CN106535168A - Over-the-air (OTA) method and device with risk control function and equipment - Google Patents
Over-the-air (OTA) method and device with risk control function and equipment Download PDFInfo
- Publication number
- CN106535168A CN106535168A CN201611110200.8A CN201611110200A CN106535168A CN 106535168 A CN106535168 A CN 106535168A CN 201611110200 A CN201611110200 A CN 201611110200A CN 106535168 A CN106535168 A CN 106535168A
- Authority
- CN
- China
- Prior art keywords
- carrier server
- timestamp
- sequence number
- certification
- mark
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
- H04W8/205—Transfer to or from user equipment or user record carrier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses an over-the-air (OTA) method and device with a risk control function and equipment. The method comprises the following steps: receiving an OTA service request; judging whether the OTA service request includes an authentication serial number, an operator server identifier, a timestamp and a service content package or not; if the received OTA service request includes the authentication serial number, the operator server identifier and the timestamp, transmitting the authentication serial number, the operator server identifier and the timestamp to an OTA gateway in order to compare with corresponding records of an authentication serial number, a specific operator server identifier and a timestamp which are allocated by the OTA gateway to authenticate the operator server identifier at the request of an operator server for authentication; and opening the service content package in response to an authentication pass message received from the OTA gateway in order to update locally-stored content according to content of the service content package. Through adoption of the OTA method and device with the risk control function and the equipment, the security of the OTA method is enhanced.
Description
Technical field
The disclosure relates generally to communication technical field, and in particular to filed of network information security, more particularly to one kind has
The aerial method for down loading of risk control function and device.
Background technology
Aerial (OTA) technology of downloading is mobile device SIM data and application to be entered by the air interface of mobile communication
The technology of row remote management.Over the air is based on client/server approach, background system of the server end for operator
Server, client are then mobile device SIMs.The background server of operator is responsible for sending service request or service content
To an OTA gateway, then these service requests are converted into issuing after note in a short message service by this OTA gateway again
The heart (SMSC), finally passes to them by this short message service center one or more SIMs in service area again.
So, operator need not be reissued to the SIM of user and just can be utilized over the air more
Data on new or modification card.That is, end user handles any formality with regard to energy without the outlet of Zai Qu operators
A kind of specific information from operator is received, then with oneself mobile phone-downloaded or new service is activated.
But, usually have some attackers, they can attack message disguise oneself as OTA gateways by SMSC into service area
The note that sends of one or more SIMs, hence into user's SIM, destroy the normal operation of SIM, damage therein
Data, cause to attack.Therefore, how to eliminate this risk, there is provided the aerial method for down loading with risk control function, become one
Item challenge.
The content of the invention
In view of drawbacks described above of the prior art or deficiency, expect that providing one kind can improve aerial method for down loading safety
Technology.
In a first aspect, the embodiment of the present application provides a kind of aerial method for down loading with risk control function, the side
Method includes:Receive aerial download service request;Whether certification sequence number, operator are contained in judging the aerial download service request
Server identification, timestamp and service content bag;If in the aerial download service request for receiving containing certification sequence number,
The certification sequence number, carrier server mark, timestamp are sent to aerial download by carrier server mark, timestamp
Gateway, to answer what the request of carrier server distributed when being authenticated to carrier server mark with aerial gateway of downloading
Certification sequence number, the carrier server being directed to mark, the corresponding record of timestamp are compared, so as to be authenticated;In response to
Receive from the aerial certification for downloading gateway by message, open service content bag, so as to the content of service content bag more
New locally stored content.
Second aspect, the embodiment of the present application provide a kind of aerial method for down loading with risk control function, the side
Method includes:Receive identify from the certification sequence number of mobile device client, carrier server, timestamp;By receiving
Certification sequence number, carrier server mark, timestamp and the request for answering carrier server carrier server is identified into
The certification sequence number distributed during row checking, the carrier server mark being directed to, the corresponding record of timestamp are compared, and carry out
Certification;If certification passes through, certification is sent to mobile device client and pass through message.
The third aspect, the embodiment of the present application provide a kind of aerial download apparatus with risk control function, the dress
Put including:First receiving unit, is configured to receive aerial download service request;Judging unit, is configured to judge the sky
Whether containing certification sequence number, carrier server mark, timestamp and service content bag in middle download service request;First
Transmitting element, if identify containing certification sequence number, carrier server in being configured to the aerial download service request for receiving,
Timestamp, by the certification sequence number, carrier server mark, timestamp be sent to it is aerial download gateway, so as to it is aerial under
Contained network closes the certification sequence number distributed, the fortune being directed to when answering the request of carrier server to be authenticated carrier server mark
Battalion's business's server identification, the corresponding record of timestamp are compared, so as to be authenticated;Opening unit, be configured in response to
Receive from the aerial certification for downloading gateway by message, open service content bag, so as to the content of service content bag more
New locally stored content.
Fourth aspect, the embodiment of the present application provide a kind of aerial download apparatus with risk control function, the dress
Put including:Second receiving unit, is configured to receive certification sequence number, the carrier server mark from mobile device client
Knowledge, timestamp;Authentication ' unit, the certification sequence number for being configured to receive, carrier server mark, timestamp with should
The certification sequence number distributed, the carrier service being directed to when the request of carrier server is verified to carrier server mark
Device mark, the corresponding record of timestamp are compared, and are authenticated;Second transmitting element, if be configured to certification passed through,
Certification is sent to mobile device client and passes through message.
In terms of 5th, the embodiment of the present application provides a kind of equipment, including processor, memorizer and display;It is described to deposit
Reservoir is included can be by the instruction of the computing device so that the computing device:Receive aerial download service request;Sentence
Whether containing certification sequence number, carrier server mark, timestamp and service content in the disconnected aerial download service request
Bag;If containing certification sequence number, carrier server mark, timestamp in the aerial download service request for receiving, will be described
Certification sequence number, carrier server mark, timestamp are sent to aerial download gateway, to answer operator with aerial gateway of downloading
The certification sequence number distributed, the carrier server mark being directed to when the request of server is authenticated to carrier server mark
Know, the corresponding record of timestamp is compared, so as to be authenticated;Lead to from the aerial certification for downloading gateway in response to receiving
Message is crossed, service content bag is opened, so as to the locally stored content of the content update of service content bag.
In terms of 6th, the embodiment of the present application provides a kind of equipment, including processor, memorizer and display;It is described to deposit
Reservoir is included can be by the instruction of the computing device so that the computing device:Receive from mobile device client
Certification sequence number, carrier server mark, timestamp;By the certification sequence number that will receive, carrier server mark, time
The certification sequence number distributed, the operation being directed to when stamp is verified to carrier server mark with the request for answering carrier server
Business's server identification, the corresponding record of timestamp are compared, and are authenticated;If certification passes through, to mobile device client
End sends certification and passes through message.
In the embodiment of the present application, the service that carrier server is wanted to send for updating each SIM local content please
Ask or service content, service request or service content bag are issued into aerial download gateway first.Aerial gateway of downloading is to operator
After the identity verification of server passes through, it is which generates certification sequence number and timestamp, and by the certification sequence number for generating and timestamp, fortune
Battalion's business's server identification and the service content inclusion for receiving become aerial download service request and are sent to mobile device client
(SIM).After mobile device client receives aerial download service request, judge which whether containing certification sequence number, operator
Server identification, timestamp.If it did not, explanation is likely to be attacker disguises oneself as aerial gateway of downloading to mobile device client
The attack message that end sends.Once enter mobile device client, it is likely that destroy the mobile device client.Due to attacker
Usually do not get it is aerial downloading certification sequence number that gateway issues and timestamp, therefore from whether having certification sequence number, operator
Server identification, timestamp can tentatively screen out some attack messages.Even if in addition, containing certification in aerial download service request
Sequence number, carrier server mark, timestamp, can not exclude attacker forge certification sequence number, carrier server mark, when
Between the possibility stabbed.At this moment, the certification sequence number, carrier server are identified by mobile device client, timestamp is sent to sky
Middle download gateway, when being authenticated to carrier server mark so as to the request for answering carrier server with aerial download gateway
The certification sequence number of distribution, the carrier server being directed to mark, the corresponding record of timestamp are compared, so as to be authenticated.
If authentification failure, it is likely to which attacker forges the feelings invaded by certification sequence number, carrier server mark, timestamp
Condition, even if because attacker forges certification sequence number, carrier server mark, timestamp, they can't pass certification.Only
When certification passes through, mobile device client could open service content bag.So, malicious attacker is reduced attack message
The note that the OTA gateways that disguise oneself as are sent to mobile device client by SMSC is so that what mobile device client was attacked
Risk, improves the safety in over the air.
Description of the drawings
By reading the detailed description made to non-limiting example made with reference to the following drawings, the application other
Feature, objects and advantages will become more apparent upon:
Fig. 1 is shown in which can be using the exemplary system architecture of the embodiment of the present application;
What Fig. 2 was shown according to the application one embodiment in mobile device client-side with risk control function
The exemplary process diagram of aerial method for down loading;
Fig. 3 shows the sky with risk control function for downloading gateway side in the air according to the application one embodiment
The exemplary process diagram of middle method for down loading;
What Fig. 4 was shown according to the application one embodiment in mobile device client-side with risk control function
The exemplary block diagram of aerial download apparatus;
Fig. 5 shows the sky with risk control function for downloading gateway side in the air according to the application one embodiment
The exemplary block diagram of middle download apparatus;
Fig. 6 shows that the structure of the computer system for being suitable to the mobile device client for realizing the embodiment of the present application is shown
It is intended to.
Fig. 7 shows the structural representation of the computer system for being suitable to the aerial download gateway for realizing the embodiment of the present application
Figure.
Specific embodiment
With reference to the accompanying drawings and examples the application is described in further detail.It is understood that this place is retouched
The specific embodiment stated is used only for explaining related invention, rather than the restriction to the invention.It also should be noted that, in order to
It is easy to description, in accompanying drawing, illustrate only the part related to invention.
It should be noted that in the case where not conflicting, the feature in embodiment and embodiment in the application can phase
Mutually combine.Below with reference to the accompanying drawings and in conjunction with the embodiments describing the application in detail.
Fig. 1 is refer to, it illustrates can be using the exemplary system architecture of the embodiment of the present application.
As shown in figure 1, system architecture can include short message service center 101, aerial download gateway 102, mobile device visitor
Family end 103, carrier server 104.Mobile device client 103 refers to SIM of mobile device etc..Short message service center 101 is
Center in wireless network for sending short messages to mobile device.Aerial gateway 102 of downloading is responsible for the service carrier server
Request issues short message service center, the mobile device they passed to by short message service center in service area again after being converted into note
The center of client.And, in this application, aerial gateway 102 of downloading act as safety certification function simultaneously.
Aerial gateway 102 of downloading can be multiple servers being connected with each other.
As background technology is mentioned, usually there are some attackers, they can pass through the attack message OTA gateways that disguise oneself as
The note that SMSC is sent to one or more SIMs in service area, hence into user's SIM, destroys the normal fortune of SIM
OK, data therein are damaged, causes to attack.Therefore, how to eliminate this risk, there is provided under aerial with risk control function
Support method, becomes a challenge.
In the embodiment of the present application, the service that carrier server is wanted to send for updating each SIM local content please
Ask or service content, service request or service content bag are issued into aerial download gateway first.Aerial gateway of downloading is to operator
After the identity verification of server passes through, it is which generates certification sequence number and timestamp, and by the certification sequence number for generating and timestamp, fortune
Battalion's business's server identification and the service content inclusion for receiving become aerial download service request and are sent to mobile device client
(SIM).After mobile device client receives aerial download service request, judge which whether containing certification sequence number, operator
Server identification, timestamp.If it did not, explanation is likely to be attacker disguises oneself as aerial gateway of downloading to mobile device client
The attack message that end sends.Once enter mobile device client, it is likely that destroy the mobile device client.Due to attacker
Usually do not get it is aerial downloading certification sequence number that gateway issues and timestamp, therefore from whether having certification sequence number, operator
Server identification, timestamp can tentatively screen out some attack messages.Even if in addition, containing certification in aerial download service request
Sequence number, carrier server mark, timestamp, can not exclude attacker forge certification sequence number, carrier server mark, when
Between the possibility stabbed.At this moment, the certification sequence number, carrier server are identified by mobile device client, timestamp is sent to sky
Middle download gateway, when being authenticated to carrier server mark so as to the request for answering carrier server with aerial download gateway
The certification sequence number of distribution, the carrier server being directed to mark, the corresponding record of timestamp are compared, so as to be authenticated.
If authentification failure, it is likely to which attacker forges the feelings invaded by certification sequence number, carrier server mark, timestamp
Condition, even if because attacker forges certification sequence number, carrier server mark, timestamp, they can't pass certification.Only
When certification passes through, mobile device client could open service content bag.So, malicious attacker is reduced attack message
The note that the OTA gateways that disguise oneself as are sent to mobile device client by SMSC is so that what mobile device client was attacked
Risk, improves the safety in over the air.
With reference to Fig. 2, the aerial method for down loading with risk control function according to the application one embodiment is it illustrates
Exemplary process diagram.Method shown in Fig. 2 can be in FIG mobile device client 103 perform.
As shown in Fig. 2 in step 210, receive aerial download service request.
Carrier server is wanted to send service request or the service for updating each mobile device client local content
Service request or service content bag are issued aerial download gateway by content first.It is aerial to download gateway and then active obtaining operation
The mark of business's server.Carrier server can not be allowed to download the mark that gateway sends carrier server to aerial.If by
Carrier server downloads the mark that gateway sends carrier server to aerial, it is assumed that attacker knows that another is real
The mark of carrier server, it will pretend to be the mark of oneself to aerial download with the mark of the real carrier server
Gateway sends, so as to pass through checking.The mark of active obtaining carrier server for example, from carrier server and aerial is downloaded
The mark of carrier server is obtained in the specific fields of the message communicated between gateway.Typically, in carrier server and sky
Specify in communication protocol between middle download gateway, if carrier server sends message, protocol machine to aerial gateway of downloading
System can capture automatically the mark of carrier server and be put into certain specific fields, and the specific fields can not be tampered.By this
Mode, what is obtained from the specific fields must be just the true identities of carrier server.
When carrier server networks, the gateway of download in the air put on record is all identified.So, when aerial gateway of downloading connects
After receiving the mark of carrier server, compare with the identification list put on record.If the carrier server for receiving
Mark is verified in the identification list put on record, illustrates that carrier server is the carrier server of registration.It is aerial to download
After gateway passes through to the identity verification of carrier server, it is which generates certification sequence number and timestamp.Certification sequence number is for this
The serial number distributed by the identity verification of carrier server.In general, it is each identity verification to carrier server
The different certification sequence number of distribution.Timestamp shows to generate the time of certification sequence number.Then, by the certification sequence number for generating and time
Stamp, carrier server mark, and the service content inclusion that receives become aerial download service request, by short message service center
101 are sent to mobile device client (SIM) in the form of note.
In a step 220, whether certification sequence number, carrier server mark are contained in judging the aerial download service request
Knowledge, timestamp and service content bag.
After mobile device client receives aerial download service request, as the request is probably by downloading gateway in the air
The aerial download service request of normal for sending as procedure described above, it is also possible to be the aerial download clothes of the personation of attacker
Business request.First, whether mobile device client judges which containing certification sequence number, carrier server mark, timestamp.If
No, illustrate to be likely to be attacker and disguise oneself as and aerial download the attack message that gateway is sent to mobile device client.Once
Into mobile device client, it is likely that destroy the mobile device client.As attacker is usually not get aerial download
Certification sequence number that gateway is issued and timestamp, therefore from whether having certification sequence number, carrier server mark, the timestamp can be with
Some attack messages are screened out tentatively.
In step 230, if containing certification sequence number, carrier server mark in the aerial download service request for receiving
Know, timestamp, by the certification sequence number, carrier server mark, timestamp be sent to it is aerial download gateway, so as to it is aerial
Download certification sequence number that gateway answers the request of carrier server to distribute when being authenticated to carrier server mark, be directed to
Carrier server mark, the corresponding record of timestamp are compared, so as to be authenticated.
Even if can not exclude containing certification sequence number, carrier server mark, timestamp in aerial download service request
Attacker forges certification sequence number, carrier server mark, the possibility of timestamp.At this moment, mobile device client is recognized described
Card sequence number, carrier server mark, timestamp are sent to aerial download gateway.It is aerial download gateway generate certification sequence number and
After timestamp also by the certification sequence number, the carrier server identify, and the timestamp accordingly record.So,
Aerial gateway of downloading just can be by the certification sequence number for receiving, carrier server mark, timestamp and the certification sequence number, institute
State carrier server mark, and the corresponding record of the timestamp compare.If the certification sequence number for receiving, operation
Business's server identification, timestamp the certification sequence number, the carrier server identify, and the timestamp correspondence remember
In record, then certification passes through.Otherwise, then authentification failure.Authentification failure is likely to attacker and forges certification sequence number, carrier service
The situation invaded by device mark, timestamp, even if because attacker forges certification sequence number, carrier server mark, time
Stamp, they can't pass certification.
