File upgrading method and terminal device

[0026] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0027] In the embodiment of the present invention, the server first verifies the upgrade authority of the terminal device, and after verification, transmits the file to be upgraded to the terminal device, and the terminal device then upgrades the file.

[0028] figure 1 It is an overall flow chart of the file upgrading method of the embodiment of the present invention.

[0029] In this embodiment, when the user needs to upgrade the file of the terminal device used, the terminal device sends an upgrade request to the server for upgrading, so that the server can verify the authority. Of course, the terminal equipment used by the user needs to register with the upgrade server to obtain an account before it can be used normally. (LiccnscAuthorization Code, LAC) is registered on the upgrade server.

[0030] In this embodiment, the terminal device can register with the first server. When an upgrade is required, the terminal device can verify the upgrade authority through the first server. When the verification is passed, the upgrade file can be obtained from the second server for upgrade. In this embodiment, the terminal device can also be upgraded on a server, and the authority verification is performed on the server, and after the verification is passed, the upgrade file is obtained from the server. It is understandable that the first solution: the server can be divided into two servers, the first server performs registration and verification, and the second server stores the upgrade file. Second server information. The second solution: a server performs registration, verification and storage of upgrade files at the same time.

[0031] To simplify the description, the first solution is taken as an example for illustration. An example of the second solution is not described here. The difference is that in the first solution, the first server needs to notify the terminal device of the information of the second server where the upgrade file is stored, and the terminal device obtains the upgrade file through the information of the second server.

[0032] In this embodiment, in step S100, the terminal device sends an upgrade request message to the first server, and the upgrade request message includes the ESN, LAC and name of the upgrade file of the terminal device. In this embodiment, the first server may be an HTTP server, which may be an official website for updating files.

[0033] Step S102, the first server verifies the upgrade authority of the terminal device according to the upgrade request information. In this embodiment, the ESN and LAC in the upgrade request information are compared with the ESN and LAC in the registration information respectively.

[0034] If the user revises the license and sends an upgrade message including the license to the first server for verification, since the license of the terminal device is not used as the verification standard, this upgrade request can be blocked, thereby confirming that the user is an illegal user. Legitimate users, to prevent such behavior of users.

[0035] Step S104, when the verification is successful, the first server sends feedback information to the terminal device. In this embodiment, the first server sends feedback information to the terminal device in the form of an XML file, and the feedback information includes version information of the current upgrade file, second server information, activation code, message-digest algorithm value (Message-digest Algorithm 5 , MD5) and digital signature information, of course, can also include other information. The version information of the current upgrade file is the version number of the current upgrade file. The second server information includes address information of the second server and login password information of the second server, and the second server may be an FTP server. The digital signature information is a string after encrypting the MD5 value. In this embodiment, the second server information and the digital signature information need to be encrypted by Advanced Encryption Standard (Advanced Encryption Standard, AES). Of course, other encryption methods may also be used, which is not limited in the present invention. In this embodiment, the activation code is obtained by AES encryption of the ESN of the terminal device to be upgraded, the name of the upgrade file, and the expiry date of the upgrade file by the first server. In this embodiment, the activation code includes the ESN of the terminal device, the name of the upgrade file and the expiry date of the upgrade file.

[0036] If the second solution is adopted, the feedback information includes version information of the current upgrade file, activation code, message-digest algorithm value (Message-digest Algorithm 5, MD5) and digital signature information.

[0037] Step S106, the terminal device sends request information for obtaining an upgrade file to the second server according to the feedback information. In this embodiment, the terminal device first performs AES decryption on the second server information, and then sends request information for obtaining the upgrade file to the second server according to the decrypted second server information and the version information of the current upgrade file. The request information includes the login password information of the second server and the version information of the current upgrade file in the decrypted second server information. In this embodiment, the terminal device also needs to perform AES decryption on the digital signature information, compare the decrypted MD5 value with the MD5 value in the feedback information, and if they are the same, send the request information for obtaining the upgrade file to the second server . If not, the upgrade operation is aborted. In this embodiment, the purpose of comparing the decrypted MD5 value with the MD5 value in the feedback information is mainly to prevent the XML file from being modified.

[0038]If the second solution is adopted, the terminal device sends request information for acquiring the upgrade file to the server according to the version information of the current upgrade file in the feedback information.

[0039] In step S108, the second server performs authorization upgrade verification according to the request information. In this embodiment, the upgrade authorization verification is performed according to the decrypted second server information.

[0040] Step S110, when the verification is successful, the second server generates an upgrade file suitable for network transmission from the original file, and sends it to the terminal device. In this embodiment, the original file is first encrypted, and then header information is added to the encrypted original file. It can be understood that the upgrade file includes encrypted original files and header information.

[0041] If the second solution is adopted, step S108 is not required, and the server directly generates an upgrade file suitable for network transmission according to the request information of the upgrade file, and sends it to the terminal device.

[0042] Step S112, when the terminal device confirms according to the header information and feedback information that the acquired upgrade file has not been modified, perform an upgrade operation. Or, this step can also be to confirm that the activation code is valid according to the ESN in the activation code in the feedback information sent by the server, the name of the upgrade file, the expiration time of the validity period of the upgrade file, and the generation time of the upgrade file , perform the upgrade operation.

[0043] In this embodiment, the original file is encrypted first, and header information is added to the encrypted original file to generate an upgrade file, which can increase the security performance of the upgrade file transmitted to the terminal device, thereby improving the reliability of the upgrade. , and confirm whether the acquired upgrade file has been modified according to the header information and feedback information, so as to ensure whether the upgrade file has been modified, that is, whether it has been attacked, and ultimately improve the reliability of the upgrade. In this embodiment, two different servers are used to process the upgrade request, so that the upgraded service can be refined, that is, the division of labor can be performed, and it can be avoided that when the first server has a peak traffic, the first server can be appropriately reduced. Server stress.

[0044] figure 2 For the embodiment of the present invention figure 1 The specific flow chart of step S110.

[0045] Step S200, encrypting the original file. In this embodiment, AES encryption is performed on the original upgrade file, of course, other encryption methods may also be used.

[0046] Step S202, adding header information to the encrypted original file. In this embodiment, the format of the header information is shown in the following table:

[0047] Upgrade file name

[0048] In this embodiment, the initial value of the MD5 value field is a key shared by the second server and the terminal device, and is a 32-byte key. The initial value of the ESN field is 0.

[0049] Step S204, perform MD5 calculation on the encrypted original file and header information to obtain an MD5 value.

[0050] Step S206, replacing the obtained MD5 value with the MD5 value in the header information, thereby generating an upgrade file suitable for network transmission, and sending it to the network device. It can be understood that the upgraded file includes the encrypted original file and the header information with the MD5 value replaced.

[0051] In this embodiment, the original file is first encrypted, and header information is added to the encrypted original file, and the MD5 value in the header information is changed to generate an upgrade file, thereby increasing the number of files transmitted to the terminal device. The security performance of the upgrade file is improved, thereby ultimately improving the reliability of the upgrade file.

[0052] In this embodiment, after the terminal device receives the upgrade file sent by the second server, the terminal device can choose different upgrade methods. In this embodiment, online upgrade and local upgrade may be included.

[0053] image 3 For the embodiment of the present invention figure 1 The first specific flow chart of step S112. In this example, image 3 It is a flow chart for selecting the online upgrade method to upgrade.

[0054] In this embodiment, in step S300, the received upgrade file sent by the second server is parsed. In this embodiment, the received header information in the upgrade file sent by the second server is parsed to obtain the MD5 value in the header information and the version number of the original file.

[0055] If the second scheme is adopted, the upgrade file sent by the server is parsed.

[0056] Step S302, judging whether the version number of the original file after parsing is the same as the version number of the current upgraded file in the feedback information. If it is judged to be the same, then execute step S304; if it is judged not to be the same, it means that the upgrade file has been modified, then execute step S314.

[0057] Step S304, judging whether the MD5 value in the header information has been modified. In this embodiment, the terminal device replaces the MD5 value in the header information with the same key as that of the second server, and performs an MD5 operation on the encrypted original file and the header information in the upgraded file to obtain a new MD5 value. Then judge whether the obtained new MD5 value is the same as the MD5 value in the header information. If not the same, it means that the upgrade file has been modified, and step S314 is executed. If they are the same, that is, the upgrade file has not been modified, step S306 is executed. In this embodiment, since the MD5 calculation needs to be performed again, if the version number in the header information, the name of the upgrade file, or the generation time of the upgrade file are modified, the recalculated MD5 value will be equal to the MD5 value in the header information. Are not the same.

[0058] Step S306, updating the value of the ESN field in the header information, and performing MD5 calculation on the encrypted original file and the updated header information. In this embodiment, the value of the ESN field in the header information is updated to the ESN of the terminal device. In this embodiment, the ESN of the terminal device is updated to the value of the ESN field in the header information, that is, the ESN of the terminal device is bound to the original file, mainly to prevent other users from copying the upgrade file from the terminal device, For file upgrade, because different terminal devices have different ESNs, when the upgrade file is upgraded in other terminal devices, the ESN comparison will be performed. Due to the different ESNs, the upgrade conditions cannot be met, and then Can prevent other users from upgrading. If it is not to prevent other users from stealing the upgrade file, but only to upgrade the terminal device, this step can be omitted.

[0059] Step S308, judging whether the version number of the original file in the header information is newer than the version number of the currently used file. In this embodiment, it is determined that the version number of the original file in the header information is newer than the version number of the file currently used by the terminal device, that is, the version number of the original file in the header information is newer than the version number of the file currently used by the terminal device. If it is larger, execute step S310. If the version number of the original file in the header information is not newer than the version number of the currently used file, that is, the terminal device does not need to be upgraded, step S314 is executed.

[0060] Step S310, decrypt the encrypted original file in the upgrade file. In this embodiment, AES decryption is performed.

[0061] Step S312, upgrade the decrypted original file.

[0062] Step S314, end the operation.

[0063] In this embodiment, the server adds header information to the encrypted original file to generate an upgrade file, and the terminal device verifies the version number and MD5 value of the original file in the header information in the upgrade file respectively, thereby It is ensured that the upgrade file of the currently used terminal device is not modified during network transmission, thereby improving the reliability of the upgrade.

[0064] Figure 4 For the embodiment of the present invention figure 1 The second specific flow chart of step S112. In this example, Figure 4 This is a flow chart for selecting the local upgrade method to upgrade.

[0065] In this embodiment, step S400 is to decrypt the activation code in the feedback information to obtain the ESN in the activation code, the name of the upgrade file and the expiration date of the upgrade file, and analyze the header information in the upgrade file to obtain Get the generation time of the upgrade file.

[0066] Step S402, judging whether the ESN in the activation code is the same as the ESN of the terminal device. If it is judged to be the same, then execute step S404; if it is judged not to be the same, then execute step S414.

[0067] Step S404, judging whether the name of the upgrade file in the activation code is the same as the name of the upgrade file of the terminal device. If it is judged to be the same, step S406 is executed. If it is determined that they are not the same, execute step S414.

[0068] Step S406, judging whether the expiry time of the validity period in the activation code is greater than or equal to the generation time of the upgrade file in the header information of the upgrade file. If it is determined that the expiry date of the validity period in the activation code is greater than or equal to the generation time of the upgrade file, the activation code is valid, and step S408 is executed. If it is determined that the expiry date of the validity period in the activation code is less than the generation time of the upgrade file, step S414 is executed.

[0069] Step S408, updating the value of the ESN field in the header information, and performing MD5 calculation on the encrypted original file and the updated header information.

[0070] Step S410, decrypt the encrypted original file in the upgrade file. In this embodiment, AES decryption is performed.

[0071] Step S412, upgrade the decrypted original file.

[0072] Step S414, end the operation.

[0073] In this embodiment, when performing a local upgrade, by verifying the ESN in the activation code, the name of the upgrade file and the expiry date of validity, the upgrade file can be prevented from being stolen by others, thereby ensuring that the upgrade file of the currently used terminal device is a legitimate user , thereby ensuring that the original file of the upgrade file sent by the server can be upgraded by a legitimate user, that is, the reliability of the upgrade can be improved.

[0074] Figure 5 It is an application environment diagram of a terminal device according to an embodiment of the present invention.

[0075] In this embodiment, the terminal device can register with the first server. When an upgrade is required, the terminal device can verify the upgrade authority through the first server. When the verification is passed, the upgrade file can be obtained from the second server for upgrade. In this embodiment, the terminal device can also be upgraded on a server, and the authority verification is performed on the server, and after the verification is passed, the upgrade file is obtained from the server. It is understandable that the first solution: the server can be divided into two servers, the first server performs registration and verification, and the second server stores the upgrade file. Second server information. The second solution: a server performs registration, verification and storage of upgrade files at the same time.

[0076] To simplify the description, the first solution is taken as an example for illustration. An example of the second solution is not described here. The difference is that in the first solution, the first server needs to notify the terminal device of the information of the second server where the upgrade file is stored, and the terminal device obtains the upgrade file through the information of the second server.

[0077]In this embodiment, the terminal device 51 communicates with the server 53 through the network 52 , and when the terminal device 51 needs to be upgraded, the terminal device 51 sends an upgrade request message to the server 53 . In this embodiment, the server 53 includes a first server 531 and a second server 532 . In this embodiment, the first server 531 is an HTTP server. The second server 532 may be an FTP server. The first server 531 verifies the upgrade authority according to the upgrade request information sent by the terminal device 51 , and sends feedback information to the terminal device 51 when the verification is successful. The feedback information includes version information of the current upgrade file, second server information, activation code, message-digest algorithm value (Message-digest Algorithm 5, MD5) and digital signature information. The terminal device 51 sends request information for obtaining an upgrade file to the second server 532 according to the second server information. The second server 532 verifies the upgrade authority of the terminal device 51 according to the request information, and when the verification is successful, generates an upgrade file suitable for network transmission from the original original file and sends it to the terminal device 51 .

[0078] If the second solution is adopted, the feedback information includes version information of the current upgrade file, activation code, message-digest algorithm value (Message-digest Algorithm 5, MD5) and digital signature information.

[0079] Image 6 It is a structural diagram of the second server in the embodiment of the present invention.

[0080] In this embodiment, the second server 532 includes a receiving module 5320 , a verification module 5322 , an encryption module 5324 , a database 5326 , a processor 5328 and a sending module 5330 .

[0081] In this embodiment, the receiving module 5320 is configured to receive request information for obtaining an upgrade file sent by the terminal device 51 , where the request information includes login password information of the second server and version information of the current upgrade file.

[0082] The verification module 5322 is configured to perform authorization upgrade verification according to the login password information of the second server in the request information. The encryption module 5324 is used to obtain the corresponding original file from the database 5326 according to the version information of the current upgrade file in the request information after the verification by the verification module 5322 is successful, and encrypt it.

[0083] The processor 5328 is configured to add header information to the encrypted original file after the encryption module 5324 encrypts the original original file, and perform MD5 calculation on the encrypted original file and the header information to obtain an MD5 value. In this embodiment, the MD5 value in the header information is updated with the obtained MD5 value, so as to generate an upgrade file suitable for network transmission. It can be understood that the upgraded file includes the encrypted original file and the header information with the MD5 value replaced.

[0084] The sending module 5330 is configured to send the upgrade file to the terminal device 51 after the processor 5328 generates the upgrade file.

[0085] In this embodiment, the second server first encrypts the original file, and adds header information to the encrypted original file, and changes the MD5 value in the header information to generate an upgrade file, which can increase transmission to The security performance of the upgrade file of the terminal device, thereby finally improving the reliability of the upgrade file.

[0086] Figure 7 It is a structural diagram of a terminal device according to an embodiment of the present invention.

[0087] In this embodiment, the terminal device 51 includes a sending module 510 , a receiving module 511 , a selection module 512 , an analysis module 513 , a judgment module 514 , a calculation module 515 , a database 516 , a decryption module 517 , and an upgrade module 518 .

[0088] In this embodiment, when the terminal device 51 needs to be upgraded, the sending module 510 is used to send an upgrade request message to the first server 531, and the upgrade request message includes the ESN, LAC and the name of the upgrade file of the terminal device 51.

[0089] After the verification by the first server 531 is successful, the receiving module 511 is configured to receive feedback information sent by the first server 531 . The feedback information includes version information of the current upgrade file, second server information, activation code, message-digest algorithm value (Message-digest Algorithm 5, MD5) and digital signature information. The version information of the current upgrade file is the version number of the current upgrade file. The second server information includes address information of the second server and login password information of the second server, and the second server may be an FTP server. The digital signature information is a string after encrypting the MD5 value.

[0090] The decryption module 517 is used to decrypt the second server information and the digital signature information to obtain the address information of the second server, the login password information of the second server and the MD5 value.

[0091] The judging module 514 is used to judge whether the MD5 value decrypted by the decrypting module 517 is the same as the MD5 value in the feedback information received by the receiving module 511. If not, it means that the feedback information transmitted by the first server has been modified, and the upgrade operation is terminated.

[0092] The sending module 510 is also used to send an update update message to the second server 532 according to the address information of the second server when the judging module 514 judges that the MD5 value decrypted by the decrypting module 517 is the same as the MD5 value in the feedback information received by the receiving module 511. File request information. The request information includes the login password information of the second server and the version information of the current upgrade file in the decrypted second server information.

[0093] If the second solution is adopted, the sending module 510 sends request information for acquiring the upgrade file to the server according to the version information of the current upgrade file in the feedback information.

[0094] After the second server 532 authenticates, the receiving module 511 is further configured to receive the upgrade file sent by the second server 532 .

[0095] The selection module 512 is configured to provide the user with an upgrade method when the receiving module 511 receives the upgrade file, and receive the upgrade method selected by the user.

[0096] The parsing module 513 is used for parsing the header information in the upgrade file received by the receiving module 511 to obtain the MD5 value in the header information and the version number of the upgrade file when the user selects the online upgrade mode.

[0097] The judging module 514 is also used to judge whether the version number of the upgraded file after parsing is the same as the version number of the current upgraded file in the feedback information. If the judgment is not the same, it means that the upgrade file has been modified, and the upgrade operation will be interrupted. If the determination is the same, the determination module 514 is also used to determine whether the MD5 value in the header information has been modified. In this embodiment, the judging module 514 replaces the MD5 value in the header information with the same key as that of the second server, and performs an MD5 operation on the encrypted original file and the header information in the upgraded file to obtain a new The MD5 value. Then judge whether the obtained new MD5 value is the same as the MD5 value in the header information. If the judgment is not the same, that is, the MD5 value in the header information has been modified, it means that the upgrade file has been modified, and the upgrade operation is interrupted.

[0098] The calculation module 515 is used to update the value of the ESN field in the header information when it is judged that the MD5 value in the header information has not been modified, and perform MD5 calculation on the encrypted original file and the updated header information, and store to database 516. In this embodiment, the ESN of the terminal device is updated to the value of the ESN field in the header information, that is, the ESN of the terminal device is bound to the original file, mainly to prevent other users from copying the upgrade file from the terminal device, For file upgrade, because different terminal devices have different ESNs, when the upgrade file is upgraded in other terminal devices, the ESN comparison will be performed. Due to the different ESNs, the upgrade conditions cannot be met, and then Can prevent other users from upgrading.

[0099] The judging module 514 is also used for judging whether the version number of the original file in the header information is newer than the version number of the currently used file after judging that the MD5 value in the header information has not been modified. If it is judged that the version number of the original file in the header information is not expected to be newer than the version number of the currently used file, the upgrade operation is interrupted.

[0100] The decryption module 517 is also used to decrypt the original file stored in the database 516 when the judging module 514 judges that the version number of the original file in the header information is newer than the version number of the currently used file. The upgrade module 518 is used to perform an upgrade operation after the decryption module 517 decrypts the original file.

[0101] The decryption module 517 is also used to decrypt the activation code in the feedback information when the user selects the local upgrade method, so as to obtain the ESN in the activation code, the name of the upgrade file and the expiry date of the upgrade file, and analyze the upgrade file in the upgrade file. header information to obtain the generation time of the upgrade file.

[0102] The judging module 514 is also used to judge whether the ESN in the activation code is the same as the ESN of the terminal device, and if it is judged not to be the same, interrupt the upgrade operation.

[0103] The judging module 514 is also used for judging whether the name of the upgrade file in the activation code is the same as the name of the upgrade file of the terminal device when it is judged that the ESN in the activation code is the same as the ESN of the terminal device. If the judgment is not the same, the upgrade operation is interrupted.

[0104] The judging module 514 is also used to judge whether the name of the upgrade file in the activation code is the same as the name of the upgrade file of the terminal device, and whether the expiry time of the validity period in the activation code is greater than or equal to the generation time of the upgrade file in the header information of the upgrade file . If it is judged that the expiration time of the validity period in the activation code is less than the generation time of the upgrade file in the header information of the upgrade file, the upgrade operation is interrupted.

[0105] Calculation module 515 is also used for determining that the activation code is valid, updating the value of the ESN field in the header information when judging that the validity period expiration time in the activation code is greater than or equal to the generation time of the upgrade file in the header information of the upgrade file, and Perform MD5 calculation on the encrypted original file and the updated header information, and store them in the database 516 .

[0106] The decryption module 517 is also used to decrypt the encrypted original file in the upgrade file when judging that the activation code is valid.

[0107] In this embodiment, when the terminal device chooses to upgrade online, the version number and MD5 value of the upgrade file in the header information in the upgrade file are verified respectively, so as to ensure that the upgrade file of the terminal device currently in use is transmitted through the network. In this way, the reliability of the upgrade can be improved; when the local upgrade is performed, by verifying the ESN in the activation code, the name of the upgrade file and the expiration date of the validity period, the upgrade file can be prevented from being stolen by others, so as to ensure that the currently used terminal The upgrade file of the device is a legitimate user, so that the original file of the upgrade file sent by the server can be upgraded by a legitimate user, which can improve the reliability of the upgrade.

[0108] Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented through computer programs to instruct related hardware, and the programs can be stored in a computer-readable storage medium. During execution, it may include the processes of the embodiments of the above-mentioned methods. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM) or a random access memory (Random AcccssMemory, RAM) and the like.

[0109]Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit them. Although the present invention has been described in detail with reference to the preferred embodiments, those of ordinary skill in the art should understand that: it still Modifications or equivalent replacements can be made to the technical solutions of the present invention, and these modifications or equivalent replacements cannot make the modified technical solutions deviate from the spirit and scope of the technical solutions of the present invention.