Based on the legal method of the stringent management and control Android application programs of certificate
Technical field
The invention belongs to mobile terminal safety field, more particularly to Android mobile terminal application security management is led
Domain, the specifically method based on the stringent management and control Android application program legitimacies of certificate.
Background technology
Mobile office development is maked rapid progress, and mobile terminal safety is increasingly valued by the people, and how to ensure mobile terminal
Handling official business under the environment of safety is particularly important.Android system as the highest mobile terminal system of occupation rate of market,
There is a set of application program legitimate verification mechanism of their own on application program management.
When installing application program in android system, system installs the correctness of packet signature by verification, to ensure to sign
The application program of name is not altered.It following is a brief introduction of the process of installation packet signature:First, keystore certificates text is got out
Part, this document can use the keytool tools in JDK to generate, and keystore files include key entity(Private key and public affairs
Key)With public key entity trusty(Include public key).Secondly, using above-mentioned keystore files to answering in android system
It is signed with program, and digital certificate information is bundled in installation kit.Finally, when installing application program, system passes through number
The legitimacy of word certification authentication application program, if the keystore files in installation kit are modified, then android system
File validation can be checked by certificate information, legal application program allows to install.
For android system to the detection method of application program installation kit, although the integrality of file can be verified,
The premise for being verification integrality is that digital certificate is not modified, is legal, if application program is signed again,
Android system can not be verified, then application program is exactly unsafe.
Now occur many android systems on the internet to crack, it is this to crack using inverse compiling technique, it repaiies
Signature application program is repacked after changing software content, if office software was changed by the above method, then user's
Personal information or business information will be easy to be stolen, so as to cause unpredictable loss.
In conclusion in the prior art, it can not realize safe installation Android application programs, therefore, it is necessary to find
A kind of method, being capable of stringent management and control Android application program legitimacies.
Invention content
The present invention provides the method based on stringent management and control Android application program legitimacies, for solving in the prior art
Existing shortcoming, it is stringent to control the legitimacy that application program is installed in android system, it is ensured that office software is not by malice
It destroys, so that it is guaranteed that the safety of mobile equipment.
In order to solve the above technical problems, the present invention adopts the following technical scheme that:
Based on the method for the stringent management and control Android application program legitimacies of certificate, comprise the steps of:
A. application program installation kit is uploaded to MDM server-sides:
B.MDM server-sides obtain the certificate information and packet name information of the application program installation kit:
The certificate information be one through certificate authority digital signature, include public-key cryptography owner information and public affairs
Open key file;
The packet name information is the unique identity of an application program, and the identical application program of packet name information is then considered
Same application program;
C.MDM server-sides issue application program management and control strategy to MDM clients:
The application program management and control strategy, is independently formulated by user;
D.MDM clients receive the application program management and control strategy:
E.MDM client desktops are according to the corresponding application program of packet name presentation of information described in step b:
F.MDM clients are according to the certificate information of the packet name acquisition of information application program described in step b:
G.MDM clients generate random number according to random number algorithm:
The random number algorithm moves the millisecond number that the application call system interface in equipment obtains current time, and
Millisecond number is calculated, and obtain random number using MD5 algorithms;
Public-key cryptography of the h.MDM clients in the certificate information described in step f carries out the random number described in step g
Encryption, and generate encryption information:
Random number described in step g and the encryption information described in step h are sent to MDM server-sides by i.MDM clients:
Public-key cryptography of the j.MDM server-sides in the certificate information described in step b carries out the random number described in step i
Encryption, and generate encryption information:
K. the encryption information described in step j and the encryption information described in step h are compared:
Encryption information described in step j is identical with the encryption information comparing result described in step h, then illustrates MDM clients
The application program of installation is legal;
Encryption information described in step j is differed with the encryption information comparing result described in step h, then illustrates MDM client
The application program for holding installation is illegal.
The beneficial effects of the present invention are:The present invention is based on the sides of the stringent management and control Android application program legitimacies of certificate
Method solves loophole of the android system to installation application file integrality itself and legitimacy verifies, for using journey
The problem of sequence is signed again after being tampered, it is ensured that the safety of mobile equipment.
Description of the drawings
Fig. 1 is the flow chart of the verification application program legitimacy of the present invention;
Fig. 2 is the application environment schematic diagram of the embodiment of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, with reference to specific embodiments and the drawings,
The present invention is described in further details.
As shown in Fig. 2, for example in a mobile office environment, which includes 201 He of MDM server computers
MDM Client mobile devices 202.
As shown in Figure 1, the method and step the present invention is based on the stringent management and control Android application program legitimacies of certificate is as follows:
Step 1, application program installation kit DriodClient.apk is uploaded to MDM server computers 201;
Step 2, MDM server computers 201 obtain the certificate information and packet name of application program installation kit DriodClient.apk
Information com.gsc.mdm:
Certificate information includes public-key cryptography owner information and public-key cryptography file;
Public-key cryptography owner information including version number is 3, Serial No. 5170b956, cipher key store type are JKS, cipher key store carries
Supplier is SUN, term of validity Start Date is Fri Apr 19 11:26:14 CST 2013, Tue expiry date
Apr 13 11:26:14 CST 2038, date created 2013-4-19;
The entitled CERT.RSA of file of public-key cryptography file;
Step 3, MDM server computers 201 issue application program management and control strategy to MDM Client mobile devices 202;
Step 4, MDM Client mobile devices 202 receive application program management and control strategy;
Step 5,202 desktop of MDM Client mobile devices shows corresponding application program according to packet name information com.gsc.mdm;
Step 6, MDM Client mobile devices 202 obtain the certificate information of application program according to packet name information com.gsc.mdm:
Certificate information includes public-key cryptography owner and public-key cryptography file;
Public-key cryptography owner information including version number is 3, Serial No. 5170b956, cipher key store type are JKS, cipher key store carries
Supplier is SUN, term of validity Start Date is Fri Apr 19 11:26:14 CST 2013, Tue expiry date
Apr 13 11:26:14 CST 2038, date created 2013-4-19;
The entitled CERT.RSA of file of public-key cryptography file;
Step 7, MDM Client mobile devices 202 generate random number according to random number algorithm
84504E704F1AD68F986A778DFD80549D;
Step 8, public-key cryptography file CERT.RSA of the MDM Client mobile devices 202 in certificate information is to random number
84504E704F1AD68F986A778DFD80549D is encrypted, and generates encryption information;
Step 9, MDM Client mobile devices 202 are by random number 84504E704F1AD68F986A778DFD80549D and step 8
The encryption information of middle generation is sent to MDM server computers 201;
Step 10, public-key cryptography file CERT.RSA of the MDM server computers 201 in certificate information is in step 9
Random number 84504E704F1AD68F986A778DFD80549D is encrypted, and generates encryption information;
Step 11, the encryption information in step 10 and the encryption information in step 8 are compared;
Encryption information described in step 10 is identical with the encryption information comparing result described in step 8, then illustrates MDM clients
The application program of installation is legal;
Encryption information described in step 10 is differed with the encryption information comparing result described in step 8, then illustrates MDM client
The application program for holding installation is illegal.