WO2016161864A1 - Ota bootstrap method and system - Google Patents

Ota bootstrap method and system Download PDF

Info

Publication number
WO2016161864A1
WO2016161864A1 PCT/CN2016/075811 CN2016075811W WO2016161864A1 WO 2016161864 A1 WO2016161864 A1 WO 2016161864A1 CN 2016075811 W CN2016075811 W CN 2016075811W WO 2016161864 A1 WO2016161864 A1 WO 2016161864A1
Authority
WO
WIPO (PCT)
Prior art keywords
identification code
dynamic identification
bootstrap
bootstrap message
message
Prior art date
Application number
PCT/CN2016/075811
Other languages
French (fr)
Chinese (zh)
Inventor
罗猛
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016161864A1 publication Critical patent/WO2016161864A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/04Arrangements for maintaining operational condition

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed are an OTA bootstrap method and system. The method comprises: a terminal device receiving a PreBootstrap message carrying a dynamic identification code; the terminal device receiving a Bootstrap message; and the terminal device checking the Bootstrap message using the dynamic identification code.

Description

一种空口引导方法及系统Air interface guiding method and system 技术领域Technical field
本申请涉及但不限于移动通信终端管理技术。This application relates to, but is not limited to, mobile communication terminal management techniques.
背景技术Background technique
随着移动通信业务的发展,移动通信设备终端管理(OMA DM,Object Management Architecture Data Management)在整个移动运营服务器体系中的地位日益重要,OMA DM的应用能够有效降低维护成本。With the development of mobile communication services, OMA DM (Object Management Architecture Data Management) is increasingly important in the entire mobile operation server system, and the application of OMA DM can effectively reduce maintenance costs.
在OMA DM协议中,不具备DM功能的终端可以通过引导(Bootstrap)获得与服务器进行DM会话的能力。常见的Bootstrap有如下三种类型:In the OMA DM protocol, a terminal that does not have the DM function can obtain a DM session with the server through Bootstrap. The common Bootstrap has the following three types:
1、出厂预制引导(Factory Bootstrap)方式:在出厂时将所有进行DM交互的信息预制到终端,无需再通过空口传递敏感性较高的公钥等信息,安全性较高但不灵活;1. Factory Bootstrap mode: Pre-fabrication of all information for DM interaction to the terminal at the factory, without the need to transmit sensitive public key and other information through the air interface, the security is high but not flexible;
2、空口引导(OTA Bootstrap)方式:不具备DM功能的终端通过无线应用协议反馈(WAP PUSH,Wireless Application Protocol Push)或者对象交换(OBEX,Object Exchange)等方式接收来自DM服务器的Bootstrap消息,并根据消息中的内容进行相应配置,从而获得与DM服务器进行DM会话的能力,这种方法灵活性较高,但是需要通过空口传输大量敏感性较高的信息,所以存在收到恶意Bootstrap消息的风险,安全性不高;2. The OTA Bootstrap mode is adopted. The terminal that does not have the DM function receives the Bootstrap message from the DM server by means of a WAP application (WAP PUSH, Wireless Application Protocol Push) or an object exchange (OBEX, Object Exchange). According to the content of the message, the corresponding configuration is performed to obtain the capability of performing DM session with the DM server. This method has high flexibility, but needs to transmit a large amount of sensitive information through the air interface, so there is a risk of receiving a malicious Bootstrap message. , security is not high;
3、智能卡引导(Smartcard Bootstrap)方式:终端从插入的Smartcard中读取信息来完成Bootstrap从而获得DM交互能力,这种方式安全性也较高但应用成本也随之增加。3. Smart card Bootstrap mode: The terminal reads the information from the inserted Smartcard to complete the Bootstrap to obtain the DM interaction capability. This method is also safer but the application cost is also increased.
由上分析可以看出,OTA Bootstrap是最为灵活高效的方式。所需要的网络环境包括:终端设备、用户、网络服务器、终端管理(DM)服务器,其处理流程见图1:As can be seen from the above analysis, OTA Bootstrap is the most flexible and efficient way. The required network environment includes: terminal equipment, users, network servers, and terminal management (DM) servers. The processing flow is shown in Figure 1:
步骤101、用户在终端设备上注册;Step 101: The user registers on the terminal device.
步骤102、网络服务器在本网络中检测到终端设备; Step 102: The network server detects the terminal device in the network.
步骤103、终端设备确认是现网注册设备(即终端设备可用);Step 103: The terminal device confirms that it is a registered device on the live network (that is, the terminal device is available);
步骤104、网络服务器向DM服务器发送OTA Bootstrap请求;Step 104: The network server sends an OTA Bootstrap request to the DM server.
步骤105、DM服务器反馈空口引导设置反馈消息PUSH OTA Bootstrap;Step 105: The DM server feeds back the air interface guidance setting feedback message PUSH OTA Bootstrap;
步骤106、终端设备执行OTA Bootstrap操作;Step 106: The terminal device performs an OTA Bootstrap operation.
步骤107、终端设备与DM服务器回连回话。Step 107: The terminal device and the DM server return to each other.
如图1所示流程,DM服务器可能是授权的DM服务器,也有可能是非授权DM服务器。所以终端设备接收到的Bootstrap消息可能是非授权DM服务器发送的,这样终端设备就会完全受非授权的DM服务器控制,存在极大的安全隐患。As shown in Figure 1, the DM server may be an authorized DM server or an unauthorized DM server. Therefore, the Bootstrap message received by the terminal device may be sent by the unauthorized DM server, so that the terminal device is completely controlled by the unauthorized DM server, and there is a great security risk.
因此,虽然OTA Bootstrap灵活高效,但存在极大的安全隐患。尽管OMA DM协议要求为OTA Bootstrap进行信息鉴权码(MAC,Message Authentication Code)鉴权,并制定了多种安全机制,如:网络提供识别码NETWPIN、用户提供识别码USERPIN以及网络/用户共同提供识别码USERNETWPIN等,但个人识别密码(PIN,Personal Identification Number)的获取方式单一或PIN码本身基本是固定不变的,安全性较弱。这些敏感度较高的信息在传输过程中很容易被暴力破解或人为泄漏。在这种情况下,终端设备可能收到恶意的Bootstrap消息并进行Bootstrap操作从而导致终端设备无法正常工作,或者与非授权的DM服务器进行交互,使终端设备上的信息泄漏或者被篡改,使用户蒙受巨大的损失。Therefore, although OTA Bootstrap is flexible and efficient, it has great security risks. Although the OMA DM protocol requires authentication of the message authentication code (MAC) for the OTA Bootstrap, various security mechanisms are developed, such as: the network provides the identification code NETWPIN, the user provides the identification code USERPIN, and the network/user provides the same. The identification code USERNETWPIN, etc., but the personal identification number (PIN, Personal Identification Number) is obtained in a single way or the PIN code itself is basically fixed, and the security is weak. These highly sensitive information are easily hacked or artificially leaked during transmission. In this case, the terminal device may receive a malicious Bootstrap message and perform a Bootstrap operation to cause the terminal device to fail to work normally, or interact with an unauthorized DM server, so that the information on the terminal device is leaked or tampered with, so that the user Suffered huge losses.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
本文提供一种空口引导方法及系统,能够加强Bootstrap消息的可靠性验证,避免收到恶意Bootstrap消息而导致用户信息泄露或篡改等安全性问题。This document provides an air interface guidance method and system, which can enhance the reliability verification of Bootstrap messages and avoid security problems such as user information leakage or tampering after receiving malicious Bootstrap messages.
一种空口引导OTA Bootstrap方法,包括:终端设备接收携带动态识别码的前引导PreBootstrap消息;终端设备接收Bootstrap消息;终端设备利用 所述动态识别码对Bootstrap消息进行检验。An air interface guiding OTA Bootstrap method includes: a terminal device receives a pre-boot PreBootstrap message carrying a dynamic identification code; a terminal device receives a Bootstrap message; and the terminal device utilizes The dynamic identification code checks the Bootstrap message.
可选地,所述终端设备利用所述动态识别码对Bootstrap消息进行检验之后,所述方法还包括:当所述Bootstrap消息通过检验后,终端设备执行所述Bootstrap消息对应的Bootstrap操作。Optionally, after the terminal device uses the dynamic identifier to verify the Bootstrap message, the method further includes: after the Bootstrap message passes the verification, the terminal device performs a Bootstrap operation corresponding to the Bootstrap message.
可选地,所述终端设备利用所述动态识别码对Bootstrap消息进行检验之后,所述方法,还包括:当所述Bootstrap消息未通过检验后,终端设备丢弃所述Bootstrap消息。Optionally, after the terminal device uses the dynamic identifier to check the Bootstrap message, the method further includes: after the Bootstrap message fails the verification, the terminal device discards the Bootstrap message.
可选地,所述PreBootstrap消息还携带所述动态识别码的有效时间;Optionally, the PreBootstrap message further carries an effective time of the dynamic identifier;
所述终端设备利用所述动态识别码对Bootstrap消息进行检验包括:所述终端设备在所述动态识别码的有效时间内利用所述动态识别码对所述Bootstrap消息进行检验。The detecting, by the terminal device, the Bootstrap message by using the dynamic identification code, is: the terminal device uses the dynamic identification code to check the Bootstrap message within a valid time of the dynamic identification code.
可选地,所述终端设备利用所述动态识别码对Bootstrap消息进行检验包括:Optionally, the detecting, by the terminal device, the Bootstrap message by using the dynamic identifier:
当所述Bootstrap消息与所述动态识别码对应关系正确,且利用动态识别码对Bootstrap消息进行的检验在动态识别码的有效时间内完成,则所述Bootstrap消息通过检验;When the correspondence between the Bootstrap message and the dynamic identification code is correct, and the verification of the Bootstrap message by using the dynamic identification code is completed within the valid time of the dynamic identification code, the Bootstrap message passes the verification;
当所述Bootstrap消息与动态识别码的对应关系不正确,或利用动态识别码对Bootstrap消息进行的检验未在动态识别码的有效时间内完成,则所述Bootstrap消息未通过检验。When the correspondence between the Bootstrap message and the dynamic identification code is incorrect, or the verification of the Bootstrap message by using the dynamic identification code is not completed within the valid time of the dynamic identification code, the Bootstrap message fails the verification.
一种空口引导系统,设置于终端设备,包括:第一接收模块,设置为:接收携带动态识别码的PreBootstrap消息;第二接收模块,设置为:接收Bootstrap消息;检验模块,设置为:利用所述动态识别码对Bootstrap消息进行检验。An air interface guiding system, configured in the terminal device, includes: a first receiving module, configured to: receive a PreBootstrap message carrying a dynamic identification code; and a second receiving module, configured to: receive a Bootstrap message; and the verification module is configured to: The dynamic identification code checks the Bootstrap message.
可选地,所述系统,还包括:处理模块,设置为:当所述Bootstrap消息通过所述检验模块的检验后,执行所述Bootstrap消息对应的Bootstrap操作。Optionally, the system further includes: a processing module, configured to: after the Bootstrap message passes the verification by the verification module, perform a Bootstrap operation corresponding to the Bootstrap message.
可选地,所述系统,还包括:处理模块,设置为:当所述Bootstrap消息未通过所述检验模块的检验后,丢弃所述Bootstrap消息。 Optionally, the system further includes: a processing module, configured to: when the Bootstrap message fails the verification by the verification module, discard the Bootstrap message.
可选地,所述PreBootstrap消息还携带所述动态识别码的有效时间,所述检验模块是设置为:在所述动态识别码的有效时间内利用所述动态识别码对所述Bootstrap消息进行检验。Optionally, the PreBootstrap message further carries an effective time of the dynamic identifier, and the verification module is configured to: use the dynamic identifier to verify the Bootstrap message during an effective time of the dynamic identifier .
可选地,所述检验模块是设置为:Optionally, the verification module is set to:
当所述Bootstrap消息与所述动态识别码对应关系正确,且利用动态识别码对Bootstrap消息进行的检验在动态识别码的有效时间内完成,则所述Bootstrap消息通过检验;When the correspondence between the Bootstrap message and the dynamic identification code is correct, and the verification of the Bootstrap message by using the dynamic identification code is completed within the valid time of the dynamic identification code, the Bootstrap message passes the verification;
当所述Bootstrap消息与动态识别码的对应关系不正确,或利用动态识别码对Bootstrap消息进行的检验未在动态识别码的有效时间内完成,则所述Bootstrap消息未通过检验。When the correspondence between the Bootstrap message and the dynamic identification code is incorrect, or the verification of the Bootstrap message by using the dynamic identification code is not completed within the valid time of the dynamic identification code, the Bootstrap message fails the verification.
一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行上述任一项的方法。A computer readable storage medium storing computer executable instructions for performing the method of any of the above.
在本发明实施例的OTA Bootstrap过程中,终端设备接收携带动态识别码的PreBootstrap消息以及Bootstrap消息,并利用所述动态识别码对Bootstrap消息进行检验。如此,大大增加了OTA Bootstrap过程中Bootstrap消息验证的可靠性,避免了因收到恶意Bootstrap消息而导致用户信息泄露或篡改等安全性问题。In the OTA Bootstrap process of the embodiment of the present invention, the terminal device receives the PreBootstrap message carrying the dynamic identification code and the Bootstrap message, and uses the dynamic identification code to check the Bootstrap message. In this way, the reliability of Bootstrap message verification in the OTA Bootstrap process is greatly increased, and security problems such as leakage or tampering of user information due to receiving malicious Bootstrap messages are avoided.
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图概述BRIEF abstract
图1为相关技术中终端设备进行空口引导过程的基本流程示意图;1 is a schematic diagram of a basic process of an air interface guiding process performed by a terminal device in the related art;
图2为本发明实施例提供的空口引导方法的流程图;2 is a flowchart of an air interface guiding method according to an embodiment of the present invention;
图3为本发明实施例一提供的空口引导方法的流程图;3 is a flowchart of an air interface guiding method according to Embodiment 1 of the present invention;
图4为本发明实施例通过的空口引导系统的组成示意图。FIG. 4 is a schematic diagram of the composition of an air interface guiding system according to an embodiment of the present invention.
本发明的实施方式 Embodiments of the invention
以下结合附图对本发明的实施方式进行说明。Embodiments of the present invention will be described below with reference to the accompanying drawings.
图2为本发明实施例提供的空口引导方法的流程图。如图2所示,本发明实施例提供的空口引导方法包括以下步骤:FIG. 2 is a flowchart of an air interface guiding method according to an embodiment of the present invention. As shown in FIG. 2, the air interface guiding method provided by the embodiment of the present invention includes the following steps:
步骤21:终端设备接收携带动态识别码的PreBootstrap(前引导)消息。Step 21: The terminal device receives a PreBootstrap message carrying a dynamic identification code.
于本步骤中,PreBootstrap消息携带的动态识别码与后续的Bootstrap消息存在对应关系。于此,动态识别码例如为动态生成且经过加密得到的PIN码。In this step, the dynamic identifier carried in the PreBootstrap message has a corresponding relationship with the subsequent Bootstrap message. Here, the dynamic identification code is, for example, a dynamically generated and encrypted PIN code.
终端设备例如从DM服务器群接收PreBootstrap消息,之后解析PreBootstrap消息,得到PIN码,并存储该PIN码。The terminal device receives the PreBootstrap message, for example, from the DM server group, and then parses the PreBootstrap message, obtains the PIN code, and stores the PIN code.
于一实施例中,PreBootstrap消息还携带动态识别码的有效时间。终端设备解析所述PreBootstrap消息后,得到PIN码和该PIN码的有效时间,并存储该PIN码及该PIN码的有效时间。In an embodiment, the PreBootstrap message also carries the effective time of the dynamic identification code. After the terminal device parses the PreBootstrap message, the PIN code and the valid time of the PIN code are obtained, and the PIN code and the valid time of the PIN code are stored.
步骤22:终端设备接收Bootstrap消息。Step 22: The terminal device receives the Bootstrap message.
步骤23:终端设备利用所述动态识别码对Bootstrap消息进行检验。Step 23: The terminal device uses the dynamic identification code to check the Bootstrap message.
当Bootstrap消息通过检验后,终端设备执行Bootstrap消息对应的Bootstrap操作;当Bootstrap消息未通过检验后,终端设备丢弃Bootstrap消息。After the Bootstrap message passes the check, the terminal device performs the Bootstrap operation corresponding to the Bootstrap message. After the Bootstrap message fails the check, the terminal device discards the Bootstrap message.
于一实施例中,PreBootstrap消息还携带所述动态识别码的有效时间。此时,步骤23包括:终端设备在所述动态识别码的有效时间内利用所述动态识别码对Bootstrap消息进行检验。其中,当所述Bootstrap消息与所述动态识别码对应关系正确,且利用动态识别码对Bootstrap消息进行的检验在动态识别码的有效时间内完成,则所述Bootstrap消息通过检验;当所述Bootstrap消息与动态识别码的对应关系不正确,或利用动态识别码对Bootstrap消息进行的检验未在动态识别码的有效时间内完成,则所述Bootstrap消息未通过检验。In an embodiment, the PreBootstrap message also carries the valid time of the dynamic identifier. At this time, step 23 includes: the terminal device uses the dynamic identification code to check the Bootstrap message within the valid time of the dynamic identification code. Wherein, when the correspondence between the Bootstrap message and the dynamic identification code is correct, and the verification of the Bootstrap message by using the dynamic identification code is completed within the valid time of the dynamic identification code, the Bootstrap message passes the check; when the Bootstrap If the correspondence between the message and the dynamic identification code is incorrect, or the verification of the Bootstrap message by using the dynamic identification code is not completed within the valid time of the dynamic identification code, the Bootstrap message fails the verification.
图3为本发明实施例一提供的空口引导方法的流程图。如图3所示,对本发明实施例一的步骤加以详细说明:FIG. 3 is a flowchart of an air interface guiding method according to Embodiment 1 of the present invention. As shown in FIG. 3, the steps of the first embodiment of the present invention are described in detail:
步骤301、用户在终端设备上进行注册; Step 301: The user registers on the terminal device.
步骤302、网络服务器在本网络中检测到终端设备;Step 302: The network server detects the terminal device in the network.
步骤303、终端设备确认是现网注册设备(即终端设备可用);Step 303: The terminal device confirms that the device is registered on the live network (that is, the terminal device is available).
步骤304、网络服务器向DM服务器群发送OTA Bootstrap请求;Step 304: The network server sends an OTA Bootstrap request to the DM server group.
步骤305、DM服务器群向终端设备发送PreBootstrap消息,其中,PreBootstrap消息携带有动态生成的加密后的PIN码及该PIN码的有效时间;Step 305: The DM server group sends a PreBootstrap message to the terminal device, where the PreBootstrap message carries the dynamically generated encrypted PIN code and the valid time of the PIN code.
步骤306、终端设备接收PreBootstrap消息,并对消息进行解析,得到PIN码及该PIN码的有效时间,并进行存储;Step 306: The terminal device receives the PreBootstrap message, parses the message, and obtains the PIN code and the valid time of the PIN code, and stores the information.
步骤307、DM服务器群向终端设备发送Bootstrap消息;Step 307: The DM server group sends a Bootstrap message to the terminal device.
步骤308、终端设备使用动态PIN码在PIN码有效时间内对Bootstrap消息进行检验,检验通过则执行Bootstrap操作;检验失败或超过PIN码有效时间,则抛弃这条Bootstrap消息;Step 308: The terminal device uses the dynamic PIN code to check the Bootstrap message within the valid time of the PIN code, and performs a Bootstrap operation when the verification succeeds; if the verification fails or exceeds the valid time of the PIN code, the Bootstrap message is discarded;
步骤309、终端设备Bootstrap完成后,与DM服务器群进行回连。Step 309: After the terminal device Bootstrap is completed, the terminal is connected to the DM server group.
如图4所示,本发明实施例还提供一种空口引导系统,设置于终端设备,包括:第一接收模块41,设置为:接收携带动态识别码的PreBootstrap消息;第二接收模块42,设置为:接收Bootstrap消息;检验模块43,设置为:利用所述动态识别码对Bootstrap消息进行检验。As shown in FIG. 4, an embodiment of the present invention further provides an air interface guiding system, which is configured in a terminal device, and includes: a first receiving module 41, configured to: receive a PreBootstrap message carrying a dynamic identification code; and a second receiving module 42, set The method is: receiving the Bootstrap message, and the checking module 43 is configured to: check the Bootstrap message by using the dynamic identifier.
于实施例中,上述系统还可包括处理模块44,设置为:当所述Bootstrap消息通过检验模块的检验后,执行所述Bootstrap消息对应的Bootstrap操作;或者,当所述Bootstrap消息未通过检验模块的检验后,丢弃所述Bootstrap消息。In an embodiment, the system may further include a processing module 44, configured to: perform a Bootstrap operation corresponding to the Bootstrap message after the Bootstrap message passes the verification by the verification module; or, when the Bootstrap message fails the verification module. After the check, the Bootstrap message is discarded.
于实施例中,所述PreBootstrap消息还携带所述动态识别码的有效时间。所述检验模块43是设置为:在所述动态识别码的有效时间内利用所述动态识别码对所述Bootstrap消息进行检验。In an embodiment, the PreBootstrap message further carries an effective time of the dynamic identifier. The verification module 43 is configured to check the Bootstrap message by using the dynamic identification code within the valid time of the dynamic identification code.
于实施例中,所述检验模块43是设置为:当所述Bootstrap消息与所述动态识别码对应关系正确,且利用动态识别码对Bootstrap消息进行的检验在动态识别码的有效时间内完成,则所述Bootstrap消息通过检验;当所述Bootstrap消息与动态识别码的对应关系不正确,或利用动态识别码对Bootstrap消息进行的检验未在动态识别码的有效时间内完成,则所述 Bootstrap消息未通过检验。In the embodiment, the verification module 43 is configured to: when the Bootstrap message and the dynamic identification code correspond to the correct relationship, and the verification of the Bootstrap message by using the dynamic identification code is completed within the valid time of the dynamic identification code, The Bootstrap message passes the verification; when the correspondence between the Bootstrap message and the dynamic identification code is incorrect, or the verification of the Bootstrap message by using the dynamic identification code is not completed within the valid time of the dynamic identification code, the The Bootstrap message failed the test.
另外,关于上述系统的处理过程同上述方法所述,故于此不再赘述。In addition, the processing procedure of the above system is the same as that described above, and thus will not be described herein.
综上所述,采用本发明实施例的方案,在服务器端可以利用已有的方式做简单修改即可完成本发明实施例中的Bootstrap消息检验,从而节约了成本,同时保证了Bootstrap消息来源的可靠性,有效增强了OTA Bootstrap过程的安全性。In summary, according to the solution of the embodiment of the present invention, the Bootstrap message check in the embodiment of the present invention can be completed by using the existing method in a simple manner, thereby saving cost and ensuring the source of the Bootstrap message. Reliability, which effectively enhances the security of the OTA Bootstrap process.
本领域普通技术人员可以理解上述实施例的全部或部分步骤可以使用计算机程序流程来实现,所述计算机程序可以存储于一计算机可读存储介质中,所述计算机程序在相应的硬件平台上(如系统、设备、装置、器件等)执行,在执行时,包括方法实施例的步骤之一或其组合。One of ordinary skill in the art will appreciate that all or a portion of the steps of the above-described embodiments can be implemented using a computer program flow, which can be stored in a computer readable storage medium, such as on a corresponding hardware platform (eg, The system, device, device, device, etc. are executed, and when executed, include one or a combination of the steps of the method embodiments.
可选地,上述实施例的全部或部分步骤也可以使用集成电路来实现,这些步骤可以被分别制作成一个个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。Alternatively, all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
上述实施例中的装置/功能模块/功能单元可以采用通用的计算装置来实现,它们可以集中在单个的计算装置上,也可以分布在多个计算装置所组成的网络上。The devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
上述实施例中的装置/功能模块/功能单元以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。上述提到的计算机可读取存储介质可以是只读存储器,磁盘或光盘等。When the device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. The above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
工业实用性Industrial applicability
在本发明实施例的OTA Bootstrap过程中,终端设备接收携带动态识别码的PreBootstrap消息以及Bootstrap消息,并利用所述动态识别码对Bootstrap消息进行检验。如此,大大增加了OTA Bootstrap过程中Bootstrap消息验证的可靠性,避免了因收到恶意Bootstrap消息而导致用户信息泄露或篡改等安全性问题。 In the OTA Bootstrap process of the embodiment of the present invention, the terminal device receives the PreBootstrap message carrying the dynamic identification code and the Bootstrap message, and uses the dynamic identification code to check the Bootstrap message. In this way, the reliability of Bootstrap message verification in the OTA Bootstrap process is greatly increased, and security problems such as leakage or tampering of user information due to receiving malicious Bootstrap messages are avoided.

Claims (11)

  1. 一种空口引导OTA Bootstrap方法,包括:An air interface booting OTA Bootstrap method, including:
    终端设备接收携带动态识别码的前引导PreBootstrap消息;The terminal device receives the pre-boot PreBootstrap message carrying the dynamic identification code;
    终端设备接收Bootstrap消息;The terminal device receives the Bootstrap message;
    终端设备利用所述动态识别码对Bootstrap消息进行检验。The terminal device uses the dynamic identification code to check the Bootstrap message.
  2. 如权利要求1所述的方法,其中,所述终端设备利用所述动态识别码对Bootstrap消息进行检验之后,还包括:当所述Bootstrap消息通过检验后,终端设备执行所述Bootstrap消息对应的Bootstrap操作。The method of claim 1, wherein the terminal device uses the dynamic identification code to check the Bootstrap message, and further includes: after the Bootstrap message passes the verification, the terminal device executes the Bootstrap corresponding to the Bootstrap message. operating.
  3. 如权利要求1所述的方法,其中,所述终端设备利用所述动态识别码对Bootstrap消息进行检验之后,还包括:当所述Bootstrap消息未通过检验后,终端设备丢弃所述Bootstrap消息。The method of claim 1, wherein the terminal device checks the Bootstrap message by using the dynamic identification code, and further comprises: after the Bootstrap message fails the verification, the terminal device discards the Bootstrap message.
  4. 如权利要求1至3任一项所述的方法,其中:所述PreBootstrap消息还携带所述动态识别码的有效时间;The method according to any one of claims 1 to 3, wherein: the PreBootstrap message further carries an effective time of the dynamic identification code;
    所述终端设备利用所述动态识别码对Bootstrap消息进行检验包括:所述终端设备在所述动态识别码的有效时间内利用所述动态识别码对所述Bootstrap消息进行检验。The detecting, by the terminal device, the Bootstrap message by using the dynamic identification code, is: the terminal device uses the dynamic identification code to check the Bootstrap message within a valid time of the dynamic identification code.
  5. 如权利要求4所述的方法,其中:所述终端设备利用所述动态识别码对Bootstrap消息进行检验包括:The method of claim 4, wherein the detecting, by the terminal device, the Bootstrap message by using the dynamic identification code comprises:
    当所述Bootstrap消息与所述动态识别码对应关系正确,且利用动态识别码对Bootstrap消息进行的检验在动态识别码的有效时间内完成,则所述Bootstrap消息通过检验;When the correspondence between the Bootstrap message and the dynamic identification code is correct, and the verification of the Bootstrap message by using the dynamic identification code is completed within the valid time of the dynamic identification code, the Bootstrap message passes the verification;
    当所述Bootstrap消息与动态识别码的对应关系不正确,或利用动态识别码对Bootstrap消息进行的检验未在动态识别码的有效时间内完成,则所述Bootstrap消息未通过检验。When the correspondence between the Bootstrap message and the dynamic identification code is incorrect, or the verification of the Bootstrap message by using the dynamic identification code is not completed within the valid time of the dynamic identification code, the Bootstrap message fails the verification.
  6. 一种空口引导系统,设置于终端设备,包括:An air interface guiding system is provided on a terminal device, including:
    第一接收模块,设置为:接收携带动态识别码的PreBootstrap消息;The first receiving module is configured to: receive a PreBootstrap message carrying a dynamic identification code;
    第二接收模块,设置为:接收Bootstrap消息; The second receiving module is configured to: receive a Bootstrap message;
    检验模块,设置为:利用所述动态识别码对Bootstrap消息进行检验。The verification module is configured to: check the Bootstrap message by using the dynamic identification code.
  7. 如权利要求6所述的系统,还包括:处理模块,设置为:当所述Bootstrap消息通过所述检验模块的检验后,执行所述Bootstrap消息对应的Bootstrap操作。The system of claim 6, further comprising: a processing module, configured to: perform a Bootstrap operation corresponding to the Bootstrap message after the Bootstrap message passes the verification by the verification module.
  8. 如权利要求6所述的系统,还包括:处理模块,设置为:当所述Bootstrap消息未通过所述检验模块的检验后,丢弃所述Bootstrap消息。The system of claim 6 further comprising: a processing module configured to: discard the Bootstrap message after the Bootstrap message has not passed the verification by the verification module.
  9. 如权利要求6至8任一项所述的系统,其中:所述PreBootstrap消息还携带所述动态识别码的有效时间,所述检验模块是设置为:在所述动态识别码的有效时间内利用所述动态识别码对所述Bootstrap消息进行检验。The system according to any one of claims 6 to 8, wherein: the PreBootstrap message further carries an effective time of the dynamic identification code, and the verification module is configured to: utilize during the effective time of the dynamic identification code The dynamic identification code checks the Bootstrap message.
  10. 如权利要求9所述的系统,其中:所述检验模块是设置为:The system of claim 9 wherein: said verification module is configured to:
    当所述Bootstrap消息与所述动态识别码对应关系正确,且利用动态识别码对Bootstrap消息进行的检验在动态识别码的有效时间内完成,则所述Bootstrap消息通过检验;When the correspondence between the Bootstrap message and the dynamic identification code is correct, and the verification of the Bootstrap message by using the dynamic identification code is completed within the valid time of the dynamic identification code, the Bootstrap message passes the verification;
    当所述Bootstrap消息与动态识别码的对应关系不正确,或利用动态识别码对Bootstrap消息进行的检验未在动态识别码的有效时间内完成,则所述Bootstrap消息未通过检验。When the correspondence between the Bootstrap message and the dynamic identification code is incorrect, or the verification of the Bootstrap message by using the dynamic identification code is not completed within the valid time of the dynamic identification code, the Bootstrap message fails the verification.
  11. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求1-5任一项的方法。 A computer readable storage medium storing computer executable instructions for performing the method of any of claims 1-5.
PCT/CN2016/075811 2015-04-07 2016-03-07 Ota bootstrap method and system WO2016161864A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510160418.3A CN106162706B (en) 2015-04-07 2015-04-07 Air interface guiding method and system
CN201510160418.3 2015-04-07

Publications (1)

Publication Number Publication Date
WO2016161864A1 true WO2016161864A1 (en) 2016-10-13

Family

ID=57073028

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/075811 WO2016161864A1 (en) 2015-04-07 2016-03-07 Ota bootstrap method and system

Country Status (2)

Country Link
CN (1) CN106162706B (en)
WO (1) WO2016161864A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070286376A1 (en) * 2006-06-12 2007-12-13 Microsoft Corporation Microsoft Patent Group Device authentication techniques
CN101951595A (en) * 2010-08-23 2011-01-19 中兴通讯股份有限公司 Method and system for processing OTA (Over-The-Air) Bootstrap

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070286376A1 (en) * 2006-06-12 2007-12-13 Microsoft Corporation Microsoft Patent Group Device authentication techniques
CN101951595A (en) * 2010-08-23 2011-01-19 中兴通讯股份有限公司 Method and system for processing OTA (Over-The-Air) Bootstrap

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WAP FORUM: "Provision Bootstrap Version 14-March-2001", WIRELESS APPLICAIOTN PROTOCOL WAP-184-PROVBOOT-20010314-A, 14 March 2001 (2001-03-14), pages 1 - 24, XP055318956 *

Also Published As

Publication number Publication date
CN106162706A (en) 2016-11-23
CN106162706B (en) 2020-05-29

Similar Documents

Publication Publication Date Title
CN103581105B (en) Login validation method and login authentication system
CN105306490B (en) Payment verifying system, method and device
CN112019493B (en) Identity authentication method, identity authentication device, computer equipment and medium
TWI706269B (en) Service realization method and device
US10237072B2 (en) Signatures for near field communications
WO2018018697A1 (en) Method and system for identifying spam message from false base station
RU2008141089A (en) APPLICATION AUTHENTICATION
CN106487762A (en) The recognition methodss of user identity, identification applications client and server
US9600671B2 (en) Systems and methods for account recovery using a platform attestation credential
CN110365684B (en) Access control method and device for application cluster and electronic equipment
CN108616360A (en) User identity verification, register method and device
US11218464B2 (en) Information registration and authentication method and device
CN105119722A (en) Identity verification method, equipment and system
CN111131416A (en) Business service providing method and device, storage medium and electronic device
EP3206329A1 (en) Security check method, device, terminal and server
Karim et al. Prochecker: An automated security and privacy analysis framework for 4g lte protocol implementations
US20200412535A1 (en) Authentication information transmission method, apparatus, and storage medium
US7437563B2 (en) Software integrity test
CN106878336A (en) A kind of data interactive method and device
CN113569263A (en) Secure processing method and device for cross-private-domain data and electronic equipment
CN104079527A (en) Information processing method and electronic equipment
CN115941217B (en) Method for secure communication and related products
WO2016161864A1 (en) Ota bootstrap method and system
KR20180034199A (en) Unified login method and system based on single sign on service
US11245698B2 (en) Registration system and registration method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16776039

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16776039

Country of ref document: EP

Kind code of ref document: A1