CN103873440B - Upgrade method and system applications - Google Patents

Upgrade method and system applications Download PDF

Info

Publication number
CN103873440B
CN103873440B CN 201210533878 CN201210533878A CN103873440B CN 103873440 B CN103873440 B CN 103873440B CN 201210533878 CN201210533878 CN 201210533878 CN 201210533878 A CN201210533878 A CN 201210533878A CN 103873440 B CN103873440 B CN 103873440B
Authority
CN
Grant status
Grant
Patent type
Prior art keywords
information
upgrade
target device
data packet
decryption
Prior art date
Application number
CN 201210533878
Other languages
Chinese (zh)
Other versions
CN103873440A (en )
Inventor
胡鹏
吴匀
陈杰
靳松
Original Assignee
北京旋极信息技术股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Abstract

本发明提供一种应用程序的升级方法和系统。 Providing an application upgrade method and system of the present invention. 所述方法,包括:客户端在接收到升级服务器对目标设备中应用程序生成的升级数据包以及该升级数据包的校验信息后,保存所述校验信息,加密所述升级数据包和校验信息,并将发送加密后的升级数据包和校验信息;目标设备在接收到加密后的升级数据包和校验信息后,对所述升级数据包和校验信息进行解密,得到解密后的升级数据包和校验信息;输出所述解密后的校验信息;当确认所述校验数据与所述客户端的校验数据一致时,所述目标设备采用所述解密后的升级数据包发起升级操作。 Said method comprising: a client server after receiving the update verification target device information generated by an application upgrade package and upgrade data packet, save the check information, encrypting the data packets and the correction upgrade posteriori information and upgrade data packet and the parity information is sent encrypted; target device after receiving upgrade data packets and verifying the encrypted information, decrypt the update data and parity information packet, to obtain decrypted the check information and upgrade data packet; verification information outputting the decryption; unanimously confirmed when the check data and check data to the client, the target device using the upgrade data packet after the decryption initiate the upgrade.

Description

一种应用程序的升级方法和系统 Upgrade method and system applications

技术领域 FIELD

[0001] 本发明涉及计算机应用领域,尤其涉及一种应用程序的升级方法和系统。 [0001] The present invention relates to the field of computer applications, and particularly to a method and system upgrade applications. 背景技术 Background technique

[0002] 随着计算机技术、互联网和移动互联网技术的迅猛发展,国内的企业集团、政府机关和金融机构都在利用网络在自己与大众之间建立一条快速、高效的网络通道,为人们提供各式的应用服务。 [0002] With the rapid development of computer technology, the Internet and mobile Internet technology, domestic business groups, government agencies and financial institutions are using the Internet to establish a fast, efficient network path between themselves and the public, for the people to provide each type of application services. 由于是基于互联网而实现的信息服务,因此应用系统的安全性显得尤为重要。 Because it is Internet-based information service achieved, and therefore the security of application systems is particularly important. 在提高系统安全性方面,用户的身份认证和交易认证又是必要而重要的关键环节。 To improve system security, user authentication and transaction verification is necessary and important key. 因此,在网络系统中电子签名设备的应用越来越广泛,特别是在金融行业,为了保证交易的安全性,电子银行、网上银行的用户越来越多地使用电子签名设备,比如USB Key,作为身份认证和交易认证的手段。 Therefore, in the network system application of electronic signature devices more widely, especially in the financial sector, in order to ensure the security of transactions, electronic banking, online banking users are increasingly using electronic signature devices, such as USB Key, as authentication and transaction verification means.

[0003] 一般来说电子签名设备是由含中央处理器(Central Processing Unit,简称“CPU”)的智能安全芯片开发而成。 [0003] In general electronic signature device was developed by smart security chip containing a central processing unit (Central Processing Unit, referred to as "CPU") is made. 智能安全芯片在广义上讲是将CPU与主存储器以及简单的接口融于一体的独立的控制单元。 Smart security chip CPU in a broad sense with the simple interface, and a main memory into one of the separate control unit. 狭义上讲它本身就是一个计算机系统,一个能够独立完成作业的应用计算机。 In a narrow sense it is itself a computer system, a computer can complete a job application independent. 智能安全芯片中集成了存储程序的器件,例如EEPR0M存储器, Flash闪速存储器,其中存储程序的器件中存储了电子签名设备的嵌入式操作系统程序,字库字模文件,甚至客户端的运行程序等。 Smart security chip integrated device for storing programs, such as device EEPR0M memory, Flash flash memory, which stores the program stored in the embedded operating system program electronic signature devices, character font files, even run client programs. 随着电子签名设备处理内容的日益复杂,其程序的更新或升级在所难免。 With the increasing complexity of electronic signature processing device content, update or upgrade their program is inevitable. 而如何实现在即不回收电子签名设备,又无需工程师到用户所在现场去进行安全、可靠、完整的远程程序更新是一个困扰电子银行中网银交易系统的继续发展的一个难题。 And how soon does the recycling of electronic signature device, and engineers do not need to go to the site the user is safe, reliable, and complete remote update is a troubled a problem in the continued development of e-banking transactions online banking system. 发明内容 SUMMARY

[0004] 本发明提供一种应用程序的升级方法和系统,要解决的技术问题是如何对不包括远程通信模块的目标设备进行升级。 [0004] The present invention provides an application upgrade method and system to solve the technical problem is how the target device does not include a remote communication module upgrade.

[0005] 为解决上述技术问题,本发明提供了如下技术方案: [0005] In order to solve the above technical problem, the present invention provides the following technical solutions:

[0006] —种应用程序的升级方法,包括: [0006] - upgrade application types, comprising:

[0007] 客户端在接收到升级服务器对目标设备中应用程序生成的升级数据包以及该升级数据包的校验信息后,保存所述校验信息,加密所述升级数据包和校验信息,并将发送加密后的升级数据包和校验信息; [0007] After receiving the client verification information update server to the target device generated by an application upgrade package and upgrade data packet, save the check information, the encrypted data packets and verifying the upgrade information, upgrade data packet and the checksum and sends the encrypted information;

[0008] 目标设备在接收到加密后的升级数据包和校验信息后,对所述升级数据包和校验信息进行解密,得到解密后的升级数据包和校验信息; [0008] The target device receives the upgrade data packets and verifying the encrypted information, the data packet and the parity information to decrypt the upgrade, the upgrade data packets and verifying obtain decrypted information;

[0009] 输出所述解密后的校验信息; [0009] The parity outputting the decryption information;

[0010] 当确认所述校验数据与所述客户端的校验数据一致时,所述目标设备采用所述解密后的升级数据包发起升级操作。 [0010] When confirming the check data is consistent with the client check data, the target device using the upgrade data packet after initiating the decryption upgrade. [〇〇11]优选的,所述方法还具有如下特点:所述校验信息是通过如下方式确定的: [〇〇11] Preferably, the method further has the following features: the verification information is determined in the following manner:

[0012]所述目标设备的升级服务器在得到升级数据包后,对所述升级数据包所携带的信息进行处理,得到一串字符,该串字符的位数为至少两位,生成一包括该串字符的图片,将所述图片文件作为校验信息。 [0012] The upgrade server of the target device after receiving upgrade data packet, the information carried by the packet data update is performed to give a string of characters, the number of bits of the character string of at least two, the generating comprising a character string image, the image file as the check information.

[0013] 优选的,所述方法还具有如下特点:所述升级服务器对所述升级数据包所携带的信息进行处理,得到多位数的数值,包括: [0013] Preferably, the method further has the following features: the upgrade information of the upgrade server of the data carried by the packet, to give the multi-digit value, comprising:

[0014] 采用标准摘要算法对升级数据包进行摘要提取,得到摘要信息; [0014] The standard digest algorithm to update the data packets summarization obtain digest information;

[0015] 从摘要信息中的数值提取一串字符。 [0015] extracted from the character string of numerical summary information.

[0016] 优选的,所述方法还具有如下特点:所述客户端加密所述升级数据包和校验信息, 包括: [0016] Preferably, the method further has the following features: the client encrypts the data packet and update parity information, comprising:

[0017] 获取所述目标设备的身份标识; [0017] obtaining the identity of the target device;

[0018] 将该身份标识会和预先保存的加密密钥因子共同组成一个对称密钥,并利用已经保存的加密算法,对所述升级数据包以及校验信息进行加密; [0018] The identity and will be pre-stored encryption key factors together form a symmetric key encryption algorithm using the saved, the upgrade data packet and the verification information is encrypted;

[0019] 所述目标设备向目标设备发送加密后的升级数据包和校验信息,包括: [0019] The upgrade data packet and the parity information to the target device sends the encrypted target device, comprising:

[0020] 获取自身的身份信息,并将身份信息与预存在目标设备内的解密密钥因子共同组成解密密钥,在配合预留在目标设备中的解密密算法完成解密工作。 [0020] Gets own identity information and identity information with pre-stored decryption key factor in the target device composed of a decryption key, the reservation complete mating decryption device in the target decryption algorithm. [0021 ]优选的,所述方法还具有如下特点:所述方法还包括: [0021] Preferably, the method further has the following features: the method further comprises:

[0022] 客户端在接收升级数据包和校验信息的同时,还接收所述升级数据包的电子签名,并将所述电子签名同所述升级数据包以及校验信息一起加密后,再发送给目标设备; After the [0022] client while receiving data packets and parity information about upgrading, the upgrading electronic signature further receives data packets and encrypted together with the electronic signature of the verification information and upgrade data packet, retransmission to the target device;

[0023] 所述目标设备采用所述升级数据包发起升级操作,包括: [0023] The target device using the upgrade data packet initiate upgrade, comprising:

[0024] 在对加密后的电子签名进行解密后,对所述解密后的电子签名进行验证;[〇〇25]如果验证通过,则采用所述升级数据包进行升级操作。 [0024] After the electronic signature decrypts the encrypted electronic signature to verify the decrypted; [〇〇25] If verified, the upgrade data packet is used to upgrade operation.

[0026]优选的,所述方法还具有如下特点:所述确认所述校验数据与所述客户端的校验数据一致是通过如下方式实现的:[〇〇27]所述目标设备包括按键和显示屏幕; [0026] Preferably, the method further has the following features: the acknowledgment check data and the check data matches the client is achieved by: [〇〇27] and the target device comprises a key display screen;

[0028]所述目标设备通过显示屏幕输出所述解密后的校验信息,并在接受到用户通过按键确认客户端上的显示信息与目标设备上的显示屏幕上输出的信息一致的结果后,通过检测按键的按下,确定所述校验数据与所述客户端的校验数据一致。 [0028] The target output device through a display screen after the decryption verification information, and receives the user confirmation information consistent result output on a display screen displaying information on the target device on the client through the key post, by detecting the key depression of determining the check data is consistent with the client check data. [〇〇29] 一种应用程序的升级系统,包括:[〇〇3〇]客户端,包括: [〇〇29] upgrade an application system, comprising: [〇〇3〇] Client, comprising:

[0031] 保存装置,用于在接收到升级服务器对目标设备中应用程序生成的升级数据包以及该升级数据包的校验信息后,保存所述校验信息; [0031] The holding means, for, after receiving the update server to the target device verification information generated by an application upgrade package and upgrade data packet, save the check information;

[0032] 加密装置,用于将发送加密后的升级数据包和校验信息; [0032] encryption means for upgrading the data packets and verifying the transmitted encrypted information;

[0033] 传输装置,与所述加密装置相连,用于在接收到升级数据包和校验信息保存校验信息,向目标设备发起所述升级数据包和校验信息的发送流程;[〇〇34]目标设备,包括: [0033] The transmission means connected to the encryption means for receiving the data packets and verifying the upgrade information stored verification information, the verification information and upgrade data packet is transmitted to the target device to initiate flow; [thousand and 34] target device, comprising:

[0035] 解密装置,用于在接收到加密后的升级数据包和校验信息后,对所述升级数据包和校验信息进行解密,得到解密后的升级数据包和校验信息; [0035] The decryption means for upon receiving upgrade data packets and verifying the encrypted information, the data packet and the parity information to decrypt the upgrade, the upgrade data packets and verifying obtain decrypted information;

[0036] 输出装置,与所述解密装置相连,用于输出所述解密后的校验信息; [0036] The output means coupled to said decryption means, for checking the output of the decryption information;

[0037] 升级装置,与所述输出装置相连,用于当确认所述校验数据与所述客户端的校验数据一致时,所述目标设备采用所述解密后的升级数据包发起升级操作。 [0037] upgrading means and connected to said output means, when it is confirmed to coincide with the check data check data to the client, the target device using the upgrade data packet after initiating the decryption upgrade.

[0038]优选的,所述系统还具有如下特点:所述系统还包括所述目标设备的升级服务器, 其中所述升级服务器包括:[〇〇39]处理装置,用于在得到升级数据包后,对所述升级数据包所携带的信息进行处理, 得到一串字符,该串字符的位数为至少两位; After [〇〇39] processing means for the upgraded packet: [0038] Preferably, the system further has the following characteristics: said system further comprises a server to upgrade the target device, wherein the upgrade server comprises , to upgrade the information carried in the data packet to give a string of characters, the number of bits of the character string of at least two;

[0040]生成装置,用于生成一包括该串字符的图片,将所述图片文件作为校验信息[0041 ]优选的,所述系统还具有如下特点:所述处理装置包括: [0040] generating means for generating a character string comprising the image, the image file as parity information [0041] Preferably, the system further has the following features: the processing means comprises:

[0042] 计算模块,用于采用标准摘要算法对升级数据包进行摘要提取,得到摘要信息; [0042] calculation means for standard digest algorithm to update the data packets summarization obtain digest information;

[0043] 提取模块,用于从摘要信息中的数值提取一串字符。 [0043] extraction means for extracting a character string from numerical information in the summary.

[0044] 优选的,所述系统还具有如下特点: [0044] Preferably, the system further has the following features:

[0045] 所述加密装置包括: [0045] The encryption apparatus comprising:

[0046] 第一获取模块,用于获取所述目标设备的身份标识; [0046] The first acquiring module, for acquiring the identity of the target device;

[0047] 加密模块,与所述获取模块相连,用于将该身份标识会和预先保存的加密密钥因子共同组成一个对称密钥,并利用已经保存的加密算法,对所述升级数据包以及校验信息进行加密;[〇〇48]所述解密装置包括:[〇〇49]第二获取模块,用于获取自身的身份信息; [0047] The encryption module, coupled to the acquisition module is configured to be the identity of the pre-stored encryption key factors together form a symmetric key encryption algorithm using the saved, and the upgrade data packet encrypting verification information; [〇〇48] the decryption apparatus comprising: [〇〇49] a second acquiring module, for acquiring its own identity information;

[0050]解密模块,用于将身份信息与预存在目标设备内的解密密钥因子共同组成解密密钥,在配合预留在目标设备中的解密密算法完成解密工作。 [0050] a decryption module configured to identity information stored in the target device decryption key factor composed decryption key, completion of decryption in the decryption algorithm with the reservation target device. [0051 ]优选的,所述系统还具有如下特点:所述系统还包括: [0051] Preferably, the system further has the following characteristics: said system further comprises:

[0052]所述加密装置还用于在接收到所述升级数据包的电子签名后,对所述电子签名进行加密;[〇〇53]所述传输装置还用于将发送加密后的电子签名; [0052] The encryption means is further configured to, after receiving the electronic signature of the upgrade data packet, encrypting the electronic signature; [〇〇53] for said transmission means further transmits the encrypted electronic signature ;

[0054] 所述解密还用于对加密后的电子签名进行解密; [0054] The electronic signature is further configured to decrypt the encrypted decrypting;

[0055] 所述升级装置包括:[〇〇56] 验证模块,用于对所述电子签名进行验证;[〇〇57]升级模块,用于如果验证通过,则采用所述升级数据包进行升级操作。 [0055] The upgrading apparatus comprising: [〇〇56] authentication module configured to authenticate the electronic signature; [〇〇57] upgrade module for, if verified, then the upgrade data packet using the upgrade operating. [〇〇58]优选的,所述系统还具有如下特点:所述目标设备包括按键和显示屏幕;其中: [〇〇59]所述输出装置用于通过显示屏幕输出所述解密后的校验信息; [〇〇58] Preferably, the system further has the following features: the target device comprises a key and a display screen; wherein: [〇〇59] The output means for checking the decrypted output through the display screen information;

[0060]所述升级模块用于在接受到用户通过按键确认客户端上的显示信息与目标设备上的显示屏幕上输出的信息一致的结果后,通过检测按键的按下,确定所述校验数据与所述客户端的校验数据一致。 After [0060] the upgrading module configured to receive a user confirmation key information consistent result output on a display screen on the display information on the target device through the client, by detection of the key is pressed, the check is determined parity data with said client. [0061 ]本发明提供的实施例,可广泛适用于互联网和移动互联网上系统上,诸如,银行、 证券、公安、军队和电子政务等对数据安全性要求较高的应用系统中,有效的解决一直在远程更新目标设备(如电子签名设备)内程序的问题和目标设备在PC和智能移动终端设备上的应用问题,在保证对目标设备的程序进行更新的前提下,通过校验数据,提高目标设备中应用程序的安全。 [0061] Embodiments of the present invention provides, it can be widely used on the Internet and mobile Internet system, such as banking, securities, public security, e-government and military high data security requirements of the application system, effective solution applications have been problems and issues within the program target device remotely update the target device (such as electronic signature devices) on the PC and smart mobile devices, to ensure the program the target device to update the premise, by verifying data to improve the target device application security program. 附图说明 BRIEF DESCRIPTION

[0062]图1为本发明提供的应用程序的升级方法实施例的流程示意图; The upgrade process embodiment [0062] FIG. 1 of the application of the present invention provides a schematic embodiment;

[0063] 图2为本发明提供的银行系统中电子签名设备的升级方法应用实例示意图; Banking system [0063] FIG. 2 in the present invention provides an electronic signature device upgrade application example schematic diagram;

[0064] 图3为本发明提供的应用程序的升级系统实施例的结构示意图。 Schematic structural diagram of [0064] FIG. 3 of the present invention to provide an application upgrade system embodiment. 具体实施方式 Detailed ways

[0065] 为使本发明的目的、技术方案和优点更加清楚,下面将结合附图及具体实施例对本发明作进一步的详细描述。 [0065] To make the objectives, technical solutions, and advantages of the invention more clearly, the accompanying drawings and the following specific embodiments of the present invention will be further described in detail. 需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。 Incidentally, in the case of no conflict, embodiments and features of the embodiments of the present application may be arbitrarily combined with each other.

[0066] 图1为本发明提供的应用程序的升级方法实施例的流程示意图。 A schematic flowchart of a method to upgrade [0066] FIG. 1 of the application of the present embodiment provided herein. 图1所示方法实施例,包括步骤1 〇1〜106,其中: Embodiment of the method shown in FIG Example 1, step 1 comprising 〇1~106, wherein:

[0067] 步骤101、客户端在升级服务器对目标设备中应用程序生成的升级数据包以及该升级数据包的校验信息后,保存所述校验信息;[〇〇68] 其中,所述客户端可以通过与网络交互得到升级数据包和校验信息,也可以通过从外部导入的文件得到上述信息。 [0067] Step 101, after checking the client information on the target device generated by an application upgrade package and upgrade server upgrade data packet, to store the verification information; [〇〇68] wherein the client end of the packet and can be upgraded to interact with the network to obtain parity information, this information may be obtained by introducing the file from the outside.

[0069] 步骤102、所述客户端加密所述升级数据包和校验信息; [0069] Step 102, the client encrypts the check information and upgrade data packet;

[0070] 其中,加密算法可以任意选择,但本着针对于一个目标设备一种加密方式而言,通过获取该目标设备的身份标识,将该身份标识作为加密方式的一个限定条件,可以有效的避免不同的目标设备使用相同的加密算法;[0071 ]具体来说,获取所述目标设备的身份标识;根据所述目标设备的身份标识和预先存储的加密算法,对所述升级数据包以及校验信息进行加密。 [0070] wherein the encryption algorithm may be arbitrarily selected, but is directed to a target in the encryption apparatus concerned, by obtaining the identity of the target device, as the identity of a cryptosystem identifier defined conditions, can effectively avoid using the same encryption algorithm different target devices; [0071] More specifically, acquiring the identity of the target device; according to the encryption algorithm identifier of the target device and stored in advance, and the correction upgrade data packet test information is encrypted.

[0072] 步骤103、所述客户端发送加密后的升级数据包和校验信息; [0072] Step 103, the client sends the upgrade data packets and verifying the encrypted information;

[0073] 其中,目标设备可以通过其外设的接口与终端进行物理连接,当然,如果目标设备支持蓝牙或红外等,也可以进行近距离的无线互连。 [0073] wherein, the target device may be physically connected to the terminal via an interface of its peripherals, of course, if the target device supports Bluetooth or infrared, etc., may be performed close wireless connectivity.

[0074] 步骤104、目标设备在接收到加密后的升级数据包和校验信息后,对所述升级数据包和校验信息进行解密,得到解密后的升级数据包和校验信息; [0074] Step 104, after receiving the target device upgrade data packets and verifying the encrypted information, the data packet and the parity information to decrypt the upgrade, the upgrade data packets and verifying obtain decrypted information;

[0075] 需要说明的是,如果加密操作使用了目标设备的身份信息,则在进行解密时,则目标设备获取自身的身份信息,并采用自身的身份信息以及预先存储的解密算法对加密后的升级数据包和校验信息进行解密操作。 [0075] Incidentally, if the encryption operation using a target device identification information, the decryption is performed, the target device acquires its own identity information, and use their own identity information and a decryption algorithm stored in advance in the encrypted upgrade data packet and the parity information for decryption.

[0076] 步骤105、目标设备输出所述解密后的校验信息;[〇〇77] 通常该目标设备具有显示单元,可通过该显示单元将校验信息输出。 [0076] Step 105, the target device outputs the decryption verification information; [〇〇77] The target device typically having a display unit, the verification unit may output information through the display.

[0078] 步骤106、当确认所述校验数据与所述客户端的校验数据一致时,所述目标设备采用所述解密后的升级数据包发起升级操作。 [0078] Step 106, when it is confirmed consistent with the check data check data to the client, the target device using the upgrade data packet after initiating the decryption upgrade.

[0079] 与现有技术相比,本发明提供的方法实施例,在升级服务器生成升级数据包后,通过目标设备在中终端上加载的客户端对目标设备进行升级,实现远程升级,在客户端与目标设备进行交互过程中,通过对交互信息进行加密,再通过进行校验信息的比较,来防止升级数据包被篡改,保证信息安全。 Compared with the prior art [0079], embodiments of the present invention provides a method of generating packet upgrading the upgrade server, through the target device loaded on the client terminal device to the target upgrade, remote upgrade, the customer end of the target device during the interaction, through the interactive information is encrypted, and then by comparing verification information, the upgrade data packet to prevent tampering, to ensure information security.

[0080] 其中,所述校验信息是通过如下方式确定的:[0081 ]所述目标设备的升级服务器在得到升级数据包后,对所述升级数据包所携带的信息进行处理,得到一串字符,该串字符的位数为至少两位,并生成一包括该串字符的图片, 将所述图片文件作为校验信息 [0080] wherein the verification information is determined by the following manner: [0081] The upgrade server of the target device after receiving upgrade data packet, the information carried by the packet data update is performed to give a string of character, the character string of at least two bits, and generates a character string comprising the image, the image file as verification information

[0082] 具体来说,服务器会对升级程序先进行摘要计算,算法可采用的是MD5或Sha-1以及其他的标准摘要算法,经过摘要计算后会获得摘要信息,如采用Md5计算会获得16个字符,如果采用sha-1则会获得20个字符。 [0082] Specifically, the first server upgrade program will calculate the digest algorithm is MD5 or may be employed Sha-1 digest algorithm, and other criteria, can be obtained after digest calculation summary information, such as the use calculations to obtain 16 Md5 characters, if sha-1 will get 20 characters. 随后在这些字符中,系统均针对摘要信息进行随机特征值提取,随机特征值提取是在摘要算法计算出的结果中随机的选取4-20位数值,这里是采用随机方式提取字符,获得的结果是和原摘要字符排列不同,或间隔不同的新的字符, 但这些字符的来源是原摘要字符。 The results of these characters then the system are carried out summary information for the random feature extraction, feature value extracted randomly selected random bit values ​​4-20 result in the calculated digest algorithm, where the characters are extracted random manner, the obtained It is a summary of the original character and arranged differently, or different intervals of new characters, but the source of these characters is a summary of the original character. 随后在根据新的字符为基础,生成对应的图片信息,例如新字符为“68H89Z”,那么生成一副图片,图片中包含“68H89Z”信息。 Then in accordance with the new character basis, to generate information corresponding to the picture, such as new character as "68H89Z", then generates a picture, the picture contains "68H89Z" information.

[0083] 其中,所述升级服务器对所述升级数据包所携带的信息进行处理,得到多位数的数值,包括: [0083] wherein the upgrade information of the upgrade server of the data carried by the packet, to give the multi-digit value, comprising:

[0084] 采用标准摘要算法对升级数据包进行摘要提取,得到摘要信息; [0084] The standard digest algorithm to update the data packets summarization obtain digest information;

[0085] 从摘要信息中的数值提取一串字符。 [0085] The character string extracted from the values ​​of the summary information.

[0086] 其中,该串字符包括:数字,字符和特殊字符如@、#等,不仅仅包括0-9数字。 [0086] wherein the character string includes: numeric, and special characters such as @, #, etc., not just the 0-9.

[0087] 其中,所述客户端加密所述升级数据包和校验信息,包括:[〇〇88]获取所述目标设备的身份标识; [0087] wherein the client encrypts the data packet and update parity information, comprising: [〇〇88] obtaining the identity of the target device identifier;

[0089] 将该身份标识会和预先保存的加密密钥因子共同组成一个对称密钥,并利用已经保存的加密算法,对所述升级数据包以及校验信息进行加密; [0089] The identity and will be pre-stored encryption key factors together form a symmetric key encryption algorithm using the saved, the upgrade data packet and the verification information is encrypted;

[0090] 所述目标设备向目标设备发送加密后的升级数据包和校验信息,包括:[0091 ]获取自身的身份信息,并将身份信息与预存在目标设备内的解密密钥因子共同组成解密密钥,在配合预留在目标设备中的解密密算法完成解密工作当然,可选的,所述方法还包括: [0090] The upgrade data packet and the parity information to the target device sends the encrypted target device, comprising: [0091] acquiring its own identity information and identity information with pre-stored decryption key factor in the target device composed a decryption key, the decryption with the reservation is complete in the target device of the decryption algorithm, of course, optionally, the method further comprising:

[0092] 客户端在接收升级数据包和校验信息的同时,还接收所述升级数据包的电子签名,并将所述电子签名同所述升级数据包以及校验信息一起加密后,再发送给目标设备; After the [0092] client while receiving data packets and parity information about upgrading, the upgrading electronic signature further receives data packets and encrypted together with the electronic signature of the verification information and upgrade data packet, retransmission to the target device;

[0093] 所述目标设备采用所述升级数据包发起升级操作,包括: [0093] The target device using the upgrade data packet initiate upgrade, comprising:

[0094] 在对加密后的电子签名进行解密后,对所述解密后的电子签名进行验证;[〇〇95]如果验证通过,则采用所述升级数据包进行升级操作。 [0094] After the electronic signature decrypts the encrypted electronic signature to verify the decrypted; [〇〇95] If verified, the upgrade data packet is used to upgrade operation.

[0096] 其中,确认所述校验数据与所述客户端的校验数据一致是通过如下方式实现的: 所述目标设备包括按键和显示屏幕; [0096] wherein, confirming that the verification data with the client check data match is achieved by: the target device comprises a key and a display screen;

[0097] 所述目标设备通过显示屏幕输出所述解密后的校验信息,并在接受到用户通过按键确认客户端上的显示信息与目标设备上的显示屏幕上输出的信息一致的结果后,通过检测按键的按下,确定所述校验数据与所述客户端的校验数据一致。 [0097] The display screen of the target device via the output of the decryption verification information, and receives the user confirmation information consistent result output on a display screen displaying information on the target device on the client through the key post, by detecting the key depression of determining the check data is consistent with the client check data.

[0098] 当然,在实际应用中并不限于此,还可以通过如下方式实现:目标设备将解密后的校验信息输出给客户端,客户端接收目标设备发送的校验结果,并同时展出该客户端从升级服务器接收的校验信息以及从目标设备接收的校验信息,用户通过在客户端上识别是否一致,客户端在得到用户的选择结果后,将该选择结果发送给目标设备,由目标设备确认是否进行升级操作。 [0098] Of course, in practical applications is not limited thereto, can also be achieved as follows: the check information output destination device to the decrypted client, the client receives the check result sent from the target device, and exhibited at the same time the client receives verification information from the update server and received from the target device verification information, by identifying the user on the client are the same, when the client user selection result obtained, the selection result is transmitted to the target device, confirmed by the target device is an upgrade operation.

[0099] 下面以在银行中的应用为例进行说明:[〇1〇〇]图2为本发明提供的银行系统中电子签名设备的升级方法应用实例示意图。 [0099] In the following application in the bank as an example: [〇1〇〇] FIG 2 banking system's electronic signature device upgrade application example schematic diagram of the present invention. 图2所示方法应用实例包括: Examples of the method shown in FIG. 2 applications comprising:

[0101]步骤201、银行后台系统获取电子签名设备的更新信息; [0101] Step 201, the update information acquiring bank back system electronic signature device;

[0102] 具体来说,获取电子签名设备的应用程序的更新信息,并为该更新信息设置对应的版本信息,形成更新信息; [0102] Specifically, the update information acquired electronic signature application device, and for setting the updated version information corresponding to the update information is formed;

[0103] 其中,银行后台系统按照银行内部的设计计划,或针对网银系统中出现的问题进行程序更新准备,此程序包括:电子签名设备内的嵌入式操作系统程序,字库字模文件,客户端程序等,但不仅限于此。 [0103] where the bank back-office systems in accordance with the bank's internal design plan or program for the issue of online banking system appeared update preparation, this program include: embedded operating system program in the electronic signature device, character font files, the client program such as, but not limited to this.

[0104] 步骤202、银行后台系统对更新信息进行特征值图像化处理; [0104] Step 202, the system updates the bank background feature value of the image information processing;

[0105] 其中本步骤具体可以通过如下步骤来实现: [0105] wherein specifically the present step may be implemented by the following steps:

[0106] 步骤A1:银行后台系统对更新信息进行摘要提取,得到摘要信息; [0106] Step A1: bank background update system information summarization obtain digest information;

[0107] 其中,进行摘要提取所使用的算法可以为SHA-USHA-256或MD5等,但不局限与此; [0107] wherein, summary of the algorithm may be used to extract the like SHA-USHA-256 or the MD5, but not limited thereto;

[0108] 步骤A2、银行后台系统从摘要信息提取随机特征值; [0108] Step A2, bank background system extracts feature value from a random digest information;

[0109] 无论何种摘要算法计算出的结果,系统均针对摘要信息进行随机特征值提取,随机特征值提取是在摘要算法计算出的结果中随机的选取4-20位数值; [0109] Regardless of the digest algorithm calculation result, systems are random value extraction characteristic for summary information, the extracted feature value is randomly selected random bit values ​​4-20 digest algorithm computed result;

[0110] 步骤A3、银行后台系统针对所选取的特性值进行图像处理,形成一一对应的图片文件。 [0110] Step A3, bank background image processing system for the selected characteristic values, formed one to one image file.

[0111] 此处也可以将摘要算法计算出的结果全部作为特征值进行图像化处理。 [0111] Here digest algorithm may be all of the calculated results of image processing as the feature values.

[0112] 步骤203、银行后台系统对更新信息采用RSA,椭圆曲线ECC等对非对称密钥算法进行电子签名后,将更新信息,电子签名和特性值图像一同发送给客户端。 [0112] Step 203, the system updates the bank background of RSA, Elliptic Curve ECC Once asymmetric keys electronic signature algorithm, update information, and transmits the electronic signature together with the characteristic values ​​of the image to the client. [〇113]步骤204、客户端接收更新信息并显示特征图片; [〇113] Step 204, the client receives the update information and image display feature;

[0114] 在此,网银的客户端程序会安装在用户的客户端的上位机,客户端的上位机包括: PC机,智能移动终端,如:智能手机,平板电脑,PDA等。 [0114] Here, online banking client program installed on the user's client PC, the client PC include: PC, smart mobile terminals, such as: a smart phone, a tablet computer, PDA and the like. 客户端将从银行后台系统接受的更新信息,电子签名和特性值图像中的特性值图像提取后,在客户端的屏幕上进行显示,用于进一步的用户确认使用。 Bank client from back-end systems to accept the updated information, the electronic signature characteristic values ​​and characteristic values ​​of the image after image extraction, is displayed on the client's screen, the user confirmation for further use.

[0115] 步骤205、客户端获取电子签名设备的身份信息;[〇116]在此,为了实现客户端与电子签名设备的“一设备一密钥”的更新信息加密保护功能,客户端获取电子签名设备的身份信息。 [0115] Step 205, the client obtains the identity information of the electronic signature apparatus; [〇116] Here, in order to achieve the client and the electronic signature of the device "a device key" encryption protection function update information, client acquisition electronics identity signature devices. 电子签名设备的身份信息是设备生产过程中所形成的唯一序列号,一般有芯片的唯一编号,生产厂家唯一编号,生产地点唯一编号共同组成,或也可以是银行在生产设备时编写的设备唯一序列号。 Identity information of the electronic signature device is a unique serial number of the device production process of the formation, generally has a unique serial number chip manufacturers a unique number, place of production unique number composed, or may be a bank to write in the production of equipment unique to the device serial number. 客户端获取电子签名设备唯一信息后,其会和已经保存在客户端程序中的加密密钥因子共同组成一个对称密钥,并利用已经保存在客户端和电子签名设备内的共同知道的一种加密算法进行下一步的信息传输时的加密保护。 The only information that the client obtains an electronic signature device, and it would have been stored in the client program in an encryption key factors together make up a symmetric key and uses common knowledge already stored in the client device and electronic signature of a encryption algorithm to encrypt the information transmitted when the next step. 此算法可以是对称或非对称算法。 This algorithm may be symmetric or asymmetric algorithms.

[0117] 步骤206、客户端利用电子签名设备的身份信息和加密算法将更新信息,电子签名和特性值图像加密处理后发送给电子签名设备。 [0117] Step 206, the client device using an electronic signature and encryption algorithm identification information of update information, and the electronic signature to the electronic signature device characteristic value of the image after the encryption process.

[0118] 其中,加密的工作过程是通过电子签名设备的唯一信息与预存在客户端的加密密钥因子共同组成加密密钥,在配合预留在客户端中的加密算法完成对信息的加密;解密的过程是将设备的唯一信息与预存在电子签名设备内的解密密钥因子共同组成解密密钥,在配合预留在电子签名中的解密密算法完成对信息的解密工作。 [0118] wherein the encryption operation process by the electronic signature device unique information stored in the client encryption key factor composed encryption key, encrypt the encryption algorithm with information in a reservation in the client; and decrypting the process will constitute a unique decryption key information about the device and stored decryption key factor in the electronic signature device, complete decryption of information with the decryption algorithm in reserve in the electronic signature. 如果采用的是对称的加解密算法的话,则电子签名设备内的唯一信息与加密密钥因子所组成的加密密钥,与电子签名设备的唯一信息与解密密钥因子所组成的解密密钥是同一个密钥,所采用的加密,解密算法也是同一个算法,如DES。 If the encryption algorithm is symmetric, then the unique information and the encrypted key encryption key factor consisting in the electronic signature device, the unique decryption key information and the electronic signature decryption key factor device is composed of the same encryption key used, decryption algorithm is the same algorithm, such as DES. 如果是采用非对称密钥算法进行计算,那么客户端方面提取信息并组合的密钥代表公钥,电子签名设备提取并组合的密钥代表私钥,随后按照非对称算法流程进彳丁计算,如RSA。 If using an asymmetric key algorithm calculation, then the client-side information and extract the representative public key combination, and a combination of an electronic signature device extracts the representative private key, then stimulation was calculated as asymmetric algorithms butoxy process, such as RSA. [〇119]步骤207、电子签名设备解密并显示所提取的特性值图像;[〇12〇]在此,电子签名设备对已经接受到的密文进行解密处理,并形成包括:更新信息, 电子签名和提取特性值图像三个部分内容。 [〇119] Step 207, the device decrypts the electronic signature characteristic value and displaying the extracted image; [〇12〇] Here, the electronic signature device that has been received ciphertext decryption process, and is formed comprising: updating information, electronic and extracting a signature image characteristic value three parts. 设备将提取特性值图像通过设备内的显示模块在显示屏上显示,用于用户下一步的比对确认使用。 The characteristic value extraction device through the display module within the image displayed on the display device, for the user to confirm the use of the next ratio.

[0121] 步骤208、电子签名设备在检测到确认特征性图像一致后进行更新信息; [0121] Step 208, the electronic signature device detects that the characteristic of the same image information is updated;

[0122] 在此,用户观看客户端屏幕中所显示的更新信息特征值图像与电子签名设备所显示的更新信息特征值图像的异同,如果相同,用户通过设备上的物理确认模块进行更新信息。 [0122] Here, the user views the similarities and differences update feature value of the image client displayed in the screen update information characteristic value of an image with an electronic signature device shown, if the same, the user performs the update information through a physical confirmation module on the device.

[0123] 步骤209、电子签名设备完成信息更新; [0123] Step 209, update completion information electronic signature device;

[0124] 在此,电子签名设备将解密后的更新信息,电子签名进行验签,如果步骤208和步骤209均正确,说明电子签名设备接受到更新信息是银行后台系统所发出的更新信息,并未遭到更改或攻击。 [0124] Here, the updated information will decrypt the electronic signature devices, electronic signature inspection check, if step 208 and step 209 are correct, the instructions to update the information electronic signature device receives updated information is issued by the bank back-office systems, and have not been changed or attacked. 设备进行自动更新操作,完成更新过程,并发送成功反馈。 Device for automatic update, the update process is completed, and transmits success feedback.

[0125] 步骤210、客户端接到更新成功反馈,并发送至银行后台系统。 [0125] Step 210, the update is successful feedback to the client and sent back to the banking system.

[0126] 在此,客户端接到电子签名设备的更新成功反馈,并记录更新的时间和版本号,向银行后台发送成功反馈。 [0126] In this case, the client receives updates electronic signature device success feedback, and record the time and version number of the update successfully sent feedback to the bank back.

[0127] 图3为本发明提供的应用程序的升级系统实施例的结构示意图。 Schematic structural diagram of [0127] FIG. 3 of the present invention to provide an application upgrade system embodiment. 图3所示系统实施例,包括: The system shown in FIG Example 3, comprising:

[0128] 客户端,包括: [0128] Client, comprising:

[0129] 保存装置,用于在接收到升级服务器对目标设备中应用程序生成的升级数据包以及该升级数据包的校验信息后,保存所述校验信息;[〇13〇]加密装置,用于将发送加密后的升级数据包和校验信息; [0129] storage means for receiving the update server after checking the target device information generated by an application upgrade package and upgrade data packet, save the check information; [〇13〇] encryption means, for upgrade data packet and the parity information is sent encrypted;

[0131] 传输装置,与所述加密装置相连,用于在接收到升级数据包和校验信息保存校验信息,向目标设备发起所述升级数据包和校验信息的发送流程; [0131] transmission means, coupled to said encryption means, for receiving the packet data and the upgrade information stored parity check information, and initiate the upgrade data packet verification processes information transmitted to the target device;

[0132] 目标设备,包括: [0132] target device, comprising:

[0133] 解密装置,用于在接收到加密后的升级数据包和校验信息后,对所述升级数据包和校验信息进行解密,得到解密后的升级数据包和校验信息; [0133] a decryption means for upon receiving upgrade data packets and verifying the encrypted information, the data packet and the parity information to decrypt the upgrade, the upgrade data packets and verifying obtain decrypted information;

[0134] 输出装置,与所述解密装置相连,用于输出所述解密后的校验信息; [0134] output means coupled to said decryption means, for checking the output of the decryption information;

[0135] 升级装置,与所述输出装置相连,用于当确认所述校验数据与所述客户端的校验数据一致时,所述目标设备采用所述解密后的升级数据包发起升级操作。 [0135] upgrading means, coupled to said output means, when it is confirmed to coincide with the check data check data to the client, the target device using the upgrade data packet after initiating the decryption upgrade.

[0136] 其中,所述系统还包括所述目标设备的升级服务器,其中所述升级服务器包括: [0136] wherein said system further comprises a server to upgrade the target device, wherein the upgrade server comprises:

[0137] 处理装置,用于在得到升级数据包后,对所述升级数据包所携带的信息进行处理, 得到一串字符,该串字符的位数为至少两位; [0137] processing means for data packet after receiving the upgrade, the upgrade of the information carried in the data packet to give a string of characters, the number of bits of the character string of at least two;

[0138] 生成装置,用于生成一包括该串字符的图片,将所述图片文件作为校验信息 [0138] generating means for generating a character string comprising the image, the image file as verification information

[0139] 其中,所述处理装置包括: [0139] wherein said processing means comprises:

[0140] 计算模块,用于采用标准摘要算法对升级数据包进行摘要提取,得到摘要信息; [〇141]提取模块,用于从摘要信息中的数值提取一串字符。 [0140] a calculating module for employing standard digest algorithm to update the data packets summarization obtain digest information; [〇141] extraction means for extracting a character string from numerical information in the summary.

[0142]其中,所述加密装置包括: [0142] wherein said encryption means comprises:

[0143] 第一获取模块,用于获取所述目标设备的身份标识; [0143] a first obtaining module, configured to obtain the identity of the target device;

[0144] 加密模块,与所述获取模块相连,用于将该身份标识会和预先保存的加密密钥因子共同组成一个对称密钥,并利用已经保存的加密算法,对所述升级数据包以及校验信息进行加密; [0144] encryption module, coupled to the acquisition module is configured to be the identity of the pre-stored encryption key factors together form a symmetric key encryption algorithm using the saved, and the upgrade data packet encrypting verification information;

[0145] 所述解密装置包括: [0145] The decryption apparatus comprising:

[0146] 第二获取模块,用于获取自身的身份信息; [0146] The second acquiring module, for acquiring its own identity information;

[0147] 解密模块,用于将身份信息与预存在目标设备内的解密密钥因子共同组成解密密钥,在配合预留在目标设备中的解密密算法完成解密工作。 [0147] a decryption module configured to identity information stored in the target device decryption key factor composed decryption key, completion of decryption in the decryption algorithm with the reservation target device.

[0148] 其中,所述系统还包括: [0148] wherein said system further comprises:

[0149] 所述加密装置还用于在接收到所述升级数据包的电子签名后,对所述电子签名进行加密; [0149] The encryption means further configured to, after receiving upgrade data packet to the electronic signature, the electronic signature is encrypted;

[0150] 所述传输装置还用于将发送加密后的电子签名; [0150] The transmitting means is further configured to transmit the encrypted electronic signature;

[0151] 所述解密还用于对加密后的电子签名进行解密; [0151] The electronic signature is further configured to decrypt the encrypted decrypting;

[0152] 所述升级装置包括: [0152] The upgrading apparatus comprising:

[0153] 验证模块,用于对所述电子签名进行验证; [0153] authentication module configured to authenticate the electronic signature;

[0154] 升级模块,用于如果验证通过,则采用所述升级数据包进行升级操作。 [0154] upgrade module for, if verified, using the upgrade data to upgrade the packet.

[0155] 其中,所述目标设备包括按键和显示屏幕;其中: [0155] wherein the target device comprises a key and a display screen; wherein:

[0156] 所述输出装置用于通过显示屏幕输出所述解密后的校验信息; [0156] The output means for verifying information by decrypting the output display screen;

[0157] 所述升级模块用于在接受到用户通过按键确认客户端上的显示信息与目标设备上的显示屏幕上输出的信息一致的结果后,通过检测按键的按下,确定所述校验数据与所述客户端的校验数据一致。 After [0157] the upgrading module configured to receive a user confirmation key information consistent result output on a display screen on the display information on the target device through the client, by detection of the key is pressed, the check is determined parity data with said client.

[0158] 与现有技术相比,本发明提供的系统实施例,在升级服务器生成升级数据包后,通过目标设备在中终端上加载的客户端对目标设备进行升级,实现远程升级,在客户端与目标设备进行交互过程中,通过对交互信息进行加密,再通过进行校验信息的比较,来防止升级数据包被篡改,保证信息安全。 After [0158] Compared with the prior art, the present invention provides a system embodiment, the upgrade data packet generated in the upgrade server, through the target device loaded on the client terminal device to the target upgrade, remote upgrade, the customer end of the target device during the interaction, through the interactive information is encrypted, and then by comparing verification information, the upgrade data packet to prevent tampering, to ensure information security.

[0159] 以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。 [0159] The above are only specific embodiments of the present invention, but the scope of the present invention is not limited thereto, any skilled in the art in the art within the technical scope of the present invention is disclosed, variations may readily occur or Alternatively, it shall fall within the protection scope of the present invention. 因此,本发明的保护范围应以权利要求所述的保护范围为准。 Accordingly, the scope of the present invention should be the scope of the claims and their equivalents.

Claims (10)

  1. 1.一种应用程序的升级方法,其特征在于,包括: 客户端在接收到升级服务器对目标设备中应用程序生成的升级数据包以及该升级数据包的校验信息后,保存所述校验信息,加密所述升级数据包和校验信息,并将发送加密后的升级数据包和校验信息; 目标设备在接收到加密后的升级数据包和校验信息后,对所述升级数据包和校验信息进行解密,得到解密后的升级数据包和校验信息; 输出所述解密后的校验信息; 当确认所述校验数据与所述客户端的校验数据一致时,所述目标设备采用所述解密后的升级数据包发起升级操作; 其中,所述客户端加密所述升级数据包和校验信息,包括: 获取所述目标设备的身份标识; 将该身份标识和预先保存的加密密钥因子共同组成一个对称密钥,并利用已经保存的加密算法,对所述升级数据包以及校验信息进行加密 A method for upgrading the application, wherein, comprising: a client after receiving the verification information update server to the target device generated by an application upgrade package and upgrade data packet, save the check information, encrypting the update data and parity information packet, and transmits the encrypted checking information and upgrade data packet; target device receives the upgrade data packets and verifying the encrypted information, the upgrade data packet and decrypts the verification information, and verifying upgraded packet decrypted information; verification information outputting the decryption; when confirming the check data is consistent with the client check data, the target device uses the upgrade data packet after initiating the decryption upgrade; wherein the client encrypts the data packet and update parity information, comprising: obtaining the identity of the target device; and the pre-stored identity encryption key factor together form a symmetric key encryption algorithm using the saved, the upgrade data packet and the verification information is encrypted 所述目标设备对所述升级数据包和校验信息进行解密,包括: 获取自身的身份信息,并将身份信息与预存在目标设备内的解密密钥因子共同组成解密密钥,在配合预留在目标设备中的解密密算法完成解密工作。 The target device and the upgrade data packet check decrypt the information, comprising: obtaining identity information itself, and the identity information with pre-stored decryption key factor in the target device composed of a decryption key, the mating reserved decryption algorithm to decrypt the target device to complete the work.
  2. 2.根据权利要求1所述的方法,其特征在于,所述校验信息是通过如下方式确定的: 所述目标设备的升级服务器在得到升级数据包后,对所述升级数据包所携带的信息进行处理,得到一串字符,该串字符的位数为至少两位,生成一包括该串字符的图片,将所述图片文件作为校验信息。 2. The method according to claim 1, wherein said verification information is determined in the following manner: the target device after the server upgrade data packet is upgraded, the upgrade data packet carried information is processed to obtain a string of characters, the number of bits of the character string of at least two, to generate a character string comprising the image, the image file as the check information.
  3. 3.根据权利要求2所述的方法,其特征在于,所述升级服务器对所述升级数据包所携带的信息进行处理,得到多位数的数值,包括: 采用标准摘要算法对升级数据包进行摘要提取,得到摘要信息; 从摘要信息中的数值提取一串字符。 3. The method according to claim 2, wherein the upgrade information of the upgrade server of the data carried by the packet, to give the multi-digit value, comprising: a standard digest algorithm to update the data packets summarization, digest information obtained; extracting a string of characters from the values ​​of the summary information.
  4. 4.根据权利要求1所述的方法,其特征在于: 所述方法还包括: 客户端在接收升级数据包和校验信息的同时,还接收所述升级数据包的电子签名,并将所述电子签名同所述升级数据包以及校验信息一起加密后,再发送给目标设备; 所述目标设备采用所述升级数据包发起升级操作,包括: 在对加密后的电子签名进行解密后,对所述解密后的电子签名进行验证; 如果验证通过,则采用所述升级数据包进行升级操作。 4. The method according to claim 1, characterized in that: said method further comprises: while receiving a client packet and update parity information, further receiving the electronic signature upgrade data packet, and the after the electronic signature with the upgrade data packet and the parity information encrypted together, and then sent to the target device; and the target device using the upgrade data packet initiates the upgrade operations comprising: after the encrypted electronic signature decrypts of the decrypted electronic signature verification; if verified, using the upgrade data to upgrade the packet.
  5. 5.根据权利要求1所述的方法,其特征在于,所述确认所述校验数据与所述客户端的校验数据一致是通过如下方式实现的: 所述目标设备包括按键和显示屏幕; 所述目标设备通过显示屏幕输出所述解密后的校验信息,并在接受到用户通过按键确认客户端上的显示信息与目标设备上的显示屏幕上输出的信息一致的结果后,通过检测按键的按下,确定所述校验数据与所述客户端的校验数据一致。 5. The method according to claim 1, wherein said parity data to confirm the check data with the client is achieved by: the target device comprises a key and a display screen; the described later, the target device verification information by decrypting the output display screen, and the user receives confirmation result output consistent information on the display screen on the display information with the target device through the key on the client, by detecting the key press, determining the check data is consistent with the client check data.
  6. 6.一种应用程序的升级系统,其特征在于,包括: 客户端,包括:保存装置,用于在接收到升级服务器对目标设备中应用程序生成的升级数据包以及该升级数据包的校验信息后,保存所述校验信息;加密装置,用于将发送加密后的升级数据包和校验信息;传输装置,与所述加密装置相连,用于在接收到升级数据包和校验信息保存校验信息, 向目标设备发起所述升级数据包和校验信息的发送流程;目标设备,包括:解密装置,用于在接收到加密后的升级数据包和校验信息后,对所述升级数据包和校验信息进行解密,得到解密后的升级数据包和校验信息;输出装置,与所述解密装置相连,用于输出所述解密后的校验信息;升级装置,与所述输出装置相连,用于当确认所述校验数据与所述客户端的校验数据一致时,所述目标设备采用所述解密后的升级数据包 An application upgrade system comprising: a client, comprising: storage means for checking the update server to the target receiving apparatus generated by an application upgrade package and upgrade data packet after the information, store the verification information; encryption means for upgrading the data packets and verifying the transmitted encrypted information; transmission means, coupled to said encryption means for receiving the data packets and verifying the upgrade information save check information, the check information and upgrade data packet is transmitted to the target device to initiate the process; the target device, comprising: a decryption means for upon receiving upgrade data packets and verifying the encrypted information, the upgrade data packet and decrypts the verification information, and verifying upgraded packet decrypted information; output means coupled to said decryption means for checking the output of the decryption information; upgrading apparatus, and the output means connected to the check when the acknowledgment data is consistent with the check data of the client, the target device using the upgrade data packet after the decryption 发起升级操作;所述加密装置还包括:第一获取模块,用于获取所述目标设备的身份标识;加密模块,与所述获取模块相连,用于将该身份标识和预先保存的加密密钥因子共同组成一个对称密钥,并利用已经保存的加密算法,对所述升级数据包以及校验信息进行加密;所述解密装置还包括:第二获取模块,用于获取自身的身份信息;解密模块,用于将身份信息与预存在目标设备内的解密密钥因子共同组成解密密钥, 在配合预留在目标设备中的解密密算法完成解密工作。 Initiates the upgrade operation; said encryption means further comprises: a first acquiring module, for acquiring the identity of the target device; an encryption module coupled to the acquisition module is configured to identify the identity and encryption keys stored in advance together form a symmetric key factor, and using an encryption algorithm has been saved, the upgrade data packet encrypting and checking information; said decryption means further comprises: a second acquiring module, for acquiring its own identity information; decrypting module, for the identity information stored in the target device decryption key factor composed decryption key, completion of decryption in the decryption algorithm with the reservation target device.
  7. 7.根据权利要求6所述的系统,其特征在于,所述系统还包括所述目标设备的升级服务器,其中所述升级服务器包括:处理装置,用于在得到升级数据包后,对所述升级数据包所携带的信息进行处理,得到一串字符,该串字符的位数为至少两位;生成装置,用于生成一包括该串字符的图片,将所述图片文件作为校验信息。 7. The system according to claim 6, characterized in that the system further comprises a server to upgrade the target device, wherein the upgrade server comprises: processing means for data packet after receiving the upgrade, the upgrade information carried in the data packet to give a string of characters, the number of bits of the character string of at least two; generating means for generating a character string comprising the image, the image file as the check information.
  8. 8.根据权利要求7所述的系统,其特征在于,所述处理装置包括:计算模块,用于采用标准摘要算法对升级数据包进行摘要提取,得到摘要信息;提取模块,用于从摘要信息中的数值提取一串字符。 8. The system according to claim 7, wherein said processing means comprises: calculating means for using a standard digest algorithm to update the data packets summarization obtain digest information; extracting means for summary information from the value of a string of characters to extract.
  9. 9.根据权利要求6所述的系统,其特征在于,所述系统还包括:所述加密装置还用于在接收到所述升级数据包的电子签名后,对所述电子签名进行加密;所述传输装置还用于将发送加密后的电子签名;所述解密还用于对加密后的电子签名进行解密;所述升级装置包括:验证模块,用于对所述电子签名进行验证;升级模块,用于如果验证通过,则采用所述升级数据包进行升级操作。 9. The system according to claim 6, characterized in that the system further comprises: said encryption means is further configured to, after receiving the electronic signature of the upgrade data packet, the electronic signature is encrypted; the said transmission means is further adapted to transmit the encrypted electronic signature; further for decrypting said encrypted electronic signature is decrypted; the upgrading apparatus comprising: a verification module configured to verify the electronic signature; upgrade module , for upgrade if the verification of the upgrade data packet is used.
  10. 10.根据权利要求6所述的系统,其特征在于,所述目标设备包括按键和显示屏幕;其中:所述输出装置用于通过显示屏幕输出所述解密后的校验信息;所述升级模块用于在接受到用户通过按键确认客户端上的显示信息与目标设备上的显示屏幕上输出的信息一致的结果后,通过检测按键的按下,确定所述校验数据与所述客户端的校验数据一致。 10. The system according to claim 6, wherein the target device comprises a key and a display screen; wherein: said means for checking the output of the decryption information output by a display screen; the upgrading module after the user receives a key information confirmation consistent result output on a display screen on the display information on the target device through the client, by detection of the key is pressed, the check data is determined with a correction of the client consistent test data.
CN 201210533878 2012-12-11 2012-12-11 Upgrade method and system applications CN103873440B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201210533878 CN103873440B (en) 2012-12-11 2012-12-11 Upgrade method and system applications

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201210533878 CN103873440B (en) 2012-12-11 2012-12-11 Upgrade method and system applications

Publications (2)

Publication Number Publication Date
CN103873440A true CN103873440A (en) 2014-06-18
CN103873440B true CN103873440B (en) 2017-03-22

Family

ID=50911569

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201210533878 CN103873440B (en) 2012-12-11 2012-12-11 Upgrade method and system applications

Country Status (1)

Country Link
CN (1) CN103873440B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105068830A (en) * 2015-07-30 2015-11-18 株洲南车时代电气股份有限公司 Human-computer interaction unit and update system thereof
CN105069373A (en) * 2015-07-30 2015-11-18 株洲南车时代电气股份有限公司 File encryption and decryption methods
CN107704280A (en) * 2016-11-15 2018-02-16 平安科技(深圳)有限公司 Application upgrading method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101163044A (en) * 2007-11-12 2008-04-16 北京深思洛克数据保护中心 Remote updating method and system for information safety equipment
CN101251883A (en) * 2008-03-11 2008-08-27 北京深思洛克数据保护中心 Method for performing safety controllable remote upgrade for software protecting device
CN101258505A (en) * 2005-07-26 2008-09-03 苹果公司 Security Software Updates
CN102082784A (en) * 2010-11-11 2011-06-01 广东欧珀电子工业有限公司 Method for upgrading software on line

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101258505A (en) * 2005-07-26 2008-09-03 苹果公司 Security Software Updates
CN101163044A (en) * 2007-11-12 2008-04-16 北京深思洛克数据保护中心 Remote updating method and system for information safety equipment
CN101251883A (en) * 2008-03-11 2008-08-27 北京深思洛克数据保护中心 Method for performing safety controllable remote upgrade for software protecting device
CN102082784A (en) * 2010-11-11 2011-06-01 广东欧珀电子工业有限公司 Method for upgrading software on line

Also Published As

Publication number Publication date Type
CN103873440A (en) 2014-06-18 application

Similar Documents

Publication Publication Date Title
US7028191B2 (en) Trusted authorization device
US8171531B2 (en) Universal authentication token
US20130198519A1 (en) Strong authentication token with visual output of pki signatures
US20070241182A1 (en) System and method for binding a smartcard and a smartcard reader
US20070067634A1 (en) System and method for restricting access to a terminal
US7412420B2 (en) Systems and methods for enrolling a token in an online authentication program
US20110113245A1 (en) One time pin generation
US20140189359A1 (en) Remote authentication and transaction signatures
US20130041830A1 (en) Methods and apparatus to provision payment services
US20100205448A1 (en) Devices, systems and methods for secure verification of user identity
US20090259850A1 (en) Information Processing Device and Method, Recording Medium, Program and Information Processing System
US20090031408A1 (en) Integrity protected smart card transaction
US20130301830A1 (en) Device, system, and method of secure entry and handling of passwords
CN101340285A (en) Method and system for identity authentication by finger print USBkey
US20080216172A1 (en) Systems, methods, and apparatus for secure transactions in trusted systems
US20130042111A1 (en) Securing transactions against cyberattacks
CN101106455A (en) Identity authentication method and intelligent secret key device
CN102025716A (en) Method for updating seeds of dynamic password token
US8433914B1 (en) Multi-channel transaction signing
US20140082707A1 (en) Systems and methods for network connected authentication
CN101013942A (en) System and method for improving the safety of intelligent key equipment
CN101252435A (en) Method for realizing dynamic password generation and judge on smart card
US20110099377A1 (en) Compact security device with transaction risk level approval capability
CN101848090A (en) Authentication device and system and method using same for on-line identity authentication and transaction
US20100180120A1 (en) Information protection device

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
C14 Grant of patent or utility model