CN106535168A - Over-the-air (OTA) method and device with risk control function and equipment - Google Patents

Over-the-air (OTA) method and device with risk control function and equipment Download PDF

Info

Publication number
CN106535168A
CN106535168A CN201611110200.8A CN201611110200A CN106535168A CN 106535168 A CN106535168 A CN 106535168A CN 201611110200 A CN201611110200 A CN 201611110200A CN 106535168 A CN106535168 A CN 106535168A
Authority
CN
China
Prior art keywords
carrier server
timestamp
sequence number
certification
mark
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611110200.8A
Other languages
Chinese (zh)
Other versions
CN106535168B (en
Inventor
阚志刚
陈彪
吕文昊
刘乐光
卢佐华
彭建芬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
YANGPUWEIYE TECHNOLOGY Ltd
Original Assignee
YANGPUWEIYE TECHNOLOGY Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by YANGPUWEIYE TECHNOLOGY Ltd filed Critical YANGPUWEIYE TECHNOLOGY Ltd
Priority to CN201611110200.8A priority Critical patent/CN106535168B/en
Publication of CN106535168A publication Critical patent/CN106535168A/en
Application granted granted Critical
Publication of CN106535168B publication Critical patent/CN106535168B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

The invention discloses an over-the-air (OTA) method and device with a risk control function and equipment. The method comprises the following steps: receiving an OTA service request; judging whether the OTA service request includes an authentication serial number, an operator server identifier, a timestamp and a service content package or not; if the received OTA service request includes the authentication serial number, the operator server identifier and the timestamp, transmitting the authentication serial number, the operator server identifier and the timestamp to an OTA gateway in order to compare with corresponding records of an authentication serial number, a specific operator server identifier and a timestamp which are allocated by the OTA gateway to authenticate the operator server identifier at the request of an operator server for authentication; and opening the service content package in response to an authentication pass message received from the OTA gateway in order to update locally-stored content according to content of the service content package. Through adoption of the OTA method and device with the risk control function and the equipment, the security of the OTA method is enhanced.

Description

Aerial method for down loading with risk control function and device and equipment
Technical field
The disclosure relates generally to communication technical field, and in particular to filed of network information security, more particularly to one kind has The aerial method for down loading of risk control function and device.
Background technology
Aerial (OTA) technology of downloading is mobile device SIM data and application to be entered by the air interface of mobile communication The technology of row remote management.Over the air is based on client/server approach, background system of the server end for operator Server, client are then mobile device SIMs.The background server of operator is responsible for sending service request or service content To an OTA gateway, then these service requests are converted into issuing after note in a short message service by this OTA gateway again The heart (SMSC), finally passes to them by this short message service center one or more SIMs in service area again.
So, operator need not be reissued to the SIM of user and just can be utilized over the air more Data on new or modification card.That is, end user handles any formality with regard to energy without the outlet of Zai Qu operators A kind of specific information from operator is received, then with oneself mobile phone-downloaded or new service is activated.
But, usually have some attackers, they can attack message disguise oneself as OTA gateways by SMSC into service area The note that sends of one or more SIMs, hence into user's SIM, destroy the normal operation of SIM, damage therein Data, cause to attack.Therefore, how to eliminate this risk, there is provided the aerial method for down loading with risk control function, become one Item challenge.
The content of the invention
In view of drawbacks described above of the prior art or deficiency, expect that providing one kind can improve aerial method for down loading safety Technology.
In a first aspect, the embodiment of the present application provides a kind of aerial method for down loading with risk control function, the side Method includes:Receive aerial download service request;Whether certification sequence number, operator are contained in judging the aerial download service request Server identification, timestamp and service content bag;If in the aerial download service request for receiving containing certification sequence number, The certification sequence number, carrier server mark, timestamp are sent to aerial download by carrier server mark, timestamp Gateway, to answer what the request of carrier server distributed when being authenticated to carrier server mark with aerial gateway of downloading Certification sequence number, the carrier server being directed to mark, the corresponding record of timestamp are compared, so as to be authenticated;In response to Receive from the aerial certification for downloading gateway by message, open service content bag, so as to the content of service content bag more New locally stored content.
Second aspect, the embodiment of the present application provide a kind of aerial method for down loading with risk control function, the side Method includes:Receive identify from the certification sequence number of mobile device client, carrier server, timestamp;By receiving Certification sequence number, carrier server mark, timestamp and the request for answering carrier server carrier server is identified into The certification sequence number distributed during row checking, the carrier server mark being directed to, the corresponding record of timestamp are compared, and carry out Certification;If certification passes through, certification is sent to mobile device client and pass through message.
The third aspect, the embodiment of the present application provide a kind of aerial download apparatus with risk control function, the dress Put including:First receiving unit, is configured to receive aerial download service request;Judging unit, is configured to judge the sky Whether containing certification sequence number, carrier server mark, timestamp and service content bag in middle download service request;First Transmitting element, if identify containing certification sequence number, carrier server in being configured to the aerial download service request for receiving, Timestamp, by the certification sequence number, carrier server mark, timestamp be sent to it is aerial download gateway, so as to it is aerial under Contained network closes the certification sequence number distributed, the fortune being directed to when answering the request of carrier server to be authenticated carrier server mark Battalion's business's server identification, the corresponding record of timestamp are compared, so as to be authenticated;Opening unit, be configured in response to Receive from the aerial certification for downloading gateway by message, open service content bag, so as to the content of service content bag more New locally stored content.
Fourth aspect, the embodiment of the present application provide a kind of aerial download apparatus with risk control function, the dress Put including:Second receiving unit, is configured to receive certification sequence number, the carrier server mark from mobile device client Knowledge, timestamp;Authentication ' unit, the certification sequence number for being configured to receive, carrier server mark, timestamp with should The certification sequence number distributed, the carrier service being directed to when the request of carrier server is verified to carrier server mark Device mark, the corresponding record of timestamp are compared, and are authenticated;Second transmitting element, if be configured to certification passed through, Certification is sent to mobile device client and passes through message.
In terms of 5th, the embodiment of the present application provides a kind of equipment, including processor, memorizer and display;It is described to deposit Reservoir is included can be by the instruction of the computing device so that the computing device:Receive aerial download service request;Sentence Whether containing certification sequence number, carrier server mark, timestamp and service content in the disconnected aerial download service request Bag;If containing certification sequence number, carrier server mark, timestamp in the aerial download service request for receiving, will be described Certification sequence number, carrier server mark, timestamp are sent to aerial download gateway, to answer operator with aerial gateway of downloading The certification sequence number distributed, the carrier server mark being directed to when the request of server is authenticated to carrier server mark Know, the corresponding record of timestamp is compared, so as to be authenticated;Lead to from the aerial certification for downloading gateway in response to receiving Message is crossed, service content bag is opened, so as to the locally stored content of the content update of service content bag.
In terms of 6th, the embodiment of the present application provides a kind of equipment, including processor, memorizer and display;It is described to deposit Reservoir is included can be by the instruction of the computing device so that the computing device:Receive from mobile device client Certification sequence number, carrier server mark, timestamp;By the certification sequence number that will receive, carrier server mark, time The certification sequence number distributed, the operation being directed to when stamp is verified to carrier server mark with the request for answering carrier server Business's server identification, the corresponding record of timestamp are compared, and are authenticated;If certification passes through, to mobile device client End sends certification and passes through message.
In the embodiment of the present application, the service that carrier server is wanted to send for updating each SIM local content please Ask or service content, service request or service content bag are issued into aerial download gateway first.Aerial gateway of downloading is to operator After the identity verification of server passes through, it is which generates certification sequence number and timestamp, and by the certification sequence number for generating and timestamp, fortune Battalion's business's server identification and the service content inclusion for receiving become aerial download service request and are sent to mobile device client (SIM).After mobile device client receives aerial download service request, judge which whether containing certification sequence number, operator Server identification, timestamp.If it did not, explanation is likely to be attacker disguises oneself as aerial gateway of downloading to mobile device client The attack message that end sends.Once enter mobile device client, it is likely that destroy the mobile device client.Due to attacker Usually do not get it is aerial downloading certification sequence number that gateway issues and timestamp, therefore from whether having certification sequence number, operator Server identification, timestamp can tentatively screen out some attack messages.Even if in addition, containing certification in aerial download service request Sequence number, carrier server mark, timestamp, can not exclude attacker forge certification sequence number, carrier server mark, when Between the possibility stabbed.At this moment, the certification sequence number, carrier server are identified by mobile device client, timestamp is sent to sky Middle download gateway, when being authenticated to carrier server mark so as to the request for answering carrier server with aerial download gateway The certification sequence number of distribution, the carrier server being directed to mark, the corresponding record of timestamp are compared, so as to be authenticated. If authentification failure, it is likely to which attacker forges the feelings invaded by certification sequence number, carrier server mark, timestamp Condition, even if because attacker forges certification sequence number, carrier server mark, timestamp, they can't pass certification.Only When certification passes through, mobile device client could open service content bag.So, malicious attacker is reduced attack message The note that the OTA gateways that disguise oneself as are sent to mobile device client by SMSC is so that what mobile device client was attacked Risk, improves the safety in over the air.
Description of the drawings
By reading the detailed description made to non-limiting example made with reference to the following drawings, the application other Feature, objects and advantages will become more apparent upon:
Fig. 1 is shown in which can be using the exemplary system architecture of the embodiment of the present application;
What Fig. 2 was shown according to the application one embodiment in mobile device client-side with risk control function The exemplary process diagram of aerial method for down loading;
Fig. 3 shows the sky with risk control function for downloading gateway side in the air according to the application one embodiment The exemplary process diagram of middle method for down loading;
What Fig. 4 was shown according to the application one embodiment in mobile device client-side with risk control function The exemplary block diagram of aerial download apparatus;
Fig. 5 shows the sky with risk control function for downloading gateway side in the air according to the application one embodiment The exemplary block diagram of middle download apparatus;
Fig. 6 shows that the structure of the computer system for being suitable to the mobile device client for realizing the embodiment of the present application is shown It is intended to.
Fig. 7 shows the structural representation of the computer system for being suitable to the aerial download gateway for realizing the embodiment of the present application Figure.
Specific embodiment
With reference to the accompanying drawings and examples the application is described in further detail.It is understood that this place is retouched The specific embodiment stated is used only for explaining related invention, rather than the restriction to the invention.It also should be noted that, in order to It is easy to description, in accompanying drawing, illustrate only the part related to invention.
It should be noted that in the case where not conflicting, the feature in embodiment and embodiment in the application can phase Mutually combine.Below with reference to the accompanying drawings and in conjunction with the embodiments describing the application in detail.
Fig. 1 is refer to, it illustrates can be using the exemplary system architecture of the embodiment of the present application.
As shown in figure 1, system architecture can include short message service center 101, aerial download gateway 102, mobile device visitor Family end 103, carrier server 104.Mobile device client 103 refers to SIM of mobile device etc..Short message service center 101 is Center in wireless network for sending short messages to mobile device.Aerial gateway 102 of downloading is responsible for the service carrier server Request issues short message service center, the mobile device they passed to by short message service center in service area again after being converted into note The center of client.And, in this application, aerial gateway 102 of downloading act as safety certification function simultaneously.
Aerial gateway 102 of downloading can be multiple servers being connected with each other.
As background technology is mentioned, usually there are some attackers, they can pass through the attack message OTA gateways that disguise oneself as The note that SMSC is sent to one or more SIMs in service area, hence into user's SIM, destroys the normal fortune of SIM OK, data therein are damaged, causes to attack.Therefore, how to eliminate this risk, there is provided under aerial with risk control function Support method, becomes a challenge.
In the embodiment of the present application, the service that carrier server is wanted to send for updating each SIM local content please Ask or service content, service request or service content bag are issued into aerial download gateway first.Aerial gateway of downloading is to operator After the identity verification of server passes through, it is which generates certification sequence number and timestamp, and by the certification sequence number for generating and timestamp, fortune Battalion's business's server identification and the service content inclusion for receiving become aerial download service request and are sent to mobile device client (SIM).After mobile device client receives aerial download service request, judge which whether containing certification sequence number, operator Server identification, timestamp.If it did not, explanation is likely to be attacker disguises oneself as aerial gateway of downloading to mobile device client The attack message that end sends.Once enter mobile device client, it is likely that destroy the mobile device client.Due to attacker Usually do not get it is aerial downloading certification sequence number that gateway issues and timestamp, therefore from whether having certification sequence number, operator Server identification, timestamp can tentatively screen out some attack messages.Even if in addition, containing certification in aerial download service request Sequence number, carrier server mark, timestamp, can not exclude attacker forge certification sequence number, carrier server mark, when Between the possibility stabbed.At this moment, the certification sequence number, carrier server are identified by mobile device client, timestamp is sent to sky Middle download gateway, when being authenticated to carrier server mark so as to the request for answering carrier server with aerial download gateway The certification sequence number of distribution, the carrier server being directed to mark, the corresponding record of timestamp are compared, so as to be authenticated. If authentification failure, it is likely to which attacker forges the feelings invaded by certification sequence number, carrier server mark, timestamp Condition, even if because attacker forges certification sequence number, carrier server mark, timestamp, they can't pass certification.Only When certification passes through, mobile device client could open service content bag.So, malicious attacker is reduced attack message The note that the OTA gateways that disguise oneself as are sent to mobile device client by SMSC is so that what mobile device client was attacked Risk, improves the safety in over the air.
With reference to Fig. 2, the aerial method for down loading with risk control function according to the application one embodiment is it illustrates Exemplary process diagram.Method shown in Fig. 2 can be in FIG mobile device client 103 perform.
As shown in Fig. 2 in step 210, receive aerial download service request.
Carrier server is wanted to send service request or the service for updating each mobile device client local content Service request or service content bag are issued aerial download gateway by content first.It is aerial to download gateway and then active obtaining operation The mark of business's server.Carrier server can not be allowed to download the mark that gateway sends carrier server to aerial.If by Carrier server downloads the mark that gateway sends carrier server to aerial, it is assumed that attacker knows that another is real The mark of carrier server, it will pretend to be the mark of oneself to aerial download with the mark of the real carrier server Gateway sends, so as to pass through checking.The mark of active obtaining carrier server for example, from carrier server and aerial is downloaded The mark of carrier server is obtained in the specific fields of the message communicated between gateway.Typically, in carrier server and sky Specify in communication protocol between middle download gateway, if carrier server sends message, protocol machine to aerial gateway of downloading System can capture automatically the mark of carrier server and be put into certain specific fields, and the specific fields can not be tampered.By this Mode, what is obtained from the specific fields must be just the true identities of carrier server.
When carrier server networks, the gateway of download in the air put on record is all identified.So, when aerial gateway of downloading connects After receiving the mark of carrier server, compare with the identification list put on record.If the carrier server for receiving Mark is verified in the identification list put on record, illustrates that carrier server is the carrier server of registration.It is aerial to download After gateway passes through to the identity verification of carrier server, it is which generates certification sequence number and timestamp.Certification sequence number is for this The serial number distributed by the identity verification of carrier server.In general, it is each identity verification to carrier server The different certification sequence number of distribution.Timestamp shows to generate the time of certification sequence number.Then, by the certification sequence number for generating and time Stamp, carrier server mark, and the service content inclusion that receives become aerial download service request, by short message service center 101 are sent to mobile device client (SIM) in the form of note.
In a step 220, whether certification sequence number, carrier server mark are contained in judging the aerial download service request Knowledge, timestamp and service content bag.
After mobile device client receives aerial download service request, as the request is probably by downloading gateway in the air The aerial download service request of normal for sending as procedure described above, it is also possible to be the aerial download clothes of the personation of attacker Business request.First, whether mobile device client judges which containing certification sequence number, carrier server mark, timestamp.If No, illustrate to be likely to be attacker and disguise oneself as and aerial download the attack message that gateway is sent to mobile device client.Once Into mobile device client, it is likely that destroy the mobile device client.As attacker is usually not get aerial download Certification sequence number that gateway is issued and timestamp, therefore from whether having certification sequence number, carrier server mark, the timestamp can be with Some attack messages are screened out tentatively.
In step 230, if containing certification sequence number, carrier server mark in the aerial download service request for receiving Know, timestamp, by the certification sequence number, carrier server mark, timestamp be sent to it is aerial download gateway, so as to it is aerial Download certification sequence number that gateway answers the request of carrier server to distribute when being authenticated to carrier server mark, be directed to Carrier server mark, the corresponding record of timestamp are compared, so as to be authenticated.
Even if can not exclude containing certification sequence number, carrier server mark, timestamp in aerial download service request Attacker forges certification sequence number, carrier server mark, the possibility of timestamp.At this moment, mobile device client is recognized described Card sequence number, carrier server mark, timestamp are sent to aerial download gateway.It is aerial download gateway generate certification sequence number and After timestamp also by the certification sequence number, the carrier server identify, and the timestamp accordingly record.So, Aerial gateway of downloading just can be by the certification sequence number for receiving, carrier server mark, timestamp and the certification sequence number, institute State carrier server mark, and the corresponding record of the timestamp compare.If the certification sequence number for receiving, operation Business's server identification, timestamp the certification sequence number, the carrier server identify, and the timestamp correspondence remember In record, then certification passes through.Otherwise, then authentification failure.Authentification failure is likely to attacker and forges certification sequence number, carrier service The situation invaded by device mark, timestamp, even if because attacker forges certification sequence number, carrier server mark, time Stamp, they can't pass certification.
In step 240, in response to receiving from the aerial certification for downloading gateway by message, open service content Bag, so as to the locally stored content of the content update of service content bag.
When certification passes through, aerial gateway of downloading sends certification by message to mobile device client.Receive this to recognize After message, mobile device client could open service content bag to card, so as to local with the content update of service content bag The content of storage.So, reduce malicious attacker attack message disguise oneself as OTA gateways by SMSC to mobile device client The note that end sends is so that the risk attacked of mobile device client, improves the safety in over the air.
With reference to Fig. 3, the aerial method for down loading with risk control function according to the application one embodiment is it illustrates Exemplary process diagram.Method shown in Fig. 3 can be in FIG control download gateway 102 perform.
As shown in figure 3, in the step 310, receive certification sequence number, the carrier server mark from mobile device client Knowledge, timestamp.
In fact, before step 310, methods described also includes:Service content bag is received from carrier server;Obtain The carrier server mark;If be verified to the carrier server mark, certification sequence number and time is generated Stamp;By the certification sequence number of generation and timestamp, the carrier server for obtaining mark, and the service content inclusion that receives become empty Middle download service request;Aerial download service request is issued to into mobile device client.
Carrier server is wanted to send service request or the service for updating each mobile device client local content Service request or service content bag are issued aerial download gateway by content first.It is aerial to download gateway and then active obtaining operation The mark of business's server.Carrier server can not be allowed to download the mark that gateway sends carrier server to aerial.If by Carrier server downloads the mark that gateway sends carrier server to aerial, it is assumed that attacker knows that another is real The mark of carrier server, it will pretend to be the mark of oneself to aerial download with the mark of the real carrier server Gateway sends, so as to pass through checking.The mark of active obtaining carrier server for example, from carrier server and aerial is downloaded The mark of carrier server is obtained in the specific fields of the message communicated between gateway.Typically, in carrier server and sky Specify in communication protocol between middle download gateway, if carrier server sends message, protocol machine to aerial gateway of downloading System can capture automatically the mark of carrier server and be put into certain specific fields, and the specific fields can not be tampered.By this Mode, what is obtained from the specific fields must be just the true identities of carrier server.
When carrier server networks, the gateway of download in the air put on record is all identified.So, when aerial gateway of downloading connects After receiving the mark of carrier server, compare with the identification list put on record.If the carrier server for receiving Mark is verified in the identification list put on record, illustrates that carrier server is the carrier server of registration.It is aerial to download After gateway passes through to the identity verification of carrier server, it is which generates certification sequence number and timestamp.Certification sequence number is for this The serial number distributed by the identity verification of carrier server.In general, it is each identity verification to carrier server The different certification sequence number of distribution.Timestamp shows to generate the time of certification sequence number.Then, by the certification sequence number for generating and time Stamp, carrier server mark, and the service content inclusion that receives become aerial download service request by short message service center 101 are sent to mobile device client (SIM) in the form of note.
After mobile device client receives aerial download service request, as the request is probably by downloading gateway in the air The aerial download service request of normal for sending as procedure described above, it is also possible to be the aerial download clothes of the personation of attacker Business request.First, whether mobile device client judges which containing certification sequence number, carrier server mark, timestamp.If No, illustrate to be likely to be attacker and disguise oneself as and aerial download the attack message that gateway is sent to mobile device client.Once Into mobile device client, it is likely that destroy the mobile device client.As attacker is usually not get aerial download Certification sequence number that gateway is issued and timestamp, therefore from whether having certification sequence number, carrier server mark, the timestamp can be with Some attack messages are screened out tentatively.
Even if can not exclude containing certification sequence number, carrier server mark, timestamp in aerial download service request Attacker forges certification sequence number, carrier server mark, the possibility of timestamp.At this moment, mobile device client is recognized described Card sequence number, carrier server mark, timestamp are sent to aerial download gateway.
In step 320, by by the certification for receiving sequence number, carrier server mark, timestamp and answer operator The certification sequence number distributed, the carrier server mark being directed to when the request of server is verified to carrier server mark Know, the corresponding record of timestamp is compared, be authenticated.
It is aerial to download gateway after certification sequence number and timestamp is generated also by the certification sequence number, the carrier server Mark, and the timestamp accordingly record.So, aerial download gateway just can be by the certification sequence number for receiving, operation Business's server identification, timestamp and the certification sequence number, the carrier server identify, and the corresponding of the timestamp remember Record is compared.If the certification sequence number for receiving, carrier server mark, timestamp are in the certification sequence number, the fortune In the corresponding record of battalion's business's server identification and the timestamp, then certification passes through.If the certification sequence number for receiving, fortune Battalion's business's server identification, timestamp do not distribute when the request for answering carrier server is verified to carrier server mark Certification sequence number, the carrier server mark being directed to, in the corresponding record of timestamp, then authentification failure.Authentification failure very may be used Can be attacker's forgery certification sequence number, the situation that carrier server is identified, timestamp is invaded, even if because attacker is pseudo- Certification sequence number, carrier server mark, timestamp is made, they can't pass certification.
In a step 330, if certification passes through, certification is sent to mobile device client and pass through message.
When certification passes through, aerial gateway of downloading sends certification by message to mobile device client.Receive this to recognize After message, mobile device client could open service content bag to card, so as to local with the content update of service content bag The content of storage.So, reduce malicious attacker attack message disguise oneself as OTA gateways by SMSC to mobile device client The note that end sends is so that the risk attacked of mobile device client, improves the safety in over the air.
In one embodiment, methods described also includes:If authentification failure, certification is sent to mobile device client and lost Lose message.
Although it should be noted that describe the operation of the inventive method in the accompanying drawings with particular order, this does not require that Or hint must perform these operations according to the particular order, or the operation having to carry out shown in whole could realize the phase The result of prestige.Conversely, the step of describing in flow chart can change execution sequence.Additionally or alternatively, it is convenient to omit some Multiple steps are merged into a step and are performed, and/or a step is decomposed into execution of multiple steps by step.
With further reference to Fig. 4, it illustrates according to the application one embodiment with risk control function it is aerial under Carry the exemplary block diagram for putting 400.
As shown in figure 4, vehicle-mounted invasion detecting device 400 can include:First receiving unit 410, is configured to receive empty Middle download service request;Whether judging unit 420, contain certification sequence in being configured to judge the aerial download service request Number, carrier server mark, timestamp and service content bag;First transmitting element 430, if be configured to receive Aerial download service request in containing certification sequence number, carrier server mark, timestamp, by the certification sequence number, operation Business's server identification, timestamp are sent to aerial download gateway, to download the request that gateway answers carrier server with aerial To carrier server mark be authenticated when distribute certification sequence number, be directed to carrier server mark, timestamp it is right Should record and compare, so as to be authenticated;Opening unit 440, is configured to download gateway in response to receiving from aerial Certification by message, open service content bag, so as to the locally stored content of the content update of service content bag.
Alternatively, described device 400 also includes:First discarding unit, if be configured to the aerial download clothes for receiving Business request does not contain certification sequence number, carrier server mark, timestamp, the aerial download service request that discarding is received.
Alternatively, described device 400 also includes:Second discarding unit, is configured in response to receiving under in the air The authentification failure message that contained network is closed, the aerial download service request that discarding is received.
With further reference to Fig. 5, it illustrates according to the application one embodiment with risk control function it is aerial under Carry the exemplary block diagram for putting 500.
As shown in figure 5, vehicle-mounted invasion detecting device 500 can include:Second receiving unit 510, is configured to receive and Certification sequence number from mobile device client, carrier server mark, timestamp;Authentication ' unit 520, be configured to by The certification sequence number that receives, carrier server mark, timestamp with answer the request of carrier server to carrier server Identify the certification sequence number distributed when being verified, the carrier server being directed to mark, the corresponding record of timestamp to compare, To be authenticated;Second transmitting element 530, if be configured to certification passed through, sends certification to mobile device client and passes through Message.
Alternatively, if the certification sequence number for receiving, carrier server mark, timestamp are answering carrier server Ask the certification sequence number distributed when verifying to carrier server mark, the carrier server mark being directed to, timestamp Corresponding record in, then certification passes through.
Alternatively, described device 500 also includes:3rd transmitting element, if being configured to authentification failure, to mobile device Client sends authentification failure message.
Alternatively, if the certification sequence number for receiving, carrier server mark, timestamp are not answering carrier server Request to carrier server mark verify when distribute certification sequence number, be directed to carrier server mark, the time In the corresponding record of stamp, then authentification failure.
Alternatively, described device 500 also includes:3rd receiving unit, is configured to from carrier server receive service Content bag;Acquiring unit, is configured to obtain the carrier server mark;Signal generating unit, if be configured to described Being verified for carrier server mark, generates certification sequence number and timestamp;Synthesis unit, is configured to the certification that will be generated Sequence number and timestamp, the carrier server mark for obtaining, and the service content inclusion that receives become aerial download service request; Issuance unit, is configured to for aerial download service request to be issued to mobile device client.
Alternatively, described device 500 also includes:Recording unit, is configured to take the certification sequence number, the operator Business device mark, and the timestamp accordingly record.
It should be appreciated that the systems or unit and each step referred in the method that Fig. 2-Fig. 3 is described described in Fig. 4-5 It is rapid corresponding.Thus, the operation and feature above with respect to method description is equally applicable to Fig. 4-5 and the unit for wherein including, This repeats no more.
Below with reference to Fig. 6, the computer for being suitable to the mobile device client for realizing the embodiment of the present application is it illustrates The structural representation of system 600.
As shown in fig. 6, computer system 600 includes CPU (CPU) 601, which can be read-only according to being stored in Program in memorizer (ROM) 602 or be loaded into the program in random access storage device (RAM) 603 from storage part 608 and Perform various appropriate actions and process.In RAM 603, the system that is also stored with 600 operates required various programs and data. CPU 601, ROM 602 and RAM 603 are connected with each other by bus 604.Input/output (I/O) interface 605 is also connected to always Line 604.
I/O interfaces 605 are connected to lower component:Including the importation 606 of keyboard, mouse etc.;Penetrate including such as negative electrode The output par, c 607 of spool (CRT), liquid crystal display (LCD) etc. and speaker etc.;Storage part 608 including hard disk etc.; And the communications portion 609 of the NIC including LAN card, modem etc..Communications portion 609 via such as because The network of special net performs communication process.Driver 610 is also according to needing to be connected to I/O interfaces 605.Detachable media 611, such as Disk, CD, magneto-optic disk, semiconductor memory etc., as needed in driver 610, in order to read from it Computer program be mounted into as needed storage part 608.
Below with reference to Fig. 7, the department of computer science for being suitable to the aerial download gateway for realizing the embodiment of the present application is it illustrates The structural representation of system 700.
As shown in fig. 7, computer system 700 includes CPU (CPU) 701, which can be read-only according to being stored in Program in memorizer (ROM) 702 or be loaded into the program in random access storage device (RAM) 703 from storage part 708 and Perform various appropriate actions and process.In RAM 703, the system that is also stored with 700 operates required various programs and data. CPU 701, ROM 702 and RAM 703 are connected with each other by bus 704.Input/output (I/O) interface 705 is also connected to always Line 704.
I/O interfaces 705 are connected to lower component:Including the importation 706 of keyboard, mouse etc.;Penetrate including such as negative electrode The output par, c 707 of spool (CRT), liquid crystal display (LCD) etc. and speaker etc.;Storage part 708 including hard disk etc.; And the communications portion 709 of the NIC including LAN card, modem etc..Communications portion 709 via such as because The network of special net performs communication process.Driver 710 is also according to needing to be connected to I/O interfaces 705.Detachable media 711, such as Disk, CD, magneto-optic disk, semiconductor memory etc., as needed in driver 710, in order to read from it Computer program be mounted into as needed storage part 708.
Especially, in accordance with an embodiment of the present disclosure, computer is may be implemented as above with reference to the process of Fig. 2-Fig. 3 descriptions Software program.For example, embodiment of the disclosure includes a kind of computer program, and which includes being tangibly embodied in machine readable Computer program on medium, program code of the computer program comprising the method for being used for performing Fig. 2-Fig. 3.Such In embodiment, the computer program can be downloaded and installed from network by communications portion 609,709, and/or from removable Unload medium 611,711 to be mounted.
Flow chart and block diagram in accompanying drawing, it is illustrated that according to the system of various embodiments of the invention, method and computer journey The architectural framework in the cards of sequence product, function and operation.At this point, each square frame in flow chart or block diagram can generation A part for table one module, program segment or code, a part for the module, program segment or code include one or more For realizing the executable instruction of the logic function of regulation.It should also be noted that in some realizations as replacement, institute in square frame The function of mark can also occur with the order different from being marked in accompanying drawing.For example, the two square frame reality for succeedingly representing On can perform substantially in parallel, they can also be performed sometimes in the opposite order, and this is depending on involved function.Also to It is noted that the combination of block diagram and/or each square frame and block diagram and/or the square frame in flow chart in flow chart, Ke Yiyong Perform the function of regulation or the special hardware based system of operation to realize, or can be referred to computer with specialized hardware The combination of order is realizing.
It is described in involved unit in the embodiment of the present application or module can be realized by way of software, it is also possible to Realized by way of hardware.Described unit or module can also be arranged within a processor.These units or module Title does not constitute the restriction to the unit or module itself under certain conditions.
As on the other hand, present invention also provides a kind of computer-readable recording medium, the computer-readable storage medium Matter can be the computer-readable recording medium described in above-described embodiment included in device;Can also be individualism, not The computer-readable recording medium being fitted in equipment.Computer-readable recording medium storage has one or more than one journey Sequence, described program are used for performing the formula input method for being described in the application by one or more than one processor.
Above description is only the preferred embodiment and the explanation to institute's application technology principle of the application.People in the art Member is it should be appreciated that invention scope involved in the application, however it is not limited to the technology of the particular combination of above-mentioned technical characteristic Scheme, while should also cover in the case of without departing from the inventive concept, is carried out by above-mentioned technical characteristic or its equivalent feature Combination in any and other technical schemes for being formed.Such as features described above has similar work(with (but not limited to) disclosed herein The technical scheme that the technical characteristic of energy is replaced mutually and formed.

Claims (20)

1. a kind of aerial method for down loading with risk control function, it is characterised in that methods described includes:
Receive aerial download service request;
Whether certification sequence number, carrier server mark, timestamp and clothes are contained in judging the aerial download service request Business content bag;
If containing certification sequence number, carrier server mark, timestamp in the aerial download service request for receiving, will be described Certification sequence number, carrier server mark, timestamp are sent to aerial download gateway, to answer operator with aerial gateway of downloading The certification sequence number distributed, the carrier server mark being directed to when the request of server is authenticated to carrier server mark Know, the corresponding record of timestamp is compared, so as to be authenticated;
In response to receiving from the aerial certification for downloading gateway by message, service content bag is opened, so as to service content The locally stored content of the content update of bag.
2. method according to claim 1, it is characterised in that methods described also includes:
If the aerial download service request for receiving does not contain certification sequence number, carrier server mark, timestamp, discarding connects The aerial download service request for receiving.
3. method according to claim 1, it is characterised in that methods described also includes:
In response to receiving from the aerial authentification failure message for downloading gateway, the aerial download service request that discarding is received.
4. a kind of aerial method for down loading with risk control function, it is characterised in that methods described includes:
Receive identify from the certification sequence number of mobile device client, carrier server, timestamp;
By by the certification for receiving sequence number, carrier server mark, timestamp and answering the request of carrier server to fortune Seek the certification sequence number distributed when business's server identification is verified, the carrier server mark being directed to, the correspondence note of timestamp Record is compared, and is authenticated;、
If certification passes through, certification is sent to mobile device client and pass through message.
5. method according to claim 4, it is characterised in that if the certification sequence number for receiving, carrier server mark Know, the certification sequence number that timestamp distributes when answering the request of carrier server to verify carrier server mark, pin To carrier server mark, in the corresponding record of timestamp, then certification passes through.
6. method according to claim 4, it is characterised in that methods described also includes:
If authentification failure, authentification failure message is sent to mobile device client.
7. method according to claim 6, it is characterised in that if the certification sequence number for receiving, carrier server mark Know, the certification sequence number that timestamp does not distribute when answering the request of carrier server to verify carrier server mark, For carrier server mark, in the corresponding record of timestamp, then authentification failure.
8. method according to claim 4, it is characterised in that methods described is receiving recognizing from mobile device client Also include before card sequence number, carrier server mark, timestamp:
Service content bag is received from carrier server;
Obtain the carrier server mark;
If be verified to the carrier server mark, certification sequence number and timestamp is generated;
By the certification sequence number of generation and timestamp, the carrier server for obtaining mark, and the service content inclusion that receives become Aerial download service request;
Aerial download service request is issued to into mobile device client.
9. method according to claim 8, it is characterised in that methods described is also wrapped after certification sequence number and timestamp is generated Include:
By the certification sequence number, the carrier server mark, and the timestamp accordingly record.
10. a kind of aerial download apparatus with risk control function, it is characterised in that described device includes:
First receiving unit, is configured to receive aerial download service request;
Whether judging unit, contain certification sequence number, carrier server in being configured to judge the aerial download service request Mark, timestamp and service content bag;
First transmitting element, if taken containing certification sequence number, operator in being configured to the aerial download service request for receiving The certification sequence number, carrier server mark, timestamp are sent to aerial download gateway by business device mark, timestamp, so as to With it is aerial download certification sequence number that gateway answers the request of carrier server to distribute when being authenticated to carrier server mark, For carrier server mark, timestamp corresponding record compare, so as to be authenticated;
Opening unit, is configured to, in response to receiving from the aerial certification for downloading gateway by message, open service content Bag, so as to the locally stored content of the content update of service content bag.
11. devices according to claim 10, it is characterised in that described device also includes:
First discarding unit, if the aerial download service request for being configured to receive does not contain certification sequence number, operator's clothes Business device mark, timestamp, the aerial download service request that discarding is received.
12. devices according to claim 10, it is characterised in that described device also includes:
Second discarding unit, is configured to, in response to receiving from the aerial authentification failure message for downloading gateway, abandon and receive The aerial download service request arrived.
13. a kind of aerial download apparatus with risk control function, it is characterised in that described device includes:
Second receiving unit, be configured to receive identify from the certification sequence number of mobile device client, carrier server, when Between stab;
Authentication ' unit, the certification sequence number for being configured to receive, carrier server mark, timestamp with answer operator The certification sequence number distributed, the carrier server mark being directed to when the request of server is verified to carrier server mark Know, the corresponding record of timestamp is compared, be authenticated;
Second transmitting element, if be configured to certification passed through, sends certification to mobile device client and passes through message.
14. devices according to claim 13, it is characterised in that if the certification sequence number for receiving, carrier server Certification sequence number that mark, timestamp distribute when answering the request of carrier server to verify carrier server mark, For carrier server mark, in the corresponding record of timestamp, then certification passes through.
15. devices according to claim 13, it is characterised in that described device also includes:
3rd transmitting element, if being configured to authentification failure, sends authentification failure message to mobile device client.
16. devices according to claim 15, it is characterised in that if the certification sequence number for receiving, carrier server The certification sequence that mark, timestamp do not distribute when the request for answering carrier server is verified to carrier server mark Number, in the carrier server that is directed to mark, the corresponding record of timestamp, then authentification failure.
17. devices according to claim 13, it is characterised in that described device also includes:
3rd receiving unit, is configured to receive service content bag from carrier server;
Acquiring unit, is configured to obtain the carrier server mark;
Signal generating unit, if being configured to be verified the carrier server mark, generates certification sequence number and time Stamp;
Synthesis unit, be configured to will generate certification sequence number and timestamp, obtain carrier server mark, and receive Service content inclusion becomes aerial download service request;
Issuance unit, is configured to for aerial download service request to be issued to mobile device client.
18. devices according to claim 17, it is characterised in that described device also includes:
Recording unit, is configured to the certification sequence number, carrier server mark, and the timestamp is accordingly Record.
A kind of 19. equipment, including processor, memorizer and display;It is characterized in that:
The memorizer is included can be by the instruction of the computing device so that the computing device:
Receive aerial download service request;
Whether certification sequence number, carrier server mark, timestamp and clothes are contained in judging the aerial download service request Business content bag;
If containing certification sequence number, carrier server mark, timestamp in the aerial download service request for receiving, will be described Certification sequence number, carrier server mark, timestamp are sent to aerial download gateway, to answer operator with aerial gateway of downloading The certification sequence number distributed, the carrier server mark being directed to when the request of server is authenticated to carrier server mark Know, the corresponding record of timestamp is compared, so as to be authenticated;
In response to receiving from the aerial certification for downloading gateway by message, service content bag is opened, so as to service content The locally stored content of the content update of bag.
A kind of 20. equipment, including processor, memorizer and display;It is characterized in that:
The memorizer is included can be by the instruction of the computing device so that the computing device:
Receive identify from the certification sequence number of mobile device client, carrier server, timestamp;
By by the certification for receiving sequence number, carrier server mark, timestamp and answering the request of carrier server to fortune Seek the certification sequence number distributed when business's server identification is verified, the carrier server mark being directed to, the correspondence note of timestamp Record is compared, and is authenticated;、
If certification passes through, certification is sent to mobile device client and pass through message.
CN201611110200.8A 2016-12-06 2016-12-06 Aerial method for down loading and device and equipment with risk control function Active CN106535168B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611110200.8A CN106535168B (en) 2016-12-06 2016-12-06 Aerial method for down loading and device and equipment with risk control function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611110200.8A CN106535168B (en) 2016-12-06 2016-12-06 Aerial method for down loading and device and equipment with risk control function

