Method for transmitting and operating application program, system for operating application program, server and terminal

[0050] Embodiment one,

[0051] Embodiment 1 of the present invention provides a method for sending an application program. The steps of the method are as follows:figure 1 As shown, it specifically includes the following steps:

[0052] Step 101, receiving an application program download request reported by a terminal.

[0053] When a terminal needs to download an application program, it sends an application program download request to the server, and the application program download request carries identity information, and the identity information is used to determine the subject of the downloaded application program and to identify the user of the application program. Application ID of the application that the terminal requests to download.

[0054] Step 102, judging whether the identity information is the identity information corresponding to the application program identifier stored by the server.

[0055] In this step, the server may determine whether the saved identity information corresponding to the application identifier contains the identity information carried in the application download request according to the stored correspondence between the application identifier and the identity information, if determined If the identity information corresponding to the stored application ID contains the received identity information, confirm that the terminal has paid the relevant fee, and then skip to step 104; otherwise, confirm that the terminal has not paid the relevant fee, and then perform step 103.

[0056] By judging whether the terminal has paid the relevant fees for downloading the application program, it can be realized that when the user replaces the terminal, the application program in the terminal is damaged, or other problems that require re-downloading the application program, the user can continue by downloading the application program from the server again Run purchased applications without repeated payment, thereby protecting the rights and interests of users.

[0057] Step 103: After the terminal has successfully paid, the server records the correspondence between the application identification and the identity information carried in the received application download request.

[0058] In this step, when the server determines that the saved identity information corresponding to the application identifier does not contain the received identity information, it requires the terminal to pay for the application corresponding to the application identifier carried in the application download request sent. , and record the corresponding relationship between the application identification and the identity information carried in the received application download request after the terminal payment is successful. After this step is completed, step 104 may be continued, or step 102 may be re-executed.

[0059] Step 104, the server embeds the identity information into the digital certificate.

[0060] Digital certificates use public key cryptography, that is, use a pair of matching keys for encryption and decryption. Each user has a private key (private key) only for himself, and uses it to decrypt and sign; at the same time, he has a public key (public key) that can be disclosed to the public for encryption and signature verification. In each embodiment of the present invention, the server sends the application program encrypted (authenticated) using digital certificate technology to the terminal, and the terminal performs corresponding decryption operation to obtain the executable application program, thereby ensuring the security of the application program during transmission sex and integrity.

[0061] The server embedding the identity information into the digital certificate specifically includes:

[0062] The server extracts the identity information corresponding to the terminal reporting the request from the received application program download request, and embeds the identity information into the digital certificate, thereby binding the identity information with the digital certificate.

[0063] The format of the digital certificate generally adopts the X.509 international standard. When the digital certificate is a digital certificate based on the X.509 format, the structure of the digital certificate in this format is as follows figure 2 As shown, the extended field of the digital certificate can be used to embed the extracted identity information, and the identity information written in the Extensible Markup Language (eXtensible Markup Language, XML) format can be embedded in the entry of the String type of the extended field. Identity information can be written in one entry of String type, or in multiple entries of String type.

[0064] Specifically, since each entry in the extension field of the digital certificate in this format includes three fields: extension type, extension value, and key identifier, the extension type of the entry written in the identity information is String, which is used to identify the content format of the entry as characters String, the extension value is the identity information in XML format. The key identifier can be used to indicate the level corresponding to the identity information. For example, if the key identifier is set to 1, it means that the level corresponding to the identity information embedded in the entry is level 1, which is the highest level. ;Set the key identifier to 2, indicating that the level corresponding to the identity information embedded in the entry is level 2, which is the second highest level.

[0065] Step 105, the server sends the digital certificate embedded with the identity information and the application corresponding to the application identifier to the terminal.

[0066] The server extracts the application identifier from the received application download request, uses the digital certificate embedded with the identity information to authenticate the application corresponding to the application identifier, and binds the digital certificate to the application through authentication, thereby realizing identity information Binding with the application program, and sending the digital certificate embedded in the identity information and the application program corresponding to the application program identification to the terminal.

[0067] Specifically, the server sends the digital certificate embedded in the identity information and the application program corresponding to the application program identification to the terminal in the following two ways:

[0068] First, the server directly pushes the digital certificate embedded in the identity information and the application program corresponding to the application program identification to the terminal

[0069] In the second type, the server issues a digital certificate, generates a download link, and instructs the terminal to download the digital certificate embedded with identity information and the application program corresponding to the application program identifier from the download link.

[0070] Preferably, after step 101, before step 104, step 101' may further be included:

[0071] Step 101', the server sets the validity period of the application program running in the terminal in the digital certificate of the application program.

[0072] For multiple terminals that request to download the application program, the same valid period can be set for each terminal, or different valid periods can be set for each terminal, for example, according to the difference in the fees paid by each terminal for the application program that is requested to be downloaded , to set different validity periods for each terminal.

[0073] exist figure 1 Among them, step 101' is located after step 101 and shown before step 102.

[0074] Embodiment two,

[0075] After the mobile terminal is replaced, the process of downloading the application program from the original mobile terminal by the replaced mobile terminal and running the application program normally will be described below. The original terminal is defined as the first terminal, and the replaced mobile terminal is defined as the second terminal. Then, Embodiment 2 of the present invention provides a method for sending an application from the perspective of the first terminal. The flow chart of the method is as follows image 3 As shown, it specifically includes the following steps:

[0076] Step 201. Receive an application program download request sent by a second terminal.

[0077] The application program download request carries the application program identification, and requests the first terminal to send the application program corresponding to the application program identification to the second terminal.

[0078] Step 202, the first terminal sends the application program corresponding to the application program identifier and the digital certificate embedded with the identity information to the second terminal.

[0079] In Embodiment 2, the application program obtained by the first terminal may be downloaded from the server (using the method provided in Embodiment 1), or downloaded from other terminals, such as the third terminal (using the method provided in Embodiment 2). Methods).

[0081] Embodiment three,

[0082] Embodiment 3 of the present invention provides a method for running an application program. The steps of the method are as follows: Figure 4 As shown, it specifically includes the following steps:

[0083] Step 301, the terminal receives a digital certificate embedded with identity information and an application program corresponding to the requested application program identifier.

[0084] In this embodiment, the digital certificate and the application program embedded with the identity information may be obtained by the terminal from the server or other terminals.

[0085] Step 302, the terminal runs the application program.

[0086] In this step, the terminal authenticates the identity information embedded in the received digital certificate, and the authentication specifically includes:

[0087] The terminal reads the locally stored identity information, and uses the locally stored identity information to authenticate the identity information embedded in the received digital certificate.

[0088] When the terminal passes the authentication of the received identity information, for example, when the received identity information matches the identity information corresponding to the terminal itself, it runs the application program.

[0089] Before step 301, the method may further include:

[0090] Step 301': Report an application download request.

[0091] The terminal may report an application download request to the server or other terminals, and the application download request may carry identity information and an application identifier.

[0092] In this embodiment, the operation may be installation, or the first use after installation.

[0093] Through the application sending and running methods provided in Embodiment 1, Embodiment 2, and Embodiment 3 of the present invention, the security of the application program can be ensured, the illegal copying and use of the application program can be avoided, and the terminal can be replaced after the system of the terminal is refreshed. , can still continue to run the application program, on the basis of solving the technical problem proposed by the present invention, the terminal after replacement can obtain the application program from the terminal before replacement, and can also download the application program from the server again, without repeated payment , you can continue to run the application, and when the application is damaged or encounters other problems that require re-downloading the application from the server, the terminal can also re-download the application from the server without repeated payment. The program continues to run, and at the same time, the validity period of the application program running in the terminal can also be set, which improves the flexibility of protecting the application program.

[0094] For the mobile application network platform, the identity information in Embodiment 1 can be a SIM card identification, such as a mobile phone number; for the Google application network platform, the identity information can be a Google account; for the Microsoft application network platform, the identity information can be Microsoft An account, such as a Windows Live ID, will be described below in detail for the schemes of Embodiment 1 and Embodiment 3 of the present invention by taking mobile application network platform as an example and mobile phone number as the identity information.