The software security means of defence of mobile terminal
Technical field
The present invention relates to technical field of software security, particularly relate to a kind of software security means of defence of mobile terminal.
Background technology
Mobile terminal is easily stolen owing to being easy to carry, and the critical software on it is easily usurped by other people.At present; the software security means of defence of mobile terminal is generally by the MAC Address of software and mobile terminal being bound or passing through mobile phone short message verification when operating software; when mobile terminal is stolen; the MAC Address of software and the mobile terminal mode of binding cannot the safety of protection software; and owing to there is copying and personation technology of SIM card, the fail safe of mobile phone short message verification method is also more weak.
China Patent Publication No. CN103167491, publication date on June 19th, 2013, the name of invention is called a kind of mobile terminal uniqueness certification based on software digital certificate, this application case discloses a kind of mobile terminal uniqueness certification based on software digital certificate, it comprises mobile terminal registration part and mobile terminal authentication part, described mobile terminal registration comprises the steps: to generate public and private key pair in the terminal, and using mobile terminal device information as claims, the request of Generating Certificate, then application server is sent to register certificate request, application server receives certificate request and verifies, after being verified, the private key of application server is used to sign and issue mobile terminal software digital certificate, and send to mobile terminal, mobile terminal receives software digital certificate, preserve after software digital certification authentication, complete the registration of mobile terminal device, described mobile terminal authentication comprises the steps: running of mobile terminal, after environment is verified, connection request is sent to application service, application server sends random information to mobile terminal, mobile terminal uses private key to sign to random information, and send to application server, application server certifying signature information and certificate information, be verified rear acquisition mobile terminal device information.Its weak point is, the method can only, by software and mobile terminal binding, when mobile terminal is stolen, can not protect the software on mobile terminal not used by other people.
Summary of the invention
The object of the invention is to overcome mobile terminal stolen time its on the easily stolen technical problem of critical software, provide a kind of software security means of defence of mobile terminal, it can guarantee that the critical software on mobile terminal can only be used by user, prevent software from being usurped by other people, improve the fail safe of software.
In order to solve the problem, the present invention is achieved by the following technical solutions:
The software security means of defence of mobile terminal of the present invention, comprises the following steps:
S1: the certificate of authority of software on the MAC Address of mobile terminal, this mobile terminal, software are allowed the geographical position range of use and subscriber phone number to store on the server, and binds;
S2: user opens software client by after mobile terminal interconnection network, software client ejects safety code input dialogue frame, the MAC Address of self and soft ware authorization certificate are sent to server by network by mobile terminal, server is verified MAC Address and soft ware authorization certificate, if be proved to be successful, server sends safety code to user mobile phone, otherwise server does not allow the software client connection server end on this mobile terminal, stop running software;
S3: when user mobile phone receives the safety code of server transmission, the safety code that mobile phone receives by user is input to the safety code input dialogue frame of software client on mobile terminal, this safety code is sent to server by mobile terminal, server is verified the safety code received, if be proved to be successful, server sends geographical position checking instruction to mobile terminal and user mobile phone, otherwise server does not allow the software client connection server end on this mobile terminal;
S4: after mobile terminal receives geographical position checking instruction, mobile terminal obtains current geographic position information by the GPS module of self, and this geographical location information is sent to server, after user mobile phone receives geographical position checking instruction, user mobile phone obtains current geographic position information by the GPS module of self, and this geographical location information is sent to server, server calculates the distance between mobile terminal and user mobile phone according to mobile terminal geographic position information and user mobile phone geographical location information, server judges whether the mobile terminal geographic position information that the receives distance whether in the geographical position range preset and between mobile terminal and user mobile phone is less than set point, if it is server allows the software client connection server on this mobile terminal to rectify normal operation, otherwise server does not allow the software client connection server end on this mobile terminal.
In the technical program, mobile terminal is panel computer or notebook computer, with GPS module on mobile terminal, mobile terminal is provided with software client, server is provided with corresponding software server end, server can with mobile terminal and user mobile phone radio communication, with GPS module on user mobile phone.
When user starts the software client on mobile terminal, mobile terminal and server communication, server will verify that whether the certificate of authority of the MAC Address of mobile terminal and software is correct.Each mobile terminal has unique MAC Address, and during mobile terminal mounting software client, the MAC Address of self is sent to server by mobile terminal, and the soft ware authorization certificate of the software client that this MAC Address and mobile terminal are installed is bound by server.Safety code checking is carried out again, further protection software safety after the MAC Address of mobile terminal and soft ware authorization certification authentication success.
After safety code is proved to be successful, server communicates with user mobile phone with mobile terminal respectively and carries out geographical position checking.User can set the geographical position range of mobile terminal use and the distance threshold between mobile terminal and user mobile phone on the server, if the distance of mobile terminal not in the geographical position range of setting or between mobile terminal and user mobile phone exceeds distance threshold, software client then on mobile terminal can not be connected with the software server end on server and runs, thus effectively prevent software from being usurped by other people, guarantee that the critical software on mobile terminal can only be used by user, improve the fail safe of software.
