Accompanying drawing explanation
Figure 1A is configuration diagram of the present invention;
Figure 1B is the schematic appearance of the service item of mobile communication device of the present invention;
Fig. 2 is operation workflow figure of the present invention;
Fig. 3 A is the schematic diagram of steering routine of the present invention;
Fig. 3 B is the schematic diagram of selection service inventory of the present invention;
Fig. 3 C is the schematic diagram of display service inventory of the present invention;
Fig. 3 D is the configuration diagram of Password Input of the present invention;
Fig. 3 E is the operation chart of write subscriber identification module of the present invention;
Fig. 3 F is the operation chart of reading subscriber identification module of the present invention;
Fig. 4 A is the operation workflow figure of mobile communication device build-in services project of the present invention;
Fig. 4 B is the interface diagram before build-in services project of the present invention;
Fig. 4 C is the interface diagram after build-in services project of the present invention;
Fig. 5 is the flow chart of steps of service item of the present invention checking mobile communication device.
Wherein, Reference numeral:
Mobile communication device 110
Storage element 111
Processing unit 112
Recognition unit 113
Subscriber identification module paster 114
Subscriber identification module 115
Subscriber identification module paster 115A
Subscriber identification module paster 115B
Subscriber identification module paster 115C
Personal identification code 116
Navigation information 117
Second proving program 118
Service end 210
Service inventory 211
First proving program 212
High in the clouds calculator device 310
High in the clouds α 311
High in the clouds 312
High in the clouds γ 313
Service item 315
Embodiment
Please refer to shown in Figure 1A, it is configuration diagram of the present invention.Data transmission system of the present invention comprises mobile communication device 110, service end 210 and at least one high in the clouds calculator device 310.Service end 210, can through telecommunication transmission (such as: WAP (wireless application protocol) (WirelessApplicationProtocol between high in the clouds calculator device 310 and mobile communication device 110, WAP), IMT-2000 (3rd-generation, be commonly called as third generation communication transfer technology, 3G), high-speed downstream package access technology (HighSpeedDownlinkPacketAccess, be called for short HSDPA), forth generation wireless telecommunication system (fourth-generation, 4G) or ultra broadband service (UltraWideband, UWB)) or internet transmissions (such as: IEEE802.11x series or Ethernet).
Service end 210 stores service inventory 211 and first proving program 212 with many service items 315.Each high in the clouds calculator device 310 stores the service item 315 respectively belonging to it.Further, different service items can be provided for different community (such as: internet dating community, photography community or other people having the same habits' community).Service item 315 of the present invention, except being except application program, also can be various network services.For example, if during service item 315 application program, then service item 315 can be games, document edit routine, multimedia playing program or image editing program etc.; If when service item 315 is network service, then can by Document Editing service, calendar service, E-mail service or network mutually the service such as this service provide place with independently application program service accordingly of leading respectively.And high in the clouds calculator device 310, also can be bonded among service end 210 with except high in the clouds calculator device 310 except being applied in separately independently service end 210 by the present invention.
Mobile communication device 110 comprises storage element 111, processing unit 112 and recognition unit 113.The kind of mobile communication device 110 can be mobile phone, flat computer, hand held calculator or desktop calculator.Storage element 111 stores the service item 315 and the authentication information of respective service project 315 downloaded, please refer to Figure 1B.Do not limit the operating system that mobile communication device 110 uses in the present invention, such as operating system may be the iOS operating system of apple (Apple) computer, Android operation system that Google releases or the Windows (WindowsOS) etc. that Microsoft releases.
Subscriber identification module 114 (SubscriberIdentityModel, SIM) and subscriber identification module paster 115 is more comprised in recognition unit 113.At this, side between subscriber identification module paster 115 and subscriber identification module 114 is defined as the first side, and relative another side is defined as the second side.The two sides of subscriber identification module paster 115 arrange many group of pins respectively.The pin of the first side corresponds to the metallic contact of subscriber identification module 114 respectively, and the pin of the second side then corresponds to the pin of mobile communication device 110.When subscriber identification module paster 115 fits in subscriber identification module 114, mobile communication device 110 can read the data in subscriber identification module 114 and the data in subscriber identification module paster 115 through subscriber identification module paster 115.Personal identification code 116 (PersonalIdentifyNumber, PIN), navigation information 117 and the second proving program 118 is stored at subscriber identification module paster 115.Mobile communication device 110 will be online to service end 210 through personal identification code 116, navigation information 117 and the second proving program 118, and obtain corresponding service inventory 211 (its running will in hereinafter describing in detail).
Explain orally operation workflow of the present invention for knowing, also please coordinate and examine shown in Fig. 2, it comprises the following steps:
Step S210: mobile communication device performs the steering routine of recognition unit, by the personal identification code in mobile communication device access recognition unit and navigation information;
Step S230: mobile communication device is connected to service end according to navigation information and PIN;
Step S240: service end is searched corresponding service inventory according to PIN and returned to mobile communication device;
Step S250: one of them service item optional from service inventory, and installation requirement is directed to high in the clouds calculator device through service end, installs to mobile communication device in order to download service project;
Step S260: when mobile communication device runs the service item of installing, mobile communication device carries out Authority Verification through PIN to installed service item;
Step S270: if the service item of installing is by Authority Verification, then mobile communication device operation service project; And
Step S280: if the service item of installing is not by Authority Verification, then service item out of service.
First, mobile communication device 110 can perform steering routine, through the personal identification code 116 in steering routine access recognition unit 113 and navigation information 117.Wherein, steering routine can from the application program of web download (Application), also can be stored among subscriber identification module paster 115 makes mobile communication device 110 can directly perform this steering routine, or in the internal memory of built-in communication device in action 110, please refer to shown in Fig. 3 A, it is the schematic diagram of steering routine of the present invention.For Android or iOS, the software download that user can provide from script manufacturer downloads this steering routine.Or, in action communication device 110 start (Booting) afterwards and mobile communication device 110 detect and wherein leading program be not installed, then mobile communication device 110 reads out this steering routine and installs it from subscriber identification module paster 115.
Then, steering routine can read navigation information 117 from subscriber identification module paster 115, and is online to service end 210 according to navigation information 117.Service end 210 receive mobile communication device 110 login require time, service end 210 searches the service inventory 211 whether having and conform to again according to personal identification code 116.As mentioned before, each high in the clouds calculator device 310 is supplied to the corresponding service item 315 of different types of user.Therefore service end 210 can confirm belonging to this user according to personal identification code 116 high in the clouds calculator, and service inventory 211 is replied to mobile communication device 110.
For example, subscriber identification module paster 115A, subscriber identification module paster 115B provided by different cloud service manufacturers (being respectively high in the clouds α, high in the clouds β and high in the clouds γ) from subscriber identification module paster 115C.The service inventory 211 that high in the clouds α provides comprises: service item α 001 ~ service item α 009; The service inventory 211 that high in the clouds β provides comprises: service item β 001 ~ service item β 012; The service inventory 211 that high in the clouds γ provides comprises: service item γ 001 ~ service item γ 007, please refer to Fig. 3 A.When the mobile communication device 110 of user installs subscriber identification module paster 115A, subscriber identification module paster 115A can be online to high in the clouds α according to recorded navigation information 117, and obtains the service inventory a with service item α 001 ~ service item α 009 from service end 210.In like manner, if when user installs subscriber identification module paster 115B, then the service inventory b with service item 001 ~ service item 0012 can be obtained.
Communication device 110 connects in the process of service end 210 in action, and for confirming high in the clouds belonging to subscriber identification module paster 115, therefore service end 210 can perform the first proving program 212 according to navigation information and PIN.Wherein, the kind of the first proving program 212 can be but not be defined as rsa encryption, data encryption standard (DataEncryptionStandard, DES), Advanced Encryption Standard (AdvancedEncryptionStandard, the rivest, shamir, adelman such as AES) also can be symmetric encipherment algorithm.For the stamped signature of RSA, personal identification code 116 in subscriber identification module paster 115A can be carried out stamped signature process through the privately owned golden key (privatekey) belonging to it by mobile communication device 110, and produce corresponding ciphertext, this ciphertext is defined as signature information.Then, mobile communication device 110 sends signature information to service end 210.Service end 210 utilizes public key (publickey) to signature information checking, obtains the PIN that signature information comprises.After service end 210 searches the high in the clouds belonging to it according to PIN, then the service inventory 211 in this high in the clouds is returned back to mobile communication device 110, please refer to Fig. 3 B, in figure 3b for subscriber identification module paster 115A and corresponding service inventory a.
When after mobile communication device 110 download service inventory 211, user can watch the contained content of service inventory 211 from the screen of mobile communication device 110.Accepting service inventory a is above example, the screen of communication device 110 in action sequentially can list service item α 001 ~ service item α 009, use and provide user to select, please refer to Fig. 3 C.When user's one of them service item 315 optional from service inventory 211, mobile communication device 110 can send installation requirement to service end 210.Then, installation requirement is directed to high in the clouds calculator device 310 by service end 210.
High in the clouds calculator device 310 in the process transmitting service item 315, for determining that mobile communication device 110 is present man-to-man corresponding relation with the service item 315 downloaded.Referring to each service item 315 at man-to-man corresponding relation of the present invention only can a corresponding mobile communication device 110.In other words, when the service item 315 of mobile communication device 110A is copied to mobile communication device 110B by user, mobile communication device 110B then by every checking of service item 315, and then cannot forbid the installation/operation of service item 315.Therefore authentication information (license) can add in service item 315 by high in the clouds calculator device 310.And the generating mode of authentication information also can be but be not defined as the rivest, shamir, adelman such as rsa encryption, DES, AES, it also can be symmetric encipherment algorithm.
In the process producing authentication information, also can add disposal password (onetimepassword) in addition, random number produces or time stab (timestamp).For Android operation system, when user is for before carrying out download service project 315, mobile communication device 110 can call out its Password Input window through Android operation system, in order to provide user to input its personal identification code 116, please refer to shown in Fig. 3 D.When the PIN inputted, mobile communication device 110 can add above-mentioned other data (or adding the data coming from service end 210 and provide), the encryption of line correlation of going forward side by side.Except through except Android operation system calling input window, also new input window can be created through standard development external member (StandardDevelopmentKit, SDK).Such practice can avoid the inside of Android operation system to lack, and the person that makes illegal use monitors through the mode of Remote (remote) data that user inputs.Customized input window through SDK makes the transmittance process of inputted numerical value between application program directly cannot be acquired through operating system, and then improves the door of illegal use person invasion.
In addition, also the service item 315 downloaded can be write among subscriber identification module paster 115 or subscriber identification module 114 in the following manner at mobile communication device 110 of the present invention, use the proof strength of the service item 315 strengthening this case.110 accesses carrying out destination data folder by operating system again through the subscriber identification module 114 (or subscriber identification module paster 115) of installed application program to bottom in existing mobile communication device, wherein destination data folder can be but not be defined as address book or news in brief casket.
Header with regard to general word news in brief (or multimedia news in brief (MultimediaMessagingService, MMS)) is all utilize fixed numbers as identification.Mobile communication device 110 is when download service project 315, and service item 315 can write among address book or news in brief casket by mobile communication device 110, and rewrites the corresponding header of address book or news in brief casket.For example, when service item 315 is for being stored to news in brief casket, service item 315 can be cut into the multi-group data block of the maximum length meeting news in brief.And the header of the block after each cutting is write specific numerical value, such as before header, 2bytes writes FFFFh.So when mobile communication device 110 is when reading the data in news in brief casket, as long as mobile communication device 110 finds that the header data of this envelope news in brief is FFFFh, then represents this news in brief and being not lteral data but service item 315, please refer to shown in Fig. 3 E.When header is news in brief default value, then mobile communication device 110 will read corresponding news in brief from subscriber identification module 114, please refer to shown in Fig. 3 F.
