CN108199830A - Based on the legal method of the stringent management and control Android application programs of certificate - Google Patents
Based on the legal method of the stringent management and control Android application programs of certificate Download PDFInfo
- Publication number
- CN108199830A CN108199830A CN201711406774.4A CN201711406774A CN108199830A CN 108199830 A CN108199830 A CN 108199830A CN 201711406774 A CN201711406774 A CN 201711406774A CN 108199830 A CN108199830 A CN 108199830A
- Authority
- CN
- China
- Prior art keywords
- application program
- mdm
- information
- random number
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 238000009434 installation Methods 0.000 claims abstract description 12
- 238000011217 control strategy Methods 0.000 claims abstract description 9
- YTAHJIFKAKIKAV-XNMGPUDCSA-N [(1R)-3-morpholin-4-yl-1-phenylpropyl] N-[(3S)-2-oxo-5-phenyl-1,3-dihydro-1,4-benzodiazepin-3-yl]carbamate Chemical compound O=C1[C@H](N=C(C2=C(N1)C=CC=C2)C1=CC=CC=C1)NC(O[C@H](CCN1CCOCC1)C1=CC=CC=C1)=O YTAHJIFKAKIKAV-XNMGPUDCSA-N 0.000 claims description 6
- GNFTZDOKVXKIBK-UHFFFAOYSA-N 3-(2-methoxyethoxy)benzohydrazide Chemical compound COCCOC1=CC=CC(C(=O)NN)=C1 GNFTZDOKVXKIBK-UHFFFAOYSA-N 0.000 claims description 4
- FGUUSXIOTUKUDN-IBGZPJMESA-N C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 Chemical compound C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 FGUUSXIOTUKUDN-IBGZPJMESA-N 0.000 claims description 2
- 238000012795 verification Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses the methods based on the stringent management and control Android application program legitimacies of certificate,This method is by uploading application program installation kit to MDM server-sides,MDM server-sides obtain installation kit certificate information and packet name information,And issue application program management and control strategy to MDM clients,After MDM clients receive strategy,In desktop according to packet name presentation of information application program,The certificate information of application program is obtained simultaneously,Random number is generated according to random number algorithm,Random number is encrypted in public-key cryptography file in Application Certificate,Random number and encryption information are sent to server-side by MDM clients,Server-side uses the public-key cryptography file in the certificate obtained in server-side to generate random number using random number algorithm,The encrypted result of server-side application program and the encrypted result of MDM client applications are compared,Judge the legitimacy of application program.
Description
Technical field
The invention belongs to mobile terminal safety field, more particularly to Android mobile terminal application security management is led
Domain, the specifically method based on the stringent management and control Android application program legitimacies of certificate.
Background technology
Mobile office development is maked rapid progress, and mobile terminal safety is increasingly valued by the people, and how to ensure mobile terminal
Handling official business under the environment of safety is particularly important.Android system as the highest mobile terminal system of occupation rate of market,
There is a set of application program legitimate verification mechanism of their own on application program management.
When installing application program in android system, system installs the correctness of packet signature by verification, to ensure to sign
The application program of name is not altered.It following is a brief introduction of the process of installation packet signature:First, keystore certificates text is got out
Part, this document can use the keytool tools in JDK to generate, and keystore files include key entity(Private key and public affairs
Key)With public key entity trusty(Include public key).Secondly, using above-mentioned keystore files to answering in android system
It is signed with program, and digital certificate information is bundled in installation kit.Finally, when installing application program, system passes through number
The legitimacy of word certification authentication application program, if the keystore files in installation kit are modified, then android system
File validation can be checked by certificate information, legal application program allows to install.
For android system to the detection method of application program installation kit, although the integrality of file can be verified,
The premise for being verification integrality is that digital certificate is not modified, is legal, if application program is signed again,
Android system can not be verified, then application program is exactly unsafe.
Now occur many android systems on the internet to crack, it is this to crack using inverse compiling technique, it repaiies
Signature application program is repacked after changing software content, if office software was changed by the above method, then user's
Personal information or business information will be easy to be stolen, so as to cause unpredictable loss.
In conclusion in the prior art, it can not realize safe installation Android application programs, therefore, it is necessary to find
A kind of method, being capable of stringent management and control Android application program legitimacies.
Invention content
The present invention provides the method based on stringent management and control Android application program legitimacies, for solving in the prior art
Existing shortcoming, it is stringent to control the legitimacy that application program is installed in android system, it is ensured that office software is not by malice
It destroys, so that it is guaranteed that the safety of mobile equipment.
In order to solve the above technical problems, the present invention adopts the following technical scheme that:
Based on the method for the stringent management and control Android application program legitimacies of certificate, comprise the steps of:
A. application program installation kit is uploaded to MDM server-sides:
B.MDM server-sides obtain the certificate information and packet name information of the application program installation kit:
The certificate information be one through certificate authority digital signature, include public-key cryptography owner information and public affairs
Open key file;
The packet name information is the unique identity of an application program, and the identical application program of packet name information is then considered
Same application program;
C.MDM server-sides issue application program management and control strategy to MDM clients:
The application program management and control strategy, is independently formulated by user;
D.MDM clients receive the application program management and control strategy:
E.MDM client desktops are according to the corresponding application program of packet name presentation of information described in step b:
F.MDM clients are according to the certificate information of the packet name acquisition of information application program described in step b:
G.MDM clients generate random number according to random number algorithm:
The random number algorithm moves the millisecond number that the application call system interface in equipment obtains current time, and
Millisecond number is calculated, and obtain random number using MD5 algorithms;
Public-key cryptography of the h.MDM clients in the certificate information described in step f carries out the random number described in step g
Encryption, and generate encryption information:
Random number described in step g and the encryption information described in step h are sent to MDM server-sides by i.MDM clients:
Public-key cryptography of the j.MDM server-sides in the certificate information described in step b carries out the random number described in step i
Encryption, and generate encryption information:
K. the encryption information described in step j and the encryption information described in step h are compared:
Encryption information described in step j is identical with the encryption information comparing result described in step h, then illustrates MDM clients
The application program of installation is legal;
Encryption information described in step j is differed with the encryption information comparing result described in step h, then illustrates MDM client
The application program for holding installation is illegal.
The beneficial effects of the present invention are:The present invention is based on the sides of the stringent management and control Android application program legitimacies of certificate
Method solves loophole of the android system to installation application file integrality itself and legitimacy verifies, for using journey
The problem of sequence is signed again after being tampered, it is ensured that the safety of mobile equipment.
Description of the drawings
Fig. 1 is the flow chart of the verification application program legitimacy of the present invention;
Fig. 2 is the application environment schematic diagram of the embodiment of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, with reference to specific embodiments and the drawings,
The present invention is described in further details.
As shown in Fig. 2, for example in a mobile office environment, which includes 201 He of MDM server computers
MDM Client mobile devices 202.
As shown in Figure 1, the method and step the present invention is based on the stringent management and control Android application program legitimacies of certificate is as follows:
Step 1, application program installation kit DriodClient.apk is uploaded to MDM server computers 201;
Step 2, MDM server computers 201 obtain the certificate information and packet name of application program installation kit DriodClient.apk
Information com.gsc.mdm:
Certificate information includes public-key cryptography owner information and public-key cryptography file;
Public-key cryptography owner information including version number is 3, Serial No. 5170b956, cipher key store type are JKS, cipher key store carries
Supplier is SUN, term of validity Start Date is Fri Apr 19 11:26:14 CST 2013, Tue expiry date
Apr 13 11:26:14 CST 2038, date created 2013-4-19;
The entitled CERT.RSA of file of public-key cryptography file;
Step 3, MDM server computers 201 issue application program management and control strategy to MDM Client mobile devices 202;
Step 4, MDM Client mobile devices 202 receive application program management and control strategy;
Step 5,202 desktop of MDM Client mobile devices shows corresponding application program according to packet name information com.gsc.mdm;
Step 6, MDM Client mobile devices 202 obtain the certificate information of application program according to packet name information com.gsc.mdm:
Certificate information includes public-key cryptography owner and public-key cryptography file;
Public-key cryptography owner information including version number is 3, Serial No. 5170b956, cipher key store type are JKS, cipher key store carries
Supplier is SUN, term of validity Start Date is Fri Apr 19 11:26:14 CST 2013, Tue expiry date
Apr 13 11:26:14 CST 2038, date created 2013-4-19;
The entitled CERT.RSA of file of public-key cryptography file;
Step 7, MDM Client mobile devices 202 generate random number according to random number algorithm
84504E704F1AD68F986A778DFD80549D;
Step 8, public-key cryptography file CERT.RSA of the MDM Client mobile devices 202 in certificate information is to random number
84504E704F1AD68F986A778DFD80549D is encrypted, and generates encryption information;
Step 9, MDM Client mobile devices 202 are by random number 84504E704F1AD68F986A778DFD80549D and step 8
The encryption information of middle generation is sent to MDM server computers 201;
Step 10, public-key cryptography file CERT.RSA of the MDM server computers 201 in certificate information is in step 9
Random number 84504E704F1AD68F986A778DFD80549D is encrypted, and generates encryption information;
Step 11, the encryption information in step 10 and the encryption information in step 8 are compared;
Encryption information described in step 10 is identical with the encryption information comparing result described in step 8, then illustrates MDM clients
The application program of installation is legal;
Encryption information described in step 10 is differed with the encryption information comparing result described in step 8, then illustrates MDM client
The application program for holding installation is illegal.
Claims (1)
1. based on the method for the stringent management and control Android application program legitimacies of certificate, the method includes the steps of:
A. application program installation kit is uploaded to MDM server-sides;
B.MDM server-sides obtain the certificate information and packet name information of the application program installation kit:
The certificate information be one through certificate authority digital signature, include public-key cryptography owner information and public affairs
Open key file;
The packet name information is the unique identity of an application program, and the identical application program of packet name information is then considered
Same application program;
C.MDM server-sides issue application program management and control strategy to MDM clients:
The application program management and control strategy, is independently formulated by user;
D.MDM clients receive the application program management and control strategy;
E.MDM client desktops are according to the corresponding application program of packet name presentation of information described in step b;
F.MDM clients are according to the certificate information of the packet name acquisition of information application program described in step b;
G.MDM clients generate random number according to random number algorithm;
The random number algorithm moves the millisecond number that the application call system interface in equipment obtains current time, and
Millisecond number is calculated, and obtain random number using MD5 algorithms;
Public-key cryptography of the h.MDM clients in the certificate information described in step f carries out the random number described in step g
Encryption, and generate encryption information;
Random number described in step g and the encryption information described in step h are sent to MDM server-sides by i.MDM clients;
Public-key cryptography of the j.MDM server-sides in the certificate information described in step b carries out the random number described in step i
Encryption, and generate encryption information;
K. the encryption information described in step j and the encryption information described in step h are compared:
Encryption information described in step j is identical with the encryption information comparing result described in step h, then illustrates MDM clients
The application program of installation is legal;
Encryption information described in step j is differed with the encryption information comparing result described in step h, then illustrates MDM client
The application program for holding installation is illegal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711406774.4A CN108199830A (en) | 2017-12-22 | 2017-12-22 | Based on the legal method of the stringent management and control Android application programs of certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711406774.4A CN108199830A (en) | 2017-12-22 | 2017-12-22 | Based on the legal method of the stringent management and control Android application programs of certificate |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108199830A true CN108199830A (en) | 2018-06-22 |
Family
ID=62583385
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711406774.4A Pending CN108199830A (en) | 2017-12-22 | 2017-12-22 | Based on the legal method of the stringent management and control Android application programs of certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108199830A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112016606A (en) * | 2020-08-20 | 2020-12-01 | 恒安嘉新(北京)科技股份公司 | Detection method, device and equipment for application program APP and storage medium |
| CN112805702A (en) * | 2019-03-07 | 2021-05-14 | 华为技术有限公司 | Counterfeit APP identification method and device |
| CN113612746A (en) * | 2021-07-26 | 2021-11-05 | 建信金融科技有限责任公司 | Sensitive information storage method and system based on Android system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491094A (en) * | 2013-09-26 | 2014-01-01 | 成都三零瑞通移动通信有限公司 | Rapid identity authentication method based on C/S mode |
| CN104123491A (en) * | 2014-07-18 | 2014-10-29 | 广州金山网络科技有限公司 | Method and device for detecting whether application program installation package is tempered |
| US20160277194A1 (en) * | 2012-09-18 | 2016-09-22 | Beijing Senselock Software Technology Co., Ltd. | Method for certifying android client application by local service unit |
| CN107463806A (en) * | 2017-06-20 | 2017-12-12 | 国家计算机网络与信息安全管理中心 | The signature and sign test method of a kind of Android application programs installation kit |
-
2017
- 2017-12-22 CN CN201711406774.4A patent/CN108199830A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160277194A1 (en) * | 2012-09-18 | 2016-09-22 | Beijing Senselock Software Technology Co., Ltd. | Method for certifying android client application by local service unit |
| CN103491094A (en) * | 2013-09-26 | 2014-01-01 | 成都三零瑞通移动通信有限公司 | Rapid identity authentication method based on C/S mode |
| CN104123491A (en) * | 2014-07-18 | 2014-10-29 | 广州金山网络科技有限公司 | Method and device for detecting whether application program installation package is tempered |
| CN107463806A (en) * | 2017-06-20 | 2017-12-12 | 国家计算机网络与信息安全管理中心 | The signature and sign test method of a kind of Android application programs installation kit |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112805702A (en) * | 2019-03-07 | 2021-05-14 | 华为技术有限公司 | Counterfeit APP identification method and device |
| CN112016606A (en) * | 2020-08-20 | 2020-12-01 | 恒安嘉新(北京)科技股份公司 | Detection method, device and equipment for application program APP and storage medium |
| CN113612746A (en) * | 2021-07-26 | 2021-11-05 | 建信金融科技有限责任公司 | Sensitive information storage method and system based on Android system |
| CN113612746B (en) * | 2021-07-26 | 2023-05-09 | 中国建设银行股份有限公司 | Sensitive information storage method and system based on Android system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11470054B2 (en) | Key rotation techniques | |
| US20210319132A1 (en) | Methods and Devices For Managing User Identity Authentication Data | |
| EP3585032B1 (en) | Data security service | |
| US10721075B2 (en) | Web of trust management in a distributed system | |
| CN101212293B (en) | Identity authentication method and system | |
| WO2019127278A1 (en) | Safe access blockchain method, apparatus, system, storage medium, and electronic device | |
| US9300639B1 (en) | Device coordination | |
| CA3229997A1 (en) | Resource locators with keys | |
| CN109922027B (en) | Credible identity authentication method, terminal and storage medium | |
| EP2608477A1 (en) | Trusted certificate authority to create certificates based on capabilities of processes | |
| CN110611657A (en) | File stream processing method, device and system based on block chain | |
| US10516653B2 (en) | Public key pinning for private networks | |
| WO2014126882A1 (en) | Data security service | |
| CN112422287B (en) | Multi-level role authority control method and device based on cryptography | |
| US11924211B2 (en) | Computerized device and method for authenticating a user | |
| CN108199830A (en) | Based on the legal method of the stringent management and control Android application programs of certificate | |
| CN103684797A (en) | Subscriber and subscriber terminal equipment correlation authentication method and system | |
| CN112800392A (en) | Authorization method and device based on soft certificate and storage medium | |
| JP2013115522A (en) | Link access control method, program, and system | |
| CN106992978B (en) | Network security management method and server | |
| CN107276961B (en) | Method and device for encrypting and decrypting data based on cryptographic algorithm | |
| CN107404476B (en) | Method and device for protecting data security in big data cloud environment | |
| WO2018033016A1 (en) | Method and system for authorizing conversion of terminal state | |
| WO2020263938A1 (en) | Document signing system for mobile devices | |
| TWI746504B (en) | Method and device for realizing synchronization of session identification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210802 Address after: 100020 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Applicant after: Beijing Hongteng Intelligent Technology Co.,Ltd. Address before: 110179 No.21, jinpenglong high tech Industrial Park, No.19, Wenhui street, Hunnan New District, Shenyang City, Liaoning Province Applicant before: SHENYANG GENERALSOFT Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100020 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Applicant after: Sanliu0 Digital Security Technology Group Co.,Ltd. Address before: 100020 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Applicant before: Beijing Hongteng Intelligent Technology Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180622 |