CN106936800A - The method and apparatus for monitoring the number of downloads of application - Google Patents
The method and apparatus for monitoring the number of downloads of application Download PDFInfo
- Publication number
- CN106936800A CN106936800A CN201511030882.7A CN201511030882A CN106936800A CN 106936800 A CN106936800 A CN 106936800A CN 201511030882 A CN201511030882 A CN 201511030882A CN 106936800 A CN106936800 A CN 106936800A
- Authority
- CN
- China
- Prior art keywords
- application
- party
- token
- electronic equipment
- provider
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3574—Multiple applications on card
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/355—Personalisation of cards for use
- G06Q20/3552—Downloading or loading of personalisation data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Computer Security & Cryptography (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Finance (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
This invention relates generally to pass through field of the third party via the number of downloads for being applied to electronic equipment of cryptographic technique by application provider's control.The present invention relates to monitor method and system of the application via the download of third party to electronic equipment by application provider, wherein:- will using during being installed in electronic equipment, third party be operable to by authorization request message be sent to application provider so as to from application provider request will application be set to it is ready in case the mandate of use state;- application provider is operable to:- according to the data genaration token of authorization request message,-for each token for being generated, count-up counter,-the token that will be generated is sent to third party's request as response,-application is operable to the authenticity of the token for verifying third party's forwarding, and setting application is ready in case the state for using in authentication verification success.Application provider is using Counter Value as the basis for calculating the expense paid by third party.
Description
Technical field
This invention relates generally to pass through cryptographic technique via third party by application provider's control application
The field of the number of downloads in electronic equipment.
In particular it relates to monitor using via third party to smart card download method with
System.
Background technology
Term " smart card " generally refers to incorporate microprocessor or microcontroller store and manage
The wallet-sized or smaller card of the data in reason card.Smart card is more more complicated than magnetic stripe and stored value card,
The characteristics of smart card is advanced memory management and security feature.Typical smart card includes insertion
Microcontroller in card plastics, the card plastics are electrically connected to the external contact battle array being arranged on outside card
Row.Smart card microcontroller generally comprises electric erasable for storing user data and programmable
Read-only storage (EEPROM), for temporary storage random access memory (RAM), with
And for storing the read-only storage (ROM) of the card operation system.Relatively simple microcontroller foot
To control these functions.
Card can with the terminal of point of sale, ATM or be integrated into phone, computer, automatic selling
Card reader in cargo aircraft or any other device enters line interface connection.
Certainly, smart card can be implemented in many ways, without necessarily include microprocessor or
Other characteristics.Can be that, with various types of functions, the function includes all by smart card iaisci
Such as Stored Value, credit/debit, the application of loyalty program (loyalty program).
Before smart card is issued into card user, smart card is initialised so that some data are put
Put in card.For example, in initialization procedure, smart card can be loaded with such as credit or deposit
As the cash value of storage at least one application, using default value initialize file structure and
For transmitting some safe initial cryptographic keys.Once card is initialised, it is just typically individual
Property.During personalization, smart card is loaded with uniquely identifying the data of the card.For example,
Individuation data can include card maximum, PIN (PIN), effective currency type of the card,
The validity date of card and the cryptographic key of card.Once loading application on card and when personalized complete
Cheng Hou, the card it is ready in case use (ready to use), and can be distributed to terminal use
Family.
In conventional systems, provider (such as card manufacturer, MNO, bank card hair are individually blocked
Passerby ...) can closely control to be loaded into smart card content, using and personalized number
According to.The each side for loading data into smart card is typically maintained due to single card provider
Control, therefore carry out charging for such data being loaded into smart card and charge is relative
It is easier.
However, under new system model, smart card environment has developed into be allowed by each side (party)
New application and individuation data are downloaded on smart card.Therefore, it can be provided by with main card
The different third company of business provides content-data, individuation data and even services or apply.
It not is to be provided or maintained by third party provider but by leading that such third party provider can utilize
The system resource that card provider provides or maintains.
When the data (application, individuation data ...) provided by third party provider are downloaded to
After smart card, third party provider will generally collect money for the data.At present, for collection charge
With third party provider must be provided with the relation with the card provider for loading third party's data.Card
Provider pays usage charges and gives third party provider, and causes third party's data for being carried by the card
Be can use for the card that business is provided.
This method of servicing is shortcoming, because if third party provider wishes to make the oneself the 3rd
According to that can be used in card, they must be provided with the relation with multiple card vendors to number formulary.And, because
Third party provider not necessarily controls the distribution of its data and uses, and third party provider is possibly cannot
Monitoring it is this using and the distribution for its third party's data and using collecting the charges.
Accordingly, it would be desirable to a kind of allow third party provider to be arrived based on third party's data by card provider
Each download of each smart card carries out charging and the system collected to usage charges.
The content of the invention
In order to provide to it is of the invention some aspect and feature basic comprehension, there is provided it is of the invention with
The lower content of the invention.The content of the invention is not extensive overview of the invention, therefore the content of the invention is not intended to tool
Body mark crucial or important element of the invention delineates the scope of the present invention.The content of the invention it is unique
Purpose is to be presented of the invention in simplified form as the preamble of more detailed description given below
Some concepts.
The present invention solves monitoring and is downloaded to electronic third-party and is set by the application that application provider provides
The previous security shortcoming of standby number of times.In embodiment, electronic equipment is smart card, but, electricity
Sub- equipment can essentially be any equipment that can receive digital information, such as personal digital assistant
Or smart phone (PDA).
According to other side of the invention, the download of application is entrusted to third party by application provider.
Offer technology of the present invention is downloaded to application provider with monitoring this commission.
In embodiment, will using during being installed to electronic equipment and just it is ready with
Before standby use state, third party transmit a request to application provider to complete to install.Using offer
Business generates token and is sent to third party as response.The token can be application provider
The ciphertext generated using the cryptography scheme set up between application provider and application.This token with
Available to application afterwards, the then application can test the ciphertext to determine whether the token is certification
(authenticated).It is ready using its state is set to if token is certification
In case using, do not complete otherwise to install.
In order to realize these and other advantages, and according to embodying and broadly described mesh of the invention
, the present invention proposes one kind by application provider's monitoring application via in third party to electronic equipment
Download method, wherein
- will be using during being installed in electronic equipment, third party is operable to authorize
(authorization) request message is sent to application provider so that the request from application provider will
It is ready in case the mandate of use state using being set to,
- application provider is operable to:
- according to the data genaration token of authorization request message,
- for each token for being generated, count-up counter,
- generated token is sent as the response asked third party,
- application be operable to verify third party forwarding token authenticity, and authentication verification into
Will be ready in case use state using being set to during work(.
Embodiments in accordance with the present invention, are set in the installation of application and in application and are defined
For ready in case before use state, authorization request message is sent to application provider by third party.
Embodiments in accordance with the present invention, the 3rd described in when third party receives token request from application
Side sends authorization request message to application provider.
Embodiments in accordance with the present invention, authorization request message includes being used to generate by application provider
The Monitoring Data of token.
Embodiments in accordance with the present invention, Monitoring Data is the sequence number of electronic equipment, electronic equipment
The hwid of component, using physics can not copy function (PUF) circuit evolving PUF values,
The individuation data, and/or timing information relevant with the holder of electronic equipment.
Embodiments in accordance with the present invention, application provider is by the way that basis is in application provider and applies it
Between the specific cryptosystem scheme realized, the Monitoring Data that is received encode using cryptographic key
Generation token.
Embodiments in accordance with the present invention, specific cryptosystem scheme is that cryptographic signatures algorithm, symmetric key add
Close algorithm and/or integral algorithm.
Embodiments in accordance with the present invention, using being operable to according between application provider and application
The specific cryptosystem scheme of realization sets the checking of the authenticity for the token received from third party.
Embodiments in accordance with the present invention, when the authentication failed of the authenticity of token, using being operated
Terminating loading processing, resending token request to third party or deleting mounted application.
Embodiments in accordance with the present invention, electronic equipment is smart card.
There is provided application is monitored via third party's download by application provider the invention further relates to a kind of
System in electronic equipment, wherein
- during installation is applied in electronic equipment, third party is operable to authorization request message
Application provider is sent to so that the request from application provider will be using being set to ready in case making
With the mandate of state,
- application provider is operable to:
- according to the data genaration token of authorization request message,
- for each token for being generated, count-up counter,
- generated token is sent as the response asked third party,
- application be operable to verify third party forwarding token authenticity, and authentication verification into
Will be ready in case use state using being set to during work(.