Publications (2)

Publication Number Publication Date
CN106535168A true CN106535168A (en) 2017-03-22
CN106535168B CN106535168B (en) 2019-03-22

Family

ID=58341401

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611110200.8A Active CN106535168B (en) 2016-12-06 2016-12-06 Aerial method for down loading and device and equipment with risk control function

Country Status (1)

Country Link
CN (1) CN106535168B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110121859A (en) * 2017-08-28 2019-08-13 华为技术有限公司 A kind of Information Authentication method and relevant device
CN111669303A (en) * 2020-06-08 2020-09-15 湖北阿桑奇汽车电子科技有限公司 FOTA safety application process

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6915132B2 (en) * 1996-07-15 2005-07-05 At&T Wireless Services, Inc. System and method for automatic registration notification for over-the-air activation
CN1764296A (en) * 2004-10-22 2006-04-26 北京握奇数据系统有限公司 Dynamic password identification system and method
CN1870808A (en) * 2005-05-28 2006-11-29 华为技术有限公司 Key updating method
CN101267307A (en) * 2008-02-29 2008-09-17 北京中电华大电子设计有限责任公司 Method for realizing remote management of mobile phone digital certificate using OTA system
CN101516087A (en) * 2008-02-21 2009-08-26 株式会社Ntt都科摩 Storage system of mobile terminal and access control method
CN102833702A (en) * 2011-06-17 2012-12-19 中兴通讯股份有限公司 Method and system for triggering over-the-air download service

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6915132B2 (en) * 1996-07-15 2005-07-05 At&T Wireless Services, Inc. System and method for automatic registration notification for over-the-air activation
CN1764296A (en) * 2004-10-22 2006-04-26 北京握奇数据系统有限公司 Dynamic password identification system and method
CN1870808A (en) * 2005-05-28 2006-11-29 华为技术有限公司 Key updating method
CN101516087A (en) * 2008-02-21 2009-08-26 株式会社Ntt都科摩 Storage system of mobile terminal and access control method
CN101267307A (en) * 2008-02-29 2008-09-17 北京中电华大电子设计有限责任公司 Method for realizing remote management of mobile phone digital certificate using OTA system
CN102833702A (en) * 2011-06-17 2012-12-19 中兴通讯股份有限公司 Method and system for triggering over-the-air download service

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110121859A (en) * 2017-08-28 2019-08-13 华为技术有限公司 A kind of Information Authentication method and relevant device
CN110121859B (en) * 2017-08-28 2021-01-15 华为技术有限公司 Information verification method and related equipment
CN112839334A (en) * 2017-08-28 2021-05-25 华为技术有限公司 Information verification method and related equipment
US11234131B2 (en) 2017-08-28 2022-01-25 Huawei Technologies Co., Ltd. Information verification method and related device
CN112839334B (en) * 2017-08-28 2022-06-28 华为技术有限公司 Information verification method and related equipment
CN111669303A (en) * 2020-06-08 2020-09-15 湖北阿桑奇汽车电子科技有限公司 FOTA safety application process

Also Published As

Publication number Publication date
CN106535168B (en) 2019-03-22

Similar Documents

Publication Publication Date Title
EP3574625B1 (en) Method for carrying out an authentication
CN102394887B (en) OAuth protocol-based safety certificate method of open platform and system thereof
CN109743163A (en) Purview certification method, apparatus and system in micro services framework
CN106710017B (en) Identity verification method, device and system for logistics signing
CN107135073A (en) Interface interchange method and apparatus
CN106875186A (en) A kind of offline electronic payment method and apparatus
CN104199654B (en) The call method and device of open platform
CN102113358B (en) Method, system and terminal device for realizing locking network by terminal device
CN106487774A (en) A kind of cloud host services authority control method, device and system
CN105229987A (en) The initiatively mobile authentication of associating
CN112000744B (en) Signature method and related equipment
CN104199657B (en) The call method and device of open platform
CN109151820A (en) One kind being based on the safety certifying method and device of " one machine of a people, one card No.1 "
CN106936792A (en) Safety certifying method and system and the mobile terminal for safety certification
CN110381075B (en) Block chain-based equipment identity authentication method and device
CN107113613B (en) Server, mobile terminal, network real-name authentication system and method
CN104754582A (en) Client and method for maintaining BYOD (Bring Your Own Device) safety
CN107733838A (en) A kind of mobile terminal client terminal identity identifying method, device and system
CN109005541A (en) Bluetooth connecting method, device and system
CN107317807A (en) A kind of apparatus bound method, apparatus and system
CN106789925A (en) Information of vehicles safe transmission method and device in car networking
CN106611313A (en) A payment method, a terminal and a payment server
CN108920919A (en) Control method, the device and system of interactive intelligence equipment
CN108600234A (en) A kind of auth method, device and mobile terminal
US20100075633A1 (en) Method and System for the Reading of Data from a Memory in a Mobile Remote Appliance

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 100083 Beijing, Haidian District Xueyuan Road 30 days building A 20 floor

Applicant after: Beijing Bang Bang Safety Technology Co. Ltd.

Address before: 100083 Beijing, Haidian District Xueyuan Road 30 days building A 20 floor

Applicant before: Yangpuweiye Technology Limited

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant