CN108599959A - Certificate of authority method of calibration, device and readable storage medium storing program for executing, application apparatus - Google Patents
Certificate of authority method of calibration, device and readable storage medium storing program for executing, application apparatus Download PDFInfo
- Publication number
- CN108599959A CN108599959A CN201810407491.XA CN201810407491A CN108599959A CN 108599959 A CN108599959 A CN 108599959A CN 201810407491 A CN201810407491 A CN 201810407491A CN 108599959 A CN108599959 A CN 108599959A
- Authority
- CN
- China
- Prior art keywords
- certificate
- authority
- current device
- initial authorization
- built
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of certificate of authority method of calibration, including:After current device installation built-in browser application, confirm whether current device runs the built-in browser application for the first time;If current device is non-to run the built-in browser application for the first time, the generated certificate of authority is read, and whether verify the certificate of authority legal;If the certificate of authority is legal, verification passes through;If the certificate of authority is illegal, the initial authorization certificate is reacquired, and whether verify the initial authorization certificate legal;If the initial authorization certificate is legal, the initial authorization certificate is encrypted, to update the certificate of authority of current device.The present invention also provides a kind of certificate of authority calibration equipment and readable storage medium storing program for executing, application apparatus.The present invention solves the problems, such as that the certificate of authority because of built-in browser has damage or leads to authorization failure by modification.
Description
Technical field
The present invention relates to built-in browser application technical field more particularly to certificate of authority method of calibration, device and
Readable storage medium storing program for executing, application apparatus.
Background technology
Currently, all kinds of embedded devices have been widely used in people’s lives and work, play increasingly heavier
The effect wanted.For example, most of DTV STB, interactive network television set top box belong to embedded set at present
It is standby.Embedded device can generally install built-in browser application, to realize reception, processing and display to web data stream,
User is allow easily to carry out multimedia audio-visual, interaction entertainment etc..
Built-in browser refers to the browser application application operated in various embedded devices.It is existing embedded clear
When device of looking at is interacted with network server, basic data can be stored in the memory block of embedded device, built-in browser pair
(Hyper Text Mark-up Language, i.e. hypertext markup language are a kind of to the HTML answered for describing web document
A kind of markup language) page uses interpreted languages, compiling cannot be packaged.Therefore, built-in browser is calling
When the basic data of local, debug command can be sent to embedded device;If the debug command is obtained by a hacker, hacker can be light
It changes places and distorts the application source file of built-in browser so that embedded device quotes illegal link and content, influences to be embedded in
The brand image of formula device product, the more serious loss that can also cause user benefit.
Existing prevention method is at present:When embedded device receives debug command, the preset certificate of authority is read, with
Verify whether the debug command is tampered, to prevent being tampered using source file.But certificate of authority file itself is frequent
Ground is read, and there is also the possibilities of damage.In addition, after hacker obtains system permission, it is also possible to maliciously distort the certificate of authority.It authorizes
Certificate, which is damaged or is tampered, can lead to not read certificate of authority file;At this point, embedded device just will appear unauthorized
Prompt, influences the brand image of the brand image of embedded device product.
The above is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that the above is existing skill
Art.
Invention content
The main purpose of the present invention is to provide a kind of certificate of authority method of calibration, device and readable storage medium storing program for executing, applications
Equipment, it is intended to solve the problems, such as that the certificate of authority because of built-in browser has damage or leads to authorization failure by modification, keep away
Exempt to influence the brand image of embedded device product because of authorization failure.
To achieve the above object, the present invention provides a kind of certificate of authority method of calibration, the described method comprises the following steps:
After current device installation built-in browser application, it is described embedded clear to confirm whether current device runs for the first time
Look at device application;
If current device is non-to run the built-in browser application for the first time, the generated certificate of authority, and school are read
Whether legal test the certificate of authority;Wherein, the certificate of authority is to be based on applying corresponding one with the built-in browser
Initial authorization certificates constructing;
If the certificate of authority is legal, verification passes through;
If the certificate of authority is illegal, the initial authorization certificate is reacquired, and verifies the initial authorization card
Whether book is legal;
If the initial authorization certificate is legal, the initial authorization certificate is encrypted, is awarded described in current device with updating
Warrant book.
Preferably, described after current device installation built-in browser application, confirm whether current device runs for the first time
Before the step of built-in browser application, further include:
The built-in browser is being compiled in application, obtaining the application file of the built-in browser application;
Default calibration feature information corresponding with the application file is obtained, to generate the initial authorization certificate;Wherein,
The initial authorization certificate includes the default calibration feature information;
The initial authorization certificate is preset in the compiling source file of built-in browser application;
According to the compiling source file, compiles and generate and apply corresponding executable file with the built-in browser;
Wherein, current device completes the installation of the built-in browser application based on the executable file.
Preferably, described after current device installation built-in browser application, confirm whether current device runs for the first time
After the step of built-in browser application, further include:
If current device runs the built-in browser application for the first time, the initial authorization certificate is obtained, and verify
Whether the initial authorization certificate is legal;
If the initial authorization certificate is legal, the initial authorization certificate is encrypted, is awarded described in current device with generating
Warrant book.
Preferably, the whether legal step of the verification initial authorization certificate, specifically includes:
The default calibration feature information is extracted from the initial authorization certificate;
It is special to generate practical verification corresponding with the application file that the built-in browser mounted on current device is applied
Reference ceases;Wherein, the classification of the practical calibration feature information is identical as the default classification of calibration feature information;
Judge whether the default calibration feature information is consistent with the practical calibration feature information;
If consistent, judge that the initial authorization certificate is legal;
If inconsistent, judge that the initial authorization certificate is illegal.
Preferably, the step of encryption initial authorization certificate, the certificate of authority to generate current device, tool
Body includes:
Read the default identifier of current device;
Using the default identifier of current device as key, the initial authorization certificate is encrypted according to predetermined encryption algorithm and is carried out
Encryption, to generate the certificate of authority of current device;
Wherein, the certificate of authority of generation is stored in the default storage protection subregion of current device.
Preferably, described to read the generated certificate of authority, and the whether legal step of the certificate of authority is verified, specifically
Including:
Read the certificate of authority;
According to the default identifier of current device and default decipherment algorithm, the certificate of authority is decrypted, to obtain
The target certificate of authority;
Read the practical calibration feature information in the target certificate of authority, and judge the practical calibration feature information with
Whether the default calibration feature information that the initial authorization certificate includes is consistent;
If the practical calibration feature information is consistent with the default calibration feature information, judge that the certificate of authority closes
Method;
If the practical calibration feature information and the default calibration feature information are inconsistent, the certificate of authority is judged
It is illegal;
Wherein, the classification of the practical calibration feature information is identical as the default classification of calibration feature information.
Preferably, the default identifier includes one or more below:The sequence number of MAC Address, current device.
In addition, to achieve the above object, the present invention also provides a kind of certificate of authority calibration equipments, including:Memory, processing
Device and it is stored in the certificate of authority checking routine that can be run on the memory and on the processor, wherein:
The certificate of authority checking routine realizes certificate of authority method of calibration as described above when being executed by the processor
The step of.
In addition, to achieve the above object, the present invention also provides a kind of readable storage medium storing program for executing, being deposited on the readable storage medium storing program for executing
Certificate of authority checking routine is contained, the certificate of authority checking routine realizes the certificate of authority as described above when being executed by processor
The step of method of calibration.
In addition, to achieve the above object, the present invention also provides a kind of application apparatus, including certificate of authority school as described above
Experiment device.
A kind of certificate of authority method of calibration, device and readable storage medium storing program for executing, the application apparatus that the embodiment of the present invention proposes, when
Preceding equipment is running built-in browser in application, encryption is demonstrate,proved with the unique corresponding initial authorization of built-in browser application for the first time
Book, to generate the certificate of authority of current device.In this way, existing being replaced in a manner of the certificate of authority for verifying current device
The mode for verifying initial authorization certificate, avoids and is transferred to initial authorization certificate, can efficiently identify built-in browser
Using source file, either whether initial authorization certificate is tampered or damages, and protects the information completely of initial authorization certificate file
Property and safety, the information integrity of the encrypted certificate of authority and safety also greatly improve.Current device runs embedding again
When entering formula browser application, the legitimacy of the certificate of authority need to be only verified, without transferring initial authorization certificate;Meanwhile when verification is awarded
When warrant book is illegal, initial authorization certificate is just transferred, and new mandate is generated after the legitimacy of verification initial authorization certificate
Certificate solves certificate of authority file itself and is led by continually reading to maintain certificate of authority legitimacy verifies next time
Cause damage the problem of, avoid because certificate of authority file read failure, embedded device there is unauthorized prompt, maintain equipment and
The brand image of application product.
Description of the drawings
Fig. 1 is the structural schematic diagram of the running environment of certificate of authority calibration equipment of the present invention;
Fig. 2 is the flow diagram of certificate of authority method of calibration first embodiment of the present invention;
Fig. 3 is the flow diagram of certificate of authority method of calibration second embodiment of the present invention;
Fig. 4 is to verify the whether legal step of the initial authorization certificate in certificate of authority method of calibration second embodiment of the present invention
Rapid refinement flow diagram;
Fig. 5 is the flow diagram of certificate of authority method of calibration 3rd embodiment of the present invention;
Fig. 6 is the flow diagram that certificate of authority method of calibration the 4th of the present invention applies example.
The object of the invention is realized, the embodiments will be further described with reference to the accompanying drawings for functional characteristics and advantage.
Specific implementation mode
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
As shown in Figure 1, the present embodiments relate to certificate of authority calibration equipment can be all kinds of computers, microcontroller,
MCU (Microcontroller Unit, i.e. micro-control unit), smart mobile phone, tablet computer, laptop.Such as Fig. 1 institutes
Show, Fig. 1 is the structural schematic diagram for the certificate of authority calibration equipment running environment that the embodiment of the present invention is related to, running environment
Structure can specifically include:Processor 1001, such as CPU, network interface 1004, user interface 1003, memory 1005, communication
Bus 1002.Wherein, communication bus 1002 is for realizing the connection communication between these components.User interface 1003 may include
Display screen (Display), input unit such as keyboard (Keyboard), optional user interface 1003 can also include having for standard
Line interface, wireless interface.Network interface 1004 may include optionally that (such as WI-FI connects standard wireline interface and wireless interface
Mouthful).Memory 1005 can be high-speed RAM memory, can also be stable memory (non-volatile memory),
Such as magnetic disk storage.Memory 1005 optionally can also be the storage device independently of aforementioned processor 1001.
It will be understood by those skilled in the art that the structure of running environment shown in Fig. 1 is not constituted to certificate of authority school
The restriction of experiment device may include either combining certain components or different component cloth than illustrating more or fewer components
It sets.
As shown in Figure 1, as may include operating system, network communication in a kind of memory 1005 of readable storage medium storing program for executing
Module, Subscriber Interface Module SIM and certificate of authority checking routine.
In terminal shown in Fig. 1, network interface 1004 is mainly used for connecting background server, is carried out with background server
Data communicate;User interface 1003 is mainly used for connecting client (user terminal), with client into row data communication;And processor
1001 can be used for calling the certificate of authority checking routine stored in memory 1005, and execute following operation:
After current device installation built-in browser application, it is described embedded clear to confirm whether current device runs for the first time
Look at device application;
If current device is non-to run the built-in browser application for the first time, the generated certificate of authority, and school are read
Whether legal test the certificate of authority;Wherein, the certificate of authority is to be based on applying corresponding one with the built-in browser
Initial authorization certificates constructing;
If the certificate of authority is legal, verification passes through;
If the certificate of authority is illegal, the initial authorization certificate is reacquired, and verifies the initial authorization card
Whether book is legal;
If the initial authorization certificate is legal, the initial authorization certificate is encrypted, is awarded described in current device with updating
Warrant book.
Further, processor 1001 can call the certificate of authority checking routine stored in memory 1005, also execute
It operates below:
The built-in browser is being compiled in application, obtaining the application file of the built-in browser application;
Obtain default calibration feature information corresponding with the application file;
Generate the initial authorization certificate;Wherein, the initial authorization certificate includes the default calibration feature information;
The initial authorization certificate is preset in the compiling source file of built-in browser application;
According to the compiling source file, compiles and generate and apply corresponding executable file with the built-in browser;
Wherein, current device completes the installation of the built-in browser application based on the executable file.
Further, processor 1001 can call the certificate of authority checking routine stored in memory 1005, also execute
It operates below:
If current device runs the built-in browser application for the first time, the initial authorization certificate is obtained, and verify
Whether the initial authorization certificate is legal;
If the initial authorization certificate is legal, the initial authorization certificate is encrypted, is awarded described in current device with generating
Warrant book.
Further, processor 1001 can call the certificate of authority checking routine stored in memory 1005, also execute
It operates below:
The default calibration feature information is extracted from the initial authorization certificate;
It is special to generate practical verification corresponding with the application file that the built-in browser mounted on current device is applied
Reference ceases;Wherein, the classification of the practical calibration feature information is identical as the default classification of calibration feature information;
Judge whether the default calibration feature information is consistent with the practical calibration feature information;
If consistent, judge that the initial authorization certificate is legal;
If inconsistent, judge that the initial authorization certificate is illegal.
Further, processor 1001 can call the certificate of authority checking routine stored in memory 1005, also execute
It operates below:
Read the default identifier of current device;
Using the default identifier of current device as key, the initial authorization certificate is encrypted according to predetermined encryption algorithm and is carried out
Encryption, to generate the certificate of authority of current device;
Wherein, the certificate of authority of generation is stored in the default storage protection subregion of current device.
Further, processor 1001 can call the certificate of authority checking routine stored in memory 1005, also execute
It operates below:
Read the certificate of authority;
According to the default identifier of current device and default decipherment algorithm, the certificate of authority is decrypted, to obtain
The target certificate of authority;
Read the practical calibration feature information in the target certificate of authority, and judge the practical calibration feature information with
Whether the default calibration feature information that the initial authorization certificate includes is consistent;
If the practical calibration feature information is consistent with the default calibration feature information, judge that the certificate of authority closes
Method;
If the practical calibration feature information and the default calibration feature information are inconsistent, the certificate of authority is judged
It is illegal;
Wherein, the classification of the practical calibration feature information is identical as the default classification of calibration feature information.
Preferably, the default calibration feature information includes one or more below:The number of the application file,
MD5 check values.
Fig. 2 is please referred to, certificate of authority method of calibration first embodiment of the present invention includes the following steps:
For the first time whether step S10 confirm current device described in operation after current device installation built-in browser application
Built-in browser application;
Wherein, the built-in browser application of various embodiments of the present invention meaning refers to operating in various embedded devices
Browser application, embedded device include but not limited to:(smart mobile phone is put down for DTV STB, mobile intelligent terminal
Plate computer), PDA (Personal Digital Assistant, palm PC).
Current device runs mounted built-in browser in application, to judge whether current device runs for the first time described embedding
Enter formula browser application.Specific implementation can read the usage log of built-in browser application, if usage log is without before
Using information, then judge that current device runs the built-in browser application for the first time;Conversely, judgement current device is non-
The built-in browser application is run for the first time.
Step S20 reads generated warrant if current device is non-to run the built-in browser application for the first time
Book, and whether verify the certificate of authority legal;Wherein, the certificate of authority is to be based on and built-in browser application pair
The initial authorization certificates constructing answered;
In the specific implementation, the certificate of authority is to apply corresponding initial authorization certificate with the built-in browser
The certificate of authority generated after being encrypted.Wherein, the built-in browser is being compiled in application, according to generated described embedding
The application file for entering formula browser application generates the initial authorization certificate, and specific embodiment is as detailed below.
Preferably, the certificate of authority of generation is stored in the default storage protection subregion of current device.Wherein, it presets
Storage protection subregion is specifically the protection subregion of the operating system of current device.
As shown in figure 3, verifying the whether legal specific implementation of the certificate of authority and including:
A1 extracts the default calibration feature information from the initial authorization certificate;
A2 generates practical verification corresponding with the application file that the built-in browser mounted on current device is applied
Characteristic information;Wherein, the classification of the practical calibration feature information is identical as the default classification of calibration feature information;
The application file applied again according to the built-in browser for being mounted on current device generates practical verification
Characteristic information (number of such as described application file, MD5 check values);Wherein, it needs to ensure:The practical calibration feature information
Classification is identical as the default classification of calibration feature information.For example, if default calibration feature information includes application file simultaneously
Number and MD5 check values, then practical calibration feature information also include the number and MD5 check values of application file simultaneously.
A3 judges whether the default calibration feature information is consistent with the practical calibration feature information;
A4, if unanimously, judging that the initial authorization certificate is legal;
A5 judges that the initial authorization certificate is illegal if inconsistent.
When the two is consistent, as the above situation (1) judges that the initial authorization certificate is legal;Conversely, being then the above situation
(2), judge that the initial authorization certificate is illegal.The default school generated by the application file applied based on built-in browser
Test characteristic information and initial authorization certificate, can with verification Application file, either whether initial authorization certificate damages or is changed,
To realize the identification of application file or initial authorization certificate information integrality, the information security of file is helped to improve.
Step S21, if the certificate of authority is legal, verification passes through;
Step S22 reacquires the initial authorization certificate if the certificate of authority is illegal, and verifies described first
Whether the beginning certificate of authority is legal;
When the certificate of authority is illegal, it was demonstrated that the certificate of authority may be damaged or be changed.It needs to obtain again at this time
The initial authorization certificate is taken, and whether verify the initial authorization certificate legal.
Step S23 encrypts the initial authorization certificate, to update current device if the initial authorization certificate is legal
The certificate of authority.
Step S22, the purpose of step S23 is, when confirming that the current certificate of authority may be damaged or be changed, to need
Again the new certificate of authority is regenerated according to initial authorization certificate, for the verification of the subsequent certificate of authority.Preferably, weight
It newly encrypts the certificate of authority generated after the initial authorization certificate to be stored in the default storage protection subregion, to update
The certificate of authority before instead.
In this way, the side replacing existing verification initial authorization certificate in a manner of the certificate of authority for verifying current device
Formula is avoided and is transferred to initial authorization certificate, significantly reduce initial authorization certificate transferred and cause damage or by
The risk of modification ensure that the file integrality and information security of initial authorization certificate.Meanwhile the present embodiment is realized to awarding
Whether warrant book damages the identification either changed and generates new mandate when identifying certificate of authority damage or being changed
Certificate, to update the certificate of authority for having damaged or having been changed;Thus avoid damaging in the certificate of authority or when being changed after
It is continuous to execute debug command, and the certificate of authority generated therewith reading failure, embedded device is avoided the prompt of unauthorized occur
And influence the brand image of embedded device product.That is, solve because built-in browser the certificate of authority exist damage or
Person is changed the problem of leading to authorization failure, and the brand image of embedded device product is maintained.
Further, as shown in figure 4, the first embodiment based on certificate of authority method of calibration of the present invention, is awarded in the present invention
In the second embodiment of warrant book method of calibration, described after current device installation built-in browser application, confirmation is currently set
Before standby the step of whether running the built-in browser application for the first time, further include:
Step S30 is compiling the built-in browser in application, obtaining the practical writing of the built-in browser application
Part;
Step S31 obtains default calibration feature information corresponding with the application file;
Step S32 generates the initial authorization certificate;Wherein, the initial authorization certificate includes that the default verification is special
Reference ceases;
(such as dynamic link library file dll files, configuration i.e. after the types of applications file for generating built-in browser application
File), the application file based on built-in browser application generates corresponding default calibration feature information.Preferably, described pre-
If calibration feature information includes one or more below:The number of the application file, MD5 check values.Wherein, the schools MD5
It tests value (Message-Digest Algorithm5, i.e. the 5th generation Message Digest 5) and has and be difficult to replicate, be highly reliable excellent
Point.
The initial authorization certificate is preset in the compiling source file of built-in browser application by step S33;
Step S34 is compiled and is generated and held using corresponding with the built-in browser according to the compiling source file
Style of writing part;Wherein, current device completes the installation of the built-in browser application based on the executable file.
It generates after presetting calibration feature information, correspondingly generates unique initial authorization certificate.The initial authorization certificate
Include default calibration feature information.And default calibration feature information is pacified for carrying out consistency check in embedded device
After having filled built-in browser application, after whether being applied with installation built-in browser by the default calibration feature information of judgement,
The practical calibration feature information for being stored in the application file of embedded device is consistent, verifies the application file or initial authorization card
Whether book damages or is changed.
Further, as shown in Fig. 2, the first embodiment based on certificate of authority method of calibration of the present invention, is awarded in the present invention
In the 3rd embodiment of warrant book method of calibration, described after current device installation built-in browser application, confirmation is currently set
Before standby the step of whether running the built-in browser application for the first time, further include:
Step S40 obtains the initial authorization card if current device runs the built-in browser application for the first time
Book, and whether verify the initial authorization certificate legal;
After current device is mounted with built-in browser application, initial authorization certificate is stored in the built-in browser and answers
Installation site (installation folder).Current device runs the built-in browser in application, from described embedded for the first time
The installation site (installation folder) of browser application obtains the certificate of authority.That is, described in only being run for the first time in current device
Built-in browser just transfers initial authorization certificate when applying
It verifies the whether legal specific implementation of the initial authorization certificate to be identical with the first embodiment, which is not described herein again.
Since the application file that initial authorization certificate is applied with the built-in browser is uniquely corresponding, described in verification
Whether initial authorization certificate legal, it can be determined that built-in browser application source file or initial authorization certificate whether damage or
Person is changed, and to realize the identification of application file or initial authorization certificate information integrality, helps to improve the letter of file
Cease safety.If identifying, either initial authorization certificate is damaged or changed built-in browser application source file, is shown embedding
Enter the running environment existence information security risk of formula browser application;User can also be prompted to reinstall embedded browsing at this time
Device application.
Step S41 encrypts the initial authorization certificate, to generate current device if the initial authorization certificate is legal
The certificate of authority.
Initial authorization certificate is encrypted according to preset cipher mode, generates the certificate of authority of current device.In addition,
The certificate of authority can be stored in the default storage protection subregion of current device, for calling, and reduce the certificate of authority
The risk changed;Wherein, the protection subregion that storage protection subregion is specifically the operating system of current device is preset.
Further, as shown in figure 5, step S41 is specifically included:
Step S411 reads the default identifier of current device;
Wherein, the default identifier is for realizing the unique mark to current device;Preferably, including one kind below
Or it is a variety of:The sequence number of MAC Address, current device.
Step S412 is initially awarded using the default identifier of current device as key according to predetermined encryption algorithm encryption is described
Warrant book is encrypted, to generate the certificate of authority of current device;
Wherein, the certificate of authority of generation is stored in the default storage protection subregion of current device.
Symmetric encipherment algorithm or rivest, shamir, adelman may be used in predetermined encryption algorithm.In this way, current device is awarded
Warrant book replaces initial authorization certificate as the usual manner for authorizing verification, eliminates frequently transferring to initial authorization certificate,
Improve the information safety protection dynamics to initial authorization certificate;Simultaneously because the certificate of authority of current device is encrypted, when
The information security of the certificate of authority of preceding equipment is also strengthened.
Further, as shown in fig. 6, the second embodiment based on certificate of authority method of calibration of the present invention, is awarded in the present invention
It is described to read the generated certificate of authority in the fourth embodiment of warrant book method of calibration, and whether verify the certificate of authority
Legal step, specifically includes:
Step S201 reads the certificate of authority;
Step S202 solves the certificate of authority according to the default identifier of current device and default decipherment algorithm
It is close, to obtain the target certificate of authority;
Preferably, the default identifier includes one or more below:The sequence number of MAC Address, current device.
In addition, default decipherment algorithm is the inverse operation algorithm of the predetermined encryption algorithm in 3rd embodiment.
Step S203 reads the practical calibration feature information in the target certificate of authority, and judges the practical verification
Whether characteristic information and the default calibration feature information that the initial authorization certificate includes are consistent;
Step S204, if the practical calibration feature information is consistent with the default calibration feature information, described in judgement
The certificate of authority is legal;
Step S205 judges institute if the practical calibration feature information and the default calibration feature information are inconsistent
It is illegal to state the certificate of authority;
Wherein, the classification of the practical calibration feature information is identical as the default classification of calibration feature information.
By 3rd embodiment above it is found that authorized certificate after the encryption of initial authorization certificate, therefore to current device
The certificate of authority can obtain a target certificate of authority after carrying out reverse decryption.Read the reality in the target certificate of authority
Calibration feature information, and consistency checking is carried out with the default calibration feature information in initial authorization certificate, if the two is consistent, card
The improving eyesight mark certificate of authority is consistent with initial authorization certificate, i.e., the target certificate of authority and initial authorization certificate without damage or not by
Modification, the target certificate of authority is legal at this time.If the two is inconsistent, it was demonstrated that the target certificate of authority and initial authorization certificate are inconsistent,
I.e. the damage of the target certificate of authority is either by modification (assuming that initial authorization certificate is without damage or is not changed), at this time target mandate
Certificate is illegal.To realize the identification of application file or initial authorization certificate information integrality, file is helped to improve
Information security.
In addition, the present invention provides a kind of application apparatus, including certificate of authority calibration equipment as described above.Specifically, should
Application apparatus can be used for realizing the installation and debugging of built-in browser application;The application apparatus can be specifically digital television
Top box, interactive network television set top box.
In addition, the embodiment of the present invention also proposes a kind of readable storage medium storing program for executing, mandate is stored on the readable storage medium storing program for executing
Certificate checking routine realizes following operation when the certificate of authority checking routine is executed by processor:
After current device installation built-in browser application, it is described embedded clear to confirm whether current device runs for the first time
Look at device application;
If current device is non-to run the built-in browser application for the first time, the generated certificate of authority, and school are read
Whether legal test the certificate of authority;Wherein, the certificate of authority is to be based on applying corresponding one with the built-in browser
Initial authorization certificates constructing;
If the certificate of authority is legal, verification passes through;
If the certificate of authority is illegal, the initial authorization certificate is reacquired, and verifies the initial authorization card
Whether book is legal;
If the initial authorization certificate is legal, the initial authorization certificate is encrypted, is awarded described in current device with updating
Warrant book.
Further, following operation is also realized when the certificate of authority checking routine is executed by processor:
The built-in browser is being compiled in application, obtaining the application file of the built-in browser application;
According to preset rules, default calibration feature information corresponding with the application file is generated;
Generate the initial authorization certificate;Wherein, the initial authorization certificate includes the default calibration feature information;
The initial authorization certificate is preset in the compiling source file of built-in browser application;
According to the compiling source file, compiles and generate and apply corresponding executable file with the built-in browser;
Wherein, current device completes the installation of the built-in browser application based on the executable file.
Further, following operation is also realized when the certificate of authority checking routine is executed by processor:
If current device runs the built-in browser application for the first time, the initial authorization certificate is obtained, and verify
Whether the initial authorization certificate is legal;
If the initial authorization certificate is legal, the initial authorization certificate is encrypted, is awarded described in current device with generating
Warrant book.
Further, following operation is also realized when the certificate of authority checking routine is executed by processor:
The default calibration feature information is extracted from the initial authorization certificate;
It is special to generate practical verification corresponding with the application file that the built-in browser mounted on current device is applied
Reference ceases;Wherein, the classification of the practical calibration feature information is identical as the default classification of calibration feature information;
Judge whether the default calibration feature information is consistent with the practical calibration feature information;
If consistent, judge that the initial authorization certificate is legal;
If inconsistent, judge that the initial authorization certificate is illegal.
Further, following operation is also realized when the certificate of authority checking routine is executed by processor:
Read the default identifier of current device;
Using the default identifier of current device as key, the initial authorization certificate is encrypted according to predetermined encryption algorithm and is carried out
Encryption, to generate the certificate of authority of current device;
Wherein, the certificate of authority of generation is stored in the default storage protection subregion of current device.
Further, following operation is also realized when the certificate of authority checking routine is executed by processor:
Read the certificate of authority;
According to the default identifier of current device and default decipherment algorithm, the certificate of authority is decrypted, to obtain
The target certificate of authority;
Read the practical calibration feature information in the target certificate of authority, and judge the practical calibration feature information with
Whether the default calibration feature information that the initial authorization certificate includes is consistent;
If the practical calibration feature information is consistent with the default calibration feature information, judge that the certificate of authority closes
Method;
If the practical calibration feature information and the default calibration feature information are inconsistent, the certificate of authority is judged
It is illegal;
Wherein, the classification of the practical calibration feature information is identical as the default classification of calibration feature information.
Preferably, the default identifier includes one or more below:The sequence number of MAC Address, current device.
It should be noted that herein, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that process, method, article or system including a series of elements include not only those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including this
There is also other identical elements in the process of element, method, article or system.
The embodiments of the present invention are for illustration only, can not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical scheme of the present invention substantially in other words does the prior art
Going out the part of contribution can be expressed in the form of software products, which is stored in one as described above
In storage medium (such as ROM/RAM, magnetic disc, CD), including some instructions are used so that a station terminal equipment executes the present invention respectively
Method described in a embodiment.
It these are only the preferred embodiment of the present invention, be not intended to limit the scope of the invention, it is every to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of certificate of authority method of calibration, which is characterized in that the described method comprises the following steps:
After current device installation built-in browser application, confirm whether current device runs the built-in browser for the first time
Using;
If current device is non-to run the built-in browser application for the first time, the generated certificate of authority is read, and verify institute
Whether legal state the certificate of authority;Wherein, the certificate of authority is based on initial using corresponding one with the built-in browser
What the certificate of authority generated;
If the certificate of authority is legal, verification passes through;
If the certificate of authority is illegal, the initial authorization certificate is reacquired, and verify the initial authorization certificate to be
It is no legal;
If the initial authorization certificate is legal, the initial authorization certificate is encrypted, to update the warrant of current device
Book.
2. certificate of authority method of calibration as described in claim 1, which is characterized in that described embedded clear in current device installation
After device of looking at application, before confirming the step of whether current device runs the built-in browser application for the first time, further include:
The built-in browser is being compiled in application, obtaining the application file of the built-in browser application;
According to preset rules, default calibration feature information corresponding with the application file is generated;
Generate the initial authorization certificate;Wherein, the initial authorization certificate includes the default calibration feature information;
The initial authorization certificate is preset in the compiling source file of built-in browser application;
According to the compiling source file, compiles and generate and apply corresponding executable file with the built-in browser;Wherein,
Current device completes the installation of the built-in browser application based on the executable file.
3. certificate of authority method of calibration as described in claim 1, which is characterized in that described embedded clear in current device installation
After device of looking at application, after confirming the step of whether current device runs the built-in browser application for the first time, further include:
If current device runs the built-in browser application for the first time, the initial authorization certificate is obtained, and described in verification
Whether initial authorization certificate is legal;
If the initial authorization certificate is legal, the initial authorization certificate is encrypted, to generate the warrant of current device
Book.
4. the certificate of authority method of calibration as described in claim 1 or 3, which is characterized in that the verification initial authorization card
The whether legal step of book, specifically includes:
The default calibration feature information is extracted from the initial authorization certificate;
Practical calibration feature corresponding with the application file that the built-in browser mounted on current device is applied is generated to believe
Breath;Wherein, the classification of the practical calibration feature information is identical as the default classification of calibration feature information;
Judge whether the default calibration feature information is consistent with the practical calibration feature information;
If consistent, judge that the initial authorization certificate is legal;
If inconsistent, judge that the initial authorization certificate is illegal.
5. certificate of authority method of calibration as claimed in claim 3, which is characterized in that the encryption initial authorization certificate,
It the step of certificate of authority to generate current device, specifically includes:
Read the default identifier of current device;
Using the default identifier of current device as key, the initial authorization certificate is encrypted according to predetermined encryption algorithm and is added
It is close, to generate the certificate of authority of current device;
Wherein, the certificate of authority of generation is stored in the default storage protection subregion of current device.
6. certificate of authority method of calibration as claimed in claim 2, which is characterized in that it is described to read the generated certificate of authority,
And the whether legal step of the certificate of authority is verified, it specifically includes:
Read the certificate of authority;
According to the default identifier of current device and default decipherment algorithm, the certificate of authority is decrypted, to obtain target
The certificate of authority;
Read the practical calibration feature information in the target certificate of authority, and judge the practical calibration feature information with it is described
Whether the default calibration feature information that initial authorization certificate includes is consistent;
If the practical calibration feature information is consistent with the default calibration feature information, judge that the certificate of authority is legal;
If the practical calibration feature information and the default calibration feature information are inconsistent, judge that the certificate of authority does not conform to
Method;
Wherein, the classification of the practical calibration feature information is identical as the default classification of calibration feature information.
7. such as certificate of authority method of calibration described in claim 5 or 6, which is characterized in that the default identifier includes following
One or more:The sequence number of MAC Address, current device.
8. a kind of certificate of authority calibration equipment, which is characterized in that including:It memory, processor and is stored on the memory
And the certificate of authority checking routine that can be run on the processor, wherein:
Awarding as described in any one of claim 1 to 7 is realized when the certificate of authority checking routine is executed by the processor
The step of warrant book method of calibration.
9. a kind of readable storage medium storing program for executing, which is characterized in that be stored with certificate of authority checking routine, institute on the readable storage medium storing program for executing
State the certificate of authority verification realized when certificate of authority checking routine is executed by processor as described in any one of claim 1 to 7
The step of method.
10. a kind of application apparatus, which is characterized in that including certificate of authority calibration equipment as claimed in claim 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810407491.XA CN108599959B (en) | 2018-04-28 | 2018-04-28 | Authorization certificate checking method and device, readable storage medium and application equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810407491.XA CN108599959B (en) | 2018-04-28 | 2018-04-28 | Authorization certificate checking method and device, readable storage medium and application equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108599959A true CN108599959A (en) | 2018-09-28 |
CN108599959B CN108599959B (en) | 2021-08-24 |
Family
ID=63620335
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810407491.XA Active CN108599959B (en) | 2018-04-28 | 2018-04-28 | Authorization certificate checking method and device, readable storage medium and application equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108599959B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111414588A (en) * | 2019-01-08 | 2020-07-14 | 杭州海康威视数字技术股份有限公司 | Authorization key generation method, authorization key generation device and authorization server |
CN112532390A (en) * | 2019-08-30 | 2021-03-19 | 华为技术有限公司 | Method and device for loading certificate of digital certificate certification authority |
CN115022091A (en) * | 2022-08-04 | 2022-09-06 | 亿次网联(杭州)科技有限公司 | Digital certificate-based autonomous authorization method and system |
US11520885B1 (en) * | 2021-12-01 | 2022-12-06 | Uab 360 It | Method and apparatus for using a dynamic security certificate |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103297816A (en) * | 2013-05-08 | 2013-09-11 | 深圳创维数字技术股份有限公司 | Safety downloading method and digital television receiving terminal |
CN104123491A (en) * | 2014-07-18 | 2014-10-29 | 广州金山网络科技有限公司 | Method and device for detecting whether application program installation package is tempered |
CN105512519A (en) * | 2015-11-30 | 2016-04-20 | 北大方正集团有限公司 | Digital resource copyright protection method, opening method and device, and hardware storage device |
CN105553668A (en) * | 2015-12-21 | 2016-05-04 | 北京飞杰信息技术有限公司 | Method and system for verifying user authorization certificate through verifying authorization time |
CN106209751A (en) * | 2015-05-08 | 2016-12-07 | 中标软件有限公司 | Service-oriented interface authentication method based on the operating system certificate of authority |
US20160378983A1 (en) * | 2015-06-27 | 2016-12-29 | Mcafee, Inc. | Malware detection using a digital certificate |
CN107302535A (en) * | 2017-06-28 | 2017-10-27 | 深圳市欧乐在线技术发展有限公司 | A kind of access authentication method and device |
CN107508682A (en) * | 2017-08-16 | 2017-12-22 | 努比亚技术有限公司 | Browser certificate authentication method and mobile terminal |
-
2018
- 2018-04-28 CN CN201810407491.XA patent/CN108599959B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103297816A (en) * | 2013-05-08 | 2013-09-11 | 深圳创维数字技术股份有限公司 | Safety downloading method and digital television receiving terminal |
CN104123491A (en) * | 2014-07-18 | 2014-10-29 | 广州金山网络科技有限公司 | Method and device for detecting whether application program installation package is tempered |
CN106209751A (en) * | 2015-05-08 | 2016-12-07 | 中标软件有限公司 | Service-oriented interface authentication method based on the operating system certificate of authority |
US20160378983A1 (en) * | 2015-06-27 | 2016-12-29 | Mcafee, Inc. | Malware detection using a digital certificate |
CN105512519A (en) * | 2015-11-30 | 2016-04-20 | 北大方正集团有限公司 | Digital resource copyright protection method, opening method and device, and hardware storage device |
CN105553668A (en) * | 2015-12-21 | 2016-05-04 | 北京飞杰信息技术有限公司 | Method and system for verifying user authorization certificate through verifying authorization time |
CN107302535A (en) * | 2017-06-28 | 2017-10-27 | 深圳市欧乐在线技术发展有限公司 | A kind of access authentication method and device |
CN107508682A (en) * | 2017-08-16 | 2017-12-22 | 努比亚技术有限公司 | Browser certificate authentication method and mobile terminal |
Non-Patent Citations (2)
Title |
---|
AHMED DALHATU YUSUF: "《Automated batch certificate generation and verification system》", 《IEEE》 * |
郑婷: "《基于公钥密码体制的软件授权系统设计与实现》", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111414588A (en) * | 2019-01-08 | 2020-07-14 | 杭州海康威视数字技术股份有限公司 | Authorization key generation method, authorization key generation device and authorization server |
CN111414588B (en) * | 2019-01-08 | 2023-03-31 | 杭州海康威视数字技术股份有限公司 | Authorization key generation method, authorization key generation device and authorization server |
CN112532390A (en) * | 2019-08-30 | 2021-03-19 | 华为技术有限公司 | Method and device for loading certificate of digital certificate certification authority |
US11520885B1 (en) * | 2021-12-01 | 2022-12-06 | Uab 360 It | Method and apparatus for using a dynamic security certificate |
CN115022091A (en) * | 2022-08-04 | 2022-09-06 | 亿次网联(杭州)科技有限公司 | Digital certificate-based autonomous authorization method and system |
Also Published As
Publication number | Publication date |
---|---|
CN108599959B (en) | 2021-08-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108599959A (en) | Certificate of authority method of calibration, device and readable storage medium storing program for executing, application apparatus | |
CN108322461B (en) | Method, system, device, equipment and medium for automatically logging in application program | |
CN107679393B (en) | Android integrity verification method and device based on trusted execution environment | |
CN109710315A (en) | BIOS writes with a brush dipped in Chinese ink the processing method of method and BIOS image file | |
EP2854070A1 (en) | Method and apparatus of creating application package, method and apparatus of executing application package, and recording medium storing application package | |
CN104866739A (en) | Application program encryption method and application program encryption system in Android system | |
CN105022936A (en) | Class file encryption and decryption method and class file encryption and decryption device | |
KR102013983B1 (en) | Method and server for authenticating an application integrity | |
CN104199654A (en) | Open platform calling method and device | |
CN106384042B (en) | A kind of electronic equipment and security system | |
GB2507749A (en) | Ensuring completeness of a displayed web page | |
CN107273142A (en) | Method for updating program, program operating method and device | |
CN101360110B (en) | Set-top box application security detecting method, apparatus and system | |
CN107743067A (en) | Awarding method, system, terminal and the storage medium of digital certificate | |
CN104199657A (en) | Call method and device for open platform | |
CN105101169A (en) | Method and apparatus of information processing by trusted execution environment, terminal and SIM card | |
CN104217175A (en) | Data read-write method and device | |
CN107196907A (en) | A kind of guard method of Android SO files and device | |
CN104239099A (en) | Mobile phone flushing control method | |
US8874927B2 (en) | Application execution system and method of terminal | |
CN110245464B (en) | Method and device for protecting file | |
US9129139B2 (en) | Solid state memory and method for protecting digital contents by interrupting copying or accessing and proceeding only upon user verification or authentication | |
Zhauniarovich et al. | Enabling trusted stores for android | |
CN108923910A (en) | A kind of method that mobile application APK is anti-tamper | |
CN105930730A (en) | Terminal system security update method and apparatus in trusted execution environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |