TWI441534B - A method of the data transmission of the mobile phone and the system therefore - Google Patents

Description

Data transmission method and system of mobile communication device

A data transmission method and system thereof, and particularly to a data transmission method and system for a mobile communication device.

With the rise of the Internet, electronic devices are not separate computer devices. In particular, mobile phones and tablets, through the Internet, enable these electronic devices to obtain the data and applications needed from the Internet.

In order to provide corresponding services to different types of users, various vendors have also proposed different services through the Internet. Service items may be various information in addition to applications. The processing modes for providing corresponding service items through the network are collectively referred to as cloud technologies. In an article in the "Computer World" magazine titled "Cloud computing hype spurs confusion", the categorization of the well-known analysis company Gartner is cited, and the "cloud computing" is distinguished. There are two broad categories, namely Cloud Computing Services and Cloud Computing Technologies.

According to Gartner, "Cloud Services" focuses on getting services from a remote location via a network connection. For example, it provides Amazon EC2 services for users to install and use a variety of different operating systems. This type of cloud computing can be seen as a successor to the concept of "software as a service" (SaaS). With these services, users can even do a lot of work that was previously only possible on a personal computer with just one mobile phone.

Google, for example, provides various cloud services such as search services, file editing services, calendar services, email services, and web-based services on its website. Users can use the company's services through the phone's browser or application.

While cloud services can quickly provide users with a wide range of services. However, in the prior art, the cloud server does not further confirm the identity of the owner of the mobile communication device when using the service. Therefore, it may happen that an impersonation download service project or use of the service project occurs. This will damage the rights of the true owner. From the user's side, if the mobile communication device is used by the user, the mobile communication device does not have a corresponding identity verification mechanism. Therefore, the above-mentioned impersonation use may also occur.

In the prior art, the mobile phone application can be called through the Java suite of Java Specification Requests 177 (JSR 177). JSR177 provides a set of security-related program modules, which provide PKI kits, encryption and decryption kits (CRYPTO), and APDUs, JCRMI suites. The most directly related to the wafer financial card is the SATSA-APDU kit. The APDUConnection class in the SATSA-APDU can establish an ISO7816 channel object with the chip card in the mobile phone. But not all mobile phones can support the Java environment, so the availability of JSR177 is limited.

In view of the above problems, the present invention provides a data transmission method for a mobile communication device. When the mobile communication device is connected to the server, the server provides a list of service items to which the mobile phone belongs, and the mobile communication device performs and downloads the service item. The service project is verified during the service project to determine the correspondence between the mobile communication device and the service project.

The data transmission method of the mobile communication device disclosed by the present invention comprises the steps of: accessing the personal identification code and the navigation information in the identification unit by the mobile communication device; and connecting the mobile communication device to the server according to the navigation information and the personal identification code; Find the corresponding service list according to the personal identification number and return it to the mobile communication device. The service list records a plurality of service items; select one of the service items from the service list, and direct the installation request to the cloud computer device through the server. And downloading the service item to the mobile communication device and installing the service item into the mobile device; when the mobile communication device runs the installed service item, the mobile communication device performs permission verification on the installed service item through the personal identification code; If the installed service item passes the authority verification, the mobile communication device runs the service item; if the installed service item fails the permission verification, the service item is stopped.

Each cloud computing device stores a different service item and a list of services to which it belongs; the server finds a corresponding cloud computer device according to the personal identification code, and obtains a service list from the found cloud computer device.

In addition to the foregoing data transmission method, the present invention further provides a data transmission system for a mobile communication device, which includes: a server, at least one cloud computer device, and a mobile communication device. The server is configured to store a service list with multiple service items and a first verification program; the mobile communication device further includes an identification unit; the identification unit stores the personal identification code, the navigation information and the second verification program; and the mobile communication device access identification unit Personal identification code and guiding information; the mobile communication device is connected to the server according to the guiding information and the personal identification code; the server searches for the corresponding service list according to the personal identification code and returns it to the mobile communication device, and the service list records a plurality of service items; Select one of the service items from the service list, and direct the installation requirements to the cloud computing device through the server, thereby downloading the service item to the mobile communication device, and installing the service item into the mobile device; when the mobile communication device When the installed service item is run, the mobile communication device authenticates the installed service item through the personal identification number; on the contrary, the installed service and the user identification information provided by the identification unit on the mobile communication device confirm the identification. Unit legitimacy (complete two-way verification); The installation of services through rights verification, the mobile communication device running a service project; if the installed services are not verified by the authority, then stop running services.

The invention provides a data transmission method and a system for a mobile communication device, so that the mobile communication device can obtain a service list of different kinds of cloud computer devices through the server of the present invention. The mobile communication device is directed to different types of cloud computing devices through the server. In this way, it is possible to provide a more secure download environment for the mobile communication device, and further verify whether the service item is legal for the mobile communication device when running the download service project, thereby enhancing the overall operational security.

The features and implementations of the present invention are described in detail below with reference to the drawings.

Please refer to "Figure 1A" for a schematic diagram of the architecture of the present invention. The data transmission system of the present invention includes a mobile communication device 110, a server 210, and at least one cloud computer device 310. The server 210, the cloud computing device 310, and the mobile communication device 110 can transmit through telecommunications (for example, Wireless Application Protocol (WAP), IMT-2000 (3rd-generation, commonly known as third-generation communication transmission technology, 3G) High Speed Downlink Packet Access (HSDPA), fourth-generation (4G) or Ultra Wideband (UWB) or Internet transmission (eg: IEEE 802.11x series or Ethernet).

The server 210 stores a service list 211 having a plurality of service items 315 and a first verification program 212. Each cloud computing device 310 stores a service item 315 to which it belongs. Further, different services can be offered to different communities (for example, online dating communities, photography communities, or other like communities). The service item 315 of the present invention may be a variety of network services in addition to an application. For example, if the service item 315 is an application, the service item 315 can be a game program, a document editing program, a multimedia player or an image editing program, etc.; if the service item 315 is a network service, the file can be edited. Services such as services, calendar services, email services, or web-based services are directed to the respective service providers by separate applications. In addition to the present invention, the cloud computing device 310 can be incorporated into the server 210 in addition to the separate server 210 and the cloud computing device 310.

The mobile communication device 110 includes a storage unit 111, a processing unit 112, and an identification unit 113. The type of mobile communication device 110 can be a mobile phone, a tablet, a palmtop computer, or a desktop computer. The storage unit 111 stores the authentication information of the downloaded service item 315 and the corresponding service item 315. Please refer to "1B". The operating system used by the mobile communication device 110 is not limited in the present invention. For example, the operating system may be an iOS operating system of an Apple computer, an Android operating system launched by Google, or a Windows operating system (Windows OS) introduced by Microsoft Corporation. )Wait.

The identification unit 113 further includes a Subscriber Identity Model (SIM) and a user identification module patch 115. Here, the side between the user identification module patch 115 and the user identification module 114 is defined as a first side, and the opposite side is defined as a second side. A plurality of sets of pins are respectively disposed on both sides of the user identification module patch 115. The pins of the first side correspond to the metal contacts of the user identification module 114, and the pins of the second side correspond to the pins of the mobile communication device 110. When the user identification module patch 115 is attached to the user identification module 114, the mobile communication device 110 can read the data in the user identification module 114 and the user identification module patch 115 through the user identification module patch 115. data of. The user identification module patch 115 stores a personal identification number 116 (PIN), a navigation information 117, and a second verification program 118. The mobile communication device 110 connects to the server 210 via the personal identification code 116, the navigation information 117, and the second verification program 118, and obtains a corresponding service list 211 (the operation of which will be described later in detail).

In order to clearly explain the operation flow of the present invention, please also refer to the "Fig. 2", which includes the following steps: Step S210: The mobile communication device executes the guidance program of the identification unit, and the mobile communication device accesses the identification unit. The personal identification code and the guiding information in the step; step S230: the mobile communication device is connected to the server according to the guiding information and the personal identification code; step S240: the server searches for the corresponding service list according to the personal identification code and returns the information to the mobile communication device; S250: Select one of the service items from the service list, and direct the installation request to the cloud computer device through the server to download the service item to the mobile communication device and install the device; Step S260: When the mobile communication device is installed and installed The service communication device performs the authority verification on the installed service item through the personal identification code; step S270: if the installed service item passes the authority verification, the mobile communication device runs the service item; and step S280: if installed If the service project does not pass the permission verification, the service project is stopped.

First, the mobile communication device 110 executes a navigation program to access the personal identification code 116 and the navigation information 117 in the identification unit 113 through the navigation program. The guide program can be downloaded from the Internet application or can be stored in the user identification module patch 115 so that the mobile communication device 110 can directly execute the guide program, or is already built in. In the memory of the mobile communication device 110, please refer to "FIG. 3A", which is a schematic diagram of the navigation program of the present invention. For example, in Android or iOS, the user can download the boot program from the software download provided by the original manufacturer. Alternatively, after the mobile communication device 110 is booted and the mobile communication device 110 detects that the preamble is not installed, the mobile communication device 110 reads the boot program from the user identification module tile 115 and installs the boot program. .

Then, the guiding program reads the guiding information 117 from the user identification module tile 115, and connects to the server 210 according to the guiding information 117. When the server 210 receives the login request of the mobile communication device 110, the server 210 searches for the matching service list 211 according to the personal identification code 116. As mentioned above, each cloud computing device 310 provides a corresponding service item 315 to a different type of user. Therefore, the server 210 confirms the cloud computer to which the user belongs according to the personal identification code 116, and returns the service list 211 to the mobile communication device 110.

For example, the user identification module patch 115A, the user identification module patch 115B, and the user identification module patch 115C are provided by different cloud service providers (cloud α, cloud β, and cloud γ, respectively). The service list 211 provided by the cloud α includes: a service item α001 to a service item α009; a service list 211 provided by the cloud β includes: a service item β001 to a service item β012; and a service list 211 provided by the cloud γ includes: a service For item γ001 to service item γ007, please refer to "3A". When the user's mobile communication device 110 is installed with the user identification module patch 115A, the user identification module patch 115A is connected to the cloud α according to the recorded navigation information 117, and obtains the service item α001 from the server 210. Service list a of service item α009. Similarly, if the user installs the user identification module patch 115B, the service list b having the service item β001 to the service item β0012 is obtained.

In the process of connecting the mobile communication device 110 to the server 210, in order to confirm the cloud to which the user identification module tile 115 belongs, the server 210 executes the first verification program 212 according to the navigation information and the personal identification code. The type of the first verification program 212 may be, but not limited to, an asymmetric encryption algorithm such as RSA encryption, Data Encryption Standard (DES), Advanced Encryption Standard (AES), or may be symmetric. Encryption algorithm. Taking the RSA signature as an example, the mobile communication device 110 will perform the signature processing on the personal identification code 116 in the user identification module patch 115A through the private key to which it belongs, and generate the corresponding ciphertext. Define this ciphertext as signature information. Next, the mobile communication device 110 transmits the signature information to the server 210. The server 210 verifies the signature information by using a public key, and obtains the personal identification code included in the signature information. The server 210 searches for the cloud to which it belongs according to the personal identification code, and then returns the service list 211 of the cloud to the mobile communication device 110. Please refer to "3B" and the user identification module in "3B". The patch 115A and the corresponding service list a are taken as an example.

After the mobile communication device 110 downloads the service list 211, the user can view the content contained in the service list 211 from the screen of the mobile communication device 110. Taking the service list a of the foregoing example as an example, the service item α001 to the service item α009 are sequentially displayed on the screen of the mobile communication device 110, so as to provide user selection, please refer to "3C". When the user selects one of the service items 315 from the service list 211, the mobile communication device 110 sends an installation request to the server 210. The server 210 then directs the installation requirements to the cloud computing device 310.

In the process of transmitting the service item 315, the cloud computing device 310 presents a one-to-one correspondence between the mobile communication device 110 and the downloaded service item 315. The one-to-one correspondence in the present invention means that each service item 315 can only correspond to one mobile communication device 110. In other words, when the user copies the service item 315 on the mobile communication device 110A to the mobile communication device 110B, the mobile communication device 110B cannot pass the verification of the service item 315, thereby prohibiting the installation/operation of the service item 315. Therefore, the cloud computing device 310 adds the authentication information (license) to the service item 315. The authentication information may be generated by, but not limited to, an asymmetric encryption algorithm such as RSA encryption, DES, or AES, or a symmetric encryption algorithm.

In the process of generating the authentication information, a one-time password, a random number generation, or a time stamp may be added. Taking the Android operating system as an example, before the user wants to download the service item 315, the mobile communication device 110 calls its password input window through the Android operating system to provide the user with the personal identification code 116. Please refer to "3D". Figure". When transmitting the entered personal identification number, the mobile communication device 110 will add the above-mentioned other data (or join the data supplied from the server 210) and perform related encryption processing. In addition to calling the input window through the Android operating system, a new input window can also be created through the Standard Development Kit (SDK). This method can avoid the internal missing of the Android operating system, so that the illegal user can remotely monitor the data input by the user. Through the custom input window of the SDK, the transfer of the entered values between applications can not be directly obtained through the operating system, thereby increasing the threshold of illegal user intrusion.

In addition, the mobile communication device 110 of the present invention can also write the downloaded service item 315 into the user identification module patch 115 or the user identification module 114 in the following manner, thereby enhancing the service item 315 of the present case. Verify the strength. In the existing mobile communication device 110, the operating system and the installed application program access the underlying user identification module 114 (or the user identification module patch 115) to the destination folder, wherein the destination folder can be accessed. Yes, but not limited to contacts or newsletters.

The headers of general text messages (or Multimedia Messaging Service (MMS)) are identified by fixed values. When the mobile communication device 110 downloads the service item 315, the mobile communication device 110 writes the service item 315 into the address book or the short message box, and rewrites the corresponding header of the address book or the text message frame. For example, when the service item 315 is to be stored in the short message, the service item 315 can be divided into a plurality of sets of data blocks that meet the maximum length of the short message. The header of each sliced data block is written to a specific value, for example, FFFFh is written 2 bytes before the header. Therefore, when the mobile communication device 110 reads the data in the short message, the mobile communication device 110 only needs to find that the header information of the short message is FFFFh, and the mobile communication device is not the text data but the service item 315. Figure 3E shows. When the header is the default value of the short message, the mobile communication device 110 will read the corresponding short message from the user identification module 114. Please refer to the "3F".

After the authentication information is added to the completion service item 315, the cloud computing device 310 transmits the service item 315 to the mobile communication device 110. Next, the mobile communication device 110 performs the processing of the installation service item 315. Please also cooperate with the "FIG. 4A", which includes the following steps: Step S410: The mobile communication device obtains the authentication information from the downloaded service item; S420: the mobile communication device performs verification processing on the personal identification code to generate information to be verified; step S430: whether the mobile communication device compares the authentication information with the information to be verified; and step S440: when the authentication information is inconsistent with the information to be verified, The mobile communication device stops the installation service item; and step S450: when the authentication information is consistent with the information to be verified, the mobile communication device registers the authentication data corresponding to the service item into the storage unit.

As described above, the mobile communication device 110 determines a unique correspondence with the service item 315. Therefore, after the navigation program download service item 315 is completed, the guidance program verifies the service item 315. The vector program obtains the authentication information from the downloaded service item 315. At the same time, the mobile communication device 110 performs another verification process on the personal identification code 116 to generate another set of information to be verified.

Then, the pilot program compares the authentication information with the information to be verified. Since the authentication data and the information to be verified are generated by the same processing algorithm (for example, one-way hash, RSA, DES, MD5, SHA or AES). For example, the mobile communication device may add a time stamp of a specific length before/after transmitting the data to be verified that has been verified. The server 210 can read the correct data to be verified from the correct location according to the added time stamp.

Therefore, the same input data will produce the same result after the aforementioned encryption. Therefore, when the two are consistent, the information to be verified and the authentication information are formed by the recognized counterparts (the mobile communication device 110 and the cloud computing device 310, respectively). After confirming the information to be verified and the authentication information, the guiding program registers the authentication data (or the information to be verified) corresponding to the service item 315 into the storage unit 111, and displays the installed service item on the screen of the mobile communication device 110. 315, please refer to "4B" and "4C" at the same time.

When the user wants to execute the previously downloaded service item 315, the pilot program will again verify that the mobile communication device 110 is legitimate. Please refer to FIG. 5, which is a flow chart of the steps of verifying the mobile communication device 110 for the service item 315 of the present invention. The verification mobile communication device 110 includes the following steps: Step S510: The mobile communication device obtains the authentication data from the service database; Step S520: The mobile communication device acquires the personal identification code from the identification unit; Step S530: Align the authentication data with the personal identification code Whether it is consistent; step S540: if the authentication data is consistent with the personal identification number, the mobile communication device executes the service item; and step S550: if the authentication data does not coincide with the personal identification number, the mobile communication device does not execute the service item.

When the user wants to execute the service item 315, the mobile communication device 110 asks the user to enter the personal identification code 116. The mobile communication device 110 also obtains the authentication material corresponding to the service item 315 from the service database. Next, the mobile communication device 110 performs the verification processing corresponding to the foregoing according to the personal identification code 116, and compares the generated information to be verified with the authentication data. If the verified personal identification code is consistent with the authentication information, the service item 315 is downloaded by the mobile communication device 110 and the user is a legitimate user, so the mobile communication device 110 can execute the service item 315. Conversely, the mobile communication device 110 will not be able to execute the service item 315.

When the user types the personal identification code 116, the input window can be created through the operating system used by the mobile communication device 110, or a customized input window can be created through the SDK. Please refer to the "3D". Such a method can avoid the internal missing of the operating system of the mobile communication device 110, so that the illegal user can obtain the data input by the user through remote remote control. Through the customized input window of the SDK, the input value between the applications can not be directly obtained through the operating system, which increases the threshold of illegal user intrusion.

The present invention provides a data transmission method and system for the mobile communication device 110. The mobile communication device 110 can confirm the identity of the user and obtain the service list 211 of the different types of cloud computing devices 310 from the server 210 through the user classification.

In addition, the mobile communication device 110 of the present invention accesses the user identification module 115 through the user identification module tile 114. Therefore, the mobile communication device 110 does not need to pass the JSR 177 (or an application) to identify the user identification module 115. Exchange of information. The mobile communication device 110 is directed through the server 210 to different types of cloud computing devices 310. In this way, it is possible to provide a more secure download environment for the mobile communication device 110, and further verify whether the service item 315 is legal for the mobile communication device 110 when the download service item 315 is run, thereby enhancing overall operational security.

While the present invention has been described above in terms of the preferred embodiments thereof, it is not intended to limit the invention, and the invention may be modified and modified without departing from the spirit and scope of the invention. The patent protection scope of the invention is subject to the definition of the scope of the patent application attached to the specification.

110. . . Mobile communication device

111. . . Storage unit

112. . . Processing unit

113. . . Identification unit

114. . . User identification module patch

115. . . User identification module

115A. . . User identification module patch

115B. . . User identification module patch

115C. . . User identification module patch

116. . . Personal identification code

117. . . Guided information

118. . . Second verification program

210. . . Server

211. . . Service list

212. . . First verification program

310. . . Cloud computer device

311. . . Cloud alpha

312. . . Cloud beta

313. . . Cloud γ

315. . . service items

Figure 1A is a schematic diagram of the architecture of the present invention.

FIG. 1B is a schematic diagram showing the appearance of a service item of the mobile communication device of the present invention.

Figure 2 is a flow chart of the operation of the present invention.

Figure 3A is a schematic diagram of the pilot program of the present invention.

Figure 3B is a schematic diagram of a list of selected services for the present invention.

Figure 3C is a schematic diagram of a display service list of the present invention.

The 3D diagram is a schematic diagram of the architecture of the password input of the present invention.

Figure 3E is a schematic diagram of the operation of the write user identification module of the present invention.

The 3F figure is a schematic diagram of the operation of the read user identification module of the present invention.

Figure 4A is a flow chart showing the operation of the mobile communication device installation service project of the present invention.

Figure 4B is a schematic diagram of the interface before the installation service project of the present invention.

Figure 4C is a schematic diagram of the interface after the installation service project of the present invention.

Figure 5 is a flow chart showing the steps of the service item verification mobile communication device of the present invention.

Claims (11)

A data transmission method for a mobile communication device includes the following steps: the mobile communication device obtains a navigation information and a personal identification code through a recognition unit for connecting to a corresponding server; the server searches for the personal identification code according to the personal identification code Corresponding service list, the service list records a plurality of service items of the cloud computer device; the mobile communication device selects at least one service item, and uses the server to direct an installation request to the cloud computer device, and the service item is Downloading and installing the mobile communication device; when the mobile communication device executes the service item, using the personal identification code to perform permission verification on the installed service item; if the installed service item passes the authority verification, the action The communication device runs the service item; and if the installed service item does not pass the authority verification, the service item is stopped. The data transmission method of the mobile communication device according to claim 1, wherein the step of accessing the identification unit by the mobile communication device further comprises: the mobile communication device executing a guidance program; and the identification program is used by the guidance program The unit accesses the personal identification code and the navigation information. The data transmission method of the mobile communication device according to claim 1, wherein the identification unit further comprises a user identification module patch and a user identification module, wherein the user identification module patch is electrically connected to the user identification module. The user identification module tile stores the personal identification code and the navigation information. The data transmission method of the mobile communication device according to claim 3, wherein the step of downloading the service item to the mobile communication device further comprises: the cloud computer device adding an authentication information to the service item; and the cloud computer The device transmits the service item that has joined the authentication information to the mobile communication device. The data transmission method of the mobile communication device according to claim 3, wherein the step of installing the service item to the mobile communication device further comprises: the mobile communication device obtaining an authentication information from the downloaded service item; the action The communication device performs a verification process on the personal identification code to generate a to-be-verified information; the mobile communication device compares the authentication information with the to-be-verified information; and when the authentication information is consistent with the to-be-verified information, The mobile communication device registers the information to be verified corresponding to the service item in a storage unit. The method for transmitting data of the mobile communication device according to claim 3, wherein the step of running the installed authority verification of the service item further comprises: the mobile communication device obtaining an authentication data from a service database; the mobile communication The device obtains the personal identification code from the identification unit; whether the authentication data is consistent with the personal identification code; if the authentication data is consistent with the personal identification number, the mobile communication device executes the service item; and if the authentication If the data does not match the personal identification number, the mobile communication device does not execute the service item. A data transmission system for a mobile communication device, wherein when the mobile communication device is connected to the server, the server provides a list of service items to which the mobile phone belongs, and the mobile communication device performs verification of the service item when the service item is downloaded and when the service item is executed. The data transmission system includes: at least one cloud computing device, each of the cloud computing devices storing a plurality of service items; and a server for storing a service list having a plurality of the service items and a first verification program, the service Transmitting the mobile communication device to the corresponding cloud computing device according to the result of the first verification program; and a mobile communication device further comprising an identification unit, the identification unit storing a personal identification code, a guiding information and a first a verification program, wherein the mobile communication device is connected to the corresponding server according to the personal identification code and the navigation information, and the server executes the first verification program according to the personal identification code to search for the corresponding service list. The server responds to the mobile communication device with the service list; The mobile communication device selects any one of the service items from the service list, downloads the selected service item to the mobile communication device through the server for installation, and logs in an authentication information of the service item; when the mobile communication device performs In the service item, the mobile communication device runs the second verification program, and the mobile communication device compares the authentication information with the personal identification code; when the authentication information is consistent with the personal identification code, the service item is run . The data transmission system of the mobile communication device of claim 7, wherein the identification unit further comprises a user identification module patch and a user identification module, wherein the user identification module patch is electrically connected to the user identification module. The user identification module tile stores the personal identification code and the navigation information. The data transmission system of the mobile communication device according to claim 8, wherein the mobile communication device downloads the selected service item further comprises: the service item adds an additional information to the service item through the user identification module patch And the service item with the additional information is written into a destination folder of the user identification module. The data transmission system of the mobile communication device according to claim 9, wherein the destination folder is a short message folder or an address book folder. The data transmission system of the mobile communication device according to claim 9, wherein when the mobile communication device runs the service item, the mobile communication device reads the service having an additional information from the destination folder of the user identification module. The item, the mobile communication device parses the service item through the user identification module.