Foregoing is the content of the invention, therefore can the simplification containing details, summary and omission;Therefore,
It will be understood by those skilled in the art that the content of the invention is merely illustrative to be not intended to carry out by any way
Limitation.
In order to more fully understand embodiment and its other and further feature and advantage, with reference to accompanying drawing
Following description is referred to.The scope of the present invention will be pointed out in the appended claims.
Brief description of the drawings
Following detailed description is better understood with reference to accompanying drawing, in accompanying drawing:
Fig. 1 shows involved different entities in the monitoring for downloading application.
Fig. 2 is according to an exemplary embodiment of the present invention for being applied via third-party download
Logical flow chart during monitoring.
Specific embodiment
It will be readily understood that, as in the accompanying drawing of this paper be generally described and shown in embodiment
It is various in addition to the configuration in described example embodiment that component can be arranged and designed
The different configurations of various kinds.Therefore, the example embodiment for representing such as in figure is said in more detail below
The bright scope for being not intended to limit embodiment required for protection, and be only to represent example embodiment.
Reference in entire disclosure to " one embodiment " or " embodiment " means and implementation
Example combines described special characteristic, structure or characteristic and is included at least one of subject
In embodiment.Therefore, the phrase " in one embodiment " for occurring in each place of entire disclosure
Or " in embodiment " is not necessarily referring to same embodiment.Additionally, specific feature, structure or
Characteristic can be combined in one or more embodiments in any suitable manner.
As used herein, singulative " ", " one " and " being somebody's turn to do " are also intended to include again
Number form formula, unless clearly indicated by the context reverse situation.Will be further understood that, term " including "
And/or "comprising" when using in this manual, specify stated feature, integer, step,
The presence of operation, element and/or component, but do not preclude the presence or addition of one or more of the other spy
Levy, integer, step, operation, element, component and/or their group.
In the following description, there is provided many details are providing a thorough understanding of embodiments.
However, one skilled in the relevant art will recognize that, can be in neither one or multiple details
In the case of or put into practice using other methods, component, material etc. various embodiments.At other
In example, known structure, material or operation are not shown or described in detail to avoid confusion.
It is of the invention not realized specific to any specific hardware or software, but in the details realized
On concept rank.It should be appreciated that the spirit or scope of the present invention can not departed from
In the case of produce various other embodiments of the invention and modification.Following explanation is provided to help understand
The actual realization of specific embodiment of the invention.
Identical reference marker has been used to specify identical element in different drawings.Risen in order to clear
See, illustrate only in the accompanying drawings for understanding those useful elements of the present invention and step, and will
It is described.
Additionally, not describing the mechanism of the data communication between each side and its environment, this hair in detail yet
It is bright compatible with usual mechanism again herein.
Additionally, the connecting line shown in each accompanying drawing for including herein is intended to indicate between various elements
Example functional relationships and/or physical coupling.It should be pointed out that can deposit in systems in practice
In many functional relationships or physical connection alternatively or additionally.Additionally, the various realities in Fig. 1 to 2
Body can be using any suitable communication protocol via any suitable communication media (including internet)
Communicated.
According to the present invention, using and/or data can be downloaded to electronic equipment.The present invention is not only fitted
For the download of information, the renewal and deletion of information are also applied for.In this context, various softwares
Environment can be it is appropriate, including such as object-oriented Java programming languages or Windows environment.
Before the details of some embodiments of the present invention is discussed, the description to some terms may be right
In understanding that various embodiments are useful.
" key " may refer to be used in cryptographic algorithm convert input data into another table
The information shown.Cryptographic algorithm can be that initial data is converted into replacing the AES for representing, or
It is the decipherment algorithm that the information after encryption is converted back initial data.The example of cryptographic algorithm can be wrapped
Include triple DES (TDES), data encryption standards (DES), Advanced Encryption Standard (AES)
Deng.
" individuation data " is the data relevant with the holder of electronic equipment.Individuation data can
Being, for example, privacy key, secret code.Secret code may be such that the PIN that can identify validated user
Code (PIN).In the case of bank card, it is secret that request user provides his/her before transaction
Password is a kind of common practice, to ensure that he/her has the right to ask the transaction.
" application " used herein refers to the Portable segmentation for software code.Using can be with
In the form of one or more suitable programming languages, the programming language is converted into machine language
Say or object code is to allow one or more processors execute instruction.Application software can be used
The form of the stand alone type application realized under suitable programming language or framework.
The details of some embodiments of the present invention will now be described.
The present invention is described according to functional block components and various process steps herein.In embodiment,
Can be realized by being configured as performing any amount of hardware and/or component software of specified function
Such functional block.For example, the present invention can using can one or more microprocessors or its
The various integrated circuit packages of each function are performed under the control of his control device, for example, memory
Element, Digital Signal Processing element, look-up table (look-up table) etc..Additionally, this area skill
Art personnel will be appreciated that can put into practice the present invention under any amount of data communication background, and
And various systems described herein are only the exemplary application for various aspects of the invention.
Technique described herein can be used together with electronic equipment, and the electronic equipment can be moved
It is dynamic equipment or other equipment, such as smart phone, intelligent watch, intelligent glasses, smart card, flat
Plate computer, desktop computer, portable computer, television set, game station, music
Device, mobile phone, laptop computer, palmtop computer, intelligent or mute (dumb) terminal,
Network computer, personal digital assistant, wireless device, information household appliances, work station, small-sized calculating
Machine, mainframe computer or be able to carry out function described herein as all-purpose computer or spy
Other computing devices that the hardware device of different purposes is operated.
Electronic equipment can include being adapted for carrying out the one or more processors of application, including general
Both with special microprocessor.Generally, processor receives storage in read-only storage or arbitrary access
Instruction and data on memory or the two memories.It is suitable for embodying application instruction and data
Information carrier includes the nonvolatile memory of form of ownership.One or more memories can be stored
Instruction, the instruction forms module described herein and other components when being run by processor simultaneously
And perform the function being associated with the component.Can by dedicated logic circuit come supplement process device and
Memory, or processor and memory are integrated in dedicated logic circuit.
In the example of the realization for describing thereafter, the present invention is provided to control to be applied to smart card
The technology of download.
As shown in the example of Fig. 1, third party 10 can set up the product pipe of control electronics 11
The strategy of reason system, and therefore on whole electronic device management scheme have significantly affect.3rd
Side is electronic equipment publisher.In the realization being described below, third party 10 be card issuing and
Electronic equipment 11 is smart card.Third party 10 can also possess smart card and legally to intelligence
Can block and be responsible for.
(multiple) application provider 12 can develop and possess one or more and apply 15, and
Legally and technically these applications can be responsible for.Application provider 12 sets up and one or many
The commercial relations of individual third party 10, one or more third parties 10 are by the application of application provider
It is arranged on their card.Application provider 12 can be bank card provider, smart card issuance side,
Smart card manufacturer, MNO and/or such etc..
Certification authority (not shown) can be generated, managed and management and control (administer) application
The public-key certificate of both provider 12 and the application 15 provided as application provider 12.
Certification authority can be the external service provider of application provider 12.In embodiment, should
The certificate of their own can be responsible for sending with provider 12.
With reference to Fig. 1, application provider 12 will download his being applied on electronic equipment 11 for task committee
Hold in the palm to third party 10.Electronic equipment 11 uses contact or contactless communication agreement 13 and the 3rd
Line interface connection is suitably entered by side 10.Third party 10 and application provider 12 are properly connected to
Network 14 as such as internet.
During application deployment 15, this applies actual ready in case end user uses it at it
Before may experience various states.In the context of the present invention, may state interested be loaded,
Install and personalized state:
Stress state indicates application to be loaded on electronic equipment 11;
Installment state indicates loaded application to be instantiated on card, but go back no initializtion should
Individuation data;
The application that personalized state instruction has been installed has been initialised, and is set using particular value
The individuation data of application;
It is ready in case use state indicate complete installation and individualization phase.
Personalized state can be optional state.In the presence of some using data with no personalization and because
This is changed into completely operable if installation (that is, when still in installment state) is performed,
And other application be changed into completely it is operable before need to carry out personalization to their data.
Set it is ready in case before use state and complete install and individualization phase it
Afterwards, monitoring method of the invention is performed by application 15.
The deployment of application program 15 can occur in a variety of different ways.Can be in manufacture using 15
Stage or by third party or by user from application shop or from publisher or under service provider
The user for carrying application is pre-installed on electronic equipment 11.
In realization described below, can include using 15 should corresponding at least one
Force the bag 16 of component and corresponding to the information needed for personalization at least one application
Customizable component 17.When being loaded into electronic equipment using 15, being installed from the bag for being loaded should
With.Once mounted state is at the end of the completion of installation steps using 15, (if needed
If wanting) just can be with the personalized application.
Certainly, term loading or download may refer to loading new opplication, update existing application or deletion
Existing application.
Fig. 2 shows to monitor to be downloaded by third party 10 by application provider 12 to be set to electronics using 15
Figure stream 20 on standby 11.In embodiment, in step 21, terminate when the loading of application 15 is in
(that is, just ready in case use state during the step of making using fully operational installation
Before), monitoring treatment can be started.
It should be noted that can application 15 installation before or application 15 installation process in,
But only it is being arranged to ready using 15 in case before use state, starting monitoring treatment.
In step 22, when monitoring treatment is started, can be set by application 15 and terminate solicited status.
In embodiment, it is maintained in this termination solicited status using 15 loading, until third party 10
Mandate (token) for using is sent to application 15 by communication protocol 13.In another embodiment
In, when termination solicited status is provided with, can be by communication protocol 13 to third party using 15
10 send the request for token.
In step 23, when termination solicited status is provided with, third party 10 can determine Monitoring Data
The download of application is monitored to be sent to application provider 12.
In embodiment, Monitoring Data can be the ardware feature of electronic equipment 11.Ardware feature can
Be electronic equipment 11 component sequence number or other hwids for being distributed.This monitoring
Data can be generated by third party 10 or be supplied to third party 10 by the manufacturer of electronic equipment 11
Or third party 10 is supplied to according to request by electronic equipment 11 itself.
In embodiment, Monitoring Data can be can not the life of copy function (PUF) circuit using physics
Into PUF values.PUF is the intrinsic random physics that electronic equipment therein 11 is built in from them
Characteristic and derived function.For example, silicon PUF can using by interconnect (interconnect) and
The change of the delay that door (gate) is produced or the slight difference of threshold voltage.Because PUF utilizes equipment
Or the physical change of its material for being used is constructed, therefore each PUF should be provided uniquely (to the greatest extent
Pipe is probably noise) response.The Monitoring Data can be by the manufacturer of electronic equipment or by electronics
Equipment is supplied to third party according to request in itself.
In embodiment, Monitoring Data can be individual in individualization phase is loaded into using 15
Property data.
In embodiment, Monitoring Data can be timing information (for example, such as timestamp, sequence
Number etc.).Timing information can be used for any suitable purpose, such as, with capture time or interval stamp
Note Monitoring Data.Timing information can be generated by third party or electronic equipment 11 according to request.
Certainly, these examples of Monitoring Data are only example, it is possible to use the monitoring of various species
Data, the identifier of CPU, sensor id or any combination of them etc..
In a preferred embodiment, Monitoring Data can be during verification step 27 by electronic equipment 11
Obtained from previous storage or generated when needed.
Third party 10 can generate authorization request message with from application provider 12 request will be using 15
Located at ready state in case the mandate for using.Authorization request message includes Monitoring Data.By
Tripartite 10 sends authorization request message to application provider 12.
In step 24, application provider 12 is by encoding the prison that (decoding) is received with cryptographic key
Data are surveyed to generate token.Encryption algorithm is set up between application provider 12 and application 15
Predetermined mathematical computing.Recipient's (applying 15) of token can perform free (complimentary)
Mathematical operation decodes (decoding) token.Using the specific cryptosystem side by realizing among correspondents
Cryptographic key determined by case performs the decoding and decoding of token.Therefore, in such as public keys
Or between the correspondent in symmetric-key systems exist some must be previously known parameter.All
In these schemes, it is assumed that cryptographic key (either private cipher key, public keys or symmetric key)
Derived and effectively as specified in protocol scheme.
In embodiment, cryptographic key is the private cipher key of the certificate provided by certification authority.
Certificate can be application provider's certificate or Application Certificate.Token can be by Monitoring Data and privately owned
The digital signature that key is provided as the conventional cipher signature that input is received.In embodiment,
Conventional cipher signature can be " unidirectional " Hash (hash) function so that be converted into Monitoring Data can not
The form of understanding." Hash " function for being used can be applied to data clustering with create it is smaller,
The function of more easily handled data clustering.Signature has the unique " number for serving as primary monitoring data
The bit set of the fixed size of word fingerprint ".If primary monitoring data is changed and carries out again
Hash, then the probability of its different summary (digest) of generation is very high.Therefore, hash function can be with
It is used for detection change and forgery Monitoring Data.They provide message integrity, it is ensured that prison
Data are surveyed not to be modified or damage.Can be generated using any conventional cipher endorsement method herein
The token for being referred to.
In embodiment, cryptographic key is built-in using the secret in 15, such as hard coded
Data are stored in application code and application provider side.In embodiment, encryption algorithm can be with
It is that Monitoring Data and privacy key are received and generated as input the symmetric key encryption of token
Algorithm.Symmetric key encryption can include such as algorithm and base based on data encryption standards (DES)
Block cipher (the block cipher as the algorithm of Advanced Encryption Standard (AES)
) and stream cipher arithmetic as such as RC4 algorithm.
In another embodiment, encryption algorithm is integral algorithm.Integral algorithm can be Hash
Algorithm such as can be CRC (CRC) algorithm version, an eap-message digest
(MD) any appropriate algorithm of algorithm or Secure Hash Algorithm (SHA) etc.Integral algorithm
Monitoring Data and privacy key are received as input, and is generated token as output.
In embodiment, after Hash is carried out to Monitoring Data, signature function can be applied to institute
The Hash of generation is producing signature.In order to produce such signature, the signature function can be such as
Any one of many known technologies as SHA-1, MD5MAC.In this implementation, make
Board includes Hash and signature.
In another embodiment, after Hash is carried out to Monitoring Data, then can use asymmetric
Cipher key cryptography scheme carrys out cryptographic digest.Summary can be close by different (" asymmetric ") using having
The lock of two key grooves (key slot) that key is opened is locked.First key (is referred to as " privately owned "
Key) for locking the lock.Once lock the lock using first key, it is necessary to use
Second (different) key (being referred to as " public " key) opens lock.Choice encryption algorithm
With key length so that making a summary and adding in available second key, public key encryption algorithm, plaintext
Computationally it is also impossible to calculate first key in the case of close digital signature.Exist many latent
Candidate algorithm be used for such asymmetric key cipher (for example, RSA, DSA,
EI Gamal, elliptic curve cryptography).In the present implementation, token includes the summary of summary and encryption.
Counter (not shown) is provided to each using 15 and is implemented in application provider 12
It is interior.For the token that each is generated, associated Counter Value is incremented by one.Counter Value by with
Make the basis of the expense that calculating will be paid from third party 10 to application provider.Any meter can be based on
Calculate formula and carry out computational costs;Expense can be simply directly proportional to Counter Value, or can be
Certain expense is paid during more than predetermined Counter Value.
In step 25, in response to received authorization requests, application provider 12 will be generated
Token is sent to third party 10.In step 26, application provider 12 forwards to electronic equipment 11 and orders
Make terminating installing.Terminating order can include the token.In embodiment, if electronic equipment
11 can not be obtained Monitoring Data and be provided it to by itself and apply 15, then terminate order also
The Monitoring Data for generating token can be included.
In step 27, once termination order is received, using 15 according in the He of application provider 12
Using the specific cryptosystem scheme realized between 15, the verification step to the token for being received is set.Should
Perform operation to decode (decoding) token with 15.Then, using 15 based on any suitable close
Code scheme (such as, for example based on a key known to (in the case of symmetry algorithm) or (
In the case of asymmetric arithmetic) multiple keys) test received token for desired result.
If the token for being generated is calculated according to PKI signature scheme certificate of utility private cipher keys
Signature, can be carried out using the public keys of acquired Monitoring Data, certificate using 15 to token
Certification.
The checking of the authenticity of token is not described further, because being described above known
And depending on the specific cryptosystem scheme realized between application provider 12 and application 15
Some examples.
When the authenticity of received token is demonstrated using 15, in step 28, terminate application
15 installation, and be located at using 15 ready in case use state.In embodiment, institute
The token of reception can be stored in electronic equipment deletion next time and peace for application 15
Dress.In another embodiment, reinstalling every time for application 15, please be looked for novelty by using 15
Token.New token is generated during reinstalling or will be depended on using received old token
Realization and the charge treatment of the application for being provided.
In step 29, when the authenticity of received token cannot be verified using 15 (that is, when signing,
When summary and/or the data of decryption do not correspond to desired data), can terminate at loading using 15
Reason, or termination solicited status is reset in step 22, or delete installation kit 16.
It should be appreciated that the exemplary process for showing can include more or less step, Huo Zheke
Performed with the background of bigger processing scheme.Additionally, the flow chart presented in accompanying drawing should not
When being interpreted to limit the order that each process step can be performed.
As described above, the present invention is allowing to download in many ways small application (applet) to so-called on card
It is particularly advantageous under the background of smart card environment.However, the invention is not limited in this, and
Can also be in non intelligent snap ring border using the present invention, for example, PDA and mobile phone etc..That is,
Be able to will have been downloaded based on the transmission of the information from information owner to information equipment with it is mounted
Using located at it is ready in case the state for using, the wherein information equipment in response to third party ask
The token of numerical calculation is received from information owner.Additionally, the token generated for each, passs
Count up device.
Different combination and permutation can be disposed in by the feature and function of realization shown in the drawings
In, and all be considered as within the scope of present invention disclosed.Therefore, it is described
Realization should be taken in illustrative and not restrictive in all respects.It is described herein to match somebody with somebody
Put, material and size are also intended to be illustrative and not in any limiting sense.Equally, although in order to
Descriptive purpose provides physical interpretation, but comes with any particular theory or machine without any intention
System is fettered, or limits claim accordingly.
Terminology employed herein and expression be used as description rather than limitation term and expression, and
And using these terms and expression when, be not intended to exclude shown or described by feature or its portion
Any equivalent for dividing.In addition, it has been described that some of disclosure is realized, to this area
Be evident that for those of ordinary skill, do not departing from the feelings of the spirit and scope of the present invention
Other realizations for combining concepts disclosed herein can be used under condition.
Claims (17)
- It is 1. a kind of that method of the application via the download in third party to electronic equipment is monitored by application provider, Wherein- will be using during being installed in electronic equipment, third party is operable to send authorization requests and disappears Cease to application provider so that the request from application provider will be using being set to ready in case using shape The mandate of state,- application provider is operable to:- according to the data genaration token of authorization request message,- for each token for being generated, count-up counter,- generated token is sent as the response asked third party,- application be operable to checking by third party forward token authenticity and authentication verification into Will be ready in case use state using being set to during work(.
- 2. the method according to preceding claims, wherein in the installation of application and should With being arranged to ready in case before use state, being sent to authorization request message by third party should Use provider.
- 3. the method according to any preceding claims, wherein being made when third party receives from application place When board is asked, third party sends authorization request message to application provider.
- 4. the method according to any preceding claims, wherein authorization request message are included by applying Provider uses the Monitoring Data for generating token.
- 5. the method according to preceding claims, wherein Monitoring Data be electronic equipment sequence number, The hwid of the component of electronic equipment, can not copy function (PUF) circuit evolving using physics PUF the values individuation data, and/or timing information relevant with the holder of electronic equipment.
- 6. the method according to preceding claims 4 to 5, wherein application provider are by according to existing The specific cryptosystem scheme realized between application provider and application, the monitoring using cryptographic key to being received Data are encoded to generate token.
- 7. the method according to preceding claims 6, wherein specific cryptosystem scheme are that cryptographic signatures are calculated Method, symmetric key encryption algorithm and/or integral algorithm.
- 8. the method according to preceding claims 6, carries wherein applying and being operable to basis in application The authenticity of the token received from third party is set for the specific cryptosystem scheme realized between business and application Checking.
- 9. the method according to any preceding claims, wherein when the checking of the authenticity of token is lost When losing, using be operable to terminate loading processing, resend token request to third party or delete Application through installing.
- 10. the method according to any preceding claims, wherein electronic equipment is smart card.
- A kind of 11. applications provided by application provider's monitoring are via in third party to electronic equipment Download system, wherein- will be using during being installed in electronic equipment, third party is operable to send authorization requests Message is to application provider so that the request from application provider will be using being set to ready in case making With the mandate of state,- application provider is operable to:- according to the data genaration token of authorization request message,- for each token for being generated, count-up counter,- generated token is sent as the response asked third party,- application is operable to the authenticity of the token that checking is forwarded by third party and in authentication verification Will be ready in case use state using being set to during success.
- 12. system according to preceding claims, wherein in the installation of application and answering With being arranged to ready in case before use state, being sent to authorization request message by third party should Use provider.
- 13. according to any one of preceding claims 11 and 12 described system, wherein working as third party Third party when token is asked is received from application and sends authorization request message to application provider, the mandate Request message includes being used to generate the Monitoring Data of token by application provider.
- 14. system according to preceding claims, wherein Monitoring Data be electronic equipment sequence number, The hwid of the component of electronic equipment, can not copy function (PUF) circuit evolving using physics PUF the values individuation data, and/or timing information relevant with the holder of electronic equipment.
- 15. according to the described system of any one of preceding claims 13 to 14, wherein application is provided Business is by according to the specific cryptosystem scheme realized between application provider and application, using cryptographic key pair The Monitoring Data for being received is encoded to generate token.
- 16. system according to preceding claims 15, wherein specific cryptosystem scheme are cryptographic signatures Algorithm, symmetric key encryption algorithm and/or integral algorithm.
- 17. system according to any preceding claims, wherein when the checking of the authenticity of token is lost When losing, using be operable to terminate loading processing, resend token request to third party or delete Application through installing.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511030882.7A CN106936800A (en) | 2015-12-31 | 2015-12-31 | The method and apparatus for monitoring the number of downloads of application |
PCT/EP2016/068449 WO2017114602A1 (en) | 2015-12-31 | 2016-08-02 | Method and apparatus for monitoring the number of downloading of an application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511030882.7A CN106936800A (en) | 2015-12-31 | 2015-12-31 | The method and apparatus for monitoring the number of downloads of application |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106936800A true CN106936800A (en) | 2017-07-07 |
Family
ID=56571315
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201511030882.7A Pending CN106936800A (en) | 2015-12-31 | 2015-12-31 | The method and apparatus for monitoring the number of downloads of application |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106936800A (en) |
WO (1) | WO2017114602A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112668062A (en) * | 2019-10-15 | 2021-04-16 | 美光科技公司 | Token indicating completion of data storage |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20230004974A1 (en) * | 2019-12-13 | 2023-01-05 | Visa International Service Association | Plan interaction utilizing cryptogram |
-
2015
- 2015-12-31 CN CN201511030882.7A patent/CN106936800A/en active Pending
-
2016
- 2016-08-02 WO PCT/EP2016/068449 patent/WO2017114602A1/en active Application Filing
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112668062A (en) * | 2019-10-15 | 2021-04-16 | 美光科技公司 | Token indicating completion of data storage |
Also Published As
Publication number | Publication date |
---|---|
WO2017114602A1 (en) | 2017-07-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2021203184B2 (en) | Transaction messaging | |
EP1198922B1 (en) | Secure distribution and protection of encryption key information | |
CN1326354C (en) | Cryptographic authentication with ephemeral modules | |
EP1573719B1 (en) | A method, system and computer program product for secure ticketing in a communications device | |
US20020016913A1 (en) | Modifying message data and generating random number digital signature within computer chip | |
CN104782077B (en) | The method and apparatus and tamper resistant device that key certificate is retransmitted | |
JP2000357156A (en) | System and method for authentication sheet distribution | |
CN105162607A (en) | Authentication method and system of payment bill voucher | |
KR20190045753A (en) | Method for generating and backing up electric wallet and user terminal and server using the same | |
JP2010140495A (en) | Method and device for authenticating download of information onto smart card | |
CN106936800A (en) | The method and apparatus for monitoring the number of downloads of application | |
Rossudowski et al. | A security privacy aware architecture and protocol for a single smart card used for multiple services | |
US20020188850A1 (en) | Method for accelerated transmission of electronic signature | |
CN107682147B (en) | Security management method and system for smart card chip operating system file | |
CN116362852A (en) | Method, device and medium for generating and verifying account identification code | |
Manninger | 13 Smart Card Technology | |
Manninger | 13 Smart Technology Card | |
KR20130095919A (en) | Device of conducting electric transaction using sam card directly performing electric transaction process and method thereof | |
Balenson | AN OVERVIEW OF THE ADVANCED SMARTCARD ACCESS CONTROL SYSTEM (ASACS) | |
Chung | Design of Smart Card Enabled Protocols for Micro-Payment and Rapid Application Development Builder for E-Commerce | |
Galen | Design and feasibility of mobile peer-to-peer payment systems | |
KR20180089952A (en) | Method and system for processing transaction of electronic cash | |
KR20150037787A (en) | Device of conducting electric transaction using sam card directly performing electric transaction process and method thereof | |
KR20140126637A (en) | Financial service proving method using keylock | |
KR20140126636A (en) | Security apparatus for financial service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170707 |