201203112 六、發明說明: 【發明戶斤屬之技術領域3 發明的技術領域 本發明係有關用以在行動運算裝置上安裝及管理軟體 應用程式與多重軟體應用程式之方法與系統。 發明的技術背景 本發明係有關一種用以操作一系統以供在一行動運算 裝置上安裝並管理多重軟體應用程式的系統與方法,以及 另一種用以操作一系統以供在一行動運算裝置上安裝一軟 體應用程式的方法。 目前已經良好地建立了 一種使用一次性密碼(ΟΤΡ)以增 進存取一公司網路之安全性的方式。利用ΟΤΡ來實行一系 統的最普遍方式是對各個使用者提供一硬體符記,其為該 使用者必須插入到用以存取該網路的一終端機中,例如一 個人電腦(PC)。該符記含有硬體與軟體,並且可在使用者 每次存取該網路時產生一獨特密碼。對該種網路之各個使 用者提供一硬體符記所牽涉的費用與物流十分驚人。 為了解決上述符記的某些缺點,已經研發出系統與方法 以在一行動運算裝置上部署一種一次性密碼安全性應用程 式。此種OTP應用程式令該行動運算裝置能作為一種鑑認 符記,這與目前其他系統中用來存取安全網路的一專屬鑑 認符記相同。 本發明的一目的是提供一種替代的方法與系統,其可用 201203112 二人性达、石馬應用程 來實行並管理-行動運算裝置上的多重 式專功能。 务明内】 發明的概要說明 根據本發明的—第—面向,揭露了—種用以操作 :供在—行紐算裝置上絲《理多錄體相程式的 方法,該方法包括下列步驟: 在支援-安制頁的—部署舰器上,經由該安襄網頁 接收來自-使用者的—請求,以在該行動運算裝置上安 裝至少一受請求軟體應用程式; 在該部署器上,判定該使用者是否先前已經藉由該 系統在該行騎算裝置上絲了 —先綠職用程式’· 如果該㈣者已經藉由《統在該行崎料置上安 裝了一先前軟體應難式,便對該行動運«置發送資 料,該資料係與縣少—受請求軟體應祕式相關聯; 以及 使用與該至少—受請求軟體應用程式相關聯的該經發 达資料’在該使用者的該行動運算裝置上安裝該至少一 受請求軟體應用程式。 該至少一受請求軟體應用程式可為一種一次性密碼 (OTP)安全性應用程式。 人在例示貫轭例中,該至少一受請求軟體應用程式可包 3種OTP演繹法,以供針對不同鐘認實體產生一次性密 石馬。 4 201203112 該先前軟體應用程式亦可包含一 OTP演繹法,以供針 對該使用者先前所連接到的一鑑認實體產生一次性密碼。 在一例示實施例中,該方法可包括使用與該使用者及/ 或該使用者之該行動運算裝置相關聯而先前已經儲存在該 部署伺服器上的資料,以針對該使用者的該行動運算裝置 組配所需的軟體應用程式。 判定出該使用者是否已經在其行動運算裝置上安裝了 一先前軟體應用程式的步驟可包含該部署伺服器檢視與其 相關聯之記錄的步驟。檢視該等記錄的步驟可包含比較與 該使用者之該行動運算裝置相關聯的MSISDN (行動站台 ISDN 號碼、Mobile Station international ISDN number)以 及已部屬有先前軟體應用程式之行動運算裝置的MSISDN。 在一例示實施例中,該方法可包含針對表示該使用者是 否已經藉由該系統在其行動運算裝置上安裝了一先前軟體 應用程式的資訊來敦促該使用者。 如果該使用者表示已經把一先前軟體應用程式安裝在 其行動運算裝置上,該方法可包含敦促該使用者要使用至 少該先前軟體應用程式來取得該受請求軟體應用程式的步 驟。 該使用者的該行動運算裝置較佳地為一行動電話、一 PDA、或具有無線連結性的另一種行動運算裝置。 在一例示實施例中,來自該使用者而表示要安裝該受請 求軟體應用程式的一初始請求可經由安裝在該使用者之該 行動運算裝置上的該先前軟體應用程式而提出。 201203112 該方法可包括發送一訊息到該使用者之該行動終端機 的步驟,該訊息包括對該安裝網頁的一鏈結。該訊息可藉 由該部署伺服器來發送。該訊息可為一 WAP或SMS格式 訊息。 較佳地,該方法可另包括在把與該至少一受請求軟體應 用程式相關聯的該資料發送到該使用者的該行動運算裝置 之前,先加密該資料。 該加密動作可為對稱加密動作或非對稱加密動作。 一旦受到安裝,該受請求軟體應用程式可藉由一安全金 鑰來操作。由此可見的是,可把該安全金鑰發送給該使用 者。 在一例示實施例中,存取與該至少一受請求軟體應用程 式相關聯的該資料以便安裝該受請求軟體應用程式的步驟 可包括接收來自該使用者之該安全金鑰的步驟。 該方法可包括該部署伺服器判定出該使用者的該行動 運算裝置是否需要一非客製化軟體應用程式。 於此,該方法可包括下列步驟: 如果該行動運算裝置需要一非客製化軟體應用程式,便 發送一啟動碼到該使用者的該行動運算裝置; 引導該使用者在其行動運算裝置上安裝該軟體應用程 式; 在操作該已安裝軟體應用程式時,經由該已安裝軟體應 用程式向該使用者請求與該使用者之該行動運算裝置 關聯的一 MSISDN以及該經發送啟動碼; 201203112 使用與該使用者之該行動運算裝置相關聯的該㈣SDN 以及•亥經發送啟動碼,向該部署飼服器取得用以識別該 軟體應用程式的一識別符;以及 使用該識別符來向該部署词服器請求其他的軟體應用 程式。 ^方法可使多重軟體應用程式能受安裝在該使用者的 該行動運算裝置上。 根據本發明的—第二面向,揭露了 ―種用以操作一系統 以供在-仃動運算裝置±安裝並管理多重軟體應用程式的 系統’該系統包含: 接收器杈組,其係配置成經由一安裝網頁接收來自一 使用者的一請求,以在該行動運算裝置上安裝至少一受 請求軟體應用程式; 一處理器’其係配置成判定該使时是料前已經藉由 該系統在該行動運算裝置上安裝了一先前軟體應用程 式; 心送器模組,其係配置成如果該使用者已經藉由該系 統在該行動運算裝置上安裝了—先前軟體躺程式,便 對3玄行動運算裝置發送資料’該資料係與該至少一受請 求軟體應用程式相關聯;以及 -軟體安裝模組,其伽置成個與絲少—受請求軟 體應用程式相關聯的該資料,在該使用者的該行動運算 裝置上安裝該至少一受請求軟體應用程式。 根據本發明的—第三面向,揭露-種用以操作-系統以 201203112 供在-行動運算裝置上安裝一軟體應用程式 法包含下列步驟: 對该订動運算裝置的_使用者發送包括針對_安裝網 頁之一鏈結的一訊息; 在支援該安裝網頁的__部署舰器上,制該行動運算 裝置疋否需要一非客製化軟體應用程式; 如果該行動運算裝置需要—非客製化軟體制程式,便 對該使用者的該行動運算裝置發送—啟動碼; 引導該使用者在其行動運算裝置上安裝該軟體應用程 式; 在操作該已安裝軟體應用程式時,經由該已安裝軟體應 用程式向該使用者請求與該使用者之該行動運算裝置 關聯的-MSISDN以及該經發送啟動碼; 在》亥。P署伺服器上,使用與該使用者之該行動運算裝置 相關聯的該MSISDN以及該經發送啟動碼,以取得用以 識別該軟體應用程式的一識別符;以及 一旦受到識別,使用該軟體應用程式以向該部署伺服器 請求其他的軟體應用程式。 圖式的簡要說明 第1圖以簡化概要圖展示出根據本發明之一種用以在 行動運算裝置上女裝並管理多重軟體應用程式的系統; 第2圖以概要方塊圖展示出根據本發明一例示實施例 之種用以在一行動運算裝置上安裝並管理多重軟體應用 201203112 程式的系統; 第3圖以流程圖展示出用以操作一系統以供在一行動 運算裝置上安裝多重一次性密碼安全性應用程式的主要步 驟; 第4圖以流程圖展示出用於在一行動運算裝置上安裝 一非客製化或未經利用軟體應用程式之安裝程序的主要步 驟;以及 第5圖以流程圖展示出用以在一行動運算裝置上部署未 經利用軟體應用程式的主要步驟。 L實施方式3 較佳實施例的詳細說明 在下面的說明中,為了解說的目的,列出了多種特定細 節,以便提供本發明之實施例的完整了解。然而,熟知技 藝者將可了解的是,不需要該等細節亦能夠實行本發明。 第1圖以簡化概要圖展示出一種用以在一使用者之一行 動運算裝置上安裝並管理多重軟體應用程式的系統。 針對本專利申請案,所謂的”行動運算裝置〃包括但不限 於:行動電話(包括蜂巢式電話)、個人數位助理(PDA)、智 慧型電話(Smartphone)、膝上型或筆記型電腦,以及其他 該等裝置。大致上,此種裝置具有包括一顯示器以及一按 鍵組或鍵盤的一使用者介面、一板上處理器與軟體、以及 較佳地為無線的一通訊介面。 本發明係有關用以在該種行動運算裝置上安裝多重以 及非客製化或未經利用軟體應用程式的技術。該種軟體應 201203112 用程式的貫例為一種一次性密碼(〇Τρ)安全性應用程 式,且以下的說明將根據此實例而提出。 在第1圖中,使用者10具有行動運算裝置12,其展示為201203112 VI. Description of the Invention: [Technical Field of the Invention] The present invention relates to a method and system for installing and managing a software application and a multi-software application on a mobile computing device. BACKGROUND OF THE INVENTION The present invention relates to a system and method for operating a system for installing and managing multiple software applications on a mobile computing device, and another for operating a system for use on a mobile computing device A way to install a software application. A way to use one-time passwords (ΟΤΡ) to increase access to the security of a corporate network has been well established. The most common way to implement a system using ΟΤΡ is to provide a hard-coded note to each user that the user must insert into a terminal for accessing the network, such as a personal computer (PC). The token contains hardware and software and generates a unique password each time the user accesses the network. The cost and logistics involved in providing a hard-coded note to each user of the network is staggering. In order to address some of the shortcomings of the above tokens, systems and methods have been developed to deploy a one-time password security application on a mobile computing device. Such an OTP application allows the mobile computing device to act as an authentication token, which is the same as a proprietary authentication token used to access a secure network in other systems today. It is an object of the present invention to provide an alternative method and system for implementing and managing a multi-purpose function on a mobile computing device using the 201203112 two-person, stone-horse application. BRIEF SUMMARY OF THE INVENTION The present invention is directed to a method for operating a magnetic recording system in accordance with the present invention, the method comprising the steps of: Receiving a request from the user via the installation webpage on the support-security page-deployment page to install at least one requested software application on the mobile computing device; on the deployer, determining Whether the user has previously used the system to wire the riding device in the line - the first green application'. If the (four) person has already installed the previous software on the bank's raw material, it should be difficult. In the case of the action, the data is sent to the county, the information is associated with the requested software; and the developed information associated with the at least the requested software application is used. The at least one requested software application is installed on the mobile computing device of the user. The at least one requested software application can be a one-time password (OTP) security application. In the example embodiment, the at least one requested software application can include three OTP deductions for generating a one-time secret horse for different clock entities. 4 201203112 The previous software application may also include an OTP deduction to generate a one-time password for an authenticated entity to which the user was previously connected. In an exemplary embodiment, the method can include using data associated with the user and/or the mobile computing device of the user and previously stored on the deployment server to act on the user The computing device is combined with the required software application. The step of determining whether the user has installed a prior software application on their mobile computing device may include the step of the deployment server viewing the record associated therewith. The step of reviewing the records may include comparing the MSISDN (Mobile Station International ISDN number) associated with the mobile computing device of the user with the MSISDN of the mobile computing device having the prior software application. In an exemplary embodiment, the method can include urging the user to indicate whether the user has installed a prior software application on the mobile computing device by the system. If the user indicates that a prior software application has been installed on his mobile computing device, the method can include the step of urging the user to use at least the prior software application to obtain the requested software application. The mobile computing device of the user is preferably a mobile phone, a PDA, or another mobile computing device with wireless connectivity. In an exemplary embodiment, an initial request from the user to indicate that the requested software application is to be installed may be made via the prior software application installed on the mobile computing device of the user. 201203112 The method can include the step of transmitting a message to the mobile terminal of the user, the message including a link to the installed web page. This message can be sent by the deployment server. The message can be a WAP or SMS format message. Preferably, the method can additionally include encrypting the material prior to transmitting the data associated with the at least one requested software application to the mobile computing device of the user. The encryption action can be a symmetric encryption action or an asymmetric encryption action. Once installed, the requested software application can be operated with a secure key. It can be seen that the security key can be sent to the user. In an exemplary embodiment, the step of accessing the material associated with the at least one requested software application to install the requested software application can include the step of receiving the security key from the user. The method can include the deployment server determining whether the mobile computing device of the user requires an uncustomized software application. Herein, the method may include the following steps: if the mobile computing device requires an uncustomized software application, sending a startup code to the mobile computing device of the user; guiding the user to the mobile computing device Installing the software application; when operating the installed software application, requesting, by the installed software application, an MSISDN associated with the mobile computing device of the user and the sent startup code; 201203112 Transmitting, by the user, the (4) SDN and the HI to send an activation code to the deployment server to obtain an identifier for identifying the software application; and using the identifier to apply the identifier to the deployment word The server requests other software applications. The method enables a multi-software application to be installed on the mobile computing device of the user. According to a second aspect of the present invention, a system for operating a system for in-and-beating computing devices to install and manage a multi-software application is disclosed. The system includes: a receiver set configured to Receiving a request from a user via an installation web page to install at least one requested software application on the mobile computing device; a processor configured to determine that the enabler is already in use by the system The mobile computing device is provided with a previous software application; the heart transmitter module is configured to be configured if the user has installed the previous software lying program on the mobile computing device by the system. The mobile computing device transmits the data 'the data is associated with the at least one requested software application; and the software installation module is galvanically placed with a less-relevant information associated with the requested software application, The at least one requested software application is installed on the mobile computing device of the user. According to the third aspect of the present invention, the method for operating the system to install a software application on the mobile computing device with the 201203112 includes the following steps: sending the user of the operating device includes _ a message that links one of the web pages; on the __ deployment ship that supports the installation web page, does the mobile computing device need an uncustomized software application; if the mobile computing device requires - non-custom Transmitting the software program to send the activation code to the mobile computing device of the user; guiding the user to install the software application on the mobile computing device; and installing the installed software application via the installed software application The software application requests the user--MSISDN associated with the mobile computing device of the user and the transmitted activation code; The PSI server uses the MSISDN associated with the mobile computing device of the user and the transmitted activation code to obtain an identifier for identifying the software application; and once recognized, the software is used. The application requests additional software applications from the deployment server. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a simplified schematic diagram showing a system for equipping a mobile computing device and managing a multi-software application according to the present invention; FIG. 2 is a schematic block diagram showing a A system for installing and managing a multi-software application 201203112 program on a mobile computing device in an exemplary embodiment; FIG. 3 is a flow chart showing a method for operating a system for installing multiple one-time passwords on a mobile computing device The main steps of the security application; Figure 4 shows in flow chart the main steps for installing an uncustomized or unused software application on a mobile computing device; and Figure 5 shows the flow The figure shows the main steps for deploying an unutilized software application on a mobile computing device. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT OF THE INVENTION In the following description, numerous specific details are set forth in order to provide a complete understanding of the embodiments of the invention. However, it will be apparent to those skilled in the art that the present invention can be practiced without these details. Figure 1 is a simplified schematic diagram showing a system for installing and managing multiple software applications on one of the user's mobile computing devices. For the purposes of this patent application, the so-called "mobile computing device" includes but is not limited to: a mobile phone (including a cellular phone), a personal digital assistant (PDA), a smart phone, a laptop or a notebook computer, and Other such devices. Generally, such devices have a user interface including a display and a button set or keyboard, an on-board processor and software, and preferably a wireless communication interface. A technique for installing multiple and uncustomized or unused software applications on such mobile computing devices. The software should be a one-time password (〇Τρ) security application for the 201203112 application. And the following description will be made according to this example. In Fig. 1, the user 10 has a mobile computing device 12, which is shown as
PDA。裝置12能夠經由各種不同通訊頻道,例如push SMS (短訊服務)訊息,而與無線電話祕14進行通訊;該無線 電居網路14包括操作性地連接至部署⑮服ϋ 25的SMS閘道 器16 °亥σ卩署伺服器25具有一靜態IP位址以及對網際網路 的開放可得性。 在此例不實施例巾,所展示出的是,使用者1〇可能希望 存取二個㈣網路18卿,料·各分職演—鑑認實 體使用者希望存取的第一網路18包含統包词服器、 防火牆24、以及管理者卫作站% (為了簡要目的而省略說 明此網路的其他部件),*該讀站係由管理者28來操作。 相似地’ 4使用者希望存取的第二網路2Q包含統包飼服器 30、防火牆32、以及管理者工作站34 (為了簡要目的而省 略說明此網路的其他部件),而該工作站係由管理者36來操 作。 在本發明所說明的實施例巾,所欲的S,在使用者1〇 的行動運算裝置12上安裝並且管理多重倾應用程式以及 非客製化或未經利用軟體應用程式。將可了解的是,本發 明有關當中已經對行動運算裝置12部署一或多個先前軟體 應用程式的多個實施例,例如藉著使用國際專利申請案號 PCT/IB2008/051580 (公告為w〇 2〇〇8/13267〇)所說明的 一種方法與系統。該案係以參考方式併入本發明中來說 10 201203112 明。先則部署技術對本發明來說具有重要性,因為如果已 經對裝置12部署了一軟體應用程式,例如藉著使用 PCT/IB2008/051580中所解說的該系統,該技術係部份地 與使用者可藉以加入額外軟體應用程式或〇Τρ演繹法(如下 所述)的便利性有關。 該經部署OTP安全性應用程式允許使用者1〇能透過扮 演一鑑認符記的行動運算裝置12來存取網路18。 將要注意的是,行動運算裝置12上的該等軟體應用程式 可較佳地受到國際專利申請案號pCT/IB2〇〇8/55189中所 述之該方法與系統的管理。該案係以參考方式併入本發明 中來說明。 該鑑認符記僅為部署在行動運算裝置12上的軟體應用 程式。 在展示於第1圖的例示實施例中,網路或鑑認實體18已 經在行動運算裝置12上安裝了該οτρ安全性應用程式。在 此安裝程序中’已經由管理者28留存了使用者資料。同樣 地’係藉著把安全金錄下載到行動運算裝置12中的動作來 在網路或鑑認實體18以及行動運算裝置12之間建立一種信 任關係性。 根據PCT/IB2008/051580所述的方法與系統,可以藉著 使用電子郵件訊息作為用以對使用者10提出邀請以部署該 安全性軟體應用程式並且設定使用者10以供安全存取該網 路的機構來達成安裝程序中的安全性,而同時藉由使用該 使用者之另一個運算裝置的一項分別同步化部署程序。在 11 201203112 此安裝程序中,不需要藉由電子郵件把該安全金鑰遞送給 使用者,且在PCT/IB2008/051580所述之系統與方法的某 些實施例中,可以口頭地、書面地、或利用某些其他方式 來傳遞該安全金鑰。重點在於鑑認實體18以及行動運算裝 置12之間已經存在有一種信任關係性(亦稱為鑑認符記)。 將可了解的是,在例示實施例中,並且在安裝該安全性 軟體之程序中特別要注意的是,在管理OTP安全性應用程 式之程序中對行動運算裝置12傳輸的任何内容亦必須是安 王的。由此可見的是,在安裝與管理多重及/或未經利用應 用式軟體的過程中,根據相同動作所傳輸的内容亦必須 是安全的。 在一例示實施例中,扮演該鑑認符記的行動運算裝置 12將使用不同〇τP演繹法,以供針對它所支援之該等不同 鑑認實體中的各個實體產生一次性密碼。例如,該鑑認符 記將使用二種不同的OTP演繹法來存取網路18與網路20 (一旦已經把網路20加入而作為針對該鑑認符記的一鑑認 實體)。 將可了解的是,根據本發明,該等OTP演繹法可或不 可形成該受請求軟體應用程式的部分。由此可見,該先前 軟體應用程式可或不可形成該第一經部署OTP安全性應用 程式的部分。 一種OTP演繹法與鑑認實體在行動運算裝置12上形成 一獨特配對,且此配對係由一獨特識別(ID)號碼識別出 來,例如一鑑認實體ID。該配對中的各個具有利用此鑑認 12 201203112 實體ID而與其相關聯的一資料記錄。儲存在行動運算裝置 12上的該記錄含有一 OTP演繹法用以針對該特定鑑認實 體產生一 OTP的該資料。 在任一種狀況中,現在將參照第2圖,其展示出典型地 駐存在部署伺服器25中的例示系統50。 系統50係典型地針對用以在行動運算裝置12上安裝與 管理多重軟體應用程式而備置。系統50可包含多個部件或 模組,其對應於欲由系統10進行的多個功能性任務。於 此,在本發明說明的脈絡中,將可了解的是,λλ模組〃包括 程式碼、運算或可執行指令、資料、或運算物件的一可識 別部份,以達成一特定功能、操作、處理、或程序。由此 可見的是,一模組不需要實行於軟體中;可把一模組實行 於軟體、硬體、或軟體與硬體的一組合中。再者,未必需 要把該等模組合併到伺服器25中,但可使它們在多個裝置 之間散佈。 尤其,系統25包含接收器模組52,其係配置成經由一 安裝網頁接收來自使用者10的一請求,以在行動運算裝置 12上安裝至少一受請求軟體應用程式。如前所述,該至少 一受請求軟體應用程式可為另一個ΟΤΡ演繹法,例如,以 存取網路20。 例如,該安裝網頁為由部署伺服器25主管的一網頁, 於PCT/IB2008A)51580中更清楚說明地。 系統50亦包括處理器54,其係配置成判定使用者10 先前是否已經在行動運算裝置12上安裝了一先前軟體應 13 201203112 用程式,例如藉由PCT/IB2008/051580中所述的方法。該 先前軟體應用程式可例如為已經對裝置12部署以便存取 網路18的一 OTP演繹法。係典型地在請求該受請求軟體 應用程式之前,對使用者10的行動運算裝置12部署該先 前軟體應用程式。 在此特定例示實施例中,使用者10已經存取網路18, 並且希望亦可藉由行動運算裝置12存取網路20,進而對 裝置12提供額外的功能性,而不必麻煩地以相似於 PCT/IB2008/051580中所述的方式而新進地部署一軟體應 用程式。 處理器54可受配置以藉著檢視儲存在資料庫56中的記 錄,判定使用者10是否已經在其行動運算單元12上安裝 了一先前軟體應用程式。資料庫56中的該等記錄可包含指 出與多個行動運算單元中之各個單元相關聯之MSISDN的 部署資料,以及指出對其部署之多個軟體應用程式的資 訊。由此可見的是,處理器54係配置成比較裝置12的一 MSISDN以及儲存在該等記錄中的多個MSISDN,以判定使 用者10是否已經安裝了一先前軟體應用程式。 將可了解的是,資料庫56係受配置成儲存表示對多個 使用者部署之軟體應用程式的資訊。在資料庫56中,表示 該等軟體應用程式的資訊係與該等軟體應用程式分別受部 署之裝置12的多個MSISDN相關聯。由此可見的是,該部 署資料係較佳地儲存在資料庫56的記錄中。 系統50另包括發送器模組58,其係配置成如果該使用 14 201203112 者已經藉由該系統在該行動運算裝置上安裝了一先前軟體 應用程式,便對該行動運算裝置發送資料,該資料係與該 至少一受請求軟體應用程式相關聯。發送器模組58係配置 成在進行傳輸之前針對安全性目的而加密該資料。 與該受請求軟體應用程式相關聯的該資料允許一軟體 安裝模組60能使用相同資料在使用者10的行動運算裝置 12上安裝該至少一受請求軟體應用程式。由此可見的是, 與該至少一受請求軟體應用程式相關聯的該資料較佳地允 許該受請求軟體應用程式能更容易地受安裝在行動運算裝 置12上。較佳地,只需要該資料便可把該受請求軟體應用 程式加入到行動運算裝置12中。 將可了解的是,因為該資料是呈一種經加密形式,使用 者10必須在他/她的行動運算裝置12上輸入一私密金錄, 以解密該資料,並且進而在行動運算裝置12上安裝或啟動 該受請求軟體應用程式。 在其他例示實施例中,系統50針對表示該使用者是否 已經藉由該系統在其行動運算裝置上安裝一先前軟體應用 程式的資訊來敦促使用者10。 如果使用者10指出已經把一先前軟體應用程式安裝在 其裝置12上,便敦促使用者10要使用至少該先前軟體應 用程式來取得該受請求軟體應用程式。此可包括提供使用 者10 —可點選式多重或多符記安裝選項。 在一例示實施例中,來自該使用者而表示要安裝該受請 求軟體應用程式的一初始請求可經由安裝在使用者10之 15 201203112 行動運算裝置12上的該先前軟體應用裎式而提出。於此, 該先前軟體應用程式可異有一選單選項(在一設定選單 下),其使該應用程式向部署伺服器2S請求新符記。 將可了解的是,如果使用者10指出其行動運算裝置 上並沒有一先前軟體應用程式,便根據 PCT/IB2008/051580中所述的方式來部署該受請求軟體應 用程式。 如果該受請求軟體符記已經位於行動運算裝置12上, 該系統便通知使用者10此事貫或者重寫該應用程式。 一旦行動運算裝置12上有多個應用程式,便較佳地針 對使用者10想要鑑認的網路(例如18或20)而敦促使用者 10。由此可見的是,將根據使用者10的選擇而進行必要的 鑑認程序。 將要注意的是,將給予各個軟體應用程式一獨特URL, 而各個軟體應用程式可向該獨特URL請求新應用程式。當 該應用程式受下載時,將對該應用程式指定此URL。例如, 如果是J2ME符記,便在JAD檔案中指定該URL。 當對該使用者部署該軟體應用程式時(根據本發明或根 欲PCT/IB2008/051580所述的發明)’便以使用者特定資 料來組配該軟體應用程式,典型地呈一符記以及一獨特 URL/識別符的形式,其中可"下載額外符記’如前所述。然 而,某些平台,例如Blackberry1'1'^ iPhoneTM,並不支援 此項功能。因此,該軟體應用程式必須在啟動時或開機時’ 識別自己並且受核發一身分。 16 201203112 由此可見的是,系統50另受配置為經由行動運算裝置 12對使用者10發送一訊息,該訊息包括對一安裝網頁的 一鏈結。此訊息典型地為一 SMS訊息,其包括使用者10 可遵循的一可點選式鏈結。 系統50,尤其是處理器54,係配置成檢測行動運算裝 置12是否需要一非客製化或未經利用軟體應用程式。 如果該行動運算裝置需要一非客製化軟體應用程式,系 統50便發送一啟動碼到使用者10。在其他例示實施例中, 統包伺服器30或22或管理者28或36將發送該啟動碼給 使用者10。 使用者10隨後受到系統50的引導,以在其行動運算裝 置12上安裝該軟體應用程式。 在該軟體應用程式啟動、開機或操作時,該軟體應用程 式請求與使用者10之行動運算裝置12相關聯的一 MSISDN以及該經發送啟動碼。將可了解的是,此動作可 經由該軟體應用程式來完成。 由此可見的是,該軟體應用程式隨後受配置成藉著對系 統50呈現與使用者10之行動運算裝置12相關聯的該 MSISDN以及該經發送啟動碼,來向系統50請求該軟體應 用程式的一識別符。 一旦受到識別,即,該軟體應用程式具有一識別符,該 軟體應用程式便向系統50請求一符記。 根據上述系統之上述方法的整體流程係以流程圖樣式 展示於第3圖至第5圖中。 17 201203112 本發明提供—種系統與方法,藉此可把多重軟體應用程 式加入到一使用者的一行動運算裝置中,而不需要部署一 先刖軟體應驗式。在針對下制㈣者之行動運算裂置 12中该第-軟體應用程式而經歷了—段相對冗長的部署程 序之後,本發日月令使用者能更容易取得對多個網路的= 認。-旦-軟體應用程式位於該行動運算裝置上,便可藉 由最微小的努力而加人多重軟體應用程式。同樣地本發 明提供-種允許不支援㈣本㈣之部署魏的多個平台 能夠接收並且操作非客製化或未經利用的軟體應用程式。° 【圖式簡說^明】 第1圖以簡化概要圖展示出根據本發明之一種用以在 -行動運算裝置上安裝並管理多重軟體應用程式的系統; 第2圖以概要方塊圖展示出根據本發明一例示實施例 之-種用以在-行動運算裝置上安裝並管理多錄體應用 程式的系統; 第3圖以流程圖展示出用以操作一系統以供在一行動 運算裝置上安裝多重-次性密碼安全性應用程式的主要步 驟; 第4圖以流程圖展示出用於在一行動運算裝置上安農PDA. The device 12 is capable of communicating with the wireless telephone secret 14 via a variety of different communication channels, such as push SMS (SMS) messages; the radio network 14 includes an SMS gateway operatively coupled to the deployment 15 service 25 The 16° server has a static IP address and open access to the Internet. In this case, the embodiment does not implement the towel. It is shown that the user 1 may wish to access two (4) networks 18, and each sub-performance--identify the first network that the entity user wishes to access. 18 includes a turnkey word processor, a firewall 24, and a manager station % (the other components of the network are omitted for brevity), * the station is operated by the manager 28. Similarly, the second network 2Q that the user desires to access includes the turnkey server 30, the firewall 32, and the administrator workstation 34 (the other components of the network are omitted for the sake of brevity), and the workstation is It is operated by the manager 36. In the embodiment of the present invention, the user S is installed and manages the multi-tilt application and the non-customized or unused software application on the mobile computing device 12 of the user. It will be appreciated that various embodiments of the present invention in which one or more prior software applications have been deployed to the mobile computing device 12, such as by using International Patent Application No. PCT/IB2008/051580 (with the announcement of w〇) 2〇〇8/13267〇) A method and system as described. This is incorporated herein by reference in its entirety. The prior art deployment technique is of importance to the present invention because if a software application has been deployed to device 12, such as by using the system illustrated in PCT/IB2008/051580, the technology is partially associated with the user. It can be related to the convenience of adding additional software applications or 绎ρ deductions (described below). The deployed OTP security application allows the user to access the network 18 through the mobile computing device 12 that plays an authentication token. It will be noted that the software applications on the mobile computing device 12 are preferably managed by the method and system described in International Patent Application No. pCT/IB2〇〇8/55189. This case is incorporated by reference to the present invention. This authentication token is only a software application deployed on the mobile computing device 12. In the illustrated embodiment shown in Figure 1, the network or authentication entity 18 has installed the οτρ security application on the mobile computing device 12. User data has been retained by the administrator 28 in this installer. Similarly, a trust relationship is established between the network or authentication entity 18 and the mobile computing device 12 by downloading the security record to the mobile computing device 12. According to the method and system described in PCT/IB2008/051580, an email message can be used as an invitation to the user 10 to deploy the security software application and to set up the user 10 for secure access to the network. The mechanism is to achieve security in the installer while simultaneously synchronizing the deployment program by using one of the other computing devices of the user. In the installation procedure of 11 201203112, the security key need not be delivered to the user by email, and in some embodiments of the system and method described in PCT/IB2008/051580, it may be verbally and in writing Or use some other means to pass the security key. The point is that there is already a trust relationship (also known as an authentication token) between the authentication entity 18 and the mobile computing device 12. It will be appreciated that in the illustrated embodiment, and in the program in which the security software is installed, it is particularly noted that any content transmitted to the mobile computing device 12 in the program for managing the OTP security application must also be An Wang's. It can be seen that in the process of installing and managing multiple and/or unused application software, the content transmitted according to the same action must also be secure. In an exemplary embodiment, the mobile computing device 12 acting as the authentication token will use a different PτP deduction for generating a one-time password for each of the different authentication entities it supports. For example, the authentication token will use two different OTP deductions to access the network 18 and the network 20 (as soon as the network 20 has been added as an authentication entity for the authentication token). It will be appreciated that in accordance with the present invention, such OTP deductions may or may not form part of the requested software application. Thus, the prior software application may or may not form part of the first deployed OTP security application. An OTP deduction and authentication entity form a unique pairing on the mobile computing device 12, and the pairing is identified by a unique identification (ID) number, such as an authentication entity ID. Each of the pairings has a data record associated with it using this authentication 12 201203112 entity ID. The record stored on the mobile computing device 12 contains an OTP deduction method for generating an OTP of the data for the particular authentication entity. In either case, reference will now be made to Fig. 2, which shows an exemplary system 50 that is typically resident in the deployment server 25. System 50 is typically provided for use in installing and managing multiple software applications on mobile computing device 12. System 50 can include multiple components or modules that correspond to a plurality of functional tasks to be performed by system 10. Here, in the context of the present invention, it will be appreciated that the λλ module includes a identifiable portion of a code, an arithmetic or executable instruction, a data, or an operational object to achieve a particular function, operation. , processing, or program. It can be seen that a module does not need to be implemented in a software; a module can be implemented in a combination of software, hardware, or software and hardware. Again, it is not necessary to incorporate the modules into the server 25, but they may be spread across multiple devices. In particular, system 25 includes a receiver module 52 configured to receive a request from user 10 via an installation web page to install at least one requested software application on mobile computing device 12. As previously mentioned, the at least one requested software application can be another avatar, for example, to access the network 20. For example, the installation web page is a web page hosted by the deployment server 25, as more clearly illustrated in PCT/IB2008A) 51580. The system 50 also includes a processor 54 configured to determine whether the user 10 has previously installed a prior software application on the mobile computing device 12, such as by the method described in PCT/IB2008/051580. The prior software application can be, for example, an OTP derivation that has been deployed to device 12 to access network 18. The prior software application is typically deployed to the mobile computing device 12 of the user 10 prior to requesting the requested software application. In this particular exemplary embodiment, the user 10 has accessed the network 18 and desires to also access the network 20 by the mobile computing device 12, thereby providing additional functionality to the device 12 without cumbersome similarities. A software application is newly deployed in the manner described in PCT/IB2008/051580. The processor 54 can be configured to determine whether the user 10 has installed a previous software application on its mobile computing unit 12 by viewing the records stored in the database 56. The records in database 56 may include deployment information indicative of the MSISDN associated with each of the plurality of mobile computing units, as well as information indicating the plurality of software applications deployed thereto. It can be seen that processor 54 is configured to compare an MSISDN of device 12 with a plurality of MSISDNs stored in the records to determine if user 10 has installed a prior software application. It will be appreciated that database 56 is configured to store information representing software applications deployed to multiple users. In database 56, information representing the software applications is associated with a plurality of MSISDNs of the deployed devices 12 of the software applications, respectively. It can be seen that the deployment data is preferably stored in the records of the database 56. The system 50 further includes a transmitter module 58 configured to transmit data to the mobile computing device if the user has installed a previous software application on the mobile computing device by the system. Associated with the at least one requested software application. Transmitter module 58 is configured to encrypt the data for security purposes prior to transmission. The material associated with the requested software application allows a software installation module 60 to install the at least one requested software application on the mobile computing device 12 of the user 10 using the same data. It can thus be seen that the data associated with the at least one requested software application preferably allows the requested software application to be more easily installed on the mobile computing device 12. Preferably, the requested software application can be added to the mobile computing device 12 only by the data. It will be appreciated that because the material is in an encrypted form, the user 10 must enter a private record on his/her mobile computing device 12 to decrypt the data and, in turn, install on the mobile computing device 12. Or launch the requested software application. In other exemplary embodiments, system 50 urges user 10 to indicate whether the user has installed a prior software application on their mobile computing device by the system. If the user 10 indicates that a previous software application has been installed on his device 12, the user 10 is urged to use at least the previous software application to retrieve the requested software application. This may include providing User 10 - a clickable multi- or multi-note installation option. In an exemplary embodiment, an initial request from the user to indicate that the requested software application is to be installed may be via a prior software application installed on the user interface 12 201203112 mobile computing device 12. Here, the prior software application may have a menu option (under a setting menu) that causes the application to request a new token from the deployment server 2S. It will be appreciated that if the user 10 indicates that there is no prior software application on his mobile computing device, the requested software application is deployed in the manner described in PCT/IB2008/051580. If the requested software token is already on the mobile computing device 12, the system notifies the user 10 of the event or rewrites the application. Once there are multiple applications on the mobile computing device 12, the user 10 is preferably urged for the network (e.g., 18 or 20) that the user 10 wants to authenticate. It can thus be seen that the necessary authentication procedure will be carried out in accordance with the choice of the user 10. It will be noted that each software application will be given a unique URL, and each software application can request a new application from the unique URL. When the application is downloaded, this URL will be assigned to the application. For example, if it is a J2ME token, the URL is specified in the JAD file. When the software application is deployed to the user (in accordance with the invention or the invention described in PCT/IB2008/051580), the software application is assembled with user-specific data, typically a token and A unique URL/identifier form in which you can "download extra tokens' as described earlier. However, some platforms, such as Blackberry1'1'^iPhoneTM, do not support this feature. Therefore, the software application must identify itself and be authenticated at startup or at boot time. 16 201203112 It will thus be seen that system 50 is additionally configured to send a message to user 10 via mobile computing device 12, the message including a link to an installed web page. This message is typically an SMS message that includes a point-and-click link that the user 10 can follow. System 50, and in particular processor 54, is configured to detect whether mobile computing device 12 requires an uncustomized or unused software application. If the mobile computing device requires an uncustomized software application, the system 50 sends a boot code to the user 10. In other exemplary embodiments, the turnkey server 30 or 22 or the administrator 28 or 36 will send the activation code to the user 10. User 10 is then directed by system 50 to install the software application on its mobile computing device 12. The software application requests an MSISDN associated with the mobile computing device 12 of the user 10 and the transmitted activation code when the software application is launched, powered on, or operated. It will be appreciated that this action can be accomplished via the software application. It can be seen that the software application is then configured to request the system 50 for the software application by presenting the system 50 with the MSISDN associated with the mobile computing device 12 of the user 10 and the transmitted activation code. An identifier. Once identified, i.e., the software application has an identifier, the software application requests a token from system 50. The overall flow of the above method according to the above system is shown in the flowcharts of Figs. 3 to 5. 17 201203112 The present invention provides a system and method whereby multiple software applications can be added to a user's mobile computing device without the need to deploy a software-assigned application. After experiencing a relatively lengthy deployment procedure for the first-software application in the action-based splitting of the next (4), the daily date allows the user to more easily obtain the identification of multiple networks. . Once the software application is located on the mobile computing device, multiple software applications can be added with minimal effort. Similarly, the present invention provides a platform for allowing multiple platforms that do not support (d) the deployment of (4) to be able to receive and operate uncustomized or unused software applications. [FIG. 1] A simplified schematic diagram showing a system for installing and managing a multi-software application on a mobile computing device in accordance with the present invention; FIG. 2 is a schematic block diagram showing According to an exemplary embodiment of the present invention, a system for installing and managing a multi-recording application on a mobile computing device; FIG. 3 is a flow chart showing operation of a system for use on a mobile computing device The main steps for installing a multi-password security application; Figure 4 shows a flowchart for Annon on a mobile computing device
-非客製化或未經_軟體應用程式之安裝程序的主要^ 驟;以及 V 第5圖以流㈣展示出用以在-行動運算裝置上部署未 經利用軟體應用程式的主要步驟。 【主要元件符號說明】 18 201203112 10 使用者 34 管理者工作站 12 行動運算裝置 36 管理者 14 無線電話網路 50 系統 16 SMS閘道器 52 接收器模組 18 網路 54 處理器 20 網路 56 資料庫 22 統包伺服器 58 發送器模組 24 防火牆 60 軟體安裝模組 25 部署伺服器 70 方法 26 管理者工作站 72〜79步驟 28 管理者 80 方法 30 統包伺服器 82〜94步驟 32 防火牆 19- The main steps of the non-customized or non-software application installer; and V Figure 5 shows the main steps for deploying unused software applications on the mobile computing device in stream (4). [Main component symbol description] 18 201203112 10 User 34 Manager workstation 12 Mobile computing device 36 Manager 14 Wireless telephone network 50 System 16 SMS gateway 52 Receiver module 18 Network 54 Processor 20 Network 56 Data Library 22 Turnkey Server 58 Transmitter Module 24 Firewall 60 Software Installation Module 25 Deployment Server 70 Method 26 Manager Workstation 72~79 Step 28 Manager 80 Method 30 Turnkey Server 82~94 Step 32 Firewall 19