As preferably, described server is sent to the safety code of user mobile phone through AES encryption algorithm for encryption, described user mobile phone stores the key of this AES encryption algorithm, the safety code decrypt ciphertext received becomes safety code expressly to show by user mobile phone, and safety code is expressly input to the safety code input dialogue frame on mobile terminal software by user.The SIM card because of user mobile phone is prevented to be replicated or to palm off and safety code is revealed.
As preferably, described AES encryption algorithm adopts 256bits key.
As preferably, the software security means of defence of described mobile terminal, also comprise step S5: after running software, T1 server and mobile terminal carry out a geographical position and verify and communicate at set intervals, server sends geographical position checking instruction to mobile terminal, mobile terminal obtains current geographic position information by the GPS module of self after receiving the geographical position checking instruction of server transmission, and this geographical location information is sent to server, server judges whether the mobile terminal geographic position information received is positioned at the geographical position range preset, if it is server allows the software client on this mobile terminal to continue the operation of connection server end, otherwise server does not allow the software client connection server end on this mobile terminal, software is out of service.Verify that a geographical location information can real-time guard software security at set intervals.
The software security means of defence of described mobile terminal, also comprise step S5: after running software, T1 server carries out a geographical position respectively and verifies and communicate with mobile terminal and user mobile phone at set intervals, server sends geographical position checking instruction to mobile terminal and user mobile phone simultaneously, mobile terminal obtains current geographic position information by the GPS module of self after receiving the geographical position checking instruction of server transmission, and this geographical location information is sent to server, user mobile phone obtains current geographic position information by the GPS module of self after receiving the geographical position checking instruction of server transmission, and this geographical location information is sent to server, server judges whether the mobile terminal geographic position information that the receives distance whether in the geographical position range preset and between mobile terminal and user mobile phone is less than set point, if it is server allows the software client on this mobile terminal to continue the operation of connection server end, otherwise server does not allow the software client connection server end on this mobile terminal, software is out of service.
As preferably, described mobile terminal is connected by VPDN network with server.VPDN network is Virtual Private Network, ensures the safety of mobile terminal and server communication.
Substantial effect of the present invention is: can guarantee that the critical software on mobile terminal can only be used by user, prevent software from being usurped by other people, improve the fail safe of software.
Accompanying drawing explanation
Fig. 1 is a kind of flow chart of the present invention.
Embodiment
Below by embodiment, and by reference to the accompanying drawings, technical scheme of the present invention is described in further detail.
Embodiment 1: the software security means of defence of the mobile terminal of the present embodiment, as shown in Figure 1, comprises the following steps:
S1: the certificate of authority of software on the MAC Address of mobile terminal, this mobile terminal, software are allowed the geographical position range of use and subscriber phone number to store on the server, and binds;
S2: user opens software client by after mobile terminal interconnection network, software client ejects safety code input dialogue frame, the MAC Address of self and soft ware authorization certificate are sent to server by network by mobile terminal, server is verified MAC Address and soft ware authorization certificate, if be proved to be successful, the safety code through AES encryption algorithm for encryption is sent to user mobile phone by server, otherwise server does not allow the software client connection server end on this mobile terminal, stop running software;
S3: when user mobile phone receives the safety code of server transmission, the safety code decrypt ciphertext received becomes safety code expressly to show by user mobile phone, safety code is expressly input to the safety code input dialogue frame on mobile terminal software by user, this safety code is sent to server by mobile terminal, server is verified the safety code received, if be proved to be successful, server sends geographical position checking instruction to mobile terminal and user mobile phone, otherwise server does not allow the software client connection server end on this mobile terminal;
S4: after mobile terminal receives geographical position checking instruction, mobile terminal obtains current geographic position information by the GPS module of self, and this geographical location information is sent to server, after user mobile phone receives geographical position checking instruction, user mobile phone obtains current geographic position information by the GPS module of self, and this geographical location information is sent to server, server calculates the distance between mobile terminal and user mobile phone according to mobile terminal geographic position information and user mobile phone geographical location information, server judges whether the mobile terminal geographic position information that the receives distance whether in the geographical position range preset and between mobile terminal and user mobile phone is less than set point, if it is server allows the software client connection server on this mobile terminal to rectify normal operation, otherwise server does not allow the software client connection server end on this mobile terminal,
S5: after running software, T1 server and mobile terminal carry out a geographical position and verify and communicate at set intervals, server sends geographical position checking instruction to mobile terminal, mobile terminal obtains current geographic position information by the GPS module of self after receiving the geographical position checking instruction of server transmission, and this geographical location information is sent to server, server judges whether the mobile terminal geographic position information received is positioned at the geographical position range preset, if it is server allows the software client on this mobile terminal to continue the operation of connection server end, otherwise server does not allow the software client connection server end on this mobile terminal, software is out of service.
The AES encryption algorithm of server for encrypting safety code adopts 256bits key, the SIM card because of user mobile phone can be prevented to be replicated or to palm off and safety code is revealed to safety code encryption.Mobile terminal is connected by VPDN network with server, and VPDN network is Virtual Private Network, ensures the safety of mobile terminal and server communication.Mobile terminal is panel computer, with GPS module on mobile terminal, mobile terminal is provided with software client, server is provided with corresponding software server end, server can with mobile terminal and user mobile phone radio communication, with GPS module on user mobile phone.
When user starts the software client on mobile terminal, mobile terminal and server communication, server will verify that whether the certificate of authority of the MAC Address of mobile terminal and software is correct.Each mobile terminal has unique MAC Address, and during mobile terminal mounting software client, the MAC Address of self is sent to server by mobile terminal, and the soft ware authorization certificate of the software client that this MAC Address and mobile terminal are installed is bound by server.Safety code checking is carried out again, further protection software safety after the MAC Address of mobile terminal and soft ware authorization certification authentication success.
After safety code is proved to be successful, server communicates with user mobile phone with mobile terminal respectively and carries out geographical position checking.User can set the geographical position range of mobile terminal use and the distance threshold between mobile terminal and user mobile phone on the server, if mobile terminal not in the geographical position range of setting or distance between mobile terminal and user mobile phone exceed distance threshold, then the software client on mobile terminal can not be connected with the software server end on server and runs.After running software, verify that the geographical location information of a mobile terminal can real-time guard software security at set intervals, thus effectively prevent software from being usurped by other people, guarantee that the critical software on mobile terminal can only be used by user, improve the fail safe of software.
Embodiment 2: the software security means of defence of the mobile terminal of the present embodiment, comprises the following steps:
S1: the certificate of authority of software on the MAC Address of mobile terminal, this mobile terminal, software are allowed the geographical position range of use and subscriber phone number to store on the server, and binds;
S2: user opens software client by after mobile terminal interconnection network, software client ejects safety code input dialogue frame, the MAC Address of self and soft ware authorization certificate are sent to server by network by mobile terminal, server is verified MAC Address and soft ware authorization certificate, if be proved to be successful, the safety code through AES encryption algorithm for encryption is sent to user mobile phone by server, otherwise server does not allow the software client connection server end on this mobile terminal, stop running software;
S3: when user mobile phone receives the safety code of server transmission, the safety code decrypt ciphertext received becomes safety code expressly to show by user mobile phone, safety code is expressly input to the safety code input dialogue frame on mobile terminal software by user, this safety code is sent to server by mobile terminal, server is verified the safety code received, if be proved to be successful, server sends geographical position checking instruction to mobile terminal and user mobile phone, otherwise server does not allow the software client connection server end on this mobile terminal;
S4: after mobile terminal receives geographical position checking instruction, mobile terminal obtains current geographic position information by the GPS module of self, and this geographical location information is sent to server, after user mobile phone receives geographical position checking instruction, user mobile phone obtains current geographic position information by the GPS module of self, and this geographical location information is sent to server, server calculates the distance between mobile terminal and user mobile phone according to mobile terminal geographic position information and user mobile phone geographical location information, server judges whether the mobile terminal geographic position information that the receives distance whether in the geographical position range preset and between mobile terminal and user mobile phone is less than set point, if it is server allows the software client connection server on this mobile terminal to rectify normal operation, otherwise server does not allow the software client connection server end on this mobile terminal,
S5: after running software, T1 server carries out a geographical position respectively and verifies and communicate with mobile terminal and user mobile phone at set intervals, server sends geographical position checking instruction to mobile terminal and user mobile phone simultaneously, mobile terminal obtains current geographic position information by the GPS module of self after receiving the geographical position checking instruction of server transmission, and this geographical location information is sent to server, user mobile phone obtains current geographic position information by the GPS module of self after receiving the geographical position checking instruction of server transmission, and this geographical location information is sent to server, server judges whether the mobile terminal geographic position information that the receives distance whether in the geographical position range preset and between mobile terminal and user mobile phone is less than set point, if it is server allows the software client on this mobile terminal to continue the operation of connection server end, otherwise server does not allow the software client connection server end on this mobile terminal, software is out of service.
T1 server carries out a geographical position respectively and verifies and communicate with mobile terminal and user mobile phone at set intervals, checking mobile terminal present position whether in the geographical position range of setting and user mobile phone whether be positioned near mobile terminal, guarantee that the software on mobile terminal can only be that user uses further, thus effectively prevent software from being usurped by other people, further increase the fail safe of software.