In step 240, in response to receiving from the aerial certification for downloading gateway by message, open service content
Bag, so as to the locally stored content of the content update of service content bag.
When certification passes through, aerial gateway of downloading sends certification by message to mobile device client.Receive this to recognize
After message, mobile device client could open service content bag to card, so as to local with the content update of service content bag
The content of storage.So, reduce malicious attacker attack message disguise oneself as OTA gateways by SMSC to mobile device client
The note that end sends is so that the risk attacked of mobile device client, improves the safety in over the air.
With reference to Fig. 3, the aerial method for down loading with risk control function according to the application one embodiment is it illustrates
Exemplary process diagram.Method shown in Fig. 3 can be in FIG control download gateway 102 perform.
As shown in figure 3, in the step 310, receive certification sequence number, the carrier server mark from mobile device client
Knowledge, timestamp.
In fact, before step 310, methods described also includes:Service content bag is received from carrier server;Obtain
The carrier server mark;If be verified to the carrier server mark, certification sequence number and time is generated
Stamp;By the certification sequence number of generation and timestamp, the carrier server for obtaining mark, and the service content inclusion that receives become empty
Middle download service request;Aerial download service request is issued to into mobile device client.
Carrier server is wanted to send service request or the service for updating each mobile device client local content
Service request or service content bag are issued aerial download gateway by content first.It is aerial to download gateway and then active obtaining operation
The mark of business's server.Carrier server can not be allowed to download the mark that gateway sends carrier server to aerial.If by
Carrier server downloads the mark that gateway sends carrier server to aerial, it is assumed that attacker knows that another is real
The mark of carrier server, it will pretend to be the mark of oneself to aerial download with the mark of the real carrier server
Gateway sends, so as to pass through checking.The mark of active obtaining carrier server for example, from carrier server and aerial is downloaded
The mark of carrier server is obtained in the specific fields of the message communicated between gateway.Typically, in carrier server and sky
Specify in communication protocol between middle download gateway, if carrier server sends message, protocol machine to aerial gateway of downloading
System can capture automatically the mark of carrier server and be put into certain specific fields, and the specific fields can not be tampered.By this
Mode, what is obtained from the specific fields must be just the true identities of carrier server.
When carrier server networks, the gateway of download in the air put on record is all identified.So, when aerial gateway of downloading connects
After receiving the mark of carrier server, compare with the identification list put on record.If the carrier server for receiving
Mark is verified in the identification list put on record, illustrates that carrier server is the carrier server of registration.It is aerial to download
After gateway passes through to the identity verification of carrier server, it is which generates certification sequence number and timestamp.Certification sequence number is for this
The serial number distributed by the identity verification of carrier server.In general, it is each identity verification to carrier server
The different certification sequence number of distribution.Timestamp shows to generate the time of certification sequence number.Then, by the certification sequence number for generating and time
Stamp, carrier server mark, and the service content inclusion that receives become aerial download service request by short message service center
101 are sent to mobile device client (SIM) in the form of note.
After mobile device client receives aerial download service request, as the request is probably by downloading gateway in the air
The aerial download service request of normal for sending as procedure described above, it is also possible to be the aerial download clothes of the personation of attacker
Business request.First, whether mobile device client judges which containing certification sequence number, carrier server mark, timestamp.If
No, illustrate to be likely to be attacker and disguise oneself as and aerial download the attack message that gateway is sent to mobile device client.Once
Into mobile device client, it is likely that destroy the mobile device client.As attacker is usually not get aerial download
Certification sequence number that gateway is issued and timestamp, therefore from whether having certification sequence number, carrier server mark, the timestamp can be with
Some attack messages are screened out tentatively.
Even if can not exclude containing certification sequence number, carrier server mark, timestamp in aerial download service request
Attacker forges certification sequence number, carrier server mark, the possibility of timestamp.At this moment, mobile device client is recognized described
Card sequence number, carrier server mark, timestamp are sent to aerial download gateway.
In step 320, by by the certification for receiving sequence number, carrier server mark, timestamp and answer operator
The certification sequence number distributed, the carrier server mark being directed to when the request of server is verified to carrier server mark
Know, the corresponding record of timestamp is compared, be authenticated.
It is aerial to download gateway after certification sequence number and timestamp is generated also by the certification sequence number, the carrier server
Mark, and the timestamp accordingly record.So, aerial download gateway just can be by the certification sequence number for receiving, operation
Business's server identification, timestamp and the certification sequence number, the carrier server identify, and the corresponding of the timestamp remember
Record is compared.If the certification sequence number for receiving, carrier server mark, timestamp are in the certification sequence number, the fortune
In the corresponding record of battalion's business's server identification and the timestamp, then certification passes through.If the certification sequence number for receiving, fortune
Battalion's business's server identification, timestamp do not distribute when the request for answering carrier server is verified to carrier server mark
Certification sequence number, the carrier server mark being directed to, in the corresponding record of timestamp, then authentification failure.Authentification failure very may be used
Can be attacker's forgery certification sequence number, the situation that carrier server is identified, timestamp is invaded, even if because attacker is pseudo-
Certification sequence number, carrier server mark, timestamp is made, they can't pass certification.
In a step 330, if certification passes through, certification is sent to mobile device client and pass through message.
When certification passes through, aerial gateway of downloading sends certification by message to mobile device client.Receive this to recognize
After message, mobile device client could open service content bag to card, so as to local with the content update of service content bag
The content of storage.So, reduce malicious attacker attack message disguise oneself as OTA gateways by SMSC to mobile device client
The note that end sends is so that the risk attacked of mobile device client, improves the safety in over the air.
In one embodiment, methods described also includes:If authentification failure, certification is sent to mobile device client and lost
Lose message.
Although it should be noted that describe the operation of the inventive method in the accompanying drawings with particular order, this does not require that
Or hint must perform these operations according to the particular order, or the operation having to carry out shown in whole could realize the phase
The result of prestige.Conversely, the step of describing in flow chart can change execution sequence.Additionally or alternatively, it is convenient to omit some
Multiple steps are merged into a step and are performed, and/or a step is decomposed into execution of multiple steps by step.
With further reference to Fig. 4, it illustrates according to the application one embodiment with risk control function it is aerial under
Carry the exemplary block diagram for putting 400.
As shown in figure 4, vehicle-mounted invasion detecting device 400 can include:First receiving unit 410, is configured to receive empty
Middle download service request;Whether judging unit 420, contain certification sequence in being configured to judge the aerial download service request
Number, carrier server mark, timestamp and service content bag;First transmitting element 430, if be configured to receive
Aerial download service request in containing certification sequence number, carrier server mark, timestamp, by the certification sequence number, operation
Business's server identification, timestamp are sent to aerial download gateway, to download the request that gateway answers carrier server with aerial
To carrier server mark be authenticated when distribute certification sequence number, be directed to carrier server mark, timestamp it is right
Should record and compare, so as to be authenticated;Opening unit 440, is configured to download gateway in response to receiving from aerial
Certification by message, open service content bag, so as to the locally stored content of the content update of service content bag.
Alternatively, described device 400 also includes:First discarding unit, if be configured to the aerial download clothes for receiving
Business request does not contain certification sequence number, carrier server mark, timestamp, the aerial download service request that discarding is received.
Alternatively, described device 400 also includes:Second discarding unit, is configured in response to receiving under in the air
The authentification failure message that contained network is closed, the aerial download service request that discarding is received.
With further reference to Fig. 5, it illustrates according to the application one embodiment with risk control function it is aerial under
Carry the exemplary block diagram for putting 500.
As shown in figure 5, vehicle-mounted invasion detecting device 500 can include:Second receiving unit 510, is configured to receive and
Certification sequence number from mobile device client, carrier server mark, timestamp;Authentication ' unit 520, be configured to by
The certification sequence number that receives, carrier server mark, timestamp with answer the request of carrier server to carrier server
Identify the certification sequence number distributed when being verified, the carrier server being directed to mark, the corresponding record of timestamp to compare,
To be authenticated;Second transmitting element 530, if be configured to certification passed through, sends certification to mobile device client and passes through
Message.
Alternatively, if the certification sequence number for receiving, carrier server mark, timestamp are answering carrier server
Ask the certification sequence number distributed when verifying to carrier server mark, the carrier server mark being directed to, timestamp
Corresponding record in, then certification passes through.
Alternatively, described device 500 also includes:3rd transmitting element, if being configured to authentification failure, to mobile device
Client sends authentification failure message.
Alternatively, if the certification sequence number for receiving, carrier server mark, timestamp are not answering carrier server
Request to carrier server mark verify when distribute certification sequence number, be directed to carrier server mark, the time
In the corresponding record of stamp, then authentification failure.
Alternatively, described device 500 also includes:3rd receiving unit, is configured to from carrier server receive service
Content bag;Acquiring unit, is configured to obtain the carrier server mark;Signal generating unit, if be configured to described
Being verified for carrier server mark, generates certification sequence number and timestamp;Synthesis unit, is configured to the certification that will be generated
Sequence number and timestamp, the carrier server mark for obtaining, and the service content inclusion that receives become aerial download service request;
Issuance unit, is configured to for aerial download service request to be issued to mobile device client.
Alternatively, described device 500 also includes:Recording unit, is configured to take the certification sequence number, the operator
Business device mark, and the timestamp accordingly record.
It should be appreciated that the systems or unit and each step referred in the method that Fig. 2-Fig. 3 is described described in Fig. 4-5
It is rapid corresponding.Thus, the operation and feature above with respect to method description is equally applicable to Fig. 4-5 and the unit for wherein including,
This repeats no more.
Below with reference to Fig. 6, the computer for being suitable to the mobile device client for realizing the embodiment of the present application is it illustrates
The structural representation of system 600.
As shown in fig. 6, computer system 600 includes CPU (CPU) 601, which can be read-only according to being stored in
Program in memorizer (ROM) 602 or be loaded into the program in random access storage device (RAM) 603 from storage part 608 and
Perform various appropriate actions and process.In RAM 603, the system that is also stored with 600 operates required various programs and data.
CPU 601, ROM 602 and RAM 603 are connected with each other by bus 604.Input/output (I/O) interface 605 is also connected to always
Line 604.
I/O interfaces 605 are connected to lower component:Including the importation 606 of keyboard, mouse etc.;Penetrate including such as negative electrode
The output par, c 607 of spool (CRT), liquid crystal display (LCD) etc. and speaker etc.;Storage part 608 including hard disk etc.;
And the communications portion 609 of the NIC including LAN card, modem etc..Communications portion 609 via such as because
The network of special net performs communication process.Driver 610 is also according to needing to be connected to I/O interfaces 605.Detachable media 611, such as
Disk, CD, magneto-optic disk, semiconductor memory etc., as needed in driver 610, in order to read from it
Computer program be mounted into as needed storage part 608.
Below with reference to Fig. 7, the department of computer science for being suitable to the aerial download gateway for realizing the embodiment of the present application is it illustrates
The structural representation of system 700.
