行安全可控的远程升级的方法的第一实施例的流程示意图;图2为本发明的方法的第一实施例中的功能模块升级包的数据结构示意图;图3为本发明的方法的第二实施例的流程示意图;图4为本发明的方法的第三实施例的功能;f莫块升级包的数据结构示意图;图5为本发明的方法的第三实施例中服务器端的功能模块升级包的签发流程示意图;图6为本发明的方法的第三实施例的软件保护设备端功能模块升级流程示意图。 Brief Description of the flow of the first embodiment of a method of software protection devices controlled remotely upgrade the safety of FIG. 1 is a schematic view of the present disclosure; a first embodiment of the method of the present invention. FIG. 2 is a functional block upgrade package a schematic view of a data structure; flow diagram of a second embodiment of the method of the present invention. FIG. 3; function of the third embodiment of the method of the present invention, FIG. 4; f Mo data structure of a schematic block upgrade package; FIG. 5 of the present invention issuance process schematic diagram of the server function module upgrade package of a third embodiment of the method; software protection device side functional modules upgrade process diagram illustrating a third embodiment of the method of the present invention. FIG. 6. 具体实施方式为使本发明的目的、技术方案及优点更加清楚明白,以下参照附图并举实施例,对本发明作进一步详细说明。 DETAILED DESCRIPTION To make the objectives, technical solutions and advantages of the present invention will become more apparent, with reference to the accompanying drawings and the following embodiments, the present invention is described in further detail. 本发明实施例的主要思想是:软件开发商端设置控制信息,计算校验信息,加密新的功能模块,并构造功能模块升级包。 The main idea of ​​an embodiment of the present invention is: setting control information terminal software developers, computation of parity information, the encrypted new modules, functional modules and configured to upgrade package. 软件保护设备检查控制信息,解密新的功能模块,验证校验信息,最后升级软件保护设备的功能模块。 Software protection equipment inspection control information decryption new modules, check verification information, and then upgrade the software protection device functional modules. 下面结合附图详细说明本发明技术方案的实现过程。 The following detailed description of the implementation process aspect of the present invention in conjunction with the accompanying drawings. 图1为本发明安全的可控的远程升级方法的第一实施例的流程示意图。 Flow diagram of a first embodiment of the present invention, FIG. 1 remote controlled security upgrade method. 参见图1,该方法包括:步骤101:软件开发商设置功能模块升级包的控制信息并获取新的功能模块。 Referring to Figure 1, the method comprising: Step 101: Set the software developers control function information obtaining module upgrade package and new functional modules. 本步骤中,软件开发商在服务器端通过设置功能模块升级包的控制信息来设置功能模块升级包的适用范围。 In this step, software developers to set the scope of the function module at the server upgrade package information provided by the control function module upgrade package. 所述的控制信息包含有对该功能模块升级包的适用范围的描述,可以设置成适用于所有、 一组或者单个软件保护设备,如果适用范围设置为一组或者单个软件保护设备,则需要在该控制信息中加入待升级的软件保护设备的特征信息。 Said control information includes a description of the scope of the function module upgrade package, may be provided for all, or a single set of software protection devices, if applicable range is set to a single group or a software protection device, need the control information is added to the software protection device to be upgraded feature information. 软件开发商获取所述特征信息的方法可以是在出售软件产品时记录同时发售的软件保护设备的软件保护设备特征信息,也可以是当用户有升级软件保护设备的需求时向软件开发商提供该用户所持有的软件保护设备的软件保护设备特征信息。 Software developers obtain the characteristic information recording method may be software protection devices feature information while offering software protection device at the time of the sale of the software product, can also be when the user needs to upgrade the software protection device to provide software developers software protection devices feature information held by the user software protection devices. —所述特征信息可以是单个软件保护设备的唯一标识,也可以是一组软件保护设备的唯一标识。 - The unique identification feature information may be protected by a single software device, or may be a uniquely identified set of software protection device. 如果签发的是针对一组软件保护设备的升级包,则软件保护设备特征信息为组的唯一标识, 一组软件保护设备的唯一标识是指一组软件保护设备的共有的区别于不同组别的软件保护设备的信息;如果签发的是针对单个软件保护设备的升级包,则软件保护设备特征信息为待升级的软件保护设备的唯一标识,单个软件保护设备的唯一标识与软件保护设备是——对应的,例如为软件保护设备的硬件全球唯一序列号。 If issued upgrade package is a set of software protection equipment, protective equipment, the software feature information that uniquely identifies the group uniquely identifies a set of software protection device is shared by a group of distinguished different groups of software protection device software data protection apparatus; issued if the package is for a single software upgrade equipment protection, the protection of the software feature information that uniquely identifies the device to be upgraded software protection device, unique identification software protection devices are single software protection devices - corresponding, for example, a globally unique hardware serial number of the software protection device. 所述签发过程可以由软件开发商的服务器端的计算机程序实现, 也可以由软件开发商持有的加密设备实现。 The issuance process can be implemented by computer program software developer server, the encryption device may be held by software developers implemented. 以上两种方式都可以完成签发功能模块升级包的功能。 More can be done two ways to issue the function module upgrade package features. 步骤102:对控制信息和新的功能模块计算校验信息。 Step 102: the control information and new modules computation of parity information. 本步骤中,计算校验信息过程是首先把控制信息和新的功能模块组合成数据串,然后对组合后的数据串通过密码学算法计算出校验信息。 In this step, the process of calculating parity information is first control information and new modules are combined into a data string, then the combined data string verification information calculated by cryptographic algorithms. 所述密码学算法可以是单向散列算法,HMAC算法,MAC算法或者非对称的签名算法。 The algorithm may be a cryptographic one-way hash algorithm, HMAC algorithm, MAC algorithm or asymmetric signature algorithm. 计算所述校验信息的密码学算法如果是HMAC算法或者MAC算法,需要在软件开发商的服务器端和软件保护装置之间共享一个密钥, 用来计算和验证校验信息。 Computing the check information if the cryptographic algorithm or the MAC algorithm is the HMAC algorithm requires a key shared between the server and the software protection software developers, and to calculate the checksum verification information. 计算校验信息的密码学算法如果是非对称的签名算法,则需要在服务器端保存一对非对称密钥的私钥用于计算校验信息,在软件保护设备内保存对应的公钥用于验证校验信息。 Cryptographic algorithm calculates the checksum information is asymmetric signature algorithms, it is necessary to save an asymmetric key pair the public key of the server private key used to compute parity information stored in a corresponding software protection devices for verifying check information. 为了提高安全强度该可以对校验信息进行加密,加密算法可以是对称算法,或者非对称算法。 In order to increase the strength of the security check information may be encrypted, the encryption algorithm may be a symmetric algorithm or asymmetric algorithms. 使用的密钥可以是用于对新的功能模块的加密密钥,也可以是别的密钥。 The key used for encryption may be a key to the new functional module, or may be another key. 步骤103:对新的功能模块进行加密。 Step 103: The encrypted new functional modules. 本步骤中,对所述的新的功能模块的加密过程可以使用对称算法或者非对称算法。 In this step, the new encryption process function module may use a symmetric algorithm or asymmetric algorithms. 如果使用对称算法则需要在软件开发商的服务器端和软件保护设备之间共享一个对称密钥,用于对新的功能模块进行加密和解密。 If a symmetric algorithm is required symmetric key shared between the server-side software developers and software protection device for the new function modules for encryption and decryption. 如果使用非对称算法则需要在服务器端保存一对非对称密钥的公钥用于加密新的功能模块,在软件保护设备内保存对应的私钥用于解密新的功能模块。 If you need to save the asymmetric algorithm asymmetric key pair the public key used to encrypt the private key of the server of new functional modules, the software stored in the corresponding protective equipment for decrypting the new functional modules. 上述的加解密使用的对称密钥也可用于计算和验证上述校验信息,这样可以减少密钥管理的成本,但相对的降低了系统的安全性。 Above using symmetric key encryption may also be used to calculate and verify the parity information, thus reducing the cost of key management, but the relative security of the system is reduced. 步骤104:生成功能模块升级包。 Step 104: generation module upgrade package. 本步骤中,将上述未加密的控制信息,经加密的新的功能模块和校验信息组合成功能模块升级包。 In this step, the above-described non-encrypted control information, the new information and verify the cryptographic module combined function of a functional module upgrade package. 步骤105:发送功能模块升级包。 Step 105: sending function module upgrade package. 本步骤中,软件开发商的服务器端将生成的功能模块升级包发送到用户的软件保护设备。 In this step, the server software developers will generate a functional module upgrade package sent to the user software protection device. 升级过程是软件保护设备的内部程序来完成的。 The upgrade process is the internal software protection device to complete. 步骤lll:校验功能模块升级包的适用范围。 Step lll: checking function module upgrade package scope. 本步骤中,软件保护设备;f企查接收到的功能模块升级包的控制信能模块。 In this step, the software protection device; F enterprise search function module received control signal to the enabling module upgrade package. 如果不能,则终止升级过程。 If not, terminate the upgrade process. 具体为,如果该功能模块升级包是适用于所有的软件保护设备, 则该功能模块升级包适用于自身;如果该功能模块升级包是适用于一组软件保护设备,则检查该功能模块升级包的控制信息中包含的软件保护设备的特征信息是否和自身所在的组的唯一标识一致,如果一致则该功能模块升级包适用于自身,否者不能被升级;如果该功能模块升级包只适用于单个软件保护设备,那么检查该功能模块升级包的控制信息中包含的软件保护设备特征信息是否和自身的唯一标识一致, 如果一致,则该功能模块升级包适用于自身,否则不能^l升级。 Specifically, if the functional module upgrade package is applicable to all software protection apparatus, the function module upgrade package suitable for itself; if the function module upgrade package is applied to a set of software protection devices, check of the function module upgrade package the control information includes whether the software protection device feature information that uniquely identifies the group to which itself belongs to the same, if consistent with the functional module upgrade package suitable for itself, whether the person can not be upgraded; if the function module upgrade package is only available in single software protection apparatus, it is checked whether the control information of the function module upgrade package contains the software protection device feature information and its own unique identifier consistent, if yes, the function module upgrade package applicable to itself, or can not ^ l upgrade. 步骤112:解密新的功能模块。 Step 112: the decrypted new functional modules. 本步骤中,解密用的密码学算法合密钥均和步骤103中用的加密算法和密钥是相对应的。 In this step, the cryptographic algorithm decryption key are combined and encryption algorithm and key in step 103 is used in the corresponding. 如果使用密码学算法是对称算法,则解密使用的密钥是上述的服务器端和软件保护设备中共享的用于加解密待升级的内容的对对称密钥;如果使用的算法是非对称算法,则解密使用的密钥是上述的保存在软件保护设备中用于解密的私钥。 If a symmetric algorithm is a cryptographic algorithm, the decryption key is used in the above-described server and software protection devices for sharing content to be upgraded encryption of symmetric key; if the algorithm used is non-symmetric algorithm, the decryption key is stored in the above-mentioned apparatus for decrypting protected software private key. 步骤113:验证校验信息。 Step 113: Verify check information. 本步骤中,验证校验信息过程是指使用密码学算法来检查校验信息是否正确。 In this step, the verification information verification process is the use of cryptographic algorithms to check whether the correct parity information. 如果校验信息验证失败,则终止升级过程。 If the check fails to verify, the upgrade process is terminated. 本步骤中使用的密码学算法和密钥均是和步骤102中计算校验信息时使用的密码学算法和密钥相对应的,对于不同算法验证过程的具体流程也不同。 Cryptographic algorithm and key are used in this step is the cryptographic algorithm and the key used for verification and step 102 calculates information corresponding to the specific flow is different for different algorithms verification process. 如果计算所述校验信息时使用的密码学算法是HMAC或者MAC 算法时,则验证校验信息的具体流程如下:软件保护设备使用相应算法重新计算软件功能模块控制信息和解密后的新的功能模块的校验信息,然后将重新计算出的校验信息和功能模块升级包中获得的校验信息比较,完全一致则校验通过,说明该功能模块升级包是合法的,否则校验失败,说明该功能模块升级包是不合法的。 If the calculated cryptographic algorithm used for the check information is the HMAC algorithm or a MAC, the verification information to verify the process is as follows: with the appropriate software protection devices recalculation algorithm software function module control information and new features decrypted check information module, and then recalculated check information and check function module upgrade package information obtained in the comparison, then check through exactly the same, indicating that the function module upgrade package is legal, otherwise the check fails, Description the function module upgrade package is not legitimate. 在重新计算校验信息使用的密钥是上述的在服务器端和软件保护设备之间共享的用于计算或者验证校验信息的密钥。 The checksum is recalculated using the above-described key information between the server and the software protection device for calculating a shared key verification or authentication information. 如果计算校验信息时使用的密码学算法是非对称的签名算法,则验证校验信息的具体流程如下:软件保护装置使用上述保存在软件保护设备内的公钥解密功能模块升级包中的校验信息。 Signature algorithm is asymmetric cryptographic algorithm used in the calculation if the verification information, the verification information to the verification process is as follows: the software protection device using a check function module public key to decrypt the upgrade package software stored in the protected device information. 并计算功能模块升级包的控制信息及解密后的新的功能模块的组合结果的HASH值,比较解密后的校验信息和计算出来的HASH值。 And calculate the combined result of the control function module upgrade package information and the decrypted new functional module HASH value, the verification information and the calculated HASH value of the decrypted comparison. 如果计算校验信息时对HASH值做了编码,则在比较前也需要对HASH进行相同的编码,或者先对解密后的校验信息进行解码再比较。 If the checksum is calculated HASH value information do encoding, before comparison HASH need to be the same code or checksum information to decode the decrypted then compared. 如果计算校验信息时没有对控制信息和新的功能模块组合的数据串先进4亍HASH,则—睑i正时也不需要HASH,直4妄比專交。 If the string does not calculate check information for data control information and the new functional modules 4 combined advanced right foot HASH, the - i eyelid timing does not need to HASH, 4 jump straight cross-over designed. 上述比较结果如果是完全一致则校验通过,说明功能模块升级包是合法的,否则校验失败,说明该功能模块升级包是不合法的。 If the comparison result is entirely consistent with the verification passes, the function module upgrade package is legal, otherwise the check fails, indicating that the function module upgrade package is not legitimate. 如果校验信息是加密的,在校验之前需要先对校验信息进行解密。 If the check information is encrypted, you need to check the information decrypted before checking. 使用的密钥和算法都应该和上述的校验信息加密过程使用的算法和密钥相对应。 Algorithm and the key and key algorithm used above and should check information corresponding to the encryption process used. 根据前述校验信息的特点,如果发生了功能模块升级包中的任何数据被修改或者在传送过程中出现错误的情况,以及校验码本身被修改或者传输错误的情况,则验证校验信息过程的必将失败。 According to the characteristics of the verification information, if the occurrence of any functional module upgrade data packet is modified or an error occurs during the transfer, and the checksum itself is modified or transmission error, the verification process the verification information It is bound to fail. 从而软件保护设备认为该功能模块升级包是不合法的,将立即中止升级过程。 Software protection device thus considers the function module upgrade package is not legitimate, it will immediately suspend the upgrade process. 步骤114:升级软件保护设备内的功能模块对软件保护设备的功能模块进行升级,是用解密后的新的功能模块替换软件保护设备内已有的功能模块。 Step 114: the function modules in the software upgrade the software protection device protection equipment upgrade function module, is to replace the existing functional modules within the software protection device with new modules decrypted. 如果软件保护设备中没有待升级的功能模块,则可以根据预先设置的策略,新建该功能模块,或者终止升级过程。 If the device is not protected software function modules to be upgraded, according to the policy set in advance, the new functional module, or terminate the upgrade process. 图2为本发明的方法的第一实施例中的功能模块升级包的数据结构示意图。 The method of the first embodiment of the present invention. FIG. 2 a functional block schematic diagram of a data structure upgrade package. 参见图2,功能模块升级包包括:控制信息,加密的新的功能模块和校验信息。 Referring to Figure 2, the functional module upgrade package comprising: a control information, the encrypted new modules and parity information. 其中控制信息是用于确定该功能模块升级包的适用范围,可以是所有, 一组或者单个软件保护设备。 Wherein the control information is information for determining the scope of the function module upgrade package may be all, or a single set of software protection device. 第一实施例中,检验信息是使用密码学算法针对软件保护设备的特征信息和未加密的新的功能模块计算的。 In the first embodiment, collation information is calculated for the feature information of the software protection device and unencrypted new modules use cryptographic algorithms. 图3为本发明的方法的第二实施例的流程示意图。 A second flow diagram of an embodiment of a method of the present invention. FIG. 如图所示,第二实施例包括以下步骤,其中各步骤中具体的实现方式适用上述第一实施例中相应步骤的实现方式:步骤301:软件开发商设置功能模块升级包的控制信息并获取新的功能模块;步骤302:对新的功能模块进行加密;步骤303:对控制信息和步骤302中得到的经加密的新的功能模块计算校验信息;本步骤计算校验信息的算法可以使MAC算法,HMAC算法,非对称的签名算法。 As shown, the second embodiment includes the following steps, wherein each step of applying the above specific implementation of the first embodiment of the implementation of the appropriate steps: Step 301: Setting Function Software developers upgrade package module control information and acquires the new functional module; step 302: the new function modules for encryption; step 303: calculating the encrypted checking information in step 302 and control information obtained in the new functional module; step of the present algorithm for calculating parity information can MAC algorithm, HMAC algorithm, an asymmetric signing algorithm. 步骤304:生成功能模块升级包,本步骤中,将上述控制信息,经加密的新的功能模块,以及步骤303中得到的校验信息组合成功能模块升级包;步骤305:服务器向软件保护设备发送功能模块升级包;步骤311:校验功能模块升级包的适用范围;本步骤中,软件保护设备检查接收到的功能模块升级包的控制信能模块,如果不能,则终止升级过程。 Step 304: generation module upgrade package, in this step, the control information, the encrypted new functional modules, as well as combinations of check information obtained in step 303 can successfully upgrade package module; Step 305: the server to the software protection device sending module upgrade package; step 311: check function module scope upgrade package; in this step, the software protection device checks the received control functional module upgrade module envelope can, if not, terminate the upgrade process. 步骤312:校验验证信息;本步骤中,对接收到的功能模块升级包中的控制信息和经加密的新的功能模块重新计算校验信息,然后使用密码学算法来检查校验信息是否正确。 Step 312: check authentication information; In this step, the control information and the encrypted function modules in the received upgrade package new functional module recalculates the checksum information, and then use the cryptographic algorithm to check whether the correct verification information . 如果校验信息验证失败,则终止升级过程。 If the check fails to verify, the upgrade process is terminated. 本步骤中使用的密码学算法和密钥均是和步骤303中计算^^交验信息时使用的密码学算法和密钥相对应的,对于不同算法验证过程的具体流程也不同。 Cryptographic algorithm and key are used in this step is the cryptographic algorithm and the key used in step 303 is calculated and when ^^ inspection information corresponding to the specific flow is different for different algorithms verification process. 上述比较结果如果是完全一致则校验通过,说明功能模块升级包是合法的,否则校验失败,说明该功能模块升级包是不合法的。 If the comparison result is entirely consistent with the verification passes, the function module upgrade package is legal, otherwise the check fails, indicating that the function module upgrade package is not legitimate. 如果校验信息是加密的,在校验之前需要先对校-险信息进行解密。 If the check information is encrypted, you need to check before school - insurance decrypt information. 使用的密钥和算法都应该和上述的校验信息加密过程使用的算法和密钥相对应。 Algorithm and the key and key algorithm used above and should check information corresponding to the encryption process used. 步骤313:解密新的功能模块;本步骤中,解密用的密码学算法或密钥均和步骤302中用的加密算法或密钥是相对应的。 Step 313: The new decryption function module; In this step, the decryption key or cryptographic algorithms are used and step 302 by the encryption algorithm or the key is corresponding. 步骤314:升级软件保护设备内的功能模块。 Step 314: functional modules within the software upgrade protection equipment. 本实施例中的功能模块升级包数据结构与图2所示的第一实施例中的功能模块升级包数据结构相同,包括控制信息、加密的新的功能模块、校验信息。 The first embodiment of the present embodiment, functional modules embodiment upgrade package data structure shown in Figure 2 a functional block the same upgrade package data structure including the control information, the encrypted new functional module, verification information. 下面对本发明的方法的第三实施例进行说明。 Next, a third embodiment of the method of the present invention will be described. 本实施例中,软件保护设备使用的硬件平台是NXP公司提供16位智能卡芯片。 In this embodiment, the software protection device hardware platform 16 is provided by NXP smart card chip. 可以有效的防止硬件被破解或者硬克隆。 Can effectively prevent cracking or hardware is hard clones. 远程升级系统支持对单个软件保护设备或者所有的软件保护设备进行升级。 Remote upgrade system supports a single software protection devices or all of the software protection device upgrade. 远程升级系统中使用加密算法是TDES ,计算校验信息的算法是HMAC 。 Remote upgrade the encryption algorithm used in the system is TDES, algorithm verification information is HMAC. 第三实施例的功能模块升级包的数据结构如图4所示,包括控制信息,加密的新的功能模块和加密的校验信息。 Function module of the third embodiment of the upgrade package data structure shown in Figure 4, includes a control information, the encrypted new encrypted checksum function modules and information. 第三实施例中服务器端的模块升级包的签发流程如图5所示:步骤501:设置控制信息,控制信息中包含,该功能模块升级包的适用范围,待升级的功能模块的标识,是否允许新建一个功能模块的描述;步骤502:计算控制信息和新的功能模块组合后得到的数据串的HMAC值作为校验信息;步骤503:使用TDES算法对新的功能模块和校验信息各进行加密;步骤504:组合控制信息和503步骤的加密结果,成为功能模块升级包。 The third embodiment of the server module upgrade package issuance process in the embodiment shown in Figure 5: Step 501: setting the control information, control information includes, the scope of the function module upgrade package identifying functional modules to be upgraded, whether to allow HMAC value data string, and calculating the control information obtained by combining new modules as verification information; step 503:: step 502; a new functional modules described TDES algorithm using the new parity information, and each function module is encrypted ; step 504: the control information and the encrypted combination result of step 503, as a functional module upgrade package. 远程升级系统中的功能模块升级流程如图6所示:步骤601:检查升级包的适用范围,如果不能被自己使用,则终止结束过程;步骤602:使用TDES算法解密新的功能模块和校验信息;步骤603:使用HMAC算法重新计算控制信息和新的功能模块组合成的数据串的HMAC值;步骤604:比较计算出来的HMAC值和解密得到的校验信息,如果不一致,则直接终止升级过程;步骤605:在软件保护设备中找到控制信息中指定的功能模块,并使用新的功能模块对其进行升级。 Remote upgrade system upgrade process function module shown in Figure 6: Step 601: Check the scope of the upgrade package, if it can not be used by themselves, the process is terminated ends; Step 602: TDES algorithm using the decryption and verification of new functional modules HMAC value data string using the HMAC algorithm to recalculate the control information and the new modules combined into; step 604:: step 603; information comparing the calculated parity information HMAC value and decrypted, and if not, the process directly terminates upgrade process; step 605: find the control information specified in the function module, and use the new modules to upgrade them in the software protection device. 如果没有找到指定的功能模块,可以根据控制信息中指定是否允许新建功能模块,来确定是新建立一个功模块,还是直接终止升级过程。 If the specified function module is not found, according to the control information can specify whether to allow a new functional module to determine whether to build a new power module, or directly terminate the upgrade process. 以上所述仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。 The above are only preferred embodiments of the present invention but are not intended to limit the scope of the present invention. 凡在本发明的精神和原则之内所作的任何修改、等同替换、 改进等,均应包含在本发明的保护范围之内。 Any modifications within the spirit and principle of the present invention, equivalent substitutions, improvements, etc., should be included within the scope of the present invention.

Claims (15)

  1. 1、一种对软件保护设备进行安全可控的远程升级的方法,其特征在于,包括以下步骤: a、服务器端: a1、设置软件功能模块升级包的控制信息并获取新的功能模块; a2、对所述控制信息和新的功能模块计算校验信息; a3、对新的功能模块进行加密后,将所述控制信息、所述经加密的新的功能模块以及所述校验信息组合为功能模块升级包并发送给所述软件保护设备; b、软件保护设备端: b1、检查所接收的所述功能模块升级包中的控制信息以判断该功能模块升级包是否适用于升级自身的功能模块,如果适用则进入b2步骤,否则结束升级流程; b2、对所述功能模块升级包中的经加密的新的功能模块进行解密后得到新的功能模块,并根据所述控制信息和解密后得到的新的功能模块来验证所述校验信息; b3、如果验证通过则使用所述新的功能模块对所述软 A secure method of remote controlled software upgrade of the protection device, characterized by comprising the steps of: a, the server side: a1, is provided to upgrade software function module control packet and obtain a new functional module; A2 , the control information and the new modules computation of parity information; A3, after the new functional module encrypts the control information by the new functional module and the check information is encrypted composition function module and send the software upgrade package protection devices; b, software protection device side: the control information b1, functional module checks the received upgrade package to determine whether the function module upgrade package applicable to upgrade own function after b2, after decrypting the encrypted function module upgrade package new modules to give new functional module, according to the control information and the decryption; module, if applicable, the process proceeds to step b2, otherwise, ends the upgrade process the new functional module obtained to verify the verification information; b3, if the verification is used by the new functional module soft 件保护设备中的已有功能模块进行升级,否则结束升级流程。 Pieces of protective equipment in existing functional modules to upgrade, otherwise the upgrade process.
  2. 2、 如权利要求l所述的方法,其特征在于,所述的控制信息包含有对该功能模块升级包的适用范围的描述,如果将该适用范围设置为针对一组或者单个软件保护设备,则需要在所述控制信息中加入待升级的软件保护设备的特征信息,例如单个软件保护i殳备的唯一标识或者一组软件保护i殳备的唯一标识。 2. The method of claim l, wherein said control information includes a description of the scope of the function module upgrade package, if the applicable range is set for a group or a single software protection devices, protective equipment is necessary to add software to be upgraded in the control information, characteristic information, such as a single protected software to uniquely identify or i Shu prepared uniquely identifies a set of software protection i Shu prepared.
  3. 3、 如权利要求l所述的方法,其特征在于,a2步骤中的计算校验信息过程是首先把所述控制信息和新的功能模块组合成数据串,然后对该数据串通过密码学算法计算出校验信息,其中所述的密码学算法包括单向散列算法,HMAC算法,MAC算法或者非对称的签名算法。 3. The method of claim l, wherein, during the verification information calculated in step a2 is the first control information and the new modules are combined into a data string and the data string by cryptographic algorithms calculated check information, wherein said cryptography algorithm comprising a one-way hash algorithm, HMAC algorithm, the MAC algorithm or asymmetric signature algorithm.
  4. 4、 如权利要求l所述的方法,其特征在于,a2步骤中还包括对校验信息进行加密的步骤,该步骤采用对称算法或者非对称算法,同时b2步骤中还包括使用对应的密码学算法对经加密的校验信息进行解密的步骤。 4. The method of claim l, wherein, a2 further comprises the step of checking information encrypting step of using symmetric or asymmetric algorithms algorithms, step b2 further comprises using corresponding cryptographic the encrypted algorithm steps decrypted verification information.
  5. 5、 如权利要求l所述的方法,其特征在于,a3步骤中的对新的功能模块的加密过程使用对称算法或者非对称算法。 5. The method according to claim l, characterized in that, using symmetric or asymmetric algorithms for encryption algorithm of new functional module in step a3.
  6. 6、 如权利要求l所述的方法,其特征在于,bl步骤中,如果所述功能模块升级包被预先设置为适用于一组软件保护设备或者只适用于单个软件保护设备,则检查所述控制信息中包含的软件保护设备的特征信息是否和自身所在的组的唯一标识一致或者是否和自身的唯一标识一致,如果一致则该功能模块升级包适用于自身,否者结束升级流程。 6. A method as claimed in claim l, wherein, bl step, if the function module upgrade package is set in advance to apply to a set of software protection devices or only apply to a software protection device, checking the whether the feature information of the control software protection device and the information contained in its own uniquely identify where the same group, or whether the same unique identification and itself, if the same applies to the functional module upgrade package itself, whether those ends the upgrade process.
  7. 7、 如权利要求3所述的方法,其特征在于,步骤b2中验证校验信息所使用的密码学算法和步骤a2中计算校验信息所使用的密码学算法是相对应的。 7. The method as claimed in claim 3, wherein in step b2 a2 verify cryptographic algorithm used to calculate the checksum is information corresponding to the cryptographic algorithm and the step of checking information is used.
  8. 8、 如权利要求l所述的方法,其特征在于,b4步骤中的对软件保护设备的功能模块进行升级的过程,是用解密后的新的功能模块替换软件保护设备内已有的功能模块,如果所述软件保护设备中没有相应的待升级功能模块,则根据预先设置的策略新建该功能模块或者终止升级过程。 8. The method according to claim l, wherein, b4 process steps in the software protection device function module upgrade, the software is to replace the existing protection device functionality module new modules decrypted , if the software protection device is no corresponding function modules to be upgraded, according to the preset policy new functional module or terminating the upgrade process.
  9. 9、 一种对软件保护设备进行安全可控的远程升级的方法,其特征在于,包括以下步骤:a、 月良务器端:al、设置软件功能模块升级包的控制信息并获取新的功能模块;a2、对所述新的功能模块加密,并对所述控制信息和经加密的新的功能模块计算校验信息;a3、将所述控制信息、所述经加密的新的功能;f莫块以及所述校验信息组合为功能模块升级包并发送给所述软件保护设备;b、 软件保护设备端:b 1 、检查所接收的所述功能模块升级包中的控制信息以判断该功能模块升级包是否适用于升级自身的功能模块,如果适用则进入b2步骤,否则结束升级流程;b2、根据所接收的所述功能模块升级包中的所述控制信息和经加密的新的功能模块来验证所述校验信息,如果验证通过则进入b3步骤, 否则结束升级流程;b3 、对该经加密的新的功能模块进行解密后得 9. A method for secure remote controlled software upgrade of the protection device, characterized by comprising the steps of: a, monthly service good end: al, disposed software function module control information and obtain a new upgrade package features module; A2, the new encryption function module, and the control information and the encrypted new functional module calculates the check information; A3, the control information, a new function by the encryption; F Mo and the check information block for the combination function module and send the software upgrade package protection devices; b, software protection device side: a control information b 1, functional module checks the received upgrade package to determine whether the function module upgrade package apply to upgrade own function modules, if applicable, the process proceeds to step b2, otherwise, ends the upgrade process; b2, and the encrypted control information according to the received upgrade package function module in the new features module to verify the verification information, if the verification proceeds to step b3, otherwise, ends the upgrade process; b3 after, the encrypted new modules have decrypting 到新的功能模块, 并使用所述新的功能模块对所述软件保护设备中的已有功能模块进行升级。 The new functional module, and using the new modules to upgrade the existing software protection device function module.
  10. 10、 如权利要求9所述的方法,其特征在于,所述的控制信息包含有对该功能模块升级包的适用范围的描述,如果将该适用范围设置为针对一组或者单个软件保护设备,则需要在所述控制信息中加入待升级的软件保护设备的特征信息,例如单个软件保护设备的唯一标识或者一组软件保护设备的唯一标识。 10. The method as claimed in claim 9, wherein said control information includes a description of the scope of the function module upgrade package, if the applicable range is set for a group or a single software protection devices, wherein the information is necessary to add software protection devices to be upgraded in the control information, such as a unique identifier for uniquely identifying a single software protection device or a set of software protection device.
  11. 11、 如权利要求9所述的方法,其特征在于,a2步骤中的对新的功能模块的加密过程使用对称算法或者非对称算法。 11. The method as claimed in claim 9, wherein the new encryption process function module a2 step using symmetric or asymmetric algorithms algorithm.
  12. 12、 如权利要求9所述的方法,其特征在于,a2步骤中的计算校验信息过程是首先把所述控制信息和经加密的新的功能模块组合成数据串,然后对该数据串通过密码学算法计算出校验信息,其中所述的密码学算法包括HMAC算法,MAC算法或者非对称的签名算法。 12. The method as claimed in claim 9, characterized in that the computation of parity information a2 during the first step is the new functional module and the encrypted control information are combined into a data string, then the data string cryptographic algorithm to calculate the parity information, wherein the algorithm includes HMAC cryptographic algorithm, the MAC algorithm or asymmetric signature algorithm.
  13. 13、 如权利要求9所述的方法,其特征在于,bl步骤中,如果所述功能模块升级包被预先设置为适用于一组软件保护设备或者只适用于单个软件保护设备,则检查所述控制信息中包含的软件保护设备的特征信息是否和自身所在的组的唯一标识一致或者是否和自身的唯一标识一致,如果一致则该功能模块升级包适用于自身,否者结束升级流程。 13. The method as claimed in claim 9, wherein, bl step, if the function module upgrade package is set in advance to apply to a set of software protection devices or only apply to a software protection device, checking the whether the feature information of the control software protection device and the information contained in its own uniquely identify where the same group, or whether the same unique identification and itself, if the same applies to the functional module upgrade package itself, whether those ends the upgrade process.
  14. 14、 如权利要求12所述的方法,其特征在于,步骤b2中验证校验信息所使用的密码学算法和步骤a2中计算校验信息所使用的密码学算法是相对应的。 14. The method as claimed in claim 12, characterized in that, in step b2 a2 verify cryptographic algorithm used to calculate the checksum is information corresponding to the cryptographic algorithm and the step of checking information is used.
  15. 15、 如权利要求9所述的方法,其特征在于,b4步骤中的对软件保护设备的功能模块进行升级的过程,是用解密后的新的功能模块替换软件保护设备内已有的功能模块,如果所述软件保护设备中没有相应的待升级功能模块,则根据预先设置的策略新建该功能模块或者终止升级过程。 15. The method as claimed in claim 9, wherein, b4 process steps in the software protection device function module upgrade, the software is to replace the existing protection device functionality module new modules decrypted , if the software protection device is no corresponding function modules to be upgraded, according to the preset policy new functional module or terminating the upgrade process.
CN 200810101709 2008-03-11 2008-03-11 Method for performing safety controllable remote upgrade for software protecting device CN101251883B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200810101709 CN101251883B (en) 2008-03-11 2008-03-11 Method for performing safety controllable remote upgrade for software protecting device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200810101709 CN101251883B (en) 2008-03-11 2008-03-11 Method for performing safety controllable remote upgrade for software protecting device

Publications (2)

Publication Number Publication Date
CN101251883A true true CN101251883A (en) 2008-08-27
CN101251883B CN101251883B (en) 2010-07-21

Family

ID=39955269

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200810101709 CN101251883B (en) 2008-03-11 2008-03-11 Method for performing safety controllable remote upgrade for software protecting device

Country Status (1)

Country Link
CN (1) CN101251883B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009067879A1 (en) * 2007-11-12 2009-06-04 Senselock Software Technology Co., Ltd Remote updating method and system for information security device
CN101808100A (en) * 2010-01-26 2010-08-18 北京深思洛克软件技术股份有限公司 Method and system for solving replay of remote update of information safety device
CN101924607A (en) * 2010-08-27 2010-12-22 华为终端有限公司 Firmware processing method based on firmware air transmission technology, device and system thereof
CN103098069A (en) * 2010-09-08 2013-05-08 惠普发展公司,有限责任合伙企业 Secure upgrade supplies and methods
WO2015014074A1 (en) * 2013-08-01 2015-02-05 Spreadtrum Communications (Shanghai) Co., Ltd. A method and apparatus for controlling updates to a mobile device
CN104462965A (en) * 2014-11-14 2015-03-25 华为技术有限公司 Method for verifying integrity of application program and network device
CN105791281A (en) * 2016-03-01 2016-07-20 太仓苏易信息科技有限公司 Information encryption system
CN103873440B (en) * 2012-12-11 2017-03-22 北京旋极信息技术股份有限公司 Upgrade method and system applications

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009067879A1 (en) * 2007-11-12 2009-06-04 Senselock Software Technology Co., Ltd Remote updating method and system for information security device
CN101808100A (en) * 2010-01-26 2010-08-18 北京深思洛克软件技术股份有限公司 Method and system for solving replay of remote update of information safety device
CN101808100B (en) 2010-01-26 2013-02-20 北京深思洛克软件技术股份有限公司 Method and system for solving replay of remote update of information safety device
CN101924607A (en) * 2010-08-27 2010-12-22 华为终端有限公司 Firmware processing method based on firmware air transmission technology, device and system thereof
WO2012024963A1 (en) * 2010-08-27 2012-03-01 华为终端有限公司 Method, apparatus and system for processing firmware based on firmware over the air technology
CN101924607B (en) 2010-08-27 2013-01-23 华为终端有限公司 Firmware processing method based on firmware air transmission technology, device and system thereof
JP2013534377A (en) * 2010-08-27 2013-09-02 ▲華▼▲為▼終端有限公司Huawei Device Co., Ltd. Method of processing a firmware based on the firmware transmission technology in wireless, apparatus and system
US8910139B2 (en) 2010-08-27 2014-12-09 Huawei Device Co., Ltd. Method for processing firmware based on firmware over the air technology, apparatus, and system
CN103098069A (en) * 2010-09-08 2013-05-08 惠普发展公司,有限责任合伙企业 Secure upgrade supplies and methods
US9639794B2 (en) 2010-09-08 2017-05-02 Hewlett-Packard Development Company, L.P. Secure upgrade supplies and methods
CN103873440B (en) * 2012-12-11 2017-03-22 北京旋极信息技术股份有限公司 Upgrade method and system applications
WO2015014074A1 (en) * 2013-08-01 2015-02-05 Spreadtrum Communications (Shanghai) Co., Ltd. A method and apparatus for controlling updates to a mobile device
US9392441B2 (en) 2013-08-01 2016-07-12 Spreadtrum Communications (Shanghai) Co., Ltd. Method and apparatus for controlling updates to a mobile device
CN104462965A (en) * 2014-11-14 2015-03-25 华为技术有限公司 Method for verifying integrity of application program and network device
CN104462965B (en) * 2014-11-14 2018-03-13 华为技术有限公司 Application integrity verification method and a network device
CN105791281A (en) * 2016-03-01 2016-07-20 太仓苏易信息科技有限公司 Information encryption system

Also Published As

Publication number Publication date Type
CN101251883B (en) 2010-07-21 grant

Similar Documents

Publication Publication Date Title
US20080046758A1 (en) Digital rights management using trusted processing techniques
US20060195689A1 (en) Authenticated and confidential communication between software components executing in un-trusted environments
CN103237005A (en) Method and system for key management
US20090217054A1 (en) Secure software and hardware association technique
CN101005357A (en) Method and system for updating certification key
KR20040034165A (en) Method for distrubution of copyright protected digital contents
CN102064939A (en) Method for authenticating point of sail (POS) file and method for maintaining authentication certificate
CN102271042A (en) Digital certificate authentication method, system, USB Key devices and servers
CN101005361A (en) Server and software protection method and system
JP2004295271A (en) Card and pass code generator
CN102314578A (en) System and method for realizing software protection
CN1621992A (en) Method for software copyright protection
CN101771699A (en) Method and system for improving SaaS application security
CN102546604A (en) Security control method of intelligent television application program
CN102427449A (en) Trusted mobile storage method based on security chips
CN102291391A (en) Cloud services platform data secure transmission method
CN101834860A (en) Method for remote dynamic verification on integrality of client software
CN101145906A (en) Method and system for authenticating legality of receiving terminal in unidirectional network
CN101163044A (en) Remote updating method and system for information safety equipment
CN103685282A (en) Identity authentication method based on single sign on
CN102082784A (en) Method for upgrading software on line
CN102624740A (en) Data interaction method, client and server
US20090327737A1 (en) Techniques for ensuring authentication and integrity of communications
CN102129532A (en) Method and system for digital copyright protection
JP2003087237A (en) Contents utilization management system, its method, information processor, and computer program

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C14 Grant of patent or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 100086 HAIDIAN, BEIJING TO: 100872 HAIDIAN, BEIJING

C41 Transfer of patent application or patent right or utility model
ASS Succession or assignment of patent right

Owner name: BEIJING SHENSI SHUDUN SCIENCE + TECHNOLOGY CO., LT

Free format text: FORMER OWNER: BEIJING SENSELOCK SOFTWARE TECHNOLOGY CO., LTD.

Effective date: 20150115

C56 Change in the name or address of the patentee