After completing and adding authentication information in service item 315, service item 315 can be sent to mobile communication device 110 by high in the clouds calculator device 310.Then, mobile communication device 110 can carry out the process of build-in services project 315, and please coordinate shown in Fig. 4 A, it comprises the following steps: simultaneously
Step S410: mobile communication device obtains authentication information from downloaded service item;
Step S420: mobile communication device performs verification process to personal identification code, produces information to be verified;
Step S430: whether consistent with information to be verified by mobile communication device comparison authentication information;
Step S440: when authentication information and information to be verified inconsistent time, then mobile communication device stop carry out build-in services project; And
Step S450: when authentication information is consistent with information to be verified, then corresponding for service item institute verify data is registered in storage element by mobile communication device.
Described in above, for determining and unique corresponding relation between service item 315 by mobile communication device 110, after therefore steering routine download service project 315 completes, steering routine can be verified service item 315.Steering routine obtains authentication information from downloaded service item 315.Simultaneously, mobile communication device 110 pairs of personal identification codes 116 separately carry out verification process, produce the information to be verified of another group.
Then, whether steering routine meeting comparison authentication information is consistent with information to be verified.Because verify data and information to be verified produced by identical Processing Algorithm (such as: one-way Hash, RSA, DES, MD5, SHA or AES).Such as: mobile communication device can in transmission through the front/rear time stab adding length-specific again of the data to be verified of verification process.Service end 210 can read correct data to be verified according to added time stab from correct position.
Therefore, identical input data can produce identical result after aforesaid encryption.So when both are consistent, then representing information to be verified with authentication information is all formed by approved the other side (being respectively mobile communication device 110 and high in the clouds calculator device 310).When after confirmation information to be verified and authentication information, corresponding for service item 315 institute verify data (or information to be verified) is registered in storage element 111 by steering routine, and the screen of communication device 110 in action shows installed service item 315, please also refer to Fig. 4 B and Fig. 4 C.
When user's wish performs the service item 315 of aforementioned download, steering routine can verify that whether mobile communication device 110 is legal again.Please refer to shown in Fig. 5, it is the flow chart of steps that service item 315 of the present invention verifies mobile communication device 110.Checking mobile communication device 110 comprises the following steps:
Step S510: mobile communication device obtains verify data from service database;
Step S520: mobile communication device obtains personal identification code from recognition unit;
Step S530: whether comparison verify data is consistent with PIN;
Step S540: if verify data is consistent with PIN, then mobile communication device performs service item; And
Step S550: if verify data and PIN inconsistent, then mobile communication device does not perform service item.
When user is for performing this service item 315, mobile communication device 110 can require that user keys in personal identification code 116.Mobile communication device 110 can obtain should the verify data of service item 315 simultaneously from service database.Then, mobile communication device 110 can carry out corresponding to aforesaid verification process according to personal identification code 116, and the information to be verified generated and verify data is compared.If the PIN after verification process is consistent with authentication information, then represent this service item 315 be by mobile communication device 110 to download and user is legitimate user, therefore mobile communication device 110 can perform this service item 315.Otherwise mobile communication device 110 cannot perform this service item 315.
When user keys in personal identification code 116, the operating system that can adopt through mobile communication device 110 creates input window, also can create customized input window through SDK, please refer to shown in Fig. 3 D.Such practice can avoid the inside of the operating system of mobile communication device 110 to lack, and the person that makes illegal use obtains through the mode of Remote the data that user inputs.Customized input window through SDK makes the transmittance process of inputted numerical value between application program directly cannot be acquired through operating system, improves the door of illegal use person invasion.
The invention provides a kind of data transmission method and system thereof of mobile communication device 110, mobile communication device 110 can confirm user identity and obtain the service inventory 211 of different types of high in the clouds calculator device 310 through users classification to service end 210.
In addition, mobile communication device 110 of the present invention accesses through subscriber identification module paster 114 pairs of subscriber identification modules 115, so mobile communication device 110 need could not carry out the exchange of data to subscriber identification module 115 through JSR177 (or application program).Mobile communication device 110 is being directed to different types of high in the clouds calculator device 310 through service end 210.Thus, the download environment that mobile communication device 110 is safer can be provided, also can when running download service project 315 further service for checking credentials project 315 whether whether legal for mobile communication device 110, use and strengthen overall running safety member.