As shown in fig. 7, computer system 700 includes CPU (CPU) 701, which can be read-only according to being stored in
Program in memorizer (ROM) 702 or be loaded into the program in random access storage device (RAM) 703 from storage part 708 and
Perform various appropriate actions and process.In RAM 703, the system that is also stored with 700 operates required various programs and data.
CPU 701, ROM 702 and RAM 703 are connected with each other by bus 704.Input/output (I/O) interface 705 is also connected to always
Line 704.
I/O interfaces 705 are connected to lower component:Including the importation 706 of keyboard, mouse etc.;Penetrate including such as negative electrode
The output par, c 707 of spool (CRT), liquid crystal display (LCD) etc. and speaker etc.;Storage part 708 including hard disk etc.;
And the communications portion 709 of the NIC including LAN card, modem etc..Communications portion 709 via such as because
The network of special net performs communication process.Driver 710 is also according to needing to be connected to I/O interfaces 705.Detachable media 711, such as
Disk, CD, magneto-optic disk, semiconductor memory etc., as needed in driver 710, in order to read from it
Computer program be mounted into as needed storage part 708.
Especially, in accordance with an embodiment of the present disclosure, computer is may be implemented as above with reference to the process of Fig. 2-Fig. 3 descriptions
Software program.For example, embodiment of the disclosure includes a kind of computer program, and which includes being tangibly embodied in machine readable
Computer program on medium, program code of the computer program comprising the method for being used for performing Fig. 2-Fig. 3.Such
In embodiment, the computer program can be downloaded and installed from network by communications portion 609,709, and/or from removable
Unload medium 611,711 to be mounted.
Flow chart and block diagram in accompanying drawing, it is illustrated that according to the system of various embodiments of the invention, method and computer journey
The architectural framework in the cards of sequence product, function and operation.At this point, each square frame in flow chart or block diagram can generation
A part for table one module, program segment or code, a part for the module, program segment or code include one or more
For realizing the executable instruction of the logic function of regulation.It should also be noted that in some realizations as replacement, institute in square frame
The function of mark can also occur with the order different from being marked in accompanying drawing.For example, the two square frame reality for succeedingly representing
On can perform substantially in parallel, they can also be performed sometimes in the opposite order, and this is depending on involved function.Also to
It is noted that the combination of block diagram and/or each square frame and block diagram and/or the square frame in flow chart in flow chart, Ke Yiyong
Perform the function of regulation or the special hardware based system of operation to realize, or can be referred to computer with specialized hardware
The combination of order is realizing.
It is described in involved unit in the embodiment of the present application or module can be realized by way of software, it is also possible to
Realized by way of hardware.Described unit or module can also be arranged within a processor.These units or module
Title does not constitute the restriction to the unit or module itself under certain conditions.
As on the other hand, present invention also provides a kind of computer-readable recording medium, the computer-readable storage medium
Matter can be the computer-readable recording medium described in above-described embodiment included in device;Can also be individualism, not
The computer-readable recording medium being fitted in equipment.Computer-readable recording medium storage has one or more than one journey
Sequence, described program are used for performing the formula input method for being described in the application by one or more than one processor.
Above description is only the preferred embodiment and the explanation to institute's application technology principle of the application.People in the art
Member is it should be appreciated that invention scope involved in the application, however it is not limited to the technology of the particular combination of above-mentioned technical characteristic
Scheme, while should also cover in the case of without departing from the inventive concept, is carried out by above-mentioned technical characteristic or its equivalent feature
Combination in any and other technical schemes for being formed.Such as features described above has similar work(with (but not limited to) disclosed herein
The technical scheme that the technical characteristic of energy is replaced mutually and formed.
Claims (20)
1. a kind of aerial method for down loading with risk control function, it is characterised in that methods described includes:
Receive aerial download service request;
Whether certification sequence number, carrier server mark, timestamp and clothes are contained in judging the aerial download service request
Business content bag;
If containing certification sequence number, carrier server mark, timestamp in the aerial download service request for receiving, will be described
Certification sequence number, carrier server mark, timestamp are sent to aerial download gateway, to answer operator with aerial gateway of downloading
The certification sequence number distributed, the carrier server mark being directed to when the request of server is authenticated to carrier server mark
Know, the corresponding record of timestamp is compared, so as to be authenticated;
In response to receiving from the aerial certification for downloading gateway by message, service content bag is opened, so as to service content
The locally stored content of the content update of bag.
2. method according to claim 1, it is characterised in that methods described also includes:
If the aerial download service request for receiving does not contain certification sequence number, carrier server mark, timestamp, discarding connects
The aerial download service request for receiving.
3. method according to claim 1, it is characterised in that methods described also includes:
In response to receiving from the aerial authentification failure message for downloading gateway, the aerial download service request that discarding is received.
4. a kind of aerial method for down loading with risk control function, it is characterised in that methods described includes:
Receive identify from the certification sequence number of mobile device client, carrier server, timestamp;
By by the certification for receiving sequence number, carrier server mark, timestamp and answering the request of carrier server to fortune
Seek the certification sequence number distributed when business's server identification is verified, the carrier server mark being directed to, the correspondence note of timestamp
Record is compared, and is authenticated;、
If certification passes through, certification is sent to mobile device client and pass through message.
5. method according to claim 4, it is characterised in that if the certification sequence number for receiving, carrier server mark
Know, the certification sequence number that timestamp distributes when answering the request of carrier server to verify carrier server mark, pin
To carrier server mark, in the corresponding record of timestamp, then certification passes through.
6. method according to claim 4, it is characterised in that methods described also includes:
If authentification failure, authentification failure message is sent to mobile device client.
7. method according to claim 6, it is characterised in that if the certification sequence number for receiving, carrier server mark
Know, the certification sequence number that timestamp does not distribute when answering the request of carrier server to verify carrier server mark,
For carrier server mark, in the corresponding record of timestamp, then authentification failure.
8. method according to claim 4, it is characterised in that methods described is receiving recognizing from mobile device client
Also include before card sequence number, carrier server mark, timestamp:
Service content bag is received from carrier server;
Obtain the carrier server mark;
If be verified to the carrier server mark, certification sequence number and timestamp is generated;
By the certification sequence number of generation and timestamp, the carrier server for obtaining mark, and the service content inclusion that receives become
Aerial download service request;
Aerial download service request is issued to into mobile device client.
9. method according to claim 8, it is characterised in that methods described is also wrapped after certification sequence number and timestamp is generated
Include:
By the certification sequence number, the carrier server mark, and the timestamp accordingly record.
10. a kind of aerial download apparatus with risk control function, it is characterised in that described device includes:
First receiving unit, is configured to receive aerial download service request;
Whether judging unit, contain certification sequence number, carrier server in being configured to judge the aerial download service request
Mark, timestamp and service content bag;
First transmitting element, if taken containing certification sequence number, operator in being configured to the aerial download service request for receiving
The certification sequence number, carrier server mark, timestamp are sent to aerial download gateway by business device mark, timestamp, so as to
With it is aerial download certification sequence number that gateway answers the request of carrier server to distribute when being authenticated to carrier server mark,
For carrier server mark, timestamp corresponding record compare, so as to be authenticated;
Opening unit, is configured to, in response to receiving from the aerial certification for downloading gateway by message, open service content
Bag, so as to the locally stored content of the content update of service content bag.
11. devices according to claim 10, it is characterised in that described device also includes:
First discarding unit, if the aerial download service request for being configured to receive does not contain certification sequence number, operator's clothes
Business device mark, timestamp, the aerial download service request that discarding is received.
12. devices according to claim 10, it is characterised in that described device also includes:
Second discarding unit, is configured to, in response to receiving from the aerial authentification failure message for downloading gateway, abandon and receive
The aerial download service request arrived.
13. a kind of aerial download apparatus with risk control function, it is characterised in that described device includes:
Second receiving unit, be configured to receive identify from the certification sequence number of mobile device client, carrier server, when
Between stab;
Authentication ' unit, the certification sequence number for being configured to receive, carrier server mark, timestamp with answer operator
The certification sequence number distributed, the carrier server mark being directed to when the request of server is verified to carrier server mark
Know, the corresponding record of timestamp is compared, be authenticated;
Second transmitting element, if be configured to certification passed through, sends certification to mobile device client and passes through message.
14. devices according to claim 13, it is characterised in that if the certification sequence number for receiving, carrier server
Certification sequence number that mark, timestamp distribute when answering the request of carrier server to verify carrier server mark,
For carrier server mark, in the corresponding record of timestamp, then certification passes through.
15. devices according to claim 13, it is characterised in that described device also includes:
3rd transmitting element, if being configured to authentification failure, sends authentification failure message to mobile device client.
16. devices according to claim 15, it is characterised in that if the certification sequence number for receiving, carrier server
The certification sequence that mark, timestamp do not distribute when the request for answering carrier server is verified to carrier server mark
Number, in the carrier server that is directed to mark, the corresponding record of timestamp, then authentification failure.
17. devices according to claim 13, it is characterised in that described device also includes:
3rd receiving unit, is configured to receive service content bag from carrier server;
Acquiring unit, is configured to obtain the carrier server mark;
Signal generating unit, if being configured to be verified the carrier server mark, generates certification sequence number and time
Stamp;
Synthesis unit, be configured to will generate certification sequence number and timestamp, obtain carrier server mark, and receive
Service content inclusion becomes aerial download service request;
Issuance unit, is configured to for aerial download service request to be issued to mobile device client.
18. devices according to claim 17, it is characterised in that described device also includes:
Recording unit, is configured to the certification sequence number, carrier server mark, and the timestamp is accordingly
Record.
A kind of 19. equipment, including processor, memorizer and display;It is characterized in that:
The memorizer is included can be by the instruction of the computing device so that the computing device:
Receive aerial download service request;
Whether certification sequence number, carrier server mark, timestamp and clothes are contained in judging the aerial download service request
Business content bag;
If containing certification sequence number, carrier server mark, timestamp in the aerial download service request for receiving, will be described
Certification sequence number, carrier server mark, timestamp are sent to aerial download gateway, to answer operator with aerial gateway of downloading
The certification sequence number distributed, the carrier server mark being directed to when the request of server is authenticated to carrier server mark
Know, the corresponding record of timestamp is compared, so as to be authenticated;
In response to receiving from the aerial certification for downloading gateway by message, service content bag is opened, so as to service content
The locally stored content of the content update of bag.
A kind of 20. equipment, including processor, memorizer and display;It is characterized in that:
The memorizer is included can be by the instruction of the computing device so that the computing device:
Receive identify from the certification sequence number of mobile device client, carrier server, timestamp;
By by the certification for receiving sequence number, carrier server mark, timestamp and answering the request of carrier server to fortune
Seek the certification sequence number distributed when business's server identification is verified, the carrier server mark being directed to, the correspondence note of timestamp
Record is compared, and is authenticated;、
If certification passes through, certification is sent to mobile device client and pass through message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611110200.8A CN106535168B (en) | 2016-12-06 | 2016-12-06 | Aerial method for down loading and device and equipment with risk control function |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611110200.8A CN106535168B (en) | 2016-12-06 | 2016-12-06 | Aerial method for down loading and device and equipment with risk control function |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106535168A true CN106535168A (en) | 2017-03-22 |
CN106535168B CN106535168B (en) | 2019-03-22 |
Family
ID=58341401
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611110200.8A Active CN106535168B (en) | 2016-12-06 | 2016-12-06 | Aerial method for down loading and device and equipment with risk control function |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106535168B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110121859A (en) * | 2017-08-28 | 2019-08-13 | 华为技术有限公司 | A kind of Information Authentication method and relevant device |
CN111669303A (en) * | 2020-06-08 | 2020-09-15 | 湖北阿桑奇汽车电子科技有限公司 | FOTA safety application process |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6915132B2 (en) * | 1996-07-15 | 2005-07-05 | At&T Wireless Services, Inc. | System and method for automatic registration notification for over-the-air activation |
CN1764296A (en) * | 2004-10-22 | 2006-04-26 | 北京握奇数据系统有限公司 | Dynamic password identification system and method |
CN1870808A (en) * | 2005-05-28 | 2006-11-29 | 华为技术有限公司 | Key updating method |
CN101267307A (en) * | 2008-02-29 | 2008-09-17 | 北京中电华大电子设计有限责任公司 | Method for realizing remote management of mobile phone digital certificate using OTA system |
CN101516087A (en) * | 2008-02-21 | 2009-08-26 | 株式会社Ntt都科摩 | Storage system of mobile terminal and access control method |
CN102833702A (en) * | 2011-06-17 | 2012-12-19 | 中兴通讯股份有限公司 | Method and system for triggering over-the-air download service |
-
2016
- 2016-12-06 CN CN201611110200.8A patent/CN106535168B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6915132B2 (en) * | 1996-07-15 | 2005-07-05 | At&T Wireless Services, Inc. | System and method for automatic registration notification for over-the-air activation |
CN1764296A (en) * | 2004-10-22 | 2006-04-26 | 北京握奇数据系统有限公司 | Dynamic password identification system and method |
CN1870808A (en) * | 2005-05-28 | 2006-11-29 | 华为技术有限公司 | Key updating method |
CN101516087A (en) * | 2008-02-21 | 2009-08-26 | 株式会社Ntt都科摩 | Storage system of mobile terminal and access control method |
CN101267307A (en) * | 2008-02-29 | 2008-09-17 | 北京中电华大电子设计有限责任公司 | Method for realizing remote management of mobile phone digital certificate using OTA system |
CN102833702A (en) * | 2011-06-17 | 2012-12-19 | 中兴通讯股份有限公司 | Method and system for triggering over-the-air download service |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110121859A (en) * | 2017-08-28 | 2019-08-13 | 华为技术有限公司 | A kind of Information Authentication method and relevant device |
CN110121859B (en) * | 2017-08-28 | 2021-01-15 | 华为技术有限公司 | Information verification method and related equipment |
CN112839334A (en) * | 2017-08-28 | 2021-05-25 | 华为技术有限公司 | Information verification method and related equipment |
US11234131B2 (en) | 2017-08-28 | 2022-01-25 | Huawei Technologies Co., Ltd. | Information verification method and related device |
CN112839334B (en) * | 2017-08-28 | 2022-06-28 | 华为技术有限公司 | Information verification method and related equipment |
US12035140B2 (en) | 2017-08-28 | 2024-07-09 | Huawei Technologies Co., Ltd. | Information verification method and related device |
CN111669303A (en) * | 2020-06-08 | 2020-09-15 | 湖北阿桑奇汽车电子科技有限公司 | FOTA safety application process |
Also Published As
Publication number | Publication date |
---|---|
CN106535168B (en) | 2019-03-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102394887B (en) | OAuth protocol-based safety certificate method of open platform and system thereof | |
CN109743163A (en) | Purview certification method, apparatus and system in micro services framework | |
CN107135073A (en) | Interface interchange method and apparatus | |
CN106710017B (en) | Identity verification method, device and system for logistics signing | |
CN104199654B (en) | The call method and device of open platform | |
CN104735065B (en) | A kind of data processing method, electronic equipment and server | |
CN106875186A (en) | A kind of offline electronic payment method and apparatus | |
CN102113358B (en) | Method, system and terminal device for realizing locking network by terminal device | |
CN104753674B (en) | A kind of verification method and equipment of application identity | |
CN106487774A (en) | A kind of cloud host services authority control method, device and system | |
CN105229987A (en) | The initiatively mobile authentication of associating | |
CN110381075B (en) | Block chain-based equipment identity authentication method and device | |
CN112000744B (en) | Signature method and related equipment | |
CN106936792A (en) | Safety certifying method and system and the mobile terminal for safety certification | |
CN109151820A (en) | One kind being based on the safety certifying method and device of " one machine of a people, one card No.1 " | |
CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
CN107317807A (en) | A kind of apparatus bound method, apparatus and system | |
CN106789925A (en) | Information of vehicles safe transmission method and device in car networking | |
CN108023907A (en) | Vehicle module upgrade method, device and vehicle | |
CN110175439A (en) | User management method, device, equipment and computer readable storage medium | |
CN106611313A (en) | A payment method, a terminal and a payment server | |
US20100075633A1 (en) | Method and System for the Reading of Data from a Memory in a Mobile Remote Appliance | |
CN112398918A (en) | Data sharing method, device and system for across alliance chain and storage medium | |
CN106535168A (en) | Over-the-air (OTA) method and device with risk control function and equipment | |
CN107358118A (en) | SFS access control methods and system, SFS and terminal device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 100083 Beijing, Haidian District Xueyuan Road 30 days building A 20 floor Applicant after: Beijing Bang Bang Safety Technology Co. Ltd. Address before: 100083 Beijing, Haidian District Xueyuan Road 30 days building A 20 floor Applicant before: Yangpuweiye Technology Limited |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |