CN113031973B - Download installation method of paid vehicle-mounted application - Google Patents

Download installation method of paid vehicle-mounted application Download PDF

Info

Publication number
CN113031973B
CN113031973B CN202110224329.6A CN202110224329A CN113031973B CN 113031973 B CN113031973 B CN 113031973B CN 202110224329 A CN202110224329 A CN 202110224329A CN 113031973 B CN113031973 B CN 113031973B
Authority
CN
China
Prior art keywords
application
signature
installation package
package
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110224329.6A
Other languages
Chinese (zh)
Other versions
CN113031973A (en
Inventor
段萌
傅佳辉
楼勇
于春波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ecarx Hubei Tech Co Ltd
Original Assignee
Ecarx Hubei Tech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ecarx Hubei Tech Co Ltd filed Critical Ecarx Hubei Tech Co Ltd
Priority to CN202110224329.6A priority Critical patent/CN113031973B/en
Publication of CN113031973A publication Critical patent/CN113031973A/en
Application granted granted Critical
Publication of CN113031973B publication Critical patent/CN113031973B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

The invention provides a download and installation method of paid vehicle-mounted application, which comprises the following steps: receiving an application downloading instruction, and acquiring a signature certificate and an installation package of the vehicle-mounted application corresponding to the application downloading instruction from a server, wherein the signature certificate is encrypted by using a first public key in a first public and private key pair of the vehicle machine; decrypting the signature certificate by using a first private key in a first public and private key pair to obtain a plaintext content of the signature certificate and a certificate content signature, wherein the certificate content signature is obtained by encrypting the plaintext content and a first digest value signed by a first installation package by using a second private key in a second public and private key pair of a server, and the plaintext content comprises an application package name and an application binding type; decrypting the certificate content signature by using a second public key in a second public and private key pair to obtain a first digest value, and calculating a second digest value according to the plaintext content and a second installation package signature of the installation package; judging whether the first abstract value is consistent with the second abstract value; and if the installation package is consistent with the installation package, calling a package manager to install the installation package.

Description

Download installation method of paid vehicle-mounted application
Technical Field
The invention relates to the technical field of vehicle-mounted entertainment information systems, in particular to a download and installation method of paid vehicle-mounted application.
Background
An existing In-Vehicle information system (In-Vehicle entertainment system, hereinafter referred to as a Vehicle system) is established based on an Android system. Due to the open characteristic of the Android system, the car machine system does not support an application payment purchase mechanism. However, the payment mechanism in the market is usually based on self-framework support, so a set of copyright protection methods based on the installation files of the car machine system needs to be proposed. The method and the device have the advantages that the application that a normal user buys and installs through application market payment is met, and an illegal user cannot acquire an application installation package through an unconventional means to install.
Disclosure of Invention
In view of the above, the present invention has been made to provide a download installation method of a pay vehicular application that overcomes or at least partially solves the above problems.
According to one aspect of the invention, a download installation method of a paid vehicle-mounted application is provided, and is applied to a vehicle machine, wherein the vehicle machine comprises an application market, and the method comprises the following steps:
receiving an application downloading instruction, and acquiring a signature certificate and an installation package of a vehicle-mounted application corresponding to the application downloading instruction from a server, wherein the signature certificate is encrypted by using a first public key in a first public and private key pair of the vehicle machine;
decrypting the signature certificate by using a first private key in the first public and private key pair to obtain a plaintext content of the signature certificate and a certificate content signature, wherein the certificate content signature is obtained by encrypting the plaintext content and a first digest value signed by a first installation package by using a second private key in a second public and private key pair of a server, and the plaintext content comprises an application package name and an application binding type;
decrypting the certificate content signature by using a second public key in the second public and private key pair to obtain the digest value, and calculating a second digest value according to the plaintext content and a second installation package signature of the installation package;
judging whether the first abstract value is consistent with the second abstract value;
and if the installation package is consistent with the installation package, calling a package manager to install the installation package.
Optionally, the step of calculating a second digest value according to the plaintext content and a second installation package signature of the installation package includes:
acquiring vehicle machine identification information or user account information according to the binding type in the plaintext content;
and calculating the application package name, the second installation package signature and the vehicle machine identification information or the user account information by using a Hash algorithm to obtain the second abstract value.
Optionally, the step of obtaining, from a server, a signature certificate of the in-vehicle application corresponding to the application download instruction includes:
acquiring a signature certificate of the vehicle-mounted application from a server;
and if the acquisition fails, sending a purchase prompt, and acquiring the signature certificate of the vehicle-mounted application from the server after the purchase is successful.
Optionally, the first public-private key pair and the second public-private key pair are generated using an RSA encryption algorithm.
Optionally, the application marketplace is located in a designated private directory of the car machine.
Optionally, before the step of decrypting the signed certificate with a first private key of the first public-private key pair, the method further comprises:
calling the package manager to install the installation package;
receiving a request from the package manager to verify the installation package.
Optionally, after the step of determining whether the first digest value is consistent with the second digest value, the method further includes:
and if the first abstract value is inconsistent with the second abstract value, informing the package manager to stop installing the installation package.
Optionally, the first digest value is obtained by calculating the application package name, the first installation package signature, and the car machine identification information or the user account information corresponding to the binding type based on a hash algorithm.
According to another aspect of the present invention, there is provided a download installation method of a pay vehicular application, applied to a server, comprising:
receiving a signature certificate and an acquisition request of an installation package about a vehicle-mounted application from an application market;
acquiring an application package name, an application binding type, an installation package signature and vehicle machine identification information or user account information corresponding to the binding type of the vehicle-mounted application according to the acquisition request;
calculating the application package name, the installation package signature and the vehicle machine identification information or the user account information by using a Hash algorithm to obtain a first abstract value;
generating a second public and private key pair, and encrypting the first digest value by using a second private key in the second public and private key pair to obtain a certificate content signature;
taking the application package name and the application binding type as plaintext content, and acquiring and encrypting the plaintext content and the certificate content by using a first public key in a first public and private key pair generated by a vehicle machine to obtain a signature certificate;
and issuing the installation package, the signature certificate and a second public key in the second public and private key pair to the vehicle machine.
After the signature certificate of the application program is acquired from the server side, the first private key in a first public and private key pair generated by the vehicle machine is used for decrypting the signature certificate to obtain the plaintext content and the certificate content signature. The signature certificate is encrypted by using the first public key in the first public and private key pair, and can be decrypted only by using the first private key in the first public and private key pair, so that other vehicle machines can be prevented from taking encrypted contents, purchased vehicle-mounted applications are effectively prevented from being spread maliciously, and rights and interests of paying users and application developers are effectively guaranteed.
Further, the certificate content signature is obtained by encrypting the plaintext content and the first digest value signed by the first installation package by using a second private key in a second public and private key pair generated by the server. And the application market decrypts the certificate content signature by using a second public key in the second public and private key pair to obtain a first abstract value, calculates a second abstract value according to the plaintext content and a second installation package signature of the installation package, and then judges whether the first abstract value is consistent with the second abstract value. And if the installation package is consistent with the installation package, calling a package manager to install the installation package. Therefore, the installation package is not tampered, and the corresponding vehicle machine identification information or the user account information is authorized by the server, and the rights and interests of paying users and application developers are further effectively guaranteed.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
The above and other objects, advantages and features of the present invention will become more apparent to those skilled in the art from the following detailed description of specific embodiments thereof, taken in conjunction with the accompanying drawings.
Drawings
Some specific embodiments of the invention will be described in detail hereinafter, by way of illustration and not limitation, with reference to the accompanying drawings. The same reference numbers in the drawings identify the same or similar elements or components. Those skilled in the art will appreciate that the drawings are not necessarily drawn to scale. In the drawings:
FIG. 1 is a schematic flow chart diagram of a method for download installation of a paid vehicular application in accordance with one embodiment of the present invention;
FIG. 2 is a schematic flow chart diagram of a method for download installation of a paid vehicular application in accordance with one embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
It should be noted that the technical features of the embodiments and alternative embodiments of the present invention may be combined with each other without conflict.
FIG. 1 is a schematic flow chart diagram of a method for download installation of a paid vehicular application in accordance with one embodiment of the present invention. Referring to fig. 1, the method includes at least the following steps S102-S110.
Step S102: and receiving an application downloading instruction, and acquiring a signature certificate and an installation package of the vehicle-mounted application corresponding to the application downloading instruction from the server, wherein the signature certificate is encrypted by using a first public key in a first public and private key pair of the vehicle machine.
Step S104: and decrypting the signature certificate by using a first private key in a first public and private key pair to obtain the plaintext content of the signature certificate and a certificate content signature, wherein the certificate content signature is obtained by encrypting the plaintext content and a first digest value signed by a first installation package by using a second private key in a second public and private key pair of the server, and the plaintext content comprises an application package name and an application binding type.
Step S106: and decrypting the certificate content signature by using a second public key in the second public and private key pair to obtain a first digest value, and calculating a second digest value according to the plaintext content and a second installation package signature of the installation package.
Step S108: and judging whether the first abstract value is consistent with the second abstract value.
Step S110: and if the installation package is consistent with the installation package, calling a package manager to install the installation package.
The obtaining, from the server, the signature certificate of the in-vehicle application corresponding to the application download instruction in step S102 may specifically include: and acquiring the signature certificate of the vehicle-mounted application from the server. And if the acquisition fails, sending a purchase prompt, and acquiring the signature certificate of the vehicle-mounted application from the server after the purchase is successful.
In addition, the first public and private key pair and the second public and private key pair mentioned in the above steps may be generated by an RSA encryption algorithm.
In addition, the application package name can be defined based on the principle of the Android standard, is the unique identifier of the vehicle-mounted application, and is used for the vehicle-mounted application system to identify the unique vehicle-mounted application.
The application binding type can be divided into a bound car machine and a bound user. The vehicle binding means that the purchased vehicle-mounted application is strongly related to the vehicle and can only be used on the vehicle purchasing the vehicle-mounted application; the bound user means that the purchased vehicle-mounted application is strongly related to the user and can only be used when the user account for purchasing the vehicle-mounted application logs in.
In the embodiment of the invention, after the signature certificate of the application program is acquired from the server, the first private key in the first public and private key pair generated by the car machine is used for decrypting the signature certificate to obtain the plaintext content and the certificate content signature. The signature certificate can be decrypted only by using the first private key in the first public and private key pair, so that other vehicle machines can be prevented from taking the encrypted content, the purchased vehicle-mounted application is effectively prevented from being spread maliciously, and rights and interests of paying users and application developers are effectively guaranteed. Further, the certificate content signature is obtained by encrypting the plaintext content and the first digest value signed by the first installation package by the server by using a second private key in a second public and private key pair of the server. And the application market decrypts the certificate content signature by using a second public key in the second public and private key pair to obtain a first digest value, and calculates a second digest value according to the plaintext content and a second installation package signature of the installation package. And then judging whether the first abstract value is consistent with the second abstract value. If the installation package is consistent with the installation package, the package manager is called to install the installation package. Therefore, the installation package is not tampered, and the corresponding vehicle machine identification information or the user account information is authorized by the server, and the rights and interests of paying users and application developers are further effectively guaranteed.
For the first digest value mentioned in the above step, the first digest value is calculated based on a hash algorithm on the car machine identification information or the user account information corresponding to the application package name, the first installation package signature, and the binding type.
In addition, the calculating the second digest value according to the plaintext content and the second installation package signature of the installation package in step S104 includes: and acquiring vehicle machine identification information or user account information according to the binding type in the plaintext content. And calculating the name of the application package, the signature of the second installation package and the vehicle machine identification information or the user account information by using a Hash algorithm to obtain a second abstract value.
For calculating the digest value using a hashing algorithm, it is a technique known to those skilled in the art, and therefore, the applicant does not describe here in detail a specific calculation process.
In some embodiments of the present invention, before step S104 above, the method further comprises: and calling a package manager to install the installation package, and receiving a request for checking the installation package from the package manager.
After downloading the installation package, the application marketplace may invoke the package manager to install the application. In the installation process, the package manager can select privileged application of the vehicle machine system, namely, the application program which is only put in a designated private directory of the vehicle machine system can check the installation package, and the maliciously installed application program cannot be used as privileged application of the vehicle machine system. Therefore, the package manager selects an application market under the specified private directory of the car machine system to verify the installation package.
When any installation package is installed, the application market receives a request for checking the installation package, then authority checking is carried out on the installation package, after the checking is finished, whether the installation package is authorized to be installed or not is informed through a package manager interface, and any installation package cannot bypass the checking. Therefore, the installation packages installed by the package manager can be guaranteed to be the installation packages which are not tampered.
In addition, after the above step S108, the method further includes: and if the first abstract value is inconsistent with the second abstract value, informing the package manager to stop installing the installation package.
Based on the same inventive concept, the invention further provides a download installation method of the paid vehicle-mounted application applied to the server side, and fig. 2 is a schematic flow chart of the download installation method of the paid vehicle-mounted application according to one embodiment of the invention. Referring to fig. 2, a further method may include the following steps.
S202: a request for a signed certificate and installation package for an in-vehicle application is received from an application marketplace.
S204: and acquiring the application package name, the application binding type, the installation package signature and vehicle machine identification information or user account information corresponding to the binding type of the vehicle-mounted application according to the acquisition request.
S206: and calculating the name of the application package, the signature of the installation package and the vehicle machine identification information or the user account information by utilizing a Hash algorithm to obtain a first abstract value.
S208: and generating a second public and private key pair, and encrypting the first digest value by using a second private key in the second public and private key pair to obtain a certificate content signature.
S210: and taking the application package name and the application binding type as plaintext content, acquiring and encrypting the plaintext content and the certificate content signature by using a first public key in a first public and private key pair generated by the vehicle machine to obtain a signature certificate.
S212: and issuing the installation package, the signature certificate and a second public key in the second public and private key pair to the vehicle machine.
In the embodiment of the invention, after receiving an acquisition request about a signature certificate and an installation package of a vehicle-mounted application from an application market, a server acquires an application package name, an application binding type, an installation package signature and vehicle-mounted machine identification information or user account information corresponding to the binding type of the vehicle-mounted application according to the acquisition request. And then calculating the name of the application package, the signature of the installation package and the vehicle machine identification information or the user account information by utilizing a Hash algorithm to obtain a first abstract value. And then generating a second public and private key pair, and encrypting the first digest value by using a second private key in the second public and private key pair to obtain a certificate content signature. The second private key is only held by the server and cannot be forged by other malicious attackers, so that whether the vehicle machine subsequently confirms the message comes from the server or not is facilitated, the vehicle machine identification information or the user account information installation package which is not authorized by the server and is prevented from being tampered is avoided, and rights and interests of paying users and application developers are effectively guaranteed. And then, a first public key in a first public and private key pair generated by the vehicle machine is obtained and used for encrypting the plaintext content and the certificate content to obtain a signature certificate, and then the installation package, the signature certificate and a second public key in a second public and private key pair are issued to the vehicle machine. The first private key in the first public and private key pair is held by the vehicle machine which generates the first public and private key pair, and the other vehicle machines cannot decrypt the signature certificate, so that the purchased application can be effectively prevented from spreading, and the rights and interests of paying users and application developers are further effectively guaranteed.
The invention provides a method for downloading and installing paid vehicle-mounted application, which comprises the steps of firstly decrypting a signature certificate by using a first private key in a first public and private key pair generated by a vehicle machine to obtain plaintext content and a certificate content signature after obtaining the signature certificate of an application program from a server side. The signature certificate is encrypted by using a first public key in a first public and private key pair, and can be decrypted only by using the first public key in the first public and private key pair, so that other vehicle machines can be prevented from taking encrypted contents, purchased vehicle-mounted applications are effectively prevented from being spread maliciously, and rights and interests of paying users and application developers are effectively guaranteed.
Further, the certificate content signature is obtained by encrypting the plaintext content and the first digest value signed by the first installation package by using a second private key in a second public and private key pair generated by the server. And the application market decrypts the certificate content signature by using a second public key in the second public and private key pair to obtain a first abstract value, calculates a second abstract value according to the plaintext content and a second installation package signature of the installation package, and then judges whether the first abstract value is consistent with the second abstract value. And if the installation package is consistent with the installation package, calling a package manager to install the installation package. Therefore, the installation package is not tampered, and the corresponding vehicle machine identification information or the user account information is authorized by the server, and the rights and interests of paying users and application developers are further effectively guaranteed.
Thus, it should be appreciated by those skilled in the art that while a number of exemplary embodiments of the invention have been illustrated and described in detail herein, many other variations or modifications consistent with the principles of the invention may be directly determined or derived from the disclosure of the present invention without departing from the spirit and scope of the invention. Accordingly, the scope of the invention should be understood and interpreted to cover all such other variations or modifications.

Claims (7)

1. The utility model provides a download installation method of pay on-vehicle application, is applied to the car machine, the car machine includes the application market, its characterized in that, the method includes:
receiving an application downloading instruction, and acquiring a signature certificate and an installation package of a vehicle-mounted application corresponding to the application downloading instruction from a server, wherein the signature certificate is encrypted by using a first public key in a first public and private key pair of the vehicle machine;
decrypting the signature certificate by using a first private key in the first public and private key pair to obtain a plaintext content of the signature certificate and a certificate content signature, wherein the certificate content signature is obtained by encrypting the plaintext content and a first digest value signed by a first installation package by using a second private key in a second public and private key pair of a server, and the plaintext content comprises an application package name and an application binding type;
decrypting the certificate content signature by using a second public key in the second public and private key pair to obtain the first digest value, and calculating a second digest value according to the plaintext content and a second installation package signature of the installation package;
judging whether the first abstract value is consistent with the second abstract value;
if the installation package is consistent with the installation package, calling a package manager to install the installation package;
wherein before decrypting the signed certificate with a first private key of the first public-private key pair, further comprising: invoking a package manager to install the installation package, receiving a request from the package manager to verify the installation package, wherein
The application market is located in a specified private directory of the car machine, and the privileged application of the car machine is located in the private directory of the car machine, and the privileged application does not include maliciously installed applications;
wherein the step of generating a second digest value according to the plaintext content and a second installation package signature of the installation package comprises: acquiring vehicle machine identification information or user account information according to the binding type in the plaintext content; and calculating the application package name, the second installation package signature and the vehicle machine identification information or the user account information by utilizing a Hash algorithm to obtain the second abstract value.
2. The method according to claim 1, wherein the step of obtaining the signature certificate of the vehicle-mounted application corresponding to the application downloading instruction from the server comprises:
acquiring a signature certificate of the vehicle-mounted application from a server;
and if the acquisition fails, sending a purchase prompt, and acquiring the signature certificate of the vehicle-mounted application from the server after the purchase is successful.
3. The method of claim 1, wherein the first public-private key pair and the second public-private key pair are generated using an RSA encryption algorithm.
4. The method of claim 1, wherein prior to the step of decrypting the signed certificate with a first private key of the first public-private key pair, the method further comprises:
calling the package manager to install the installation package;
receiving a request from the package manager to verify the installation package.
5. The method of claim 1, wherein after the step of determining whether the first digest value is consistent with the second digest value, the method further comprises:
and if the first abstract value is inconsistent with the second abstract value, informing the package manager to stop installing the installation package.
6. The method according to claim 1, wherein the first digest value is calculated based on a hash algorithm on the application package name, the first installation package signature, and the car machine identification information or the user account information corresponding to the binding type.
7. A download installation method of paid vehicle-mounted application is applied to a server and is characterized by comprising the following steps:
receiving a request for obtaining a signature certificate and an installation package of a vehicle-mounted application from an application market;
acquiring an application package name, an application binding type, an installation package signature and vehicle machine identification information or user account information corresponding to the binding type of the vehicle-mounted application according to the acquisition request;
calculating the application package name, the installation package signature and the vehicle machine identification information or the user account information by using a Hash algorithm to obtain a first abstract value;
generating a second public and private key pair, and encrypting the first digest value by using a second private key in the second public and private key pair to obtain a certificate content signature;
taking the application package name and the application binding type as plaintext content, acquiring and encrypting the plaintext content and the certificate content signature by using a first public key in a first public and private key pair generated by a vehicle machine to obtain a signature certificate;
issuing the installation package, the signature certificate and a second public key in the second public and private key pair to the vehicle machine;
the application market is located in a specified directory of the car machine, privileged application of the car machine is located in a private directory of the car machine, the privileged application does not include maliciously installed application, and the application market is responsible for verifying the received installation package under the request of the package manager;
the application market is configured to obtain vehicle machine identification information or user account information according to the binding type in the plaintext content; calculating the name of the application package, a second installation package signature of the installation package and the vehicle machine identification information or the user account information by using a Hash algorithm to obtain a second abstract value; judging whether the first abstract value is consistent with the second abstract value; if so, calling a package manager to install the installation package.
CN202110224329.6A 2021-03-01 2021-03-01 Download installation method of paid vehicle-mounted application Active CN113031973B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110224329.6A CN113031973B (en) 2021-03-01 2021-03-01 Download installation method of paid vehicle-mounted application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110224329.6A CN113031973B (en) 2021-03-01 2021-03-01 Download installation method of paid vehicle-mounted application

Publications (2)

Publication Number Publication Date
CN113031973A CN113031973A (en) 2021-06-25
CN113031973B true CN113031973B (en) 2023-04-07

Family

ID=76464827

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110224329.6A Active CN113031973B (en) 2021-03-01 2021-03-01 Download installation method of paid vehicle-mounted application

Country Status (1)

Country Link
CN (1) CN113031973B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114329358A (en) * 2021-12-28 2022-04-12 深圳市兆珑科技有限公司 Application signature method and system, transaction terminal and service platform

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003041022A1 (en) * 2001-10-19 2003-05-15 Apeera Inc. Method of performing a secure transaction between a mobile telephone which is equipped with a subscriber identification module (sim card) and an application server
CN106020858A (en) * 2016-04-29 2016-10-12 乐视控股(北京)有限公司 Method, terminal and system for downloading and installation of application program
CN110414269A (en) * 2019-07-30 2019-11-05 宇龙计算机通信科技(深圳)有限公司 Processing method, relevant apparatus, storage medium and the system of application installation package

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685727B (en) * 2011-03-11 2015-07-01 中国移动通信有限公司 Method for transmitting and operating application program, system for operating application program, server and terminal
CN107463806B (en) * 2017-06-20 2020-08-14 国家计算机网络与信息安全管理中心 Signature and signature verification method for Android application program installation package
US20190196805A1 (en) * 2017-12-21 2019-06-27 Apple Inc. Controlled rollout of updates for applications installed on client devices
CN109165029A (en) * 2018-08-27 2019-01-08 北京奇虎科技有限公司 Realize method, server and the device of downloading-running payment applications
CN110474898B (en) * 2019-08-07 2021-06-22 北京明朝万达科技股份有限公司 Data encryption and decryption and key distribution method, device, equipment and readable storage medium
CN111723365B (en) * 2020-06-30 2023-03-17 亿咖通(湖北)技术有限公司 Method and equipment for installing application program in vehicle-mounted information entertainment system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003041022A1 (en) * 2001-10-19 2003-05-15 Apeera Inc. Method of performing a secure transaction between a mobile telephone which is equipped with a subscriber identification module (sim card) and an application server
CN106020858A (en) * 2016-04-29 2016-10-12 乐视控股(北京)有限公司 Method, terminal and system for downloading and installation of application program
CN110414269A (en) * 2019-07-30 2019-11-05 宇龙计算机通信科技(深圳)有限公司 Processing method, relevant apparatus, storage medium and the system of application installation package

Also Published As

Publication number Publication date
CN113031973A (en) 2021-06-25

Similar Documents

Publication Publication Date Title
US6108420A (en) Method and system for networked installation of uniquely customized, authenticable, and traceable software application
EP1155359B1 (en) Authorization and access control of software object residing in set-top terminals
EP1308820A2 (en) Encrypted program distribution system using computer network
US20120304315A1 (en) Method and apparatus for managing digital rights of secure removable media
CN106529218B (en) Application verification method and device
CN108124491B (en) Diagnostic joint upgrading verification method and device of diagnostic equipment and diagnostic joint
EP2051181A1 (en) Information terminal, security device, data protection method, and data protection program
CN108139752B (en) Instruction verification method and device of diagnosis equipment and lower computer
CN103390122A (en) Application program transmitting method, application program operating method, sever and terminal
CN113031973B (en) Download installation method of paid vehicle-mounted application
CN110619194B (en) Upgrade package encryption and decryption methods and devices
CN115795438A (en) Method and system for authorizing application program and readable storage medium
Adelsbach et al. Secure software delivery and installation in embedded systems
KR20140011021A (en) Method for preventing unauthorized copying of the android platform-based applications and inserting digital watermarking in order to track the first clone
JP2005084989A (en) Software alteration detection system, method and program
CN113946799B (en) Application program source code protection method and server
CN111385099A (en) Safety authentication method and device for vehicle-mounted intelligent hardware
KR101561655B1 (en) UCI anti-piracy method and system-based applications
CN114301601B (en) Interface management method and terminal based on Android platform
EP1221077B1 (en) Detection of suspect software objects and signatures after failed authentication
KR20140082408A (en) Method and apparatus for managing application
CN116781424B (en) Animation plug-in authorization configuration method
Weimerskirch Secure Software Flashing
CN117676504A (en) Data acquisition method, device and storage medium for vehicle terminal
CN117763537A (en) Application authority management and control method and device of terminal system and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220317

Address after: 430051 No. b1336, chuanggu startup area, taizihu cultural Digital Creative Industry Park, No. 18, Shenlong Avenue, Wuhan Economic and Technological Development Zone, Wuhan, Hubei Province

Applicant after: Yikatong (Hubei) Technology Co.,Ltd.

Address before: 430056 building B (qdxx-f7b), No.7 building, qiedixiexin science and Technology Innovation Park, South taizihu innovation Valley, Wuhan Economic and Technological Development Zone, Hubei Province

Applicant before: HUBEI ECARX TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant