Disclosure of Invention
In view of the above, the present invention has been made to provide a download installation method of a pay vehicular application that overcomes or at least partially solves the above problems.
According to one aspect of the invention, a download installation method of a paid vehicle-mounted application is provided, and is applied to a vehicle machine, wherein the vehicle machine comprises an application market, and the method comprises the following steps:
receiving an application downloading instruction, and acquiring a signature certificate and an installation package of a vehicle-mounted application corresponding to the application downloading instruction from a server, wherein the signature certificate is encrypted by using a first public key in a first public and private key pair of the vehicle machine;
decrypting the signature certificate by using a first private key in the first public and private key pair to obtain a plaintext content of the signature certificate and a certificate content signature, wherein the certificate content signature is obtained by encrypting the plaintext content and a first digest value signed by a first installation package by using a second private key in a second public and private key pair of a server, and the plaintext content comprises an application package name and an application binding type;
decrypting the certificate content signature by using a second public key in the second public and private key pair to obtain the digest value, and calculating a second digest value according to the plaintext content and a second installation package signature of the installation package;
judging whether the first abstract value is consistent with the second abstract value;
and if the installation package is consistent with the installation package, calling a package manager to install the installation package.
Optionally, the step of calculating a second digest value according to the plaintext content and a second installation package signature of the installation package includes:
acquiring vehicle machine identification information or user account information according to the binding type in the plaintext content;
and calculating the application package name, the second installation package signature and the vehicle machine identification information or the user account information by using a Hash algorithm to obtain the second abstract value.
Optionally, the step of obtaining, from a server, a signature certificate of the in-vehicle application corresponding to the application download instruction includes:
acquiring a signature certificate of the vehicle-mounted application from a server;
and if the acquisition fails, sending a purchase prompt, and acquiring the signature certificate of the vehicle-mounted application from the server after the purchase is successful.
Optionally, the first public-private key pair and the second public-private key pair are generated using an RSA encryption algorithm.
Optionally, the application marketplace is located in a designated private directory of the car machine.
Optionally, before the step of decrypting the signed certificate with a first private key of the first public-private key pair, the method further comprises:
calling the package manager to install the installation package;
receiving a request from the package manager to verify the installation package.
Optionally, after the step of determining whether the first digest value is consistent with the second digest value, the method further includes:
and if the first abstract value is inconsistent with the second abstract value, informing the package manager to stop installing the installation package.
Optionally, the first digest value is obtained by calculating the application package name, the first installation package signature, and the car machine identification information or the user account information corresponding to the binding type based on a hash algorithm.
According to another aspect of the present invention, there is provided a download installation method of a pay vehicular application, applied to a server, comprising:
receiving a signature certificate and an acquisition request of an installation package about a vehicle-mounted application from an application market;
acquiring an application package name, an application binding type, an installation package signature and vehicle machine identification information or user account information corresponding to the binding type of the vehicle-mounted application according to the acquisition request;
calculating the application package name, the installation package signature and the vehicle machine identification information or the user account information by using a Hash algorithm to obtain a first abstract value;
generating a second public and private key pair, and encrypting the first digest value by using a second private key in the second public and private key pair to obtain a certificate content signature;
taking the application package name and the application binding type as plaintext content, and acquiring and encrypting the plaintext content and the certificate content by using a first public key in a first public and private key pair generated by a vehicle machine to obtain a signature certificate;
and issuing the installation package, the signature certificate and a second public key in the second public and private key pair to the vehicle machine.
After the signature certificate of the application program is acquired from the server side, the first private key in a first public and private key pair generated by the vehicle machine is used for decrypting the signature certificate to obtain the plaintext content and the certificate content signature. The signature certificate is encrypted by using the first public key in the first public and private key pair, and can be decrypted only by using the first private key in the first public and private key pair, so that other vehicle machines can be prevented from taking encrypted contents, purchased vehicle-mounted applications are effectively prevented from being spread maliciously, and rights and interests of paying users and application developers are effectively guaranteed.
Further, the certificate content signature is obtained by encrypting the plaintext content and the first digest value signed by the first installation package by using a second private key in a second public and private key pair generated by the server. And the application market decrypts the certificate content signature by using a second public key in the second public and private key pair to obtain a first abstract value, calculates a second abstract value according to the plaintext content and a second installation package signature of the installation package, and then judges whether the first abstract value is consistent with the second abstract value. And if the installation package is consistent with the installation package, calling a package manager to install the installation package. Therefore, the installation package is not tampered, and the corresponding vehicle machine identification information or the user account information is authorized by the server, and the rights and interests of paying users and application developers are further effectively guaranteed.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
The above and other objects, advantages and features of the present invention will become more apparent to those skilled in the art from the following detailed description of specific embodiments thereof, taken in conjunction with the accompanying drawings.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
It should be noted that the technical features of the embodiments and alternative embodiments of the present invention may be combined with each other without conflict.
FIG. 1 is a schematic flow chart diagram of a method for download installation of a paid vehicular application in accordance with one embodiment of the present invention. Referring to fig. 1, the method includes at least the following steps S102-S110.
Step S102: and receiving an application downloading instruction, and acquiring a signature certificate and an installation package of the vehicle-mounted application corresponding to the application downloading instruction from the server, wherein the signature certificate is encrypted by using a first public key in a first public and private key pair of the vehicle machine.
Step S104: and decrypting the signature certificate by using a first private key in a first public and private key pair to obtain the plaintext content of the signature certificate and a certificate content signature, wherein the certificate content signature is obtained by encrypting the plaintext content and a first digest value signed by a first installation package by using a second private key in a second public and private key pair of the server, and the plaintext content comprises an application package name and an application binding type.
Step S106: and decrypting the certificate content signature by using a second public key in the second public and private key pair to obtain a first digest value, and calculating a second digest value according to the plaintext content and a second installation package signature of the installation package.
Step S108: and judging whether the first abstract value is consistent with the second abstract value.
Step S110: and if the installation package is consistent with the installation package, calling a package manager to install the installation package.
The obtaining, from the server, the signature certificate of the in-vehicle application corresponding to the application download instruction in step S102 may specifically include: and acquiring the signature certificate of the vehicle-mounted application from the server. And if the acquisition fails, sending a purchase prompt, and acquiring the signature certificate of the vehicle-mounted application from the server after the purchase is successful.
In addition, the first public and private key pair and the second public and private key pair mentioned in the above steps may be generated by an RSA encryption algorithm.
In addition, the application package name can be defined based on the principle of the Android standard, is the unique identifier of the vehicle-mounted application, and is used for the vehicle-mounted application system to identify the unique vehicle-mounted application.
The application binding type can be divided into a bound car machine and a bound user. The vehicle binding means that the purchased vehicle-mounted application is strongly related to the vehicle and can only be used on the vehicle purchasing the vehicle-mounted application; the bound user means that the purchased vehicle-mounted application is strongly related to the user and can only be used when the user account for purchasing the vehicle-mounted application logs in.
In the embodiment of the invention, after the signature certificate of the application program is acquired from the server, the first private key in the first public and private key pair generated by the car machine is used for decrypting the signature certificate to obtain the plaintext content and the certificate content signature. The signature certificate can be decrypted only by using the first private key in the first public and private key pair, so that other vehicle machines can be prevented from taking the encrypted content, the purchased vehicle-mounted application is effectively prevented from being spread maliciously, and rights and interests of paying users and application developers are effectively guaranteed. Further, the certificate content signature is obtained by encrypting the plaintext content and the first digest value signed by the first installation package by the server by using a second private key in a second public and private key pair of the server. And the application market decrypts the certificate content signature by using a second public key in the second public and private key pair to obtain a first digest value, and calculates a second digest value according to the plaintext content and a second installation package signature of the installation package. And then judging whether the first abstract value is consistent with the second abstract value. If the installation package is consistent with the installation package, the package manager is called to install the installation package. Therefore, the installation package is not tampered, and the corresponding vehicle machine identification information or the user account information is authorized by the server, and the rights and interests of paying users and application developers are further effectively guaranteed.
For the first digest value mentioned in the above step, the first digest value is calculated based on a hash algorithm on the car machine identification information or the user account information corresponding to the application package name, the first installation package signature, and the binding type.
In addition, the calculating the second digest value according to the plaintext content and the second installation package signature of the installation package in step S104 includes: and acquiring vehicle machine identification information or user account information according to the binding type in the plaintext content. And calculating the name of the application package, the signature of the second installation package and the vehicle machine identification information or the user account information by using a Hash algorithm to obtain a second abstract value.
For calculating the digest value using a hashing algorithm, it is a technique known to those skilled in the art, and therefore, the applicant does not describe here in detail a specific calculation process.
In some embodiments of the present invention, before step S104 above, the method further comprises: and calling a package manager to install the installation package, and receiving a request for checking the installation package from the package manager.
After downloading the installation package, the application marketplace may invoke the package manager to install the application. In the installation process, the package manager can select privileged application of the vehicle machine system, namely, the application program which is only put in a designated private directory of the vehicle machine system can check the installation package, and the maliciously installed application program cannot be used as privileged application of the vehicle machine system. Therefore, the package manager selects an application market under the specified private directory of the car machine system to verify the installation package.
When any installation package is installed, the application market receives a request for checking the installation package, then authority checking is carried out on the installation package, after the checking is finished, whether the installation package is authorized to be installed or not is informed through a package manager interface, and any installation package cannot bypass the checking. Therefore, the installation packages installed by the package manager can be guaranteed to be the installation packages which are not tampered.
In addition, after the above step S108, the method further includes: and if the first abstract value is inconsistent with the second abstract value, informing the package manager to stop installing the installation package.
Based on the same inventive concept, the invention further provides a download installation method of the paid vehicle-mounted application applied to the server side, and fig. 2 is a schematic flow chart of the download installation method of the paid vehicle-mounted application according to one embodiment of the invention. Referring to fig. 2, a further method may include the following steps.
S202: a request for a signed certificate and installation package for an in-vehicle application is received from an application marketplace.
S204: and acquiring the application package name, the application binding type, the installation package signature and vehicle machine identification information or user account information corresponding to the binding type of the vehicle-mounted application according to the acquisition request.
S206: and calculating the name of the application package, the signature of the installation package and the vehicle machine identification information or the user account information by utilizing a Hash algorithm to obtain a first abstract value.
S208: and generating a second public and private key pair, and encrypting the first digest value by using a second private key in the second public and private key pair to obtain a certificate content signature.
S210: and taking the application package name and the application binding type as plaintext content, acquiring and encrypting the plaintext content and the certificate content signature by using a first public key in a first public and private key pair generated by the vehicle machine to obtain a signature certificate.
S212: and issuing the installation package, the signature certificate and a second public key in the second public and private key pair to the vehicle machine.
In the embodiment of the invention, after receiving an acquisition request about a signature certificate and an installation package of a vehicle-mounted application from an application market, a server acquires an application package name, an application binding type, an installation package signature and vehicle-mounted machine identification information or user account information corresponding to the binding type of the vehicle-mounted application according to the acquisition request. And then calculating the name of the application package, the signature of the installation package and the vehicle machine identification information or the user account information by utilizing a Hash algorithm to obtain a first abstract value. And then generating a second public and private key pair, and encrypting the first digest value by using a second private key in the second public and private key pair to obtain a certificate content signature. The second private key is only held by the server and cannot be forged by other malicious attackers, so that whether the vehicle machine subsequently confirms the message comes from the server or not is facilitated, the vehicle machine identification information or the user account information installation package which is not authorized by the server and is prevented from being tampered is avoided, and rights and interests of paying users and application developers are effectively guaranteed. And then, a first public key in a first public and private key pair generated by the vehicle machine is obtained and used for encrypting the plaintext content and the certificate content to obtain a signature certificate, and then the installation package, the signature certificate and a second public key in a second public and private key pair are issued to the vehicle machine. The first private key in the first public and private key pair is held by the vehicle machine which generates the first public and private key pair, and the other vehicle machines cannot decrypt the signature certificate, so that the purchased application can be effectively prevented from spreading, and the rights and interests of paying users and application developers are further effectively guaranteed.
The invention provides a method for downloading and installing paid vehicle-mounted application, which comprises the steps of firstly decrypting a signature certificate by using a first private key in a first public and private key pair generated by a vehicle machine to obtain plaintext content and a certificate content signature after obtaining the signature certificate of an application program from a server side. The signature certificate is encrypted by using a first public key in a first public and private key pair, and can be decrypted only by using the first public key in the first public and private key pair, so that other vehicle machines can be prevented from taking encrypted contents, purchased vehicle-mounted applications are effectively prevented from being spread maliciously, and rights and interests of paying users and application developers are effectively guaranteed.
Further, the certificate content signature is obtained by encrypting the plaintext content and the first digest value signed by the first installation package by using a second private key in a second public and private key pair generated by the server. And the application market decrypts the certificate content signature by using a second public key in the second public and private key pair to obtain a first abstract value, calculates a second abstract value according to the plaintext content and a second installation package signature of the installation package, and then judges whether the first abstract value is consistent with the second abstract value. And if the installation package is consistent with the installation package, calling a package manager to install the installation package. Therefore, the installation package is not tampered, and the corresponding vehicle machine identification information or the user account information is authorized by the server, and the rights and interests of paying users and application developers are further effectively guaranteed.
Thus, it should be appreciated by those skilled in the art that while a number of exemplary embodiments of the invention have been illustrated and described in detail herein, many other variations or modifications consistent with the principles of the invention may be directly determined or derived from the disclosure of the present invention without departing from the spirit and scope of the invention. Accordingly, the scope of the invention should be understood and interpreted to cover all such other variations or modifications.