WO2020177116A1 - Counterfeit app identification method and apparatus - Google Patents

Counterfeit app identification method and apparatus Download PDF

Info

Publication number
WO2020177116A1
WO2020177116A1 PCT/CN2019/077311 CN2019077311W WO2020177116A1 WO 2020177116 A1 WO2020177116 A1 WO 2020177116A1 CN 2019077311 W CN2019077311 W CN 2019077311W WO 2020177116 A1 WO2020177116 A1 WO 2020177116A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
app
service
server
identified
Prior art date
Application number
PCT/CN2019/077311
Other languages
French (fr)
Chinese (zh)
Inventor
李多显
何钢杰
钟文国
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201980066172.XA priority Critical patent/CN112805702A/en
Priority to PCT/CN2019/077311 priority patent/WO2020177116A1/en
Publication of WO2020177116A1 publication Critical patent/WO2020177116A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Definitions

  • the embodiments of this application relate to the field of security technologies, and in particular to a method and device for identifying counterfeit APPs.
  • servers of third-party application stores such as servers corresponding to APP stores, identify counterfeit apps.
  • the server identifies the APP based on the Android package (APK) file of the APP, extracting the feature vector of the APK file or adding monitoring features to the APK file, etc.
  • APIK Android package
  • the above method of identifying counterfeit APPs is suitable for the identification of counterfeit APPs by third-party app stores.
  • the service server only provides services for specific apps and does not want to be accessed by other apps.
  • the server corresponding to Huawei share APP only provides services for Huawei share APP.
  • the server of the third-party application store recognizes that an APP is a legitimate APP, but the APP is illegal to the business server, the APP is downloaded to the terminal device and accesses the business server, causing security risks; or, if An APP is a counterfeit APP, but the server of a third-party application store does not recognize that the APP is a counterfeit APP, and the APP is downloaded to the terminal device and accessed to the service server, which also causes security risks.
  • the embodiments of this application provide a method and device for identifying counterfeit APPs. After a user downloads an APP on a terminal device and uses the APP to interact with a service server, the service server performs counterfeit recognition of the APP to prevent the service server from providing services for the counterfeit APP , To ensure the security of the business server.
  • an embodiment of the present application provides a method for identifying a counterfeit APP, which can be applied to a server or a chip of the server.
  • the method is described below by taking the application to the server as an example.
  • the method includes: the server sends a first random number to the terminal device; the server receives the certificate chain and signature data sent by the terminal device, and the certificate in the certificate chain includes the application APP to be identified
  • the service certificate carries the package name of the APP to be recognized and the fingerprint of the first signature certificate of the APP to be recognized.
  • the signature data is obtained by the terminal device using the private key corresponding to the service certificate to encrypt the first random number; the server uses the certificate chain and The signature data determines whether the service certificate is the service certificate of the APP to be identified; if the service certificate is the service certificate of the APP to be identified, the server determines whether the APP to be identified is a counterfeit APP based on the package name and the fingerprint of the first signature certificate.
  • the certificate chain and signature data are sent to the service server. The service server verifies that each certificate in the certificate chain is legal and the service certificate is pending.
  • the server judges whether the service certificate is the service certificate of the APP to be identified according to the certificate chain and the signature data, including: the server uses the public key of the service certificate to decrypt the signature data to obtain a random number, which is called the first Two random numbers. Then, the server compares whether the first random number and the second random number are the same. If the first random number is the same as the second random number, the server determines that the service certificate is the service certificate of the APP to be identified; if the first random number is If the number is different from the second random number, the server determines that the service certificate is not the service certificate of the APP to be identified. Using this method, the server determines whether the service certificate is the service certificate of the APP.
  • the certificate in the certificate chain also includes the root certificate of the terminal device and the device certification authority CA certificate.
  • the trusted certificate level on the server is the root certificate.
  • the server judges whether the certificate in the certificate chain is legal, including: Determine whether the root certificate is legal, then determine whether the device certificate is legal, and finally determine whether the business certificate is legal. In the process of verifying the validity of the certificate chain, the server judges whether there is a root certificate in the certificate chain in the trusted root certificate set stored locally. If the root certificate in the certificate chain is included in the trusted root certificate set, the server considers the root The certificate is credible.
  • the server considers the root certificate in the certificate chain to be untrustworthy; after that, the server uses the public key of the root certificate to decrypt the device CA certificate to obtain a hash value and use the hash carried in the device CA certificate Algorithm, to perform a hash operation on the content of the device CA certificate to obtain another hash value. If the two hash values are the same, the server considers the device CA certificate legal, otherwise, the server considers the device CA certificate illegal; Use the public key of the device CA certificate to decrypt the service certificate to obtain a hash value. Use the hash algorithm carried in the service certificate to hash the content of the service certificate to obtain another hash value.
  • the server If the value is the same, the server considers the business certificate to be legal; anyway, the server considers the business certificate to be illegal. This solution is adopted to achieve the purpose of verifying the legality of the certificates in the certificate chain when the trusted certificate level on the service server is the root certificate.
  • the certificate in the certificate chain also includes the device authorized CA certificate of the terminal device, the trusted certificate level on the server is the device CA certificate, and the server determines whether the certificate in the certificate chain is legal, including: the server determines the pre-deployment In the trusted CA certificate set, whether there is a device CA certificate in the certificate chain; if there is a device CA certificate in the certificate chain in the CA certificate set, the server uses the public key of the device CA certificate to decrypt the business certificate, and obtain a ha Ultimately, use the hash algorithm carried in the business certificate to hash the content of the business certificate to obtain another hash value. If the two hash values are the same, the server considers the business certificate legal; anyway, the server considers the business The certificate is invalid.
  • This solution is adopted to achieve the purpose of verifying the legality of the certificates in the certificate chain when the trusted certificate level on the service server is the device CA certificate.
  • the server determines whether the app to be identified is a counterfeit app based on the package name and the fingerprint of the first signature certificate, including: if the service certificate is the service of the app to be identified Certificate, the server compares the first signature certificate fingerprint corresponding to the package name in the certificate chain with the second signature certificate fingerprint stored when the genuine APP corresponding to the package name is registered on the server; if the first signature certificate fingerprint is compared with the second signature certificate fingerprint If the fingerprints of the signature certificate are not the same, the server determines that the APP to be identified is a counterfeit APP. Using this scheme, the server realizes the purpose of counterfeiting the app to be identified based on the package name and the fingerprint of the signature certificate.
  • an embodiment of the present application provides a method for identifying a counterfeit application APP.
  • the method can be applied to a terminal device or a chip in the terminal device.
  • the method is described below by taking an application to a terminal device as an example.
  • the method includes: the terminal device sends to the server a request message for establishing a link between the APP to be identified and the server; the terminal receives a verification message sent by the server to verify the APP to be identified, and The verification message contains the first random number; the terminal device sends the certificate chain and signature data to the server, the signature data is obtained by encrypting the first random number with the private key corresponding to the APP to be identified; the terminal receiving server treats identification according to the certificate chain and the signature data APP verifies whether it is the result of counterfeiting APP.
  • the certificate chain and signature data are sent to the service server.
  • the service server verifies that each certificate in the certificate chain is legal and the service certificate is pending.
  • After identifying the APP’s own service certificate compare whether the signature certificate fingerprint corresponding to the package name in the service certificate is the same as the pre-stored signature certificate fingerprint corresponding to the package name, so as to identify whether the APP to be identified is a counterfeit APP and avoid the service server
  • Counterfeit APP provides services to improve business security.
  • the business server can only provide services for a certain number of users at the same time, this application can prevent illegal users from accessing the business server through counterfeit APPs, and can protect the business of legitimate users.
  • the certificate chain contains the service certificate of the app to be identified, and the service certificate carries the package name of the app to be identified and the fingerprint of the first signature certificate of the app to be identified;
  • the terminal receiving server verifies the app to be identified according to the certificate chain and signature data Whether it is the result of a counterfeit APP, including the counterfeit identification result obtained by the terminal device receiving server matching the fingerprint of the second visa certificate corresponding to the package name registration of the APP with the fingerprint of the first signature certificate; if the matching is successful, the counterfeiting result indicates The APP is not a counterfeit APP, or if the matching fails, the counterfeit identification result indicates that the APP is a counterfeit APP.
  • this scheme it is possible to identify whether the APP to be identified is a counterfeit APP, to prevent the service server from providing services for the counterfeit APP, and to improve business security.
  • the business server can only provide services for a certain number of users at the same time, this application can prevent illegal users from accessing the business server through counterfeit APPs, and can protect legitimate users’ business
  • the terminal device before the terminal device sends the certificate chain and signature data to the server, it also includes: the terminal device uses the device CA certificate to issue a service certificate for the app to be identified, and the content of the service certificate includes the package name of the app to be identified and the app to be identified The fingerprint of the first signature certificate.
  • the terminal device uses the device CA certificate to issue a service certificate for the APP to be identified.
  • the business certificate is generated and managed for the certificate management service of the terminal device, and the certificate management service is located in the Framework layer of the system of the terminal device. Using this kind of scheme, realize the purpose of setting up certificate management service on terminal equipment.
  • the service certificate also includes the public key of the APP to be identified, and the public key corresponds to the private key that encrypts the first random number. This solution is adopted to realize the purpose of checking whether the service certificate is the service certificate of the APP to be identified.
  • the operating system of the terminal equipment includes the rich execution environment REE operating system and the trusted execution environment TEE operating system.
  • the terminal equipment uses the equipment CA certificate to issue service certificates for the APP to be identified, including: the terminal equipment runs on the REE
  • the client application CA on the operating system sends a service certificate application request message to the trusted application TA running on the TEE operating system; the terminal device controls the TA to use the device CA certificate to issue a service certificate for the APP to be identified.
  • the terminal device controls the TA to use the device CA certificate to issue a service certificate for the APP to be identified.
  • an embodiment of the present application provides a server, including:
  • the receiver is configured to receive a certificate chain and signature data sent by a terminal device.
  • the certificate in the certificate chain includes a service certificate of the application to be identified, and the service certificate carries the package name of the to-be-identified APP and the to-be-identified application.
  • the processor is configured to determine, according to the certificate chain and the signature data, whether the service certificate is the service certificate of the APP to be identified; if the service certificate is the service certificate of the APP to be identified, then The package name and the fingerprint of the first signature certificate are used to determine whether the APP to be identified is a counterfeit APP.
  • the processor is configured to determine whether the certificate in the certificate chain is legal, and if the certificate in the certificate chain is legal, then according to the public key carried by the service certificate in the certificate chain , Decrypt the signature data to obtain a second random number; determine whether the first random number is the same as the second random number, and if the first random number is the same as the second random number, determine the The service certificate is the service certificate of the APP to be identified; if the first random number and the second random number are not the same, it is determined that the service certificate is not the service certificate of the APP to be identified.
  • the certificate in the certificate chain further includes the root certificate of the terminal device and the device certification authority CA certificate
  • the processor is used to determine a set of pre-deployed trusted root certificates, Whether there is a root certificate in the certificate chain, if the root certificate in the certificate chain exists in the root certificate set, use the public key carried by the root certificate to decrypt the device CA contained in the certificate chain Certificate, obtain a first hash value, and perform a hash operation on the device CA certificate according to the hash algorithm carried in the device CA certificate to obtain a second hash value, if the first hash value and the If the second hash value is the same, it is determined that the device CA certificate is a legal certificate, and the service certificate is decrypted according to the public key carried in the device CA certificate to obtain the third hash value, and the third hash value is obtained according to the public key carried in the service certificate.
  • a hash algorithm is to perform a hash operation on the business certificate to obtain a fourth hash value, and if the third hash value
  • the certificate in the certificate chain also includes the device authorization CA certificate of the terminal device, and the processor is configured to determine whether the pre-deployed set of trusted CA certificates exists.
  • the device CA certificate in the certificate chain if the device CA certificate in the certificate chain exists in the CA certificate set, the public key carried in the trusted device CA certificate is used to decrypt the service certificate to obtain the third hash value , Performing a hash operation on the service certificate according to the hash algorithm carried in the service certificate to obtain a fourth hash value, and if the third hash value is the same as the fourth hash value, determining all
  • the business certificate mentioned is a legal certificate.
  • the processor is configured to, if the service certificate is the service certificate of the APP to be identified, determine the APP to be identified according to the package name and the fingerprint of the first signature certificate Whether it is a counterfeit APP, including: if the service certificate is the service certificate of the APP to be identified, determining the second signature certificate fingerprint according to the package name, and storing the package name and the second signature certificate fingerprint Correspondence, determine whether the fingerprint of the first signature certificate and the fingerprint of the second signature certificate are the same, and if the fingerprint of the first signature certificate and the fingerprint of the second signature certificate are not the same, determine that the APP to be identified is a counterfeit APP.
  • the server is a business server or a device CA server.
  • an embodiment of the present application provides a terminal device, including:
  • a sender used to send a request message for establishing a link between the application APP to be identified and the server to the server;
  • a receiver configured to receive a verification message sent by the server for verifying the APP to be identified, where the verification message includes a first random number
  • the transmitter is further configured to send a certificate chain and signature data to the server, where the signature data is obtained by encrypting the first random number with a private key corresponding to the first APP;
  • the receiver is further configured to receive the result of the server verifying whether the APP to be identified is a counterfeit APP according to the certificate chain and the signature data.
  • the certificate chain includes a service certificate of the APP to be identified, and the service certificate carries the package name of the APP to be identified and the fingerprint of the first signature certificate of the APP to be identified, and the receiving A device for receiving the counterfeit recognition result obtained by matching the second visa certificate fingerprint corresponding to the APP package name registration with the first signature certificate fingerprint by the server; if the matching is successful, the counterfeiting result It is indicated that the APP is not a counterfeit APP, or if the matching fails, the counterfeit recognition result indicates that the APP is a counterfeit APP.
  • the terminal device further includes: a processor, configured to use the device CA certificate to sign the APP to be identified before the sender sends the certificate chain and the signature data to the server A service certificate, where the content of the service certificate includes the package name of the APP to be identified and the first signature certificate fingerprint of the APP to be identified.
  • the service certificate is generated and managed for the certificate management service of the terminal device, and the certificate management service is located in the framework layer of the system of the terminal device.
  • the service certificate further includes a public key of the APP to be identified, and the public key corresponds to a private key that encrypts the first random number.
  • the operating system of the terminal device includes a rich execution environment REE operating system and a trusted execution environment TEE operating system, and the terminal device further includes a processor;
  • the transmitter is configured to send a service certificate application request message to a trusted application TA running on the TEE operating system through the client application CA running on the REE operating system;
  • the processor is configured to control the TA to use the device CA certificate to issue the service certificate for the APP to be identified.
  • the embodiments of the present application provide a computer program product containing instructions, which when run on a processor, enable the processor computer to execute the method in the first aspect or various possible implementations of the first aspect .
  • embodiments of the present application provide a computer program product containing instructions, which when run on a processor, enable the processor to execute the foregoing second aspect or the methods in various possible implementation manners of the second aspect.
  • an embodiment of the present application provides a computer-readable storage medium that stores instructions in the computer-readable storage medium, and when the computer-readable storage medium runs on a processor, the processor executes the first aspect or the first aspect.
  • an embodiment of the present application provides a computer-readable storage medium that stores instructions in the computer-readable storage medium, which when run on a processor, causes the processor to execute the second aspect or the second aspect described above Of the various possible implementation methods.
  • an embodiment of the present application provides a chip.
  • the chip system includes a processor and may also include a memory, which is used to implement the foregoing first aspect or the methods in various possible implementation manners of the first aspect.
  • an embodiment of the present application provides a chip.
  • the chip system includes a processor and may also include a memory, which is used to implement the foregoing second aspect or the methods in various possible implementation manners of the second aspect.
  • an embodiment of the present application also provides a counterfeit APP identification system, including a server implemented in any possible manner such as the third aspect or the third aspect, and any of the fourth aspect or the fourth aspect Possible ways to implement terminal equipment.
  • the counterfeit APP identification method, server, and terminal device provided by the embodiments of this application.
  • the certificate chain and signature data are sent to the service server before the service interaction with the service server, and the service server checks the certificate chain
  • the service certificate is the service certificate of the APP to be identified, compare the signature certificate fingerprint corresponding to the package name in the service certificate and the pre-stored signature certificate fingerprint corresponding to the package name to identify the Identify whether the APP is a counterfeit APP, prevent the service server from providing services for the counterfeit APP, and improve business security.
  • this application can prevent illegal users from accessing the business server through counterfeit APPs, and can protect the business of legitimate users.
  • FIG. 1A is a schematic diagram of a network architecture applicable to a counterfeit APP identification method provided by an embodiment of the application;
  • FIG. 1B is a schematic diagram of a network architecture applicable to another counterfeit APP identification method provided by an embodiment of the application;
  • FIG. 2 is a flowchart of a method for identifying a counterfeit APP according to an embodiment of the present application
  • FIG. 3 is a schematic diagram of a structure applicable to a counterfeit APP identification method provided by an embodiment of the application
  • Figure 4 is a flowchart of another counterfeit APP identification method provided by an embodiment of the present application.
  • FIG. 5 is a flow chart of certificate issuance used by the counterfeit APP identification method provided by the embodiment of the application.
  • FIG. 6 is a schematic diagram of a passing scenario of counterfeit detection in a counterfeit APP identification method provided by an embodiment of the present application
  • FIG. 7 is a schematic structural diagram of a server provided by an embodiment of the application.
  • FIG. 8 is a schematic structural diagram of a terminal device provided by an embodiment of this application.
  • FIG. 9 is a schematic structural diagram of another server provided by an embodiment of the application.
  • FIG. 10 is a schematic structural diagram of another terminal device provided by an embodiment of this application.
  • FIG. 11 is a schematic structural diagram of an APP identification system according to an embodiment of the application.
  • the APP is identified by extracting the feature vector of the APK file of the APP or adding monitoring features to the APK file. This identification method is suitable for the application market to detect the counterfeit APP.
  • some business servers only provide services for specific apps. Taking the APP specifically for Huawei APP, such as Huawei share as an example, a function of Huawei share is to share photos. When traveling, users can share photos with relatives and friends through Huawei share. When sharing photos, the user’s terminal device needs to connect to the service server through Huawei share, and share the photos to relatives and friends through the service server.
  • the service server refers to the server used to provide services for Huawei share.
  • the counterfeit APP illegally uses the service server, that is, the service server is easily attacked by the counterfeit APP.
  • the embodiment of the present application provides a counterfeit APP identification method.
  • the service server After the user downloads the APP on the terminal device (hereinafter referred to as the APP to be identified), when the APP interacts with the service server, the service server performs the application Counterfeit identification, to prevent business servers from providing services for counterfeit apps, and improve security.
  • the terminal device is a device that can provide users with voice and/or data connectivity, a handheld device with a wireless connection function, or other processing devices connected to a wireless modem.
  • the terminal device can communicate with one or more core networks via the radio access network (RAN).
  • the terminal device can be a mobile terminal device, such as a mobile phone (or “cellular” phone) and a mobile terminal device.
  • the computer for example, may be a portable, pocket-sized, handheld, built-in computer or vehicle-mounted mobile device, which exchanges language and/or data with the wireless access network.
  • PCS personal communication service
  • SIP session initiation protocol
  • WLL wireless local loop
  • PDA personal digital assistant
  • handheld devices with wireless communication functions computing devices or other processing devices connected to wireless modems, vehicle-mounted devices, wearable devices, terminals in the future 5G network or future evolution of public land mobile communication networks
  • public land mobile network public land mobile network
  • terminal equipment in the PLMN which is not limited in the embodiment of the present application.
  • Terminal equipment can also be called system, subscriber unit, subscriber station, mobile station, mobile station, remote station, access point, Remote terminal equipment (remote terminal), access terminal equipment (access terminal), user terminal equipment (user terminal), user agent (user agent), user equipment (user device), or user equipment (user equipment).
  • the server refers to a business server or a device CA server.
  • the business server refers to an APP used to provide services for one or some genuine apps.
  • the device CA server is a server that has a trusted certificate list deployed. When only the business server is deployed in the network architecture, a list of trusted certificates is deployed on the business server, the genuine APP is registered on the business server, and the business server is responsible for verifying the validity of the certificate chain, determining whether the business certificate is the business certificate of the APP, and Counterfeit APP recognition.
  • the genuine APP can be registered on the business server, the trusted certificate list is deployed on the business server, and the latest trusted certificate list is periodically obtained from the device CA server, which is the responsibility of the business server Certificate chain legitimacy verification, judgment of whether the business certificate is an APP business certificate, and counterfeit APP identification; or, a genuine APP can be registered on the business server, but the trusted certificate list is not deployed on the business server, and the device CA server is responsible for the certificate chain
  • the business server is responsible for the counterfeit identification of the legality inspection and whether the business certificate is the business certificate of the APP; or, the genuine APP is registered on the device CA server, and the device CA server is responsible for the legality inspection of the certificate chain and whether the business certificate is the APP
  • the service certificate judgment and counterfeit APP identification, and the service server only plays a role of transparent transmission and forwarding.
  • Figure 1A and Figure 1B please refer to Figure 1A and Figure 1B.
  • FIG. 1A is a schematic diagram of a network architecture applicable to a counterfeit APP identification method provided by an embodiment of the application.
  • This scenario includes a terminal device and a business server.
  • a network connection is established between the terminal device and the business server.
  • the business server is a server for one or some genuine APPs.
  • the R&D personnel need to Register the genuine APP on the business server and save the correspondence between the signature certificate fingerprint of the genuine APP and the package name; at the same time, the business server stores the set of trusted certificates required to verify the validity of the certificate chain, such as the trusted root A collection of certificates or a collection of trusted device certification authority (CA) certificates.
  • CA trusted device certification authority
  • the terminal device can use the APP to use the functions provided by the service server.
  • the APP is downloaded and installed on the terminal device, and the APP is started.
  • the business server performs counterfeit identification on the APP to be identified according to the certificate chain, the business certificate of the APP to be identified, etc., where the business certificate of the APP to be identified carries the package name and signature certificate fingerprint of the APP to be identified. For example, if the app to be identified is a Huawei share, the user does not know that the Huawei share is a genuine Huawei share or a counterfeit Huawei share.
  • the service server will identify the app to be identified. If it is identified as genuine Huawei share, the app to be identified uses the functions provided by the service server, such as remotely sharing photos, files and other data with other users. If the service server identifies it as a counterfeit app, it will refuse the app to be identified to use the functions provided by the service server.
  • the terminal device, the service server, and the genuine APP are from the same manufacturer.
  • the embodiments of the present application are not limited.
  • the terminal device and the service server are from the same manufacturer, and the genuine APP is developed by a third party, and the service server provides an interface for the genuine APP developed by the third party to access.
  • FIG. 1B is a schematic diagram of a network architecture applicable to another counterfeit APP identification method provided by an embodiment of the application. 1B, this scenario includes a terminal device, a business server, and an authentication and authorization server. A network connection is established between the terminal device and the business server, and a network connection is established between the business server and the authentication and authorization server.
  • the business server is a server for one or some genuine APPs. When the genuine APP is released, the R&D staff stores the correspondence between the signature certificate fingerprint of the genuine APP and the package name on the authentication authorization server.
  • the certification authority server stores a set of trusted certificates required to verify the validity of the certificate chain, such as a trusted root certificate set or a trusted device certification authority (CA) certificate set.
  • CA trusted device certification authority
  • the APP to be recognized is downloaded and installed on the terminal device, the APP to be recognized is started, and the certificate chain, etc. is sent to the service server.
  • the service server sends the received certificate chain, etc. to the authentication and authorization server, and the authentication and authorization server performs the verification on the APP. Counterfeit identification.
  • the device CA server can only store a set of trusted certificates.
  • the developer stores the signature certificate fingerprint, package name, and the correspondence between the signature certificate fingerprint and package name of the genuine APP on the business server, and the business server receives the certificate chain and After the data is signed, the certificate chain and signature data are sent to the device CA server.
  • the device CA server verifies the validity of the certificate chain and whether the business certificate in the certificate chain is an APP certificate. Only the certificates in the certificate chain are legal. And only when the service certificate is the service certificate of the APP, the service server performs counterfeit identification of the APP according to the package name in the service certificate and the fingerprint of the first signature certificate.
  • counterfeit APPs are not limited to APPs implanted with malicious code or advertising information and illegal APPs developed by criminals.
  • the counterfeit APP in the embodiment of this application is relative.
  • the service server only provides services for APP1
  • the legitimate APP downloaded and installed on the terminal device includes APP1, APP2, and APP3. Since APP2 and APP3 are not the APPs corresponding to the service server, For the business server, the APP2 and APP3 are also counterfeit APPs.
  • the terminal device, the service server, and the genuine APP can be from the same manufacturer or different manufacturers.
  • the terminal device injects a trusted root, such as a root certificate and/or a device CA certificate, when the terminal device is generated, where the device CA certificate is issued by the root certificate.
  • a trusted root such as a root certificate and/or a device CA certificate
  • the terminal device can use the device CA certificate to issue a service certificate for the app to be identified.
  • the certificates described in the embodiments of this application such as root certificates, device CA certificates, service certificates, etc., each certificate has a key pair, the key pair includes a public key and a private key, the public key is carried in the certificate, The private key is stored in the secure storage partition of the terminal device.
  • FIG. 1A is a flowchart of a method for identifying counterfeit APPs provided in an embodiment of the present application. This embodiment compares the counterfeit APP described in this application from the perspective of the interaction between the service server and the terminal device. The identification method is explained.
  • This embodiment includes:
  • the terminal sends a request message for establishing a link between the application APP to be identified and the server to the server.
  • the terminal device downloads and installs the APP, starts the APP, which is referred to as the APP to be identified below, and the terminal device sends a link establishment request to the service server for the APP.
  • the server sends the first random number to the terminal device.
  • the service server is a server for a certain genuine APP, and the user expects that the service server can only provide services for the genuine APP, and does not want to be provided by other apps.
  • the R&D personnel register the genuine APP on the service server and save the corresponding relationship between the signature certificate fingerprint of the genuine APP and the package name; at the same time, the service server stores the certificates required for the legality check of the certificate chain.
  • a set of trusted certificates such as a trusted root certificate set or a trusted device certification authority (CA) certificate set.
  • CA trusted device certification authority
  • the terminal device sends a link establishment request to the service server, and the service server sends the link establishment request to the device CA server, triggering the device CA server to send the first random number.
  • the terminal device uses the private key corresponding to the service certificate of the APP to be identified to encrypt the first random number to obtain signature data.
  • the terminal device uses the private key corresponding to the service certificate of the APP to be identified to encrypt the first random number.
  • the terminal device uses secure hash algorithm 256 (SHA256) and secure hash algorithm 384 (secure hash algorithm 384, SHA384) or secure hash algorithm 512 (secure hash algorithm 512, SHA512) etc. encrypt the first random number to obtain signature data.
  • secure hash algorithm 256 SHA256
  • secure hash algorithm 384 secure hash algorithm 384, SHA384
  • secure hash algorithm 512 secure hash algorithm 512, SHA512
  • the terminal device sends the signature data and certificate chain to the server.
  • the certificate chain carries the service certificate of the APP to be identified, and the service certificate carries the package name of the APP to be identified and the first signature certificate fingerprint of the APP to be identified.
  • the terminal device sends the signature data and the certificate chain to the server; correspondingly, the server receives the signature data and the certificate chain.
  • the server judges whether the service certificate is the service certificate of the APP to be identified according to the certificate chain and the signature data.
  • this step includes two stages: In the first stage, the business server verifies the certificates in the certificate chain according to the pre-stored trusted certificates, and judges each certificate in the certificate chain. Whether it is legal; if the business server determines that each certificate in the certificate chain is legal, it enters the second stage: the business server uses the public key carried by the business certificate in the certificate chain to decrypt the signature data to determine whether the business certificate is for the app to be identified Service certificate. If the service certificate is the service certificate of the APP to be identified, step 106 is executed; if the service certificate is not the service certificate of the APP to be identified, step 108 is executed.
  • the certificate chain includes the root certificate, the device CA certificate and the business certificate. Since the certificate is issued at the first level, for example, the device CA certificate of the terminal device is issued using the root certificate of the terminal device, and the service certificate of the APP to be identified is issued by the terminal device using the device CA certificate. Therefore, the service server determines the certificate chain When each certificate in is valid, first determine whether the root certificate is valid, then determine whether the device certificate is valid, and finally determine whether the business certificate is valid. During the verification of the validity of the certificate chain, the business server determines whether there is a root certificate in the certificate chain in the trusted root certificate set stored locally.
  • the business server If the root certificate in the certificate chain is included in the trusted root certificate set, the business server The root certificate is considered to be credible. On the contrary, the business server considers the root certificate in the certificate chain to be untrusted; after that, the business server uses the public key of the root certificate to decrypt the device CA certificate to obtain a hash value and use the device CA certificate The carried hash algorithm performs a hash operation on the content of the device CA certificate to obtain another hash value.
  • the business server considers the device CA certificate to be legal, otherwise, the business server considers the device CA certificate Illegal; later, the service server uses the public key of the device CA certificate to decrypt the service certificate to obtain a hash value, and uses the hash algorithm carried in the service certificate to hash the content of the service certificate to obtain another hash value If the two hash values are the same, the business server considers the business certificate legal; anyway, the business server considers the business certificate illegal.
  • the service server when the service server judges whether the service certificate is the service certificate of the APP to be identified, it uses the public key of the service certificate to decrypt the signature data to obtain a random number, which is called the second random number below. Then, the service server compares Whether the first random number and the second random number are the same, if the first random number is the same as the second random number, the service server determines that the service certificate is the service certificate of the APP to be identified; if the first random number and the second random number are not If the same, the service server determines that the service certificate is not the service certificate of the APP to be recognized.
  • the service server determines whether the APP to be identified is a counterfeit APP to be identified according to the package name and the fingerprint of the first signature certificate.
  • step 102 it can be known that a genuine APP needs to be registered with the service server before being released, so that the correspondence between the package name of the genuine APP and the fingerprint of the signature certificate is stored on the service server. Therefore, in this step, the service server compares the first signature certificate fingerprint corresponding to the package name in the certificate chain with the second signature certificate fingerprint stored when the genuine APP corresponding to the package name is registered on the server to determine the APP to be identified Whether it is a counterfeit APP, if the APP to be identified is not a counterfeit APP, step 107 is executed; if the APP to be identified is a counterfeit APP, step 108 is executed.
  • the service server sends the recognition result to the terminal device, and the recognition result is used to indicate that the APP to be recognized is a genuine APP, and performs business interaction with the terminal device.
  • the service server recognizes the result to the terminal device, and the recognition result is used to indicate that the APP to be recognized is a counterfeit APP and refuses to conduct business interaction with the terminal device for the APP.
  • the counterfeit APP is relative to the service server, and the counterfeit APP includes the counterfeit APP in the conventional sense and some genuine APPs.
  • the counterfeit APP includes the counterfeit APP in the conventional sense and some genuine APPs.
  • APP1 and APP2 are counterfeit apps in the normal sense.
  • Counterfeit apps in the normal sense refer to all apps except genuine apps, including counterfeit apps that can be detected by the servers of third-party app stores.
  • the server of the third-party application product failed to detect, but it is actually a counterfeit APP;
  • APP3 is a genuine APP, but it is not registered on the service server. Therefore, for the service server, APP3 is also a counterfeit APP.
  • the certificate chain and signature data are sent to the business server before the business interaction with the business server, and the business server verifies that each certificate in the certificate chain is legal .
  • the service certificate is the service certificate of the APP to be identified, compare the signature certificate fingerprint corresponding to the package name in the service certificate and the pre-stored signature certificate fingerprint corresponding to the package name to identify whether the APP to be identified is counterfeit APP, to prevent business servers from providing services for counterfeit APPs, and improve business security.
  • the business server can only provide services for a certain number of users at the same time, this application can prevent illegal users from accessing the business server through counterfeit APPs, and can protect the business of legitimate users.
  • the terminal device may be a terminal device of any operating system, such as a terminal device of an Apple operating system, a terminal device of an Android operating system, and so on.
  • the terminal uses the device CA certificate stored on the terminal device to issue a service certificate for the APP to be identified.
  • the above-mentioned counterfeit APP identification method will be described in detail.
  • FIG. 3 is a schematic diagram of a structure applicable to a counterfeit APP identification method provided by an embodiment of the application.
  • the terminal device is called the end side
  • the service server and the device CA server are deployed on the cloud side
  • the operating system of the terminal device includes a trusted execution environment (trusted execution environment, TEE) rich execution environment ( rich execution environment, REE)
  • TEE is responsible for handling matters that require high security protection, such as secret key storage, encryption and decryption, fingerprint recognition, etc.
  • REE is a common operating system, such as Android Android system, iOS Apple system, etc., exists in REE
  • a client application (CA) that provides certificate services for the APP
  • TA trusted application
  • APP includes but is not limited to APP to be identified.
  • REE and TEE respectively include an application layer, a framework layer, a kernel layer, and a hardware layer from top to bottom.
  • the REE of the terminal device can provide a certificate management service, which is located in the REE framework (Android framework) layer, and is used to provide key and certificate management related functions for the APP to be identified.
  • REE framework Android framework
  • the certificate management service can at least realize the following three functions: 1) Before the terminal device leaves the factory, use the certificate management service to transfer the production line certificate , That is, the root certificate and the device CA certificate are injected into the terminal device; 2) Support the generation of service certificates, that is, the terminal device uses the device CA certificate to issue service certificates for the APP to be identified; 3) Supports trusted authentication based on the service key, that is, the service server initiates When the identity is challenged, the terminal device uses the certificate management service to encrypt the first random number sent by the service server with the private key corresponding to the service certificate to obtain the signature data.
  • the manufacturer presets and saves the root certificate and device CA certificate in the secure storage partition of the terminal equipment, such as replay protect memory block (RPMB), RPMB
  • RPMB replay protect memory block
  • the data in the PRMB cannot be modified. Even if the user restores the factory settings to the terminal device, the data in the PRMB cannot be deleted.
  • the app to be identified After the app to be identified is downloaded and installed on the terminal device, when the user clicks to start the app to be identified, the app to be identified applies to the CA for a business certificate, and the CA obtains the package name and the waiting list of the app to be identified through the Android system. Identify the fingerprint of the first signature certificate of the APP, and then send a certificate application request to the TA to apply for a service certificate for the APP to be identified. After receiving the application request, the TA uses the device CA certificate to issue a service certificate for the APP to be identified, and records the package name of the APP to be identified and the fingerprint of the first signature certificate in the service certificate. After the service certificate is generated, it is kept in the secure storage partition of the terminal device, such as in a secure file system (SFS). The data in the SFS can be deleted when the app to be identified is uninstalled or the terminal device is restored to its factory settings.
  • SFS secure file system
  • the terminal device initiates an establishment request for the APP to be identified to the service server, and the service server initiates an identity authentication challenge, so that the service server performs counterfeit identification of the APP to be identified.
  • Fig. 4 is a flowchart of another counterfeit APP identification method provided in an embodiment of the present application.
  • the APP to be identified and the certificate management service are both loaded on the terminal device, and the trusted root certificate set is deployed on the business server.
  • the business server regularly obtains the certificate revocation list from the device CA server.
  • the letter certificate is updated, this embodiment includes:
  • the service server obtains the root certificate of the terminal device.
  • the business server obtains the root certificate of the terminal device offline, or the business server interacts with the device CA server to obtain the root certificate of the terminal device.
  • the service server sends a certificate revocation list request to the device CA server.
  • the device CA server sends a response message to the service server, where the response message carries the certificate revocation list.
  • the service server periodically sends a certificate revocation list request to the device CA server to request the latest certificate revocation list (Certificate Revocation List, CRL) to update the locally deployed trusted certificate.
  • CRL Certificate Revocation List
  • the terminal device sends a link establishment request to the service server for the APP to be identified.
  • the terminal device when the APP to be identified is started, the terminal device initiates a link establishment request to the service server for the APP to be identified.
  • the service server initiates identity authentication to the terminal device, and the identity authentication carries the first random number.
  • the service server sends identity authentication to the terminal device for the APP to be identified.
  • the terminal device sends a certificate application request to the TA through the CA to apply for a service certificate for the APP to be identified.
  • the terminal device uses the device CA certificate to issue a service certificate for the APP to be identified.
  • the device CA certificate is issued by the root certificate, and the service certificate is issued by the device CA certificate.
  • FIG. 5 is a flow chart of certificate issuance used in the counterfeit APP identification method provided by the embodiment of the present application.
  • the root certificate and the device CA certificate are also called the terminal device production line preset certificates. These two certificates are injected into the terminal device before the terminal device leaves the factory, and will not be restored because the terminal device Value or uninstall the app to be recognized and delete it. After the terminal device leaves the factory, the user loads the APP to be identified on the terminal device. When the APP to be identified is started, the terminal device uses the device CA certificate to issue a service certificate for the APP to be identified. The following table lists the details of the business certificate.
  • the terminal device uses the private key corresponding to the service certificate to encrypt the first random number to obtain signature data.
  • the terminal device sends the signature data and certificate chain to the CA through the TA.
  • the terminal device sends the signature data and the certificate chain to the service server.
  • the certificate chain includes root certificates, device CA certificates, and business certificates.
  • the service server judges whether the certificates in the certificate chain are legal. If all the certificates in the certificate chain are legal, perform step 212; if a certain level of certificate in the certificate chain is illegal, perform step 215.
  • the service server sequentially determines whether the root certificate, the device CA certificate, and the service certificate are legal during the certificate chain verification process.
  • the business server determines whether there is a root certificate in the certificate chain in the pre-deployed set of trusted root certificates. If there is a root certificate in the certificate chain in the pre-deployed set of trusted root certificates, it indicates that there is a root certificate in the certificate chain.
  • the root certificate of is the trusted root certificate of the business server and is a legal certificate. If the root certificate in the certificate chain does not exist in the pre-deployed trusted root certificate set, it means that the root certificate in the certificate chain is not a trusted root certificate for the business server, but an illegal certificate.
  • the service server uses the public key of the root certificate to decrypt the device CA certificate contained in the certificate chain to obtain the first hash value, and then according to the device CA certificate
  • the carried hash algorithm performs a hash operation on the device CA certificate to obtain the second hash value.
  • the service server judges whether the first hash value and the second hash value are the same. If the first hash value and the second hash value are the same, it means that the device CA certificate is a legal device CA certificate. If the second hash value is not the same, it indicates that the device CA certificate is an illegal device CA certificate.
  • the service server decrypts the service certificate according to the public key carried by the device CA certificate to obtain the third hash value, and then, according to the hash algorithm carried by the service certificate, The business certificate performs a hash operation to obtain the fourth hash value.
  • the business server judges whether the third hash value and the fourth hash value are the same. If the third hash value and the fourth hash value are the same, the business certificate is valid. If the third hash value and the fourth hash value are not The same means that the business certificate is illegal.
  • hash operation on the certificate refers to the hash operation on one or more attribute information in the certificate.
  • the service server judges whether the service certificate is the service certificate of the APP to be recognized. If the service certificate is the service certificate of the APP to be recognized, step 213 is executed; if the service certificate is not the service certificate of the APP to be recognized, step 215 is executed.
  • the service server decrypts the signature data according to the public key carried in the service certificate in the certificate chain to obtain the second random number. Then, the service server determines the second random number and the value sent in step 205 Whether the first random number is the same, if the first random number and the second random number are the same, the service server determines that the service certificate is the service certificate of the APP to be identified; if the first random number and the second random number are not the same, the service server Make sure that the service certificate is not the service certificate of the APP to be identified.
  • the service server determines whether the APP to be identified is a counterfeit APP according to the package name and the fingerprint of the first signature certificate. If the APP to be identified is not a counterfeit APP, execute step 214; if the APP to be identified is a counterfeit APP, execute step 215.
  • each APP has a package name and a signature certificate fingerprint.
  • the Android APP Take the Android APP as an example. After the R&D staff develops the APP, they will sign the apk file when packaging and generating the Android package (APK). The signature mechanism is used to ensure the legality of the apk file and the uniqueness of the app. For later app upgrades, etc.
  • the R&D personnel register on the service server, and store the correspondence between the package name and the fingerprint of the signature certificate on the service server.
  • the service server determines that the service certificate is a service certificate issued by the terminal device for the APP to be recognized, then in this step, the service server determines the second signature certificate fingerprint according to the package name of the APP to be recognized, and judges the first Whether the fingerprint of the signature certificate and the fingerprint of the second signature certificate are the same; if the fingerprint of the first signature certificate and the fingerprint of the second signature certificate are not the same, the service server determines that the APP to be identified is a counterfeit APP; if the fingerprint of the first signature certificate and the second signature If the certificate fingerprints are the same, the service server determines that the APP to be identified is a genuine APP.
  • the service server sends a recognition result to the terminal device, where the recognition result is used to indicate that the APP to be recognized is a genuine APP, and performs business interaction with the terminal device for the APP to be recognized.
  • the service server sends a recognition result to the terminal device, where the recognition result is used to indicate that the APP to be recognized is a counterfeit APP, and refuses to conduct business interaction with the terminal device for the APP to be recognized.
  • a set of trusted root certificates is deployed on the business server, and the certificates in the certificate chain include root certificates, device CA certificates, and business certificates as examples to describe the counterfeit APP identification method in detail.
  • the embodiments of this application are not limited.
  • the device CA certificate may also be deployed on the service server.
  • the certificates in the certificate chain only include the device CA certificate and the service certificate.
  • Fig. 6 is a schematic diagram of a passing scenario of counterfeit detection in a counterfeit APP identification method provided by an embodiment of the present application. This embodiment includes:
  • the R&D personnel register the genuine APP on the business server, and the business server stores the package name of the genuine APP, the fingerprint of the signature certificate, and the correspondence between the package name and the fingerprint of the signature certificate.
  • the package name of a genuine APP is com.xxx.app1
  • the fingerprint of the signature certificate is 111111.
  • the package name is located in a file of the installation package, such as the androidManifest.xml file; the signature certificate fingerprint is stored in the signature certificate of the installation package.
  • the installation package will be deleted, but before the APP is uninstalled, the terminal device can obtain the package name and signature certificate from the REE operating system.
  • the package name of the APP to be identified is the same as the package name of the genuine APP, but the terminal device does not know whether the APP to be identified is a genuine APP or a counterfeit APP.
  • the terminal device determines that the signature certificate fingerprint of the APP to be identified is 111111; when the APP to be identified is a counterfeit APP, the developer cannot obtain the signature certificate fingerprint of the genuine APP, therefore, the APP to be identified
  • the signature certificate fingerprint of is different from the signature certificate fingerprint of the genuine APP, for example, 222222.
  • the terminal device uses the device CA certificate to issue a service certificate for the APP to be identified.
  • the service certificate includes the package name of the APP to be identified and the fingerprint of the first signature certificate.
  • the terminal device initiates a link establishment request to the service server for the APP to be identified.
  • the service server sends the first random number to the terminal device.
  • the terminal device sends the signature data and the certificate chain to the service server.
  • the terminal device uses the private key of the service certificate to encrypt the first random number, and after obtaining the signature data, sends the certificate chain and the signature data to the service server.
  • the service server verifies whether the certificate in the certificate chain is legal. If the certificate chain is legal, it determines whether the service certificate is the service certificate of the APP. If the service certificate is the service certificate of the APP to be identified, it judges whether the APP is a counterfeit APP.
  • the service server first verifies whether each certificate in the certificate chain is legal through the certificate chain, and whether the service certificate is the APP's own service certificate. If each service certificate in the certificate chain is legal and the service certificate is the APP's own service certificate, the service server obtains the package name of the app to be identified and the fingerprint of the first signature certificate from the service certificate, and determines the second signature certificate fingerprint based on the package name Finally, verify whether the fingerprint of the first signature certificate and the fingerprint of the second signature certificate stored in advance on the service server are the same. If they are the same, it is determined that the APP to be identified is a genuine APP; if they are not the same, the APP to be identified is considered to be a counterfeit APP.
  • the service server considers the APP to be identified as Genuine APP.
  • the fingerprint of the second signature certificate is 222222 in this step, and the fingerprint of the first signature certificate is different from the fingerprint of the first signature certificate obtained by the terminal device from the installation package of the APP to be identified, the service server considers the fingerprint to be identified APP is a counterfeit APP.
  • FIG. 7 is a schematic structural diagram of a server provided by an embodiment of the application.
  • the server 100 may include:
  • the transmitter 11 is configured to send the first random number to the terminal device
  • the receiver 12 is configured to receive a certificate chain and signature data sent by a terminal device.
  • the certificate in the certificate chain includes the service certificate of the application to be identified, and the service certificate carries the package name of the APP to be identified and the Identifying the fingerprint of the first signature certificate of the APP, the signature data is obtained by encrypting the first random number by the terminal device using the private key corresponding to the service certificate;
  • the processor 13 is configured to determine, according to the certificate chain and the signature data, whether the service certificate is the service certificate of the APP to be identified; if the service certificate is the service certificate of the APP to be identified, then The package name and the fingerprint of the first signature certificate are used to determine whether the APP to be identified is a counterfeit APP.
  • the processor 13 is configured to determine whether the certificate in the certificate chain is legal, and if the certificate in the certificate chain is legal, then according to the public certificate carried in the business certificate in the certificate chain. Key, decrypt the signature data to obtain a second random number; determine whether the first random number is the same as the second random number, and if the first random number is the same as the second random number, determine all The service certificate is the service certificate of the APP to be identified; if the first random number and the second random number are not the same, it is determined that the service certificate is not the service certificate of the APP to be identified.
  • the certificate in the certificate chain further includes the root certificate of the terminal device and the device certification authority CA certificate
  • the processor 13 is configured to determine the set of pre-deployed trusted root certificates , Whether there is a root certificate in the certificate chain, if there is a root certificate in the certificate chain in the root certificate set, use the public key carried by the root certificate to decrypt the device included in the certificate chain CA certificate to obtain a first hash value, and perform a hash operation on the device CA certificate according to the hash algorithm carried in the device CA certificate to obtain a second hash value, if the first hash value is If the second hash value is the same, it is determined that the device CA certificate is a legal certificate, and the service certificate is decrypted according to the public key carried in the device CA certificate to obtain the third hash value, which is carried according to the service certificate.
  • the certificate in the certificate chain also includes the device authorization CA certificate of the terminal device, and the processor 13 is configured to determine whether all of the pre-deployed trusted CA certificate sets exist.
  • the device CA certificate in the certificate chain if the device CA certificate in the certificate chain exists in the CA certificate set, use the public key carried in the trusted device CA certificate to decrypt the service certificate to obtain the third hash Value, perform a hash operation on the service certificate according to the hash algorithm carried in the service certificate to obtain a fourth hash value, and if the third hash value is the same as the fourth hash value, determine The business certificate is a legal certificate.
  • the processor 13 is configured to, if the service certificate is the service certificate of the APP to be identified, judge the to-be-identified app according to the package name and the fingerprint of the first signature certificate Whether the APP is a counterfeit APP, including: if the service certificate is the service certificate of the APP to be identified, determining the second signature certificate fingerprint according to the package name, and storing the package name and the second signature certificate fingerprint To determine whether the fingerprint of the first signature certificate and the fingerprint of the second signature certificate are the same. If the fingerprint of the first signature certificate and the fingerprint of the second signature certificate are not the same, it is determined that the APP to be identified is Counterfeit APP.
  • the server is a business server or a device CA server.
  • FIG. 8 is a schematic structural diagram of a terminal device provided by an embodiment of the application.
  • the terminal device 200 may include:
  • the sender 21 is configured to send to the server a request message for establishing a link between the application APP to be identified and the server;
  • the receiver 22 is configured to receive a verification message sent by the server for verifying the APP to be identified, where the verification message includes a first random number;
  • the transmitter 21 is further configured to send a certificate chain and signature data to the server, where the signature data is obtained by encrypting the first random number with the private key corresponding to the APP to be identified;
  • the receiver 22 is further configured to receive the result of the server verifying whether the APP to be identified is a counterfeit APP according to the certificate chain and the signature data.
  • the certificate chain includes a service certificate of the APP to be identified, and the service certificate carries the package name of the APP to be identified and the fingerprint of the first signature certificate of the APP to be identified, and the receiving The device 22 is configured to receive the counterfeit identification result obtained by the server matching the fingerprint of the second visa certificate corresponding to the package name registration of the APP with the fingerprint of the first signature certificate; if the matching is successful, the counterfeit The result indicates that the APP is not a counterfeit APP, or if the matching fails, the counterfeit recognition result indicates that the APP is a counterfeit APP.
  • the terminal device 100 further includes: a processor 23, configured to use the device CA certificate before the transmitter 21 sends the certificate chain and signature data to the server
  • the service certificate is issued for the APP to be identified, and the content of the service certificate includes the package name of the APP to be identified and the fingerprint of the first signature certificate of the APP to be identified.
  • the service certificate is generated and managed for the certificate management service of the terminal device, and the certificate management service is located in the framework layer of the system of the terminal device.
  • the service certificate further includes a public key of the APP to be identified, and the public key corresponds to a private key that encrypts the first random number.
  • the operating system of the terminal device includes a rich execution environment REE operating system and a trusted execution environment TEE operating system, and the transmitter 21 is used to pass a client running on the REE operating system
  • the application CA sends a service certificate application request message to the trusted application TA running on the TEE operating system;
  • the processor 23 is configured to control the TA to use the device CA certificate to issue the service certificate for the APP to be identified.
  • Fig. 9 is a schematic structural diagram of another server provided by an embodiment of the application.
  • the server 300 may include: a processor 31, a transceiver 32, and a memory 33; the transceiver 32 is used to send and receive data; the memory 33 is used to store instructions; the processor 31 is used to instruct The instructions in the memory 33 cause the server to execute the counterfeit APP identification method applied to the server as described above.
  • FIG. 10 is a schematic structural diagram of another terminal device provided by an embodiment of this application.
  • the terminal device 400 may include: a processor 41, a transceiver 42, and a memory 43; the transceiver 42 is used to send and receive data; the memory 43 is used to store instructions; the processor 41 is used to instruct The instructions in the memory 43 cause the terminal device to execute the counterfeit APP identification method applied to the terminal device as described above.
  • FIG. 11 is a schematic structural diagram of an APP identification system according to an embodiment of the application.
  • the counterfeit APP identification system 1000 provided in this embodiment includes a server 100 as shown in FIG. 7 and at least one terminal device 200 as shown in FIG. 8.
  • the method provided in the embodiments of the present application is mainly introduced from the perspective of interaction between the terminal device and the server. It can be understood that, in order for the terminal device and the server to implement each function in the method provided in the above embodiments of the present application, the terminal device and the server include hardware structures and/or software modules corresponding to each function.
  • the terminal device and the server include hardware structures and/or software modules corresponding to each function.
  • the present application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is executed by hardware or computer software-driven hardware depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
  • the embodiment of the present application may divide the terminal device and the server into functional modules according to the foregoing method examples.
  • each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module.
  • the above-mentioned integrated modules can be implemented in the form of hardware or software functional modules. It should be noted that the division of modules in the embodiments of the present application is illustrative, and is only a logical function division, and there may be other division methods in actual implementation.
  • plural herein refers to two or more.
  • the term “and/or” in this article is only an association relationship describing associated objects, which means that there can be three relationships, for example, A and/or B, which can mean: A alone exists, A and B exist at the same time, exist alone B these three situations.
  • the character "/" in this article generally indicates that the associated objects before and after are in an "or” relationship; in the formula, the character "/" indicates that the associated objects before and after are in a "division" relationship.
  • the size of the sequence numbers of the foregoing processes does not mean the order of execution.
  • the execution order of each process should be determined by its function and internal logic, and should not be implemented in this application.
  • the implementation process of the example constitutes any limitation.
  • the memory may be a non-volatile memory, such as a hard disk drive (HDD) or a solid-state drive (SSD), etc., or a volatile memory. (volatile memory), such as random-access memory (random-access memory, RAM).
  • the memory is any other medium that can be used to carry or store desired program codes in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto.
  • the memory in the embodiments of the present application may also be a circuit or any other device capable of realizing a storage function, for storing program instructions and/or data.
  • the disclosed device and method may be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the modules or units is only a logical function division.
  • there may be other division methods for example, multiple units or components may be It can be combined or integrated into another device, or some features can be omitted or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate parts may or may not be physically separate.
  • the parts displayed as units may be one physical unit or multiple physical units, that is, they may be located in one place, or they may be distributed to multiple different places. . Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • each unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
  • the methods provided in the embodiments of the present application may be implemented in whole or in part by software, hardware, firmware, or any combination thereof.
  • software When implemented by software, it can be implemented in the form of a computer program product in whole or in part.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, a server, a terminal, or other programmable devices.
  • the computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from a website, computer, server, or data center.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or data center integrated with one or more available media.
  • the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, a magnetic tape), an optical medium (for example, a digital video disc (digital video disc, DVD)), or a semiconductor medium (for example, SSD).

Abstract

Provided in embodiments of the present application are a counterfeit app identification method, a server, and a terminal device. The method comprises: after an app to be identified on a terminal device starts up and before performing service interaction with a service server, sending a certificate chain and signature data to the service server; after verifying that each certificate in the certificate chain is valid and that a service certificate is the service certificate of the app to be identified, the service server comparing a signature certificate fingerprint corresponding to a packet name in the service certificate with a pre-stored signature certificate fingerprint corresponding to the packet name to determine whether the fingerprints are the same, thereby identifying whether the app to be identified is a counterfeit app, thus preventing the service server from serving a counterfeit app and improving service security. In addition, if the service server can serve only a specific quantity of users at one time, by means of the present application, an illegal user can be prevented from accessing the service server by means of a counterfeit app, which may guarantee the service of a legitimate user.

Description

仿冒APP识别方法及装置Method and device for identifying counterfeit APP 技术领域Technical field
本申请实施例涉安全技术领域,尤其涉及一种仿冒APP识别方法及装置。The embodiments of this application relate to the field of security technologies, and in particular to a method and device for identifying counterfeit APPs.
背景技术Background technique
随着技术的不断发展,各种应用程序(application,APP)不断涌现。攻击者通过反编译第三方应用商店中的合法APP,在合法APP中植入恶意代码或广告信息,从而将合法APP篡改为仿冒APP,或者,不良分子开发仿冒APP并将该仿冒APP上传至第三方应用商店。由于普通用户没有识别仿冒APP的能力,因此会下载并使用该些仿冒APP,对用户造成安全隐患。With the continuous development of technology, various applications (APP) continue to emerge. The attacker decompiles the legitimate APP in the third-party application store, and implants malicious code or advertising information in the legal APP, thereby tampering with the legitimate APP into a counterfeit APP, or the bad elements develop a counterfeit APP and upload the counterfeit APP to the third party. Third party application store. Since ordinary users do not have the ability to identify counterfeit apps, they will download and use these counterfeit apps, causing security risks to users.
为了防止第三方应用商店中出现仿冒APP,目前,由第三方应用商店的服务器,如APP商店(store)对应的服务器对仿冒APP进行识别。识别过程中,服务器基于APP的安卓安装包(android package,APK)文件,通过提取APK文件的特征向量或在APK文件中添加监测特征等,对APP进行识别。In order to prevent counterfeit apps from appearing in third-party application stores, currently, servers of third-party application stores, such as servers corresponding to APP stores, identify counterfeit apps. During the identification process, the server identifies the APP based on the Android package (APK) file of the APP, extracting the feature vector of the APK file or adding monitoring features to the APK file, etc.
上述识别仿冒APP的方法,适用于第三方应用商店对仿冒APP的识别。然而,某些场景下,业务服务器仅为特定的APP提供服务,而不希望被其他APP访问,例如,华为share APP对应的服务器仅为华为share APP提供服务。若第三方应用商店的服务器识别出一个APP是合法的APP,但该APP对于业务服务器而言是非法的,则该APP被下载到终端设备上并访问业务服务器时,造成安全隐患;或者,若一个APP是仿冒APP,但是第三方应用商店的服务器没有识别出该APP是仿冒APP,则该APP被下载到终端设备上并访问业务服务器时,同样造成安全隐患。The above method of identifying counterfeit APPs is suitable for the identification of counterfeit APPs by third-party app stores. However, in some scenarios, the service server only provides services for specific apps and does not want to be accessed by other apps. For example, the server corresponding to Huawei share APP only provides services for Huawei share APP. If the server of the third-party application store recognizes that an APP is a legitimate APP, but the APP is illegal to the business server, the APP is downloaded to the terminal device and accesses the business server, causing security risks; or, if An APP is a counterfeit APP, but the server of a third-party application store does not recognize that the APP is a counterfeit APP, and the APP is downloaded to the terminal device and accessed to the service server, which also causes security risks.
发明内容Summary of the invention
本申请实施例提供一种仿冒APP识别方法及装置,用户在终端设备上下载APP后,使用APP与业务服务器进行交互时,由业务服务器对该APP进行仿冒识别,避免业务服务器为仿冒APP提供服务,保障业务服务器的安全性。The embodiments of this application provide a method and device for identifying counterfeit APPs. After a user downloads an APP on a terminal device and uses the APP to interact with a service server, the service server performs counterfeit recognition of the APP to prevent the service server from providing services for the counterfeit APP , To ensure the security of the business server.
第一方面,本申请实施例提供一种仿冒APP识别方法,该方法可以应用于服务器、也可以应用于服务器的芯片。下面以应用于服务器为例对该方法进行描述,该方法包括:服务器向终端设备发送第一随机数;服务器接收终端设备发送的证书链和签名数据,证书链中的证书包括待识别应用程序APP的业务证书,业务证书携带待识别APP的包名和待识别APP的第一签名证书指纹,签名数据是终端设备利用业务证书对应的私钥对第一随机数进行加密得到的;服务器根据证书链和该签名数据,判断业务证书是否为待识别APP的业务证书;若业务证书是待识别APP的业务证书,则服务器根据包名和第一签名证书指纹,判断待识别APP是否为仿冒APP。采用该种方法,终端设备上的待识别APP启动后,与业务服务器进行业务交互之前,将证书链和签名数据发送给业务服务器,业务服务器检验证书链中的各个证书合法,且业务证书是待识别 APP自己的业务证书后,对比业务证书中的包名对应的签名证书指纹与预先存储的该包名对应的签名证书指纹是否相同,从而识别出待识别APP是否为仿冒APP,避免业务服务器为仿冒APP提供服务,提高业务安全性。另外,若业务服务器同一时间只能为一定数量的用户提供服务,则通过本申请,可以避免非法用户通过仿冒APP访问业务服务器,可以保障合法用户的业务。In the first aspect, an embodiment of the present application provides a method for identifying a counterfeit APP, which can be applied to a server or a chip of the server. The method is described below by taking the application to the server as an example. The method includes: the server sends a first random number to the terminal device; the server receives the certificate chain and signature data sent by the terminal device, and the certificate in the certificate chain includes the application APP to be identified The service certificate carries the package name of the APP to be recognized and the fingerprint of the first signature certificate of the APP to be recognized. The signature data is obtained by the terminal device using the private key corresponding to the service certificate to encrypt the first random number; the server uses the certificate chain and The signature data determines whether the service certificate is the service certificate of the APP to be identified; if the service certificate is the service certificate of the APP to be identified, the server determines whether the APP to be identified is a counterfeit APP based on the package name and the fingerprint of the first signature certificate. Using this method, after the APP to be identified on the terminal device is started, before the service interaction with the service server, the certificate chain and signature data are sent to the service server. The service server verifies that each certificate in the certificate chain is legal and the service certificate is pending. After identifying the APP’s own service certificate, compare whether the signature certificate fingerprint corresponding to the package name in the service certificate is the same as the pre-stored signature certificate fingerprint corresponding to the package name, so as to identify whether the APP to be identified is a counterfeit APP and avoid the service server Counterfeit APP provides services to improve business security. In addition, if the business server can only provide services for a certain number of users at the same time, this application can prevent illegal users from accessing the business server through counterfeit APPs, and can protect the business of legitimate users.
一种可行的设计中,服务器根据证书链和签名数据,判断业务证书是否为待识别APP的业务证书,包括:服务器利用业务证书的公钥解密签名数据,得到一个随机数,以下称之为第二随机数,然后,服务器比对第一随机数与第二随机数是否相同,若第一随机数与第二随机数相同,则服务器确定业务证书是待识别APP的业务证书;若第一随机数与第二随机数不相同,则服务器确定业务证书不是待识别APP的业务证书。采用该种方法,实现服务器确定业务证书是否为APP的业务证书的目的。In a feasible design, the server judges whether the service certificate is the service certificate of the APP to be identified according to the certificate chain and the signature data, including: the server uses the public key of the service certificate to decrypt the signature data to obtain a random number, which is called the first Two random numbers. Then, the server compares whether the first random number and the second random number are the same. If the first random number is the same as the second random number, the server determines that the service certificate is the service certificate of the APP to be identified; if the first random number is If the number is different from the second random number, the server determines that the service certificate is not the service certificate of the APP to be identified. Using this method, the server determines whether the service certificate is the service certificate of the APP.
一种可行的设计中,证书链中的证书还包含终端设备的根证书、设备认证授权CA证书,服务器上的可信任证书级别为根证书,服务器判断证书链中的证书是否合法,包括:先判断根证书是否合法,再判断设备证书是否合法,最后判断业务证书是否合法。证书链合法性检验过程中,服务器判断本地存储的可信任的根证书集合中是否存在证书链中的根证书,若证书链中的根证书包含于可信任的根证书集合中,则服务器认为根证书是可信的,反之,服务器认为证书链中的根证书是不可信的;之后,服务器利用根证书的公钥,解密设备CA证书,得到一个哈希值,利用设备CA证书携带的哈希算法,对设备CA证书的内容进行哈希运算,得到另一个哈希值,若该两个哈希值一样,则服务器认为设备CA证书合法,反之,服务器认为设备CA证书不合法;之后,服务器利用设备CA证书的公钥,解密业务证书,得到一个哈希值,利用业务证书携带的哈希算法,对业务证书的内容进行哈希运算,得到另一个哈希值,若该两个哈希值一样,则服务器认为业务证书合法;反正,服务器认为业务证书不合法。采用该种方案,实现在业务服务器上的可信证书级别为根证书时,对证书链中的证书进行合法性校验的目的。In a feasible design, the certificate in the certificate chain also includes the root certificate of the terminal device and the device certification authority CA certificate. The trusted certificate level on the server is the root certificate. The server judges whether the certificate in the certificate chain is legal, including: Determine whether the root certificate is legal, then determine whether the device certificate is legal, and finally determine whether the business certificate is legal. In the process of verifying the validity of the certificate chain, the server judges whether there is a root certificate in the certificate chain in the trusted root certificate set stored locally. If the root certificate in the certificate chain is included in the trusted root certificate set, the server considers the root The certificate is credible. On the contrary, the server considers the root certificate in the certificate chain to be untrustworthy; after that, the server uses the public key of the root certificate to decrypt the device CA certificate to obtain a hash value and use the hash carried in the device CA certificate Algorithm, to perform a hash operation on the content of the device CA certificate to obtain another hash value. If the two hash values are the same, the server considers the device CA certificate legal, otherwise, the server considers the device CA certificate illegal; Use the public key of the device CA certificate to decrypt the service certificate to obtain a hash value. Use the hash algorithm carried in the service certificate to hash the content of the service certificate to obtain another hash value. If the value is the same, the server considers the business certificate to be legal; anyway, the server considers the business certificate to be illegal. This solution is adopted to achieve the purpose of verifying the legality of the certificates in the certificate chain when the trusted certificate level on the service server is the root certificate.
一种可行的设计中,证书链中的证书还包含终端设备的设备授权CA证书,服务器上的可信任证书级别为设备CA证书,服务器判断证书链中的证书是否合法,包括:服务器确定预先部署的可信任的CA证书集合中,是否存在证书链中的设备CA证书;若CA证书集合中存在证书链中的设备CA证书,则服务器利用设备CA证书的公钥,解密业务证书,得到一个哈希值,利用业务证书携带的哈希算法,对业务证书的内容进行哈希运算,得到另一个哈希值,若该两个哈希值一样,则服务器认为业务证书合法;反正,服务器认为业务证书不合法。采用该种方案,实现在业务服务器上的可信证书级别为设备CA证书时,对证书链中的证书进行合法性校验的目的。In a feasible design, the certificate in the certificate chain also includes the device authorized CA certificate of the terminal device, the trusted certificate level on the server is the device CA certificate, and the server determines whether the certificate in the certificate chain is legal, including: the server determines the pre-deployment In the trusted CA certificate set, whether there is a device CA certificate in the certificate chain; if there is a device CA certificate in the certificate chain in the CA certificate set, the server uses the public key of the device CA certificate to decrypt the business certificate, and obtain a ha Hopefully, use the hash algorithm carried in the business certificate to hash the content of the business certificate to obtain another hash value. If the two hash values are the same, the server considers the business certificate legal; anyway, the server considers the business The certificate is invalid. This solution is adopted to achieve the purpose of verifying the legality of the certificates in the certificate chain when the trusted certificate level on the service server is the device CA certificate.
一种可行的设计中,若业务证书是该待识别APP的业务证书,则服务器根据包名和第一签名证书指纹,判断待识别APP是否为仿冒APP,包括:若业务证书是待识别APP的业务证书,则服务器将证书链中的包名对应第一签名证书指纹和该包名对应的正版APP在服务器上注册时存储的第二签名证书指纹进行比对;若第一签名证书指纹和第二签名证书指纹不相同,则服务器确定待识别APP为仿冒APP。采用该种方案,实现服务器根据包名和签名证书指纹对待识别APP进行仿冒识别的目的。In a feasible design, if the service certificate is the service certificate of the app to be identified, the server determines whether the app to be identified is a counterfeit app based on the package name and the fingerprint of the first signature certificate, including: if the service certificate is the service of the app to be identified Certificate, the server compares the first signature certificate fingerprint corresponding to the package name in the certificate chain with the second signature certificate fingerprint stored when the genuine APP corresponding to the package name is registered on the server; if the first signature certificate fingerprint is compared with the second signature certificate fingerprint If the fingerprints of the signature certificate are not the same, the server determines that the APP to be identified is a counterfeit APP. Using this scheme, the server realizes the purpose of counterfeiting the app to be identified based on the package name and the fingerprint of the signature certificate.
第二方面,本申请实施例提供一种仿冒应用APP的识别方法,该方法可以应用于终端设备、也可以应用于终端设备中的芯片。下面以应用于终端设备为例对该方法进行描述,该方法包括:终端设备向服务器发送待识别应用程序APP与服务器建立链接的请求消息;终端接收服务器发送的验证待识别APP的验证消息,该验证消息包含第一随机数;终端设备向服务器发送证书链以及签名数据,该签名数据为经过待识别APP对应的私钥对第一随机数加密得到;终端接收服务器根据证书链和签名数据对待识别APP进行验证是否是仿冒APP的结果。采用该种方法,终端设备上的待识别APP启动后,与业务服务器进行业务交互之前,将证书链和签名数据发送给业务服务器,业务服务器检验证书链中的各个证书合法,且业务证书是待识别APP自己的业务证书后,对比业务证书中的包名对应的签名证书指纹与预先存储的该包名对应的签名证书指纹是否相同,从而识别出待识别APP是否为仿冒APP,避免业务服务器为仿冒APP提供服务,提高业务安全性。另外,若业务服务器同一时间只能为一定数量的用户提供服务,则通过本申请,可以避免非法用户通过仿冒APP访问业务服务器,可以保障合法用户的业务。In the second aspect, an embodiment of the present application provides a method for identifying a counterfeit application APP. The method can be applied to a terminal device or a chip in the terminal device. The method is described below by taking an application to a terminal device as an example. The method includes: the terminal device sends to the server a request message for establishing a link between the APP to be identified and the server; the terminal receives a verification message sent by the server to verify the APP to be identified, and The verification message contains the first random number; the terminal device sends the certificate chain and signature data to the server, the signature data is obtained by encrypting the first random number with the private key corresponding to the APP to be identified; the terminal receiving server treats identification according to the certificate chain and the signature data APP verifies whether it is the result of counterfeiting APP. Using this method, after the APP to be identified on the terminal device is started, before the service interaction with the service server, the certificate chain and signature data are sent to the service server. The service server verifies that each certificate in the certificate chain is legal and the service certificate is pending. After identifying the APP’s own service certificate, compare whether the signature certificate fingerprint corresponding to the package name in the service certificate is the same as the pre-stored signature certificate fingerprint corresponding to the package name, so as to identify whether the APP to be identified is a counterfeit APP and avoid the service server Counterfeit APP provides services to improve business security. In addition, if the business server can only provide services for a certain number of users at the same time, this application can prevent illegal users from accessing the business server through counterfeit APPs, and can protect the business of legitimate users.
一种可行的设计中,证书链包含待识别APP的业务证书,业务证书携带待识别APP的包名和待别APP的第一签名证书指纹;终端接收服务器根据证书链和签名数据对待识别APP进行验证是否是仿冒APP的结果,包括:终端设备接收服务器将将APP的包名注册时对应的第二签证证书指纹与第一签名证书指纹进行匹配得到的仿冒识别结果;若匹配成功,则仿冒结果指示APP不为仿冒APP,或者,若匹配失败,则该仿冒识别结果指示APP为仿冒APP。采用该种方案,识别出待识别APP是否为仿冒APP,避免业务服务器为仿冒APP提供服务,提高业务安全性。另外,若业务服务器同一时间只能为一定数量的用户提供服务,则通过本申请,可以避免非法用户通过仿冒APP访问业务服务器,可以保障合法用户的业务In a feasible design, the certificate chain contains the service certificate of the app to be identified, and the service certificate carries the package name of the app to be identified and the fingerprint of the first signature certificate of the app to be identified; the terminal receiving server verifies the app to be identified according to the certificate chain and signature data Whether it is the result of a counterfeit APP, including the counterfeit identification result obtained by the terminal device receiving server matching the fingerprint of the second visa certificate corresponding to the package name registration of the APP with the fingerprint of the first signature certificate; if the matching is successful, the counterfeiting result indicates The APP is not a counterfeit APP, or if the matching fails, the counterfeit identification result indicates that the APP is a counterfeit APP. Using this scheme, it is possible to identify whether the APP to be identified is a counterfeit APP, to prevent the service server from providing services for the counterfeit APP, and to improve business security. In addition, if the business server can only provide services for a certain number of users at the same time, this application can prevent illegal users from accessing the business server through counterfeit APPs, and can protect legitimate users’ business
一种可行的设计中,终端设备向服务器发送证书链以及签名数据之前,还包括:终端设备利用设备CA证书为待识别APP签发业务证书,业务证书的内容包含待识别APP的包名和待识别APP的第一签名证书指纹。采用该种方案,实现终端设备利用设备CA证书为待识别APP签发业务证书的目的。In a feasible design, before the terminal device sends the certificate chain and signature data to the server, it also includes: the terminal device uses the device CA certificate to issue a service certificate for the app to be identified, and the content of the service certificate includes the package name of the app to be identified and the app to be identified The fingerprint of the first signature certificate. Using this solution, the terminal device uses the device CA certificate to issue a service certificate for the APP to be identified.
一种可行的设计中,业务证书为终端设备的证书管理服务生成和管理,该证书管理服务位于终端设备的系统的框架Framework层。采用该种方案,实现在终端设备上设置证书管理服务的目的。In a feasible design, the business certificate is generated and managed for the certificate management service of the terminal device, and the certificate management service is located in the Framework layer of the system of the terminal device. Using this kind of scheme, realize the purpose of setting up certificate management service on terminal equipment.
一种可行的设计中,业务证书还包括待识别APP的公钥,公钥与对第一随机数进行加密的私钥对应。采用该种方案,实现检验业务证书是否为待识别APP的业务证书的目的。In a feasible design, the service certificate also includes the public key of the APP to be identified, and the public key corresponds to the private key that encrypts the first random number. This solution is adopted to realize the purpose of checking whether the service certificate is the service certificate of the APP to be identified.
一种可行的设计中,终端设备的操作系统包括富执行环境REE操作系统和可信执行环境TEE操作系统,终端设备利用设备CA证书为待识别APP签发业务证书,包括:终端设备通过运行在REE操作系统上的客户应用CA,向运行在TEE操作系统上的可信应用TA发送业务证书申请请求消息;终端设备控制TA利用设备CA证书为待识别APP签发业务证书。采用这种方案,实现终端设备控制TA利用设备CA证书为待识别APP签发业务证书的目的。In a feasible design, the operating system of the terminal equipment includes the rich execution environment REE operating system and the trusted execution environment TEE operating system. The terminal equipment uses the equipment CA certificate to issue service certificates for the APP to be identified, including: the terminal equipment runs on the REE The client application CA on the operating system sends a service certificate application request message to the trusted application TA running on the TEE operating system; the terminal device controls the TA to use the device CA certificate to issue a service certificate for the APP to be identified. With this solution, the terminal device controls the TA to use the device CA certificate to issue a service certificate for the APP to be identified.
第三方面,本申请实施例提供一种服务器,包括:In the third aspect, an embodiment of the present application provides a server, including:
发送器,用于向终端设备发送第一随机数;A transmitter for sending the first random number to the terminal device;
接收器,用于接收终端设备发送的证书链和签名数据,所述证书链中的证书包括待识别应用程序APP的业务证书,所述业务证书携带所述待识别APP的包名和所述待识别APP的第一签名证书指纹,所述签名数据是所述终端设备利用所述业务证书对应的私钥对所述第一随机数进行加密得到的;The receiver is configured to receive a certificate chain and signature data sent by a terminal device. The certificate in the certificate chain includes a service certificate of the application to be identified, and the service certificate carries the package name of the to-be-identified APP and the to-be-identified application. The fingerprint of the first signature certificate of the APP, where the signature data is obtained by encrypting the first random number by the terminal device using the private key corresponding to the service certificate;
处理器,用于根据所述证书链和所述签名数据,判断所述业务证书是否为所述待识别APP的业务证书;若所述业务证书是所述待识别APP的业务证书,则根据所述包名和所述第一签名证书指纹,判断所述待识别APP是否为仿冒APP。The processor is configured to determine, according to the certificate chain and the signature data, whether the service certificate is the service certificate of the APP to be identified; if the service certificate is the service certificate of the APP to be identified, then The package name and the fingerprint of the first signature certificate are used to determine whether the APP to be identified is a counterfeit APP.
一种可行的实现方式中,所述处理器,用于判断所述证书链中的证书是否合法,若所述证书链中的证书合法,则根据所述证书链中的业务证书携带的公钥,解密所述签名数据,得到第二随机数;判断所述第一随机数与所述第二随机数是否相同,若所述第一随机数和所述第二随机数相同,则确定所述业务证书为所述待识别APP的业务证书;若所述第一随机数和所述第二随机数不相同,则确定所述业务证书不是所述待识别APP的业务证书。In a feasible implementation manner, the processor is configured to determine whether the certificate in the certificate chain is legal, and if the certificate in the certificate chain is legal, then according to the public key carried by the service certificate in the certificate chain , Decrypt the signature data to obtain a second random number; determine whether the first random number is the same as the second random number, and if the first random number is the same as the second random number, determine the The service certificate is the service certificate of the APP to be identified; if the first random number and the second random number are not the same, it is determined that the service certificate is not the service certificate of the APP to be identified.
一种可行的实现方式中,所述证书链中的证书还包含所述终端设备的根证书、设备认证授权CA证书,所述处理器,用于确定预先部署的可信任的根证书集合中,是否存在所述证书链中的根证书,若所述根证书集合中存在所述证书链中的根证书,则利用所述根证书携带的公钥,解密所述证书链包含的所述设备CA证书,得到第一哈希值,根据所述设备CA证书携带的哈希算法,对所述设备CA证书进行哈希运算,得到第二哈希值,若所述第一哈希值和所述第二哈希值相同,则确定所述设备CA证书为合法证书,并根据所述设备CA证书携带的公钥,解密所述业务证书,得到第三哈希值,根据所述业务证书携带的哈希算法,对所述业务证书进行哈希运算,得到第四哈希值,若所述第三哈希值和所述第四哈希值相同,则确定所述业务证书为合法证书。In a feasible implementation manner, the certificate in the certificate chain further includes the root certificate of the terminal device and the device certification authority CA certificate, and the processor is used to determine a set of pre-deployed trusted root certificates, Whether there is a root certificate in the certificate chain, if the root certificate in the certificate chain exists in the root certificate set, use the public key carried by the root certificate to decrypt the device CA contained in the certificate chain Certificate, obtain a first hash value, and perform a hash operation on the device CA certificate according to the hash algorithm carried in the device CA certificate to obtain a second hash value, if the first hash value and the If the second hash value is the same, it is determined that the device CA certificate is a legal certificate, and the service certificate is decrypted according to the public key carried in the device CA certificate to obtain the third hash value, and the third hash value is obtained according to the public key carried in the service certificate. A hash algorithm is to perform a hash operation on the business certificate to obtain a fourth hash value, and if the third hash value is the same as the fourth hash value, it is determined that the business certificate is a legal certificate.
一种可行的实现方式中,所述证书链中的证书还包含所述终端设备的设备授权CA证书,所述处理器,用于确定预先部署的可信任的CA证书集合中,是否存在所述证书链中的设备CA证书,若所述CA证书集合中存在所述证书链中的设备CA证书,则利用所述可信任设备CA证书携带的公钥,解密业务证书,得到第三哈希值,根据所述业务证书携带的哈希算法,对所述业务证书进行哈希运算,得到第四哈希值,若所述第三哈希值和所述第四哈希值相同,则确定所述业务证书为合法证书。In a feasible implementation manner, the certificate in the certificate chain also includes the device authorization CA certificate of the terminal device, and the processor is configured to determine whether the pre-deployed set of trusted CA certificates exists. The device CA certificate in the certificate chain, if the device CA certificate in the certificate chain exists in the CA certificate set, the public key carried in the trusted device CA certificate is used to decrypt the service certificate to obtain the third hash value , Performing a hash operation on the service certificate according to the hash algorithm carried in the service certificate to obtain a fourth hash value, and if the third hash value is the same as the fourth hash value, determining all The business certificate mentioned is a legal certificate.
一种可行的实现方式中,所述处理器,用于若所述业务证书是所述待识别APP的业务证书,则根据所述包名和所述第一签名证书指纹,判断所述待识别APP是否为仿冒APP,包括:若所述业务证书是所述待识别APP的业务证书,则根据所述包名,确定第二签名证书指纹,存储所述包名与所述第二签名证书指纹的对应关系,判断所述第一签名证书指纹和所述第二签名证书指纹是否相同,若所述第一签名证书指纹和所述第二签名证书指纹不相同,则确定所述待识别APP为仿冒APP。In a possible implementation manner, the processor is configured to, if the service certificate is the service certificate of the APP to be identified, determine the APP to be identified according to the package name and the fingerprint of the first signature certificate Whether it is a counterfeit APP, including: if the service certificate is the service certificate of the APP to be identified, determining the second signature certificate fingerprint according to the package name, and storing the package name and the second signature certificate fingerprint Correspondence, determine whether the fingerprint of the first signature certificate and the fingerprint of the second signature certificate are the same, and if the fingerprint of the first signature certificate and the fingerprint of the second signature certificate are not the same, determine that the APP to be identified is a counterfeit APP.
一种可行的实现方式中,所述服务器为业务服务器或设备CA服务器。In a feasible implementation manner, the server is a business server or a device CA server.
第四方面,本申请实施例提供一种终端设备,包括:In a fourth aspect, an embodiment of the present application provides a terminal device, including:
发送器,用于向服务器发送待识别应用程序APP与所述服务器建立链接的请求消息;A sender, used to send a request message for establishing a link between the application APP to be identified and the server to the server;
接收器,用于接收所述服务器发送的验证所述待识别APP的验证消息,所述验证消息包含第一随机数;A receiver, configured to receive a verification message sent by the server for verifying the APP to be identified, where the verification message includes a first random number;
所述发送器,还用于向所述服务器发送证书链以及签名数据,所述签名数据为经过所述第一APP对应的私钥对所述第一随机数加密得到;The transmitter is further configured to send a certificate chain and signature data to the server, where the signature data is obtained by encrypting the first random number with a private key corresponding to the first APP;
所述接收器,还用于接收所述服务器根据所述证书链和所述签名数据对所述待识别APP进行验证是否是仿冒APP的结果。The receiver is further configured to receive the result of the server verifying whether the APP to be identified is a counterfeit APP according to the certificate chain and the signature data.
一种可行的实现方式中,所述证书链包含所述待识别APP的业务证书,所述业务证书携带所述待识别APP的包名和所述待识别APP的第一签名证书指纹,所述接收器,用于接收所述服务器将将所述APP的包名注册时对应的第二签证证书指纹与所述第一签名证书指纹进行匹配得到的仿冒识别结果;若匹配成功,则所述仿冒结果指示所述APP不为仿冒APP,或者,若匹配失败,则所述仿冒识别结果指示所述APP为仿冒APP。In a feasible implementation manner, the certificate chain includes a service certificate of the APP to be identified, and the service certificate carries the package name of the APP to be identified and the fingerprint of the first signature certificate of the APP to be identified, and the receiving A device for receiving the counterfeit recognition result obtained by matching the second visa certificate fingerprint corresponding to the APP package name registration with the first signature certificate fingerprint by the server; if the matching is successful, the counterfeiting result It is indicated that the APP is not a counterfeit APP, or if the matching fails, the counterfeit recognition result indicates that the APP is a counterfeit APP.
一种可行的实现方式中,所述终端设备还包括:处理器,用于在所述发送器向所述服务器发送证书链以及签名数据之前,利用设备CA证书为所述待识别APP签发所述业务证书,所述业务证书的内容包含所述待识别APP的包名和所述待识别APP的第一签名证书指纹。In a feasible implementation manner, the terminal device further includes: a processor, configured to use the device CA certificate to sign the APP to be identified before the sender sends the certificate chain and the signature data to the server A service certificate, where the content of the service certificate includes the package name of the APP to be identified and the first signature certificate fingerprint of the APP to be identified.
一种可行的实现方式中,所述业务证书为所述终端设备的证书管理服务生成和管理,所述证书管理服务位于所述终端设备的系统的框架Framework层。In a feasible implementation manner, the service certificate is generated and managed for the certificate management service of the terminal device, and the certificate management service is located in the framework layer of the system of the terminal device.
一种可行的实现方式中,所述业务证书还包括所述待识别APP的公钥,所述公钥与对所述第一随机数进行加密的私钥对应。In a feasible implementation manner, the service certificate further includes a public key of the APP to be identified, and the public key corresponds to a private key that encrypts the first random number.
一种可行的实现方式中,所述终端设备的操作系统包括富执行环境REE操作系统和可信执行环境TEE操作系统,所述终端设备还包括:处理器;In a feasible implementation manner, the operating system of the terminal device includes a rich execution environment REE operating system and a trusted execution environment TEE operating system, and the terminal device further includes a processor;
所述发送器,用于通过运行在所述REE操作系统上的客户应用CA,向运行在所述TEE操作系统上的可信应用TA发送业务证书申请请求消息;The transmitter is configured to send a service certificate application request message to a trusted application TA running on the TEE operating system through the client application CA running on the REE operating system;
所述处理器,用于控制所述TA利用所述设备CA证书为所述待识别APP签发所述业务证书。The processor is configured to control the TA to use the device CA certificate to issue the service certificate for the APP to be identified.
第五方面,本申请实施例提供一种包含指令的计算机程序产品,当其在处理器上运行时,使得处理器计算机执行上述第一方面或第一方面的各种可能的实现方式中的方法。In a fifth aspect, the embodiments of the present application provide a computer program product containing instructions, which when run on a processor, enable the processor computer to execute the method in the first aspect or various possible implementations of the first aspect .
第六方面,本申请实施例提供一种包含指令的计算机程序产品,当其在处理器上运行时,使得处理器执行上述第二方面或第二方面的各种可能的实现方式中的方法。In a sixth aspect, embodiments of the present application provide a computer program product containing instructions, which when run on a processor, enable the processor to execute the foregoing second aspect or the methods in various possible implementation manners of the second aspect.
第七方面,本申请实施例提供一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,当其在处理器上运行时,使得处理器执行上述第一方面或第一方面的各种可能的实现方式中的方法。In a seventh aspect, an embodiment of the present application provides a computer-readable storage medium that stores instructions in the computer-readable storage medium, and when the computer-readable storage medium runs on a processor, the processor executes the first aspect or the first aspect. Of the various possible implementation methods.
第八方面,本申请实施例提供一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,当其在处理器上运行时,使得处理器执行上述第二方面或第二方面的各种可能的实现方式中的方法。In an eighth aspect, an embodiment of the present application provides a computer-readable storage medium that stores instructions in the computer-readable storage medium, which when run on a processor, causes the processor to execute the second aspect or the second aspect described above Of the various possible implementation methods.
第九方面,本申请实施例提供一种芯片,该芯片系统包括处理器,还可以包括存储器,用于实现上述第一方面或第一方面的各种可能的实现方式中的方法。In a ninth aspect, an embodiment of the present application provides a chip. The chip system includes a processor and may also include a memory, which is used to implement the foregoing first aspect or the methods in various possible implementation manners of the first aspect.
第十方面,本申请实施例提供一种芯片,该芯片系统包括处理器,还可以包括存储器,用于实现上述第二方面或第二方面的各种可能的实现方式中的方法。In a tenth aspect, an embodiment of the present application provides a chip. The chip system includes a processor and may also include a memory, which is used to implement the foregoing second aspect or the methods in various possible implementation manners of the second aspect.
第十一方面,本申请实施例还提供一种仿冒APP识别系统,包括如第三方面或第三方面的任意一种可能的方式实现的服务器,以及第四方面或第四方面的任意一种可能的方式实现的终端设备。In the eleventh aspect, an embodiment of the present application also provides a counterfeit APP identification system, including a server implemented in any possible manner such as the third aspect or the third aspect, and any of the fourth aspect or the fourth aspect Possible ways to implement terminal equipment.
本申请实施例提供的仿冒APP识别方法、服务器及终端设备,终端设备上的待识别APP启动后,与业务服务器进行业务交互之前,将证书链和签名数据发送给业务服务器,业务服务器检验证书链中的各个证书合法,且业务证书是待识别APP自己的业务证书后,对比业务证书中的包名对应的签名证书指纹与预先存储的该包名对应的签名证书指纹是否相同,从而识别出待识别APP是否为仿冒APP,避免业务服务器为仿冒APP提供服务,提高业务安全性。另外,若业务服务器同一时间只能为一定数量的用户提供服务,则通过本申请,可以避免非法用户通过仿冒APP访问业务服务器,可以保障合法用户的业务。The counterfeit APP identification method, server, and terminal device provided by the embodiments of this application. After the APP to be identified on the terminal device is started, the certificate chain and signature data are sent to the service server before the service interaction with the service server, and the service server checks the certificate chain After each certificate in the certificate is legal, and the service certificate is the service certificate of the APP to be identified, compare the signature certificate fingerprint corresponding to the package name in the service certificate and the pre-stored signature certificate fingerprint corresponding to the package name to identify the Identify whether the APP is a counterfeit APP, prevent the service server from providing services for the counterfeit APP, and improve business security. In addition, if the business server can only provide services for a certain number of users at the same time, this application can prevent illegal users from accessing the business server through counterfeit APPs, and can protect the business of legitimate users.
附图说明Description of the drawings
图1A为本申请实施例提供的一种仿冒APP识别方法所适用的网络架构示意图;FIG. 1A is a schematic diagram of a network architecture applicable to a counterfeit APP identification method provided by an embodiment of the application;
图1B为本申请实施例提供的另一种仿冒APP识别方法所适用的网络架构示意图;FIG. 1B is a schematic diagram of a network architecture applicable to another counterfeit APP identification method provided by an embodiment of the application;
图2是本申请实施例提供的一种仿冒APP的识别方法的流程图;FIG. 2 is a flowchart of a method for identifying a counterfeit APP according to an embodiment of the present application;
图3为本申请实施例提供的一种仿冒APP识别方法所适用的架构示意图;FIG. 3 is a schematic diagram of a structure applicable to a counterfeit APP identification method provided by an embodiment of the application;
图4是本申请实施例提供的另一种仿冒APP识别方法的流程图;Figure 4 is a flowchart of another counterfeit APP identification method provided by an embodiment of the present application;
图5是本申请实施例提供的仿冒APP识别方法所使用的证书签发流程图;FIG. 5 is a flow chart of certificate issuance used by the counterfeit APP identification method provided by the embodiment of the application;
图6是本申请实施例提供的仿冒APP识别方法中仿冒检测通过场景示意图;FIG. 6 is a schematic diagram of a passing scenario of counterfeit detection in a counterfeit APP identification method provided by an embodiment of the present application;
图7为本申请实施例提供的一种服务器的结构示意图;FIG. 7 is a schematic structural diagram of a server provided by an embodiment of the application;
图8为本申请实施例提供的一种终端设备的结构示意图;FIG. 8 is a schematic structural diagram of a terminal device provided by an embodiment of this application;
图9为本申请实施例提供的另一种服务器的结构示意图;FIG. 9 is a schematic structural diagram of another server provided by an embodiment of the application;
图10为本申请实施例提供的另一种终端设备的结构示意图;FIG. 10 is a schematic structural diagram of another terminal device provided by an embodiment of this application;
图11为本申请实施例提供的一种方面APP识别系统的架构示意图。FIG. 11 is a schematic structural diagram of an APP identification system according to an embodiment of the application.
具体实施方式detailed description
目前识别仿冒APP的过程中,是通过提取APP的APK文件的特征向量或在APK文件中添加监测特征等,对APP进行识别的,该识别方法适用于应用市场来检测仿冒APP。然而,一些业务服务器仅为特定的APP提供服务。以APP具体为华为APP,如华为share为例,华为share的一个功能是分享照片,外出旅游时,用户通过华为share将照片分享给亲友。分享照片时,用户的终端设备需要通过华为share连接业务服务器,通过业务服务器将照片分享给亲友,其中,业务服务器指用于为华为share提供服务的服务器。分享过程中,由于业务服务器无法判断终端设备上的华为share是否为仿冒的,导致仿冒APP非 法使用业务服务器,即业务服务器容易被仿冒APP攻击。In the current process of identifying counterfeit APPs, the APP is identified by extracting the feature vector of the APK file of the APP or adding monitoring features to the APK file. This identification method is suitable for the application market to detect the counterfeit APP. However, some business servers only provide services for specific apps. Taking the APP specifically for Huawei APP, such as Huawei share as an example, a function of Huawei share is to share photos. When traveling, users can share photos with relatives and friends through Huawei share. When sharing photos, the user’s terminal device needs to connect to the service server through Huawei share, and share the photos to relatives and friends through the service server. The service server refers to the server used to provide services for Huawei share. During the sharing process, because the service server cannot determine whether the Huawei share on the terminal device is counterfeit, the counterfeit APP illegally uses the service server, that is, the service server is easily attacked by the counterfeit APP.
有鉴于此,本申请实施例提供一种仿冒APP识别方法,用户在终端设备上下载APP(以下称之为待识别APP)后,使用APP与业务服务器进行交互时,由业务服务器对该APP进行仿冒识别,避免业务服务器为仿冒APP提供服务,提高安全性。In view of this, the embodiment of the present application provides a counterfeit APP identification method. After the user downloads the APP on the terminal device (hereinafter referred to as the APP to be identified), when the APP interacts with the service server, the service server performs the application Counterfeit identification, to prevent business servers from providing services for counterfeit apps, and improve security.
本申请实施例中,终端设备是可以向用户提供语音和/或数据连通性的设备,具有无线连接功能的手持式设备、或连接到无线调制解调器的其他处理设备。终端设备可以经无线接入网(radio access network,RAN)与一个或多个核心网进行通信,终端设备可以是移动终端设备,如移动电话(或称为“蜂窝”电话)和具有移动终端设备的计算机,例如,可以是便携式、袖珍式、手持式、计算机内置的或者车载的移动装置,它们与无线接入网交换语言和/或数据。例如,个人通信业务(personal communication service,PCS)电话、无绳电话、会话发起协议(session initiation protocol,SIP)话机、无线本地环路(wireless local loop,WLL)站、个人数字助理(personal digital assistant,PDA)、具有无线通信功能的手持设备、计算设备或连接到无线调制解调器的其它处理设备、车载设备、可穿戴设备,未来5G网络中的终端或者未来演进的公用陆地移动通信网络(public land mobile network,PLMN)中的终端设备等,本申请实施例对此并不限定。终端设备也可以称为系统、订户单元(subscriber unit)、订户站(subscriber station),移动站(mobile station)、移动台(mobile)、远程站(remote station)、接入点(access point)、远程终端设备(remote terminal)、接入终端设备(access terminal)、用户终端设备(user terminal)、用户代理(user agent)、用户设备(user device)、或用户装备(user equipment)。In the embodiments of the present application, the terminal device is a device that can provide users with voice and/or data connectivity, a handheld device with a wireless connection function, or other processing devices connected to a wireless modem. The terminal device can communicate with one or more core networks via the radio access network (RAN). The terminal device can be a mobile terminal device, such as a mobile phone (or “cellular” phone) and a mobile terminal device. The computer, for example, may be a portable, pocket-sized, handheld, built-in computer or vehicle-mounted mobile device, which exchanges language and/or data with the wireless access network. For example, personal communication service (PCS) phone, cordless phone, session initiation protocol (SIP) phone, wireless local loop (WLL) station, personal digital assistant (personal digital assistant, PDA), handheld devices with wireless communication functions, computing devices or other processing devices connected to wireless modems, vehicle-mounted devices, wearable devices, terminals in the future 5G network or future evolution of public land mobile communication networks (public land mobile network , The terminal equipment in the PLMN), which is not limited in the embodiment of the present application. Terminal equipment can also be called system, subscriber unit, subscriber station, mobile station, mobile station, remote station, access point, Remote terminal equipment (remote terminal), access terminal equipment (access terminal), user terminal equipment (user terminal), user agent (user agent), user equipment (user device), or user equipment (user equipment).
服务器指业务服务器或设备CA服务器,业务服务器指用于为某个或某些正版APP提供服务的APP,设备CA服务器为部署了可信任证书列表的服务器。当网络架构中仅部署业务服务器时,业务服务器上部署了可信任证书列表,正版APP在业务服务器上进行注册,由业务服务器负责证书链合法性检验、业务证书是否为APP的业务证书的判断以及仿冒APP识别。当网络架构中同时部署业务服务器和设备CA服务器时,正版APP可以在业务服务器上注册,业务服务器上部署可信任证书列表,并定期到设备CA服务器上获取最新可信任证书列表,由业务服务器负责证书链合法性检验、业务证书是否为APP的业务证书的判断以及仿冒APP识别;或者,正版APP可以在业务服务器上注册,但业务服务器上未部署可信任证书列表,由设备CA服务器负责证书链合法性检验以及业务证书是否为APP的业务证书的判断,由业务服务器负责仿冒识别;或者,正版APP在设备CA服务器上注册,由设备CA服务器负责证书链合法性检验、业务证书是否为APP的业务证书的判断以及仿冒APP识别,而业务服务器仅起透传转发作用。示例性的,请参见图1A和图1B。The server refers to a business server or a device CA server. The business server refers to an APP used to provide services for one or some genuine apps. The device CA server is a server that has a trusted certificate list deployed. When only the business server is deployed in the network architecture, a list of trusted certificates is deployed on the business server, the genuine APP is registered on the business server, and the business server is responsible for verifying the validity of the certificate chain, determining whether the business certificate is the business certificate of the APP, and Counterfeit APP recognition. When the business server and the device CA server are deployed in the network architecture at the same time, the genuine APP can be registered on the business server, the trusted certificate list is deployed on the business server, and the latest trusted certificate list is periodically obtained from the device CA server, which is the responsibility of the business server Certificate chain legitimacy verification, judgment of whether the business certificate is an APP business certificate, and counterfeit APP identification; or, a genuine APP can be registered on the business server, but the trusted certificate list is not deployed on the business server, and the device CA server is responsible for the certificate chain The business server is responsible for the counterfeit identification of the legality inspection and whether the business certificate is the business certificate of the APP; or, the genuine APP is registered on the device CA server, and the device CA server is responsible for the legality inspection of the certificate chain and whether the business certificate is the APP The service certificate judgment and counterfeit APP identification, and the service server only plays a role of transparent transmission and forwarding. For example, please refer to Figure 1A and Figure 1B.
图1A为本申请实施例提供的一种仿冒APP识别方法所适用的网络架构示意图。请参照图1A,该场景包括终端设备和业务服务器,终端设备与业务服务器之间建立网络连接,该业务服务器是针对某个或某些正版APP的服务器,正版APP被发布时,研发人员需要在业务服务器上对该正版APP进行注册,保存正版APP的签名证书指纹和包名的对应关系;同时,业务服务器上存储对证书链进行合法性检验所需的可信任证书集合,如可信任的根证书集合或可信任的设备认证授权(certificate authority,CA)证书集合。若终端设备上下载并安装了该正版APP,则终端设备可以利用该APP使用 业务服务器提供的功能。对于用户来说,其并不知道下载并安装在终端设备上的APP是否为仿冒APP,因此,本实施例中,终端设备上下载并安装APP,启动该APP,以下称之为待识别APP,业务服务器根据证书链、待识别APP的业务证书等对该待识别APP进行仿冒识别,其中,待识别APP的业务证书携带待识别APP的包名和签名证书指纹。例如,待识别APP为华为share,用户并不知道该华为share为正版华为share或仿冒华为share,因此,用户启动华为share后,由业务服务器对该待识别APP进行识别,若识别出其为正版华为share,则待识别APP使用业务服务器提供的功能,如将照片、文件等数据远程分享给其他用户,若业务服务器识别出其为仿冒APP,则拒绝待识别APP使用业务服务器提供的功能。FIG. 1A is a schematic diagram of a network architecture applicable to a counterfeit APP identification method provided by an embodiment of the application. Please refer to Figure 1A. This scenario includes a terminal device and a business server. A network connection is established between the terminal device and the business server. The business server is a server for one or some genuine APPs. When the genuine APP is released, the R&D personnel need to Register the genuine APP on the business server and save the correspondence between the signature certificate fingerprint of the genuine APP and the package name; at the same time, the business server stores the set of trusted certificates required to verify the validity of the certificate chain, such as the trusted root A collection of certificates or a collection of trusted device certification authority (CA) certificates. If the genuine APP is downloaded and installed on the terminal device, the terminal device can use the APP to use the functions provided by the service server. For the user, he does not know whether the APP downloaded and installed on the terminal device is a counterfeit APP. Therefore, in this embodiment, the APP is downloaded and installed on the terminal device, and the APP is started. The business server performs counterfeit identification on the APP to be identified according to the certificate chain, the business certificate of the APP to be identified, etc., where the business certificate of the APP to be identified carries the package name and signature certificate fingerprint of the APP to be identified. For example, if the app to be identified is a Huawei share, the user does not know that the Huawei share is a genuine Huawei share or a counterfeit Huawei share. Therefore, after the user activates the Huawei share, the service server will identify the app to be identified. If it is identified as genuine Huawei share, the app to be identified uses the functions provided by the service server, such as remotely sharing photos, files and other data with other users. If the service server identifies it as a counterfeit app, it will refuse the app to be identified to use the functions provided by the service server.
通常情况下,图1A所示场景中,终端设备、业务服务器和正版APP来自同一厂商。然而,本申请实施例并不限制,例如,终端设备和业务服务器来自同一厂商,而正版APP由第三方开发,业务服务器提供接口,供第三方开发的正版APP访问。Generally, in the scenario shown in Figure 1A, the terminal device, the service server, and the genuine APP are from the same manufacturer. However, the embodiments of the present application are not limited. For example, the terminal device and the service server are from the same manufacturer, and the genuine APP is developed by a third party, and the service server provides an interface for the genuine APP developed by the third party to access.
图1B为本申请实施例提供的另一种仿冒APP识别方法所适用的网络架构示意图。请参照图1B,该场景包括终端设备、业务服务器和认证授权服务器,终端设备与业务服务器之间建立网络连接,业务服务器与认证授权服务器之间建立网络连接。业务服务器是针对某个或某些正版APP的服务器,该正版APP被发布时,研发人员将正版APP的签名证书指纹和包名的对应关系存储在认证授权服务器上。另外,认证授权服务器上存储对证书链进行合法性检验所需的可信任证书集合,如可信任的根证书集合或可信任的设备认证授权(certificate authority,CA)证书集合。当终端设备上下载并安装了待识别APP,启动该待识别APP,将证书链等发送给业务服务器,则业务服务器将接收到的证书链等发送给认证授权服务器,由认证授权服务器对APP进行仿冒识别。或者,设备CA服务器也可以仅存储可信任证书集合,研发人员将正版APP的签名证书指纹、包名以及签名证书指纹和包名的对应关系存储在业务服务器上,则业务服务器接收到证书链和签名数据后,将证书链和签名数据发送给设备CA服务器,由设备CA服务器对证书链的合法以及证书链中的业务证书是否是APP的证书进行校验,只有证书链中的证书均合法,且业务证书是APP的业务证书时,业务服务器才根据业务证书中的包名和第一签名证书指纹对APP进行仿冒识别。FIG. 1B is a schematic diagram of a network architecture applicable to another counterfeit APP identification method provided by an embodiment of the application. 1B, this scenario includes a terminal device, a business server, and an authentication and authorization server. A network connection is established between the terminal device and the business server, and a network connection is established between the business server and the authentication and authorization server. The business server is a server for one or some genuine APPs. When the genuine APP is released, the R&D staff stores the correspondence between the signature certificate fingerprint of the genuine APP and the package name on the authentication authorization server. In addition, the certification authority server stores a set of trusted certificates required to verify the validity of the certificate chain, such as a trusted root certificate set or a trusted device certification authority (CA) certificate set. When the APP to be recognized is downloaded and installed on the terminal device, the APP to be recognized is started, and the certificate chain, etc. is sent to the service server. The service server sends the received certificate chain, etc. to the authentication and authorization server, and the authentication and authorization server performs the verification on the APP. Counterfeit identification. Alternatively, the device CA server can only store a set of trusted certificates. The developer stores the signature certificate fingerprint, package name, and the correspondence between the signature certificate fingerprint and package name of the genuine APP on the business server, and the business server receives the certificate chain and After the data is signed, the certificate chain and signature data are sent to the device CA server. The device CA server verifies the validity of the certificate chain and whether the business certificate in the certificate chain is an APP certificate. Only the certificates in the certificate chain are legal. And only when the service certificate is the service certificate of the APP, the service server performs counterfeit identification of the APP according to the package name in the service certificate and the fingerprint of the first signature certificate.
需要说明的是,本申请实施例中,仿冒APP并不局限于被植入恶意代码或广告信息的APP以及不法分子开发出的非法APP。本申请实施例中的仿冒APP是相对的,例如,业务服务器仅针对APP1提供服务,终端设备上下载并安装的合法APP包括APP1、APP2和APP3,由于APP2和APP3不是该业务服务器对应的APP,则对于业务服务器而言,该APP2和APP3同样是仿冒APP。It should be noted that in the embodiments of this application, counterfeit APPs are not limited to APPs implanted with malicious code or advertising information and illegal APPs developed by criminals. The counterfeit APP in the embodiment of this application is relative. For example, the service server only provides services for APP1, and the legitimate APP downloaded and installed on the terminal device includes APP1, APP2, and APP3. Since APP2 and APP3 are not the APPs corresponding to the service server, For the business server, the APP2 and APP3 are also counterfeit APPs.
图1B所示场景中,终端设备、业务服务器和正版APP可以来自同一厂商或不同的厂商。In the scenario shown in Figure 1B, the terminal device, the service server, and the genuine APP can be from the same manufacturer or different manufacturers.
本申请实施例中,终端设备在生成时注入可信根,如根证书和/或设备CA证书,其中,设备CA证书是由根证书签发的。终端设备出厂后,终端设备可以利用设备CA证书为待识别APP签发业务证书。本申请实施例所述的证书,如根证书、设备CA证书、业务证书等,每个证书具有一个密钥对,该密钥对包含一个公钥和一个私钥,公钥携带在证书里,私钥存储在终端设备的安全存储分区。In this embodiment of the application, the terminal device injects a trusted root, such as a root certificate and/or a device CA certificate, when the terminal device is generated, where the device CA certificate is issued by the root certificate. After the terminal device leaves the factory, the terminal device can use the device CA certificate to issue a service certificate for the app to be identified. The certificates described in the embodiments of this application, such as root certificates, device CA certificates, service certificates, etc., each certificate has a key pair, the key pair includes a public key and a private key, the public key is carried in the certificate, The private key is stored in the secure storage partition of the terminal device.
下面,以上述图1A所示架构为例,对本申请实施例所述的仿冒APP识别方法进行详细说明。示例性的,可参见图2,图2是本申请实施例提供的一种仿冒APP的识别方法的流程图,本实施例是从业务服务器和终端设备交互的角度,对本申请所述的仿冒APP识别方法进行说明的。本实施例包括:In the following, taking the architecture shown in FIG. 1A as an example, the counterfeit APP identification method described in the embodiment of the present application will be described in detail. Exemplarily, refer to Figure 2. Figure 2 is a flowchart of a method for identifying counterfeit APPs provided in an embodiment of the present application. This embodiment compares the counterfeit APP described in this application from the perspective of the interaction between the service server and the terminal device. The identification method is explained. This embodiment includes:
101、终端向服务器发送待识别应用程序APP与所述服务器建立链接的请求消息。101. The terminal sends a request message for establishing a link between the application APP to be identified and the server to the server.
示例性的,终端设备上下载并安装APP,启动该APP,以下称之为待识别APP,终端设备针对该APP向业务服务器发送建链请求。Exemplarily, the terminal device downloads and installs the APP, starts the APP, which is referred to as the APP to be identified below, and the terminal device sends a link establishment request to the service server for the APP.
102、服务器向终端设备发送第一随机数。102. The server sends the first random number to the terminal device.
示例性的,图1A中,业务服务器是针对某个正版APP的服务器,用户期望该业务服务器仅能为正版APP提供服务,而不希望被其他APP提供服务器。正版APP被发布时,研发人员在该业务服务器上对正版APP进行注册,保存正版APP的签名证书指纹和包名的对应关系;同时,业务服务器上存储对证书链进行合法性检验所需的可信任证书集合,如可信任的根证书集合或可信任的设备认证授权(certificate authority,CA)证书集合。业务服务器接收到请求消息后,向终端设备发起身份挑战,并下发第一随机数,该第一随机数也可以称之为挑战(challenge);相应的,终端设备接收该第一随机数。Exemplarily, in FIG. 1A, the service server is a server for a certain genuine APP, and the user expects that the service server can only provide services for the genuine APP, and does not want to be provided by other apps. When a genuine APP is released, the R&D personnel register the genuine APP on the service server and save the corresponding relationship between the signature certificate fingerprint of the genuine APP and the package name; at the same time, the service server stores the certificates required for the legality check of the certificate chain. A set of trusted certificates, such as a trusted root certificate set or a trusted device certification authority (CA) certificate set. After receiving the request message, the service server initiates an identity challenge to the terminal device and issues a first random number, which may also be referred to as a challenge; accordingly, the terminal device receives the first random number.
需要说明的是,若部署了设备CA服务器,则步骤101和步骤102中,终端设备向业务服务器发送建链请求,业务服务器将该建链请求发送给设备CA服务器,触发设备CA服务器发送第一随机数。It should be noted that if the device CA server is deployed, in step 101 and step 102, the terminal device sends a link establishment request to the service server, and the service server sends the link establishment request to the device CA server, triggering the device CA server to send the first random number.
103、终端设备利用待识别APP的业务证书对应的私钥,对所述第一随机数进行加密,得到签名数据。103. The terminal device uses the private key corresponding to the service certificate of the APP to be identified to encrypt the first random number to obtain signature data.
本步骤中,终端设备利用待识别APP的业务证书对应的私钥,对第一随机数进行加密,例如,终端设备利用安全哈希算法256(secure hash algorithm 256,SHA256)、安全哈希算法384(secure hash algorithm 384,SHA384)或安全哈希算法512(secure hash algorithm 512,SHA512)等对第一随机数进行加密,得到签名数据。In this step, the terminal device uses the private key corresponding to the service certificate of the APP to be identified to encrypt the first random number. For example, the terminal device uses secure hash algorithm 256 (SHA256) and secure hash algorithm 384 (secure hash algorithm 384, SHA384) or secure hash algorithm 512 (secure hash algorithm 512, SHA512) etc. encrypt the first random number to obtain signature data.
104、所述终端设备向服务器发送所述签名数据和证书链。104. The terminal device sends the signature data and certificate chain to the server.
其中,所述证书链携带所述待识别APP的业务证书,所述业务证书携带所述待识别APP的包名和所述待识别APP的第一签名证书指纹。Wherein, the certificate chain carries the service certificate of the APP to be identified, and the service certificate carries the package name of the APP to be identified and the first signature certificate fingerprint of the APP to be identified.
本步骤中,终端设备向服务器发送签名数据和证书链;相应的,服务器接收该签名数据和证书链。In this step, the terminal device sends the signature data and the certificate chain to the server; correspondingly, the server receives the signature data and the certificate chain.
105、所述服务器根据所述证书链和所述签名数据,判断所述业务证书是否为所述待识别APP的业务证书。105. The server judges whether the service certificate is the service certificate of the APP to be identified according to the certificate chain and the signature data.
以服务器为上述图1A中的业务服务器为例,本步骤包括两个阶段:第一阶段,业务服务器根据预先存储的可信任证书对证书链中的证书进行校验,判断证书链中的各个证书是否合法;若业务服务器确定出证书链中的各证书均合法,则进入第二阶段:业务服务器利用证书链中的业务证书携带的公钥解密签名数据,以判断业务证书是否为待识别APP的业务证书,若业务证书是待识别APP的业务证书,则执行步骤106;业务证书不是待识别APP的业务证书,则执行步骤108。Taking the server as the business server in Figure 1A as an example, this step includes two stages: In the first stage, the business server verifies the certificates in the certificate chain according to the pre-stored trusted certificates, and judges each certificate in the certificate chain. Whether it is legal; if the business server determines that each certificate in the certificate chain is legal, it enters the second stage: the business server uses the public key carried by the business certificate in the certificate chain to decrypt the signature data to determine whether the business certificate is for the app to be identified Service certificate. If the service certificate is the service certificate of the APP to be identified, step 106 is executed; if the service certificate is not the service certificate of the APP to be identified, step 108 is executed.
示例性的,第一阶段中,以可信证书级别为根证书为例,证书链包括根证书、设 备CA证书和业务证书。由于证书是一级一级签发的,例如,终端设备的设备CA证书是利用终端设备的根证书签发的,待识别APP的业务证书是终端设备利用设备CA证书签发,因此,业务服务器判断证书链中的各个证书是否合法时,先判断根证书是否合法,再判断设备证书是否合法,最后判断业务证书是否合法。证书链合法性检验过程中,业务服务器判断本地存储的可信任的根证书集合中是否存在证书链中的根证书,若证书链中的根证书包含于可信任的根证书集合中,则业务服务器认为根证书是可信的,反之,业务服务器认为证书链中的根证书是不可信的;之后,业务服务器利用根证书的公钥,解密设备CA证书,得到一个哈希值,利用设备CA证书携带的哈希算法,对设备CA证书的内容进行哈希运算,得到另一个哈希值,若该两个哈希值一样,则业务服务器认为设备CA证书合法,反之,业务服务器认为设备CA证书不合法;之后,业务服务器利用设备CA证书的公钥,解密业务证书,得到一个哈希值,利用业务证书携带的哈希算法,对业务证书的内容进行哈希运算,得到另一个哈希值,若该两个哈希值一样,则业务服务器认为业务证书合法;反正,业务服务器认为业务证书不合法。Exemplarily, in the first stage, taking the trusted certificate level as the root certificate as an example, the certificate chain includes the root certificate, the device CA certificate and the business certificate. Since the certificate is issued at the first level, for example, the device CA certificate of the terminal device is issued using the root certificate of the terminal device, and the service certificate of the APP to be identified is issued by the terminal device using the device CA certificate. Therefore, the service server determines the certificate chain When each certificate in is valid, first determine whether the root certificate is valid, then determine whether the device certificate is valid, and finally determine whether the business certificate is valid. During the verification of the validity of the certificate chain, the business server determines whether there is a root certificate in the certificate chain in the trusted root certificate set stored locally. If the root certificate in the certificate chain is included in the trusted root certificate set, the business server The root certificate is considered to be credible. On the contrary, the business server considers the root certificate in the certificate chain to be untrusted; after that, the business server uses the public key of the root certificate to decrypt the device CA certificate to obtain a hash value and use the device CA certificate The carried hash algorithm performs a hash operation on the content of the device CA certificate to obtain another hash value. If the two hash values are the same, the business server considers the device CA certificate to be legal, otherwise, the business server considers the device CA certificate Illegal; later, the service server uses the public key of the device CA certificate to decrypt the service certificate to obtain a hash value, and uses the hash algorithm carried in the service certificate to hash the content of the service certificate to obtain another hash value If the two hash values are the same, the business server considers the business certificate legal; anyway, the business server considers the business certificate illegal.
第二阶段中,业务服务器在判断业务证书是否为待识别APP的业务证书时,利用业务证书的公钥解密签名数据,得到一个随机数,以下称之为第二随机数,然后,业务服务器比对第一随机数与第二随机数是否相同,若第一随机数与第二随机数相同,则业务服务器确定业务证书是待识别APP的业务证书;若第一随机数与第二随机数不相同,则业务服务器确定业务证书不是待识别APP的业务证书。In the second stage, when the service server judges whether the service certificate is the service certificate of the APP to be identified, it uses the public key of the service certificate to decrypt the signature data to obtain a random number, which is called the second random number below. Then, the service server compares Whether the first random number and the second random number are the same, if the first random number is the same as the second random number, the service server determines that the service certificate is the service certificate of the APP to be identified; if the first random number and the second random number are not If the same, the service server determines that the service certificate is not the service certificate of the APP to be recognized.
106、所述业务服务器根据所述包名和所述第一签名证书指纹,判断所述待识别APP是否为仿冒待识别APP。106. The service server determines whether the APP to be identified is a counterfeit APP to be identified according to the package name and the fingerprint of the first signature certificate.
根据上述步骤102可知:一个正版APP在发布之前需要到业务服务器进行注册,使得业务服务器上存储该正版APP的包名和签名证书指纹的对应关系。因此,本步骤中,业务服务器将证书链中的包名对应第一签名证书指纹和该包名对应的正版APP在服务器上注册时存储的第二签名证书指纹进行比对,从而判断待识别APP是否为仿冒APP,若待识别APP不是仿冒APP,则执行步骤107;若待识别APP是仿冒APP,则执行步骤108。According to the above step 102, it can be known that a genuine APP needs to be registered with the service server before being released, so that the correspondence between the package name of the genuine APP and the fingerprint of the signature certificate is stored on the service server. Therefore, in this step, the service server compares the first signature certificate fingerprint corresponding to the package name in the certificate chain with the second signature certificate fingerprint stored when the genuine APP corresponding to the package name is registered on the server to determine the APP to be identified Whether it is a counterfeit APP, if the APP to be identified is not a counterfeit APP, step 107 is executed; if the APP to be identified is a counterfeit APP, step 108 is executed.
107、业务服务器向终端设备发送识别结果,该识别结果用于指示待识别APP为正版APP,并与终端设备进行业务交互。107. The service server sends the recognition result to the terminal device, and the recognition result is used to indicate that the APP to be recognized is a genuine APP, and performs business interaction with the terminal device.
108、业务服务器向终端设备识别结果,该识别结果用于指示待识别APP为仿冒APP,并拒绝与终端设备针对该APP进行业务交互。108. The service server recognizes the result to the terminal device, and the recognition result is used to indicate that the APP to be recognized is a counterfeit APP and refuses to conduct business interaction with the terminal device for the APP.
需要说明的是,本申请实施例中,仿冒APP是相对于业务服务器而言的,仿冒APP包括常规意义的仿冒APP以及一些正版APP。例如,有三个APP:APP1、APP2和APP3,其中,APP1和APP2属于常规意义的仿冒APP,常规意义的仿冒APP指正版APP外的所有APP,包括第三方应用商店的服务器能够检测出的仿冒APP和第三方应用商品的服务器未能检测出、但实际上是仿冒APP的APP;APP3是正版APP,但是其未在业务服务器上注册,因此,对于业务服务器而言,APP3同样是仿冒APP。It should be noted that in the embodiments of the present application, the counterfeit APP is relative to the service server, and the counterfeit APP includes the counterfeit APP in the conventional sense and some genuine APPs. For example, there are three apps: APP1, APP2, and APP3. Among them, APP1 and APP2 are counterfeit apps in the normal sense. Counterfeit apps in the normal sense refer to all apps except genuine apps, including counterfeit apps that can be detected by the servers of third-party app stores. The server of the third-party application product failed to detect, but it is actually a counterfeit APP; APP3 is a genuine APP, but it is not registered on the service server. Therefore, for the service server, APP3 is also a counterfeit APP.
本申请实施例提供的仿冒APP识别方法,终端设备上的待识别APP启动后,与业务服务器进行业务交互之前,将证书链和签名数据发送给业务服务器,业务服务器 检验证书链中的各个证书合法,且业务证书是待识别APP自己的业务证书后,对比业务证书中的包名对应的签名证书指纹与预先存储的该包名对应的签名证书指纹是否相同,从而识别出待识别APP是否为仿冒APP,避免业务服务器为仿冒APP提供服务,提高业务安全性。另外,若业务服务器同一时间只能为一定数量的用户提供服务,则通过本申请,可以避免非法用户通过仿冒APP访问业务服务器,可以保障合法用户的业务。In the counterfeit APP identification method provided by the embodiment of this application, after the APP to be identified on the terminal device is started, the certificate chain and signature data are sent to the business server before the business interaction with the business server, and the business server verifies that each certificate in the certificate chain is legal , And after the service certificate is the service certificate of the APP to be identified, compare the signature certificate fingerprint corresponding to the package name in the service certificate and the pre-stored signature certificate fingerprint corresponding to the package name to identify whether the APP to be identified is counterfeit APP, to prevent business servers from providing services for counterfeit APPs, and improve business security. In addition, if the business server can only provide services for a certain number of users at the same time, this application can prevent illegal users from accessing the business server through counterfeit APPs, and can protect the business of legitimate users.
本申请实施例中,终端设备可以是任意操作系统的终端设备,如苹果操作系统的终端设备、安卓操作系统的终端设备等,任意一种操作系统的终端设备上安装待识别APP后,该终端设备利用存储在该终端设备上的设备CA证书为待识别APP签发业务证书。下面,以终端设备为安卓操作系统的终端设备为例,对上述的仿冒APP识别方法进行详细说明。In the embodiments of this application, the terminal device may be a terminal device of any operating system, such as a terminal device of an Apple operating system, a terminal device of an Android operating system, and so on. After an APP to be recognized is installed on a terminal device of any operating system, the terminal The device uses the device CA certificate stored on the terminal device to issue a service certificate for the APP to be identified. In the following, taking a terminal device with an Android operating system as an example, the above-mentioned counterfeit APP identification method will be described in detail.
图3为本申请实施例提供的一种仿冒APP识别方法所适用的架构示意图。请参照图3,本实施例中,终端设备称为端侧,业务服务器和设备CA服务器部署在云侧,终端设备的操作系统包括可信执行环境和(trusted execution environment,TEE)富执行环境(rich execution environment,REE),TEE负责处理需要较高安全保护的事务,比如秘钥存储、加解密、指纹识别等,REE是普通的操作系统,比如Android安卓系统、iOS苹果系统等,REE中存在为APP提供证书服务的客户应用(client application,CA),TEE中存在与CA对应的可信应用(trusted application,TA)。其中,APP包括但不局限于待识别APP。本申请实施例中,REE和TEE从上至下分别包括应用层、框架层、内核层和硬件层。终端设备的REE能够提供证书管理服务,该证书管理服务位于REE的框架(Android framework)层,用于为待识别APP提供密钥和证书管理相关的功能。为了满足基于TEE硬件保护密钥的业务需求,实现密钥可信认证(key attestation),该证书管理服务至少能够实现如下三个功能:1)终端设备出厂前,利用证书管理服务将产线证书,即根证书和设备CA证书注入终端设备;2)支持生成业务证书,即终端设备利用设备CA证书为待识别APP签发业务证书;3)支持基于业务密钥的可信认证,即业务服务器发起身份挑战时,终端设备利用证书管理服务,采用业务证书对应的私钥对业务服务器发送的第一随机数进行加密得到签名数据。FIG. 3 is a schematic diagram of a structure applicable to a counterfeit APP identification method provided by an embodiment of the application. 3, in this embodiment, the terminal device is called the end side, the service server and the device CA server are deployed on the cloud side, and the operating system of the terminal device includes a trusted execution environment (trusted execution environment, TEE) rich execution environment ( rich execution environment, REE), TEE is responsible for handling matters that require high security protection, such as secret key storage, encryption and decryption, fingerprint recognition, etc. REE is a common operating system, such as Android Android system, iOS Apple system, etc., exists in REE A client application (CA) that provides certificate services for the APP, and a trusted application (TA) corresponding to the CA exists in the TEE. Among them, APP includes but is not limited to APP to be identified. In the embodiments of the present application, REE and TEE respectively include an application layer, a framework layer, a kernel layer, and a hardware layer from top to bottom. The REE of the terminal device can provide a certificate management service, which is located in the REE framework (Android framework) layer, and is used to provide key and certificate management related functions for the APP to be identified. In order to meet the business needs of protecting keys based on TEE hardware and realize key attestation, the certificate management service can at least realize the following three functions: 1) Before the terminal device leaves the factory, use the certificate management service to transfer the production line certificate , That is, the root certificate and the device CA certificate are injected into the terminal device; 2) Support the generation of service certificates, that is, the terminal device uses the device CA certificate to issue service certificates for the APP to be identified; 3) Supports trusted authentication based on the service key, that is, the service server initiates When the identity is challenged, the terminal device uses the certificate management service to encrypt the first random number sent by the service server with the private key corresponding to the service certificate to obtain the signature data.
针对上述功能1),厂商生产制造终端设备的过程中,将根证书、设备CA证书预置并保存在终端设备的安全存储分区,如回环保护分区(replay protect memory block),RPMB)中,RPMB中的数据不可以修改,即使用户对终端设备恢复出厂设置,也无法删除PRMB中的数据。For the above function 1), in the process of manufacturing terminal equipment, the manufacturer presets and saves the root certificate and device CA certificate in the secure storage partition of the terminal equipment, such as replay protect memory block (RPMB), RPMB The data in the PRMB cannot be modified. Even if the user restores the factory settings to the terminal device, the data in the PRMB cannot be deleted.
针对上述功能2),待识别APP被下载并安装到终端设备上后,用户点击以启动该待识别APP时,待识别APP向CA申请业务证书,CA通过Android系统获取待识别APP的包名和待识别APP的第一签名证书指纹,之后向TA发送证书申请请求,以为待识别APP申请业务证书。TA接收到申请请求后,利用设备CA证书为待识别APP签发业务证书,并将待识别APP的包名和第一签名证书指纹记录到业务证书中。业务证书生成后保持在终端设备的安全存储分区,如弹性文件服务(secure file system,SFS)中,SFS中的数据在待识别APP被卸载或者终端设备恢复出厂值时可被删除。For the above function 2), after the app to be identified is downloaded and installed on the terminal device, when the user clicks to start the app to be identified, the app to be identified applies to the CA for a business certificate, and the CA obtains the package name and the waiting list of the app to be identified through the Android system. Identify the fingerprint of the first signature certificate of the APP, and then send a certificate application request to the TA to apply for a service certificate for the APP to be identified. After receiving the application request, the TA uses the device CA certificate to issue a service certificate for the APP to be identified, and records the package name of the APP to be identified and the fingerprint of the first signature certificate in the service certificate. After the service certificate is generated, it is kept in the secure storage partition of the terminal device, such as in a secure file system (SFS). The data in the SFS can be deleted when the app to be identified is uninstalled or the terminal device is restored to its factory settings.
针对上述功能3),待识别APP被启动后,终端设备针对该待识别APP向业务服务器发起建立请求,业务服务器发起身份认证挑战,使得业务服务器对待识别APP进行仿冒识别。示例性的,可参见图4,图4是本申请实施例提供的另一种仿冒APP识别方法的流程 图。请参照图4,本实施例中,待识别APP和证书管理服务均加载在终端设备上,业务服务器上部署可信根证书集合,业务服务器定期到设备CA服务器获取证书吊销列表对本地部署的可信证书进行更新,本实施例包括:For the above function 3), after the APP to be identified is started, the terminal device initiates an establishment request for the APP to be identified to the service server, and the service server initiates an identity authentication challenge, so that the service server performs counterfeit identification of the APP to be identified. For example, refer to Fig. 4, which is a flowchart of another counterfeit APP identification method provided in an embodiment of the present application. Referring to Figure 4, in this embodiment, the APP to be identified and the certificate management service are both loaded on the terminal device, and the trusted root certificate set is deployed on the business server. The business server regularly obtains the certificate revocation list from the device CA server. The letter certificate is updated, this embodiment includes:
201、业务服务器获取终端设备的根证书。201. The service server obtains the root certificate of the terminal device.
本步骤中,业务服务器离线获取终端设备的根证书,或者,业务服务器与设备CA服务器交互以获取终端设备的根证书。In this step, the business server obtains the root certificate of the terminal device offline, or the business server interacts with the device CA server to obtain the root certificate of the terminal device.
202、业务服务器向设备CA服务器发送证书吊销列表请求。202. The service server sends a certificate revocation list request to the device CA server.
203、设备CA服务器向业务服务器发送响应消息,该响应消息携带证书吊销列表。203. The device CA server sends a response message to the service server, where the response message carries the certificate revocation list.
上述步骤202和203中,业务服务器定期向设备CA服务器发送证书吊销列表请求以请求最新的证书吊销列表(certificate revocation list,CRL),对本地部署的可信证书进行更新。In the foregoing steps 202 and 203, the service server periodically sends a certificate revocation list request to the device CA server to request the latest certificate revocation list (Certificate Revocation List, CRL) to update the locally deployed trusted certificate.
204、终端设备针对待识别APP向业务服务器发送建链请求。204. The terminal device sends a link establishment request to the service server for the APP to be identified.
本步骤中,待识别APP启动时,终端设备针对该待识别APP向业务服务器发起建链请求。In this step, when the APP to be identified is started, the terminal device initiates a link establishment request to the service server for the APP to be identified.
205、业务服务器向终端设备发起身份认证,该身份认证携带第一随机数。205. The service server initiates identity authentication to the terminal device, and the identity authentication carries the first random number.
本步骤中,业务服务器针对待识别APP向终端设备发送身份认证。In this step, the service server sends identity authentication to the terminal device for the APP to be identified.
206、终端设备通过CA向TA发送证书申请请求,以为待识别APP申请业务证书。206. The terminal device sends a certificate application request to the TA through the CA to apply for a service certificate for the APP to be identified.
207、终端设备利用设备CA证书为待识别APP签发业务证书。207. The terminal device uses the device CA certificate to issue a service certificate for the APP to be identified.
本申请实施例中,设备CA证书是利用根证书签发的,业务证书是设备CA证书签发的。示例性的,可参见图5,图5是本申请实施例提供的仿冒APP识别方法所使用的证书签发流程图。In this embodiment of the application, the device CA certificate is issued by the root certificate, and the service certificate is issued by the device CA certificate. Exemplarily, refer to FIG. 5, which is a flow chart of certificate issuance used in the counterfeit APP identification method provided by the embodiment of the present application.
请参照图5,本实施例中,根证书和设备CA证书也称之为终端设备产线预置证书,该两个证书是终端设备出厂前就注入终端设备的,不会因为终端设备恢复出厂值或卸载待识别APP而删除。终端设备出厂后,用户在终端设备上装载待识别APP,启动该待识别APP时,终端设备利用设备CA证书为待识别APP签发业务证书。下表列举出业务证书的细节内容。Please refer to Figure 5. In this embodiment, the root certificate and the device CA certificate are also called the terminal device production line preset certificates. These two certificates are injected into the terminal device before the terminal device leaves the factory, and will not be restored because the terminal device Value or uninstall the app to be recognized and delete it. After the terminal device leaves the factory, the user loads the APP to be identified on the terminal device. When the APP to be identified is started, the terminal device uses the device CA certificate to issue a service certificate for the APP to be identified. The following table lists the details of the business certificate.
Figure PCTCN2019077311-appb-000001
Figure PCTCN2019077311-appb-000001
Figure PCTCN2019077311-appb-000002
Figure PCTCN2019077311-appb-000002
需要说明的是,上表仅仅是一个示例,本申请实施例中业务证书的内容并不局限于此。It should be noted that the above table is only an example, and the content of the business certificate in the embodiment of the application is not limited to this.
208、终端设备利用业务证书对应的私钥对第一随机数进行加密,得到签名数据。208. The terminal device uses the private key corresponding to the service certificate to encrypt the first random number to obtain signature data.
209、终端设备通过TA向CA发送签名数据和证书链。209. The terminal device sends the signature data and certificate chain to the CA through the TA.
210、终端设备向业务服务器发送签名数据和证书链。210. The terminal device sends the signature data and the certificate chain to the service server.
其中,证书链包括根证书、设备CA证书和业务证书。Among them, the certificate chain includes root certificates, device CA certificates, and business certificates.
211、业务服务器判断证书链中的证书是否合法,若证书链中的各个证书均合法,则执行步骤212,若证书链中某一级证书不合法,则执行步骤215。211. The service server judges whether the certificates in the certificate chain are legal. If all the certificates in the certificate chain are legal, perform step 212; if a certain level of certificate in the certificate chain is illegal, perform step 215.
因为证书是一级一级签发的,因此,证书链检验过程中,业务服务器依次判断根证书、设备CA证书和业务证书是否合法。Because the certificate is issued at the first level, the service server sequentially determines whether the root certificate, the device CA certificate, and the service certificate are legal during the certificate chain verification process.
首先,业务服务器确定预先部署的可信任的根证书集合中,是否存在所述证书链中的根证书,若预先部署的可信任的根证书集合中存在证书链中的根证书,说明证书链中的根证书是业务服务器可信任的根证书,是合法的证书。若预先部署的可信任的根证书集合中不存在证书链中的根证书,说明证书链中的根证书不是业务服务器可信任的根证书,是非法证书。First, the business server determines whether there is a root certificate in the certificate chain in the pre-deployed set of trusted root certificates. If there is a root certificate in the certificate chain in the pre-deployed set of trusted root certificates, it indicates that there is a root certificate in the certificate chain. The root certificate of is the trusted root certificate of the business server and is a legal certificate. If the root certificate in the certificate chain does not exist in the pre-deployed trusted root certificate set, it means that the root certificate in the certificate chain is not a trusted root certificate for the business server, but an illegal certificate.
其次,若根证书集合中存在所述证书链中的根证书,则所述业务服务器利用根证书的公钥,解密证书链包含的设备CA证书,得到第一哈希值,并根据设备CA证书携带的哈希算法,对该设备CA证书进行哈希运算,得到第二哈希值。业务服务器判断第一哈希值和第二哈希值是否相同,若第一哈希值和第二哈希值相同,则说明设备CA证书是合法的设备CA证书,若第一哈希值和第二哈希值不相同,则说明设备CA证书是非法的设备CA证书。Secondly, if the root certificate in the certificate chain exists in the root certificate set, the service server uses the public key of the root certificate to decrypt the device CA certificate contained in the certificate chain to obtain the first hash value, and then according to the device CA certificate The carried hash algorithm performs a hash operation on the device CA certificate to obtain the second hash value. The service server judges whether the first hash value and the second hash value are the same. If the first hash value and the second hash value are the same, it means that the device CA certificate is a legal device CA certificate. If the second hash value is not the same, it indicates that the device CA certificate is an illegal device CA certificate.
最后,若设备CA证书是合法的设备CA证书,则业务服务器根据所述设备CA证书携带的公钥,解密业务证书,得到第三哈希值,并根据业务证书携带的哈希算法,对该业务证书进行哈希运算,得到第四哈希值。业务服务器判断第三哈希值和第四哈希值是否相同,若第三哈希值和第四哈希值相同,则说明业务证书合法,若第三哈希值和第四哈希值不相同,则说明业务证书非法。Finally, if the device CA certificate is a legal device CA certificate, the service server decrypts the service certificate according to the public key carried by the device CA certificate to obtain the third hash value, and then, according to the hash algorithm carried by the service certificate, The business certificate performs a hash operation to obtain the fourth hash value. The business server judges whether the third hash value and the fourth hash value are the same. If the third hash value and the fourth hash value are the same, the business certificate is valid. If the third hash value and the fourth hash value are not The same means that the business certificate is illegal.
需要说明的是,上述对证书进行哈希运算指对证书中的一个或多个属性信息进行哈希运算。It should be noted that the above-mentioned hash operation on the certificate refers to the hash operation on one or more attribute information in the certificate.
212、业务服务器判断业务证书是否为待识别APP的业务证书,若业务证书是待识别APP的业务证书,则执行步骤213;若业务证书不是待识别APP的业务证书,则执行步骤215。212. The service server judges whether the service certificate is the service certificate of the APP to be recognized. If the service certificate is the service certificate of the APP to be recognized, step 213 is executed; if the service certificate is not the service certificate of the APP to be recognized, step 215 is executed.
若证书链合法,则本步骤中,业务服务器根据证书链中的业务证书携带的公钥,解密签名数据,得到第二随机数,然后,业务服务器判断该第二随机数和步骤205中发送的第一随机数是否相同,若第一随机数和第二随机数相同,则业务服务器确定业务证书是待识别APP自身的业务证书;若第一随机数和第二随机数不相同,则业务服务器确定业务证书不是待识别APP的业务证书。If the certificate chain is valid, in this step, the service server decrypts the signature data according to the public key carried in the service certificate in the certificate chain to obtain the second random number. Then, the service server determines the second random number and the value sent in step 205 Whether the first random number is the same, if the first random number and the second random number are the same, the service server determines that the service certificate is the service certificate of the APP to be identified; if the first random number and the second random number are not the same, the service server Make sure that the service certificate is not the service certificate of the APP to be identified.
213、业务服务器根据包名和第一签名证书指纹,判断待识别APP是否为仿冒APP,若待识别APP不是仿冒APP,则执行步骤214;若待识别APP是仿冒APP,则执行步骤215。213. The service server determines whether the APP to be identified is a counterfeit APP according to the package name and the fingerprint of the first signature certificate. If the APP to be identified is not a counterfeit APP, execute step 214; if the APP to be identified is a counterfeit APP, execute step 215.
本申请实施例中,每个APP具有一个包名和一个签名证书指纹。以安卓APP为例,研发人员开发出APP后,打包生成安卓安装包(android package,APK)时,都会对apk文件进行签名,通过该签名机制来保证apk文件的合法性以及app的唯一性,以便后期的app升级等。APP被发布时研发人员在业务服务器注册,将包名和签名证书指纹的对应关系存储在业务服务器上。In the embodiment of this application, each APP has a package name and a signature certificate fingerprint. Take the Android APP as an example. After the R&D staff develops the APP, they will sign the apk file when packaging and generating the Android package (APK). The signature mechanism is used to ensure the legality of the apk file and the uniqueness of the app. For later app upgrades, etc. When the APP is released, the R&D personnel register on the service server, and store the correspondence between the package name and the fingerprint of the signature certificate on the service server.
若步骤209中,业务服务器确定出业务证书为终端设备为待识别APP签发的业务证书,则本步骤中,业务服务器根据待识别APP的包名,确定第二签名证书指纹,判断所述第一签名证书指纹和所述第二签名证书指纹是否相同;若第一签名证书指纹和第二签名证书指纹不相同,则业务服务器确定待识别APP为仿冒APP;若第一签名证书指纹和第二签名证书指纹相同,则业务服务器确定待识别APP为正版APP。If in step 209, the service server determines that the service certificate is a service certificate issued by the terminal device for the APP to be recognized, then in this step, the service server determines the second signature certificate fingerprint according to the package name of the APP to be recognized, and judges the first Whether the fingerprint of the signature certificate and the fingerprint of the second signature certificate are the same; if the fingerprint of the first signature certificate and the fingerprint of the second signature certificate are not the same, the service server determines that the APP to be identified is a counterfeit APP; if the fingerprint of the first signature certificate and the second signature If the certificate fingerprints are the same, the service server determines that the APP to be identified is a genuine APP.
214、业务服务器向终端设备发送识别结果,该识别结果用于指示待识别APP为正版APP,并与终端设备针对待识别APP进行业务交互。214. The service server sends a recognition result to the terminal device, where the recognition result is used to indicate that the APP to be recognized is a genuine APP, and performs business interaction with the terminal device for the APP to be recognized.
215、业务服务器向终端设备发送识别结果,该识别结果用于指示待识别APP为仿冒APP,并拒绝与终端设备针对待识别APP进行业务交互。215. The service server sends a recognition result to the terminal device, where the recognition result is used to indicate that the APP to be recognized is a counterfeit APP, and refuses to conduct business interaction with the terminal device for the APP to be recognized.
需要说明的是,上述图4实施例中,是以业务服务器上部署可信根证书集合、证 书链中的证书包含根证书、设备CA证书和业务证书为例对上述的仿冒APP识别方法进行详细说明的,然而,本申请实施例并不限制,在其他可行的实现方式中,业务服务器上也可以部署设备CA证书,此时,证书链中的证书仅包括设备CA证书和业务证书。It should be noted that, in the above embodiment in FIG. 4, a set of trusted root certificates is deployed on the business server, and the certificates in the certificate chain include root certificates, device CA certificates, and business certificates as examples to describe the counterfeit APP identification method in detail. As explained, however, the embodiments of this application are not limited. In other feasible implementation manners, the device CA certificate may also be deployed on the service server. In this case, the certificates in the certificate chain only include the device CA certificate and the service certificate.
下面,以业务服务器为用户提供数据转发服务、业务服务器对应的正版APP通过业务服务器向其他用户分享数据为例,对上述的仿冒APP识别方法进行详细说明。示例性的,可参见图6。In the following, taking the business server to provide users with data forwarding services and the genuine APP corresponding to the business server to share data with other users through the business server as an example, the above counterfeit APP identification method will be described in detail. For example, see Figure 6.
图6是本申请实施例提供的仿冒APP识别方法中仿冒检测通过场景示意图。本实施例包括:Fig. 6 is a schematic diagram of a passing scenario of counterfeit detection in a counterfeit APP identification method provided by an embodiment of the present application. This embodiment includes:
301、业务服务器上注册正版APP。301. Register a genuine APP on the business server.
本步骤中,正版APP被发布时,研发人员在业务服务器上对该正版APP进行注册,业务服务器存储正版APP的包名、签名证书指纹以及包名和签名证书指纹的对应关系。例如,正版APP的包名为com.xxx.app1,签名证书指纹为111111。其中,包名位于安装包的一个文件中,如androidManifest.xml文件中;签名证书指纹存储在安装包的签名证书中。虽然大部分APP被安装到终端设备上后,都会删除安装包,但是在APP被卸载之前,终端设备可以从REE操作系统获取到包名和签名证书。In this step, when the genuine APP is released, the R&D personnel register the genuine APP on the business server, and the business server stores the package name of the genuine APP, the fingerprint of the signature certificate, and the correspondence between the package name and the fingerprint of the signature certificate. For example, the package name of a genuine APP is com.xxx.app1, and the fingerprint of the signature certificate is 111111. Among them, the package name is located in a file of the installation package, such as the androidManifest.xml file; the signature certificate fingerprint is stored in the signature certificate of the installation package. Although most APPs are installed on the terminal device, the installation package will be deleted, but before the APP is uninstalled, the terminal device can obtain the package name and signature certificate from the REE operating system.
302、终端设备上安装待识别APP。302. Install the APP to be identified on the terminal device.
该待识别APP的包名与正版APP的包名相同,但是终端设备并不知道该待识别APP是正版APP还是仿冒APP。当待识别APP为正版APP时,终端设备确定出待识别APP的签名证书指纹为111111;当待识别APP为仿冒APP时,开发者无法获取到正版APP的签名证书指纹,因此,该待识别APP的签名证书指纹与正版APP的签名证书指纹不同,例如为222222。The package name of the APP to be identified is the same as the package name of the genuine APP, but the terminal device does not know whether the APP to be identified is a genuine APP or a counterfeit APP. When the APP to be identified is a genuine APP, the terminal device determines that the signature certificate fingerprint of the APP to be identified is 111111; when the APP to be identified is a counterfeit APP, the developer cannot obtain the signature certificate fingerprint of the genuine APP, therefore, the APP to be identified The signature certificate fingerprint of is different from the signature certificate fingerprint of the genuine APP, for example, 222222.
303、终端设备利用设备CA证书为待识别APP签发业务证书。303. The terminal device uses the device CA certificate to issue a service certificate for the APP to be identified.
其中,业务证书包含待识别APP的包名和第一签名证书指纹。Among them, the service certificate includes the package name of the APP to be identified and the fingerprint of the first signature certificate.
304、终端设备针对待识别APP向业务服务器发起建链请求。304. The terminal device initiates a link establishment request to the service server for the APP to be identified.
305、业务服务器向终端设备发送第一随机数。305. The service server sends the first random number to the terminal device.
306、终端设备向业务服务器发送签名数据和证书链。306. The terminal device sends the signature data and the certificate chain to the service server.
本步骤中,终端设备利用业务证书的私钥对第一随机数进行加密,得到签名数据后,将证书链和签名数据发送给业务服务器。In this step, the terminal device uses the private key of the service certificate to encrypt the first random number, and after obtaining the signature data, sends the certificate chain and the signature data to the service server.
307、业务服务器验证证书链中的证书是否合法,若证书链合法,则确定业务证书是否为APP的业务证书,若业务证书是待识别APP的业务证书,则判断APP是否为仿冒APP。307. The service server verifies whether the certificate in the certificate chain is legal. If the certificate chain is legal, it determines whether the service certificate is the service certificate of the APP. If the service certificate is the service certificate of the APP to be identified, it judges whether the APP is a counterfeit APP.
本步骤中,业务服务器首先通过证书链验证证书链中的各个证书是否合法,以及业务证书是否是APP自身的业务证书呢。若证书链中的各个业务证书合法,且业务证书是APP自身的业务证书,则业务服务器从业务证书中获取待识别APP的包名和第一签名证书指纹,根据包名确定出第二签名证书指纹,最后校验第一签名证书指纹和业务服务器上的预先存储的第二签名证书指纹是否相同,若相同,则确定待识别APP为正版APP,若不相同,则认为待识别APP为仿冒APP。例如,若本步骤中,第二签名证书指纹为111111,该第一签名证书指纹与终端设备从待识别APP的安装包里获 取到的第一签名证书指纹相同,则业务服务器认为待识别APP为正版APP。再如,若本步骤中,第二签名证书指纹为222222,该第一签名证书指纹与终端设备从待识别APP的安装包里获取到的第一签名证书指纹不相同,则业务服务器认为待识别APP为仿冒APP。In this step, the service server first verifies whether each certificate in the certificate chain is legal through the certificate chain, and whether the service certificate is the APP's own service certificate. If each service certificate in the certificate chain is legal and the service certificate is the APP's own service certificate, the service server obtains the package name of the app to be identified and the fingerprint of the first signature certificate from the service certificate, and determines the second signature certificate fingerprint based on the package name Finally, verify whether the fingerprint of the first signature certificate and the fingerprint of the second signature certificate stored in advance on the service server are the same. If they are the same, it is determined that the APP to be identified is a genuine APP; if they are not the same, the APP to be identified is considered to be a counterfeit APP. For example, if the second signature certificate fingerprint is 111111 in this step, and the first signature certificate fingerprint is the same as the first signature certificate fingerprint obtained by the terminal device from the installation package of the APP to be identified, the service server considers the APP to be identified as Genuine APP. For another example, if the fingerprint of the second signature certificate is 222222 in this step, and the fingerprint of the first signature certificate is different from the fingerprint of the first signature certificate obtained by the terminal device from the installation package of the APP to be identified, the service server considers the fingerprint to be identified APP is a counterfeit APP.
图7为本申请实施例提供的一种服务器的结构示意图。该服务器100可以包括:FIG. 7 is a schematic structural diagram of a server provided by an embodiment of the application. The server 100 may include:
发送器11,用于向终端设备发送第一随机数;The transmitter 11 is configured to send the first random number to the terminal device;
接收器12,用于接收终端设备发送的证书链和签名数据,所述证书链中的证书包括待识别应用程序APP的业务证书,所述业务证书携带所述待识别APP的包名和所述待识别APP的第一签名证书指纹,所述签名数据是所述终端设备利用所述业务证书对应的私钥对所述第一随机数进行加密得到的;The receiver 12 is configured to receive a certificate chain and signature data sent by a terminal device. The certificate in the certificate chain includes the service certificate of the application to be identified, and the service certificate carries the package name of the APP to be identified and the Identifying the fingerprint of the first signature certificate of the APP, the signature data is obtained by encrypting the first random number by the terminal device using the private key corresponding to the service certificate;
处理器13,用于根据所述证书链和所述签名数据,判断所述业务证书是否为所述待识别APP的业务证书;若所述业务证书是所述待识别APP的业务证书,则根据所述包名和所述第一签名证书指纹,判断所述待识别APP是否为仿冒APP。The processor 13 is configured to determine, according to the certificate chain and the signature data, whether the service certificate is the service certificate of the APP to be identified; if the service certificate is the service certificate of the APP to be identified, then The package name and the fingerprint of the first signature certificate are used to determine whether the APP to be identified is a counterfeit APP.
一种可行的实现方式中,所述处理器13,用于判断所述证书链中的证书是否合法,若所述证书链中的证书合法,则根据所述证书链中的业务证书携带的公钥,解密所述签名数据,得到第二随机数;判断所述第一随机数与所述第二随机数是否相同,若所述第一随机数和所述第二随机数相同,则确定所述业务证书为所述待识别APP的业务证书;若所述第一随机数和所述第二随机数不相同,则确定所述业务证书不是所述待识别APP的业务证书。In a feasible implementation manner, the processor 13 is configured to determine whether the certificate in the certificate chain is legal, and if the certificate in the certificate chain is legal, then according to the public certificate carried in the business certificate in the certificate chain. Key, decrypt the signature data to obtain a second random number; determine whether the first random number is the same as the second random number, and if the first random number is the same as the second random number, determine all The service certificate is the service certificate of the APP to be identified; if the first random number and the second random number are not the same, it is determined that the service certificate is not the service certificate of the APP to be identified.
一种可行的实现方式中,所述证书链中的证书还包含所述终端设备的根证书、设备认证授权CA证书,所述处理器13,用于确定预先部署的可信任的根证书集合中,是否存在所述证书链中的根证书,若所述根证书集合中存在所述证书链中的根证书,则利用所述根证书携带的公钥,解密所述证书链包含的所述设备CA证书,得到第一哈希值,根据所述设备CA证书携带的哈希算法,对所述设备CA证书进行哈希运算,得到第二哈希值,若所述第一哈希值和所述第二哈希值相同,则确定所述设备CA证书为合法证书,并根据所述设备CA证书携带的公钥,解密所述业务证书,得到第三哈希值,根据所述业务证书携带的哈希算法,对所述业务证书进行哈希运算,得到第四哈希值,若所述第三哈希值和所述第四哈希值相同,则确定所述业务证书为合法证书。In a feasible implementation manner, the certificate in the certificate chain further includes the root certificate of the terminal device and the device certification authority CA certificate, and the processor 13 is configured to determine the set of pre-deployed trusted root certificates , Whether there is a root certificate in the certificate chain, if there is a root certificate in the certificate chain in the root certificate set, use the public key carried by the root certificate to decrypt the device included in the certificate chain CA certificate to obtain a first hash value, and perform a hash operation on the device CA certificate according to the hash algorithm carried in the device CA certificate to obtain a second hash value, if the first hash value is If the second hash value is the same, it is determined that the device CA certificate is a legal certificate, and the service certificate is decrypted according to the public key carried in the device CA certificate to obtain the third hash value, which is carried according to the service certificate. The hash algorithm for performing a hash operation on the business certificate to obtain a fourth hash value, and if the third hash value is the same as the fourth hash value, it is determined that the business certificate is a legal certificate.
一种可行的实现方式中,所述证书链中的证书还包含所述终端设备的设备授权CA证书,所述处理器13,用于确定预先部署的可信任的CA证书集合中,是否存在所述证书链中的设备CA证书,若所述CA证书集合中存在所述证书链中的设备CA证书,则利用所述可信任设备CA证书携带的公钥,解密业务证书,得到第三哈希值,根据所述业务证书携带的哈希算法,对所述业务证书进行哈希运算,得到第四哈希值,若所述第三哈希值和所述第四哈希值相同,则确定所述业务证书为合法证书。In a feasible implementation manner, the certificate in the certificate chain also includes the device authorization CA certificate of the terminal device, and the processor 13 is configured to determine whether all of the pre-deployed trusted CA certificate sets exist. The device CA certificate in the certificate chain, if the device CA certificate in the certificate chain exists in the CA certificate set, use the public key carried in the trusted device CA certificate to decrypt the service certificate to obtain the third hash Value, perform a hash operation on the service certificate according to the hash algorithm carried in the service certificate to obtain a fourth hash value, and if the third hash value is the same as the fourth hash value, determine The business certificate is a legal certificate.
一种可行的实现方式中,所述处理器13,用于若所述业务证书是所述待识别APP的业务证书,则根据所述包名和所述第一签名证书指纹,判断所述待识别APP是否为仿冒APP,包括:若所述业务证书是所述待识别APP的业务证书,则根据所述包名,确定第二签名证书指纹,存储所述包名与所述第二签名证书指纹的对应关系,判断所 述第一签名证书指纹和所述第二签名证书指纹是否相同,若所述第一签名证书指纹和所述第二签名证书指纹不相同,则确定所述待识别APP为仿冒APP。In a feasible implementation manner, the processor 13 is configured to, if the service certificate is the service certificate of the APP to be identified, judge the to-be-identified app according to the package name and the fingerprint of the first signature certificate Whether the APP is a counterfeit APP, including: if the service certificate is the service certificate of the APP to be identified, determining the second signature certificate fingerprint according to the package name, and storing the package name and the second signature certificate fingerprint To determine whether the fingerprint of the first signature certificate and the fingerprint of the second signature certificate are the same. If the fingerprint of the first signature certificate and the fingerprint of the second signature certificate are not the same, it is determined that the APP to be identified is Counterfeit APP.
一种可行的实现方式中,所述服务器为业务服务器或设备CA服务器。In a feasible implementation manner, the server is a business server or a device CA server.
本申请实施例提供的服务器,其实现原理和技术效果可参见上述方法实施例,在此不再赘述。For the implementation principles and technical effects of the server provided in the embodiment of the present application, reference may be made to the foregoing method embodiment, which will not be repeated here.
图8为本申请实施例提供的一种终端设备的结构示意图。该终端设备200可以包括:FIG. 8 is a schematic structural diagram of a terminal device provided by an embodiment of the application. The terminal device 200 may include:
发送器21,用于向服务器发送待识别应用程序APP与所述服务器建立链接的请求消息;The sender 21 is configured to send to the server a request message for establishing a link between the application APP to be identified and the server;
接收器22,用于接收所述服务器发送的验证所述待识别APP的验证消息,所述验证消息包含第一随机数;The receiver 22 is configured to receive a verification message sent by the server for verifying the APP to be identified, where the verification message includes a first random number;
所述发送器21,还用于向所述服务器发送证书链以及签名数据,所述签名数据为经过所述待识别APP对应的私钥对所述第一随机数加密得到;The transmitter 21 is further configured to send a certificate chain and signature data to the server, where the signature data is obtained by encrypting the first random number with the private key corresponding to the APP to be identified;
所述接收器22,还用于接收所述服务器根据所述证书链和所述签名数据对所述待识别APP进行验证是否是仿冒APP的结果。The receiver 22 is further configured to receive the result of the server verifying whether the APP to be identified is a counterfeit APP according to the certificate chain and the signature data.
一种可行的实现方式中,所述证书链包含所述待识别APP的业务证书,所述业务证书携带所述待识别APP的包名和所述待识别APP的第一签名证书指纹,所述接收器22,用于接收所述服务器将将所述APP的包名注册时对应的第二签证证书指纹与所述第一签名证书指纹进行匹配得到的仿冒识别结果;若匹配成功,则所述仿冒结果指示所述APP不为仿冒APP,或者,若匹配失败,则所述仿冒识别结果指示所述APP为仿冒APP。In a feasible implementation manner, the certificate chain includes a service certificate of the APP to be identified, and the service certificate carries the package name of the APP to be identified and the fingerprint of the first signature certificate of the APP to be identified, and the receiving The device 22 is configured to receive the counterfeit identification result obtained by the server matching the fingerprint of the second visa certificate corresponding to the package name registration of the APP with the fingerprint of the first signature certificate; if the matching is successful, the counterfeit The result indicates that the APP is not a counterfeit APP, or if the matching fails, the counterfeit recognition result indicates that the APP is a counterfeit APP.
再请参照图8,一种可行的实现方式中,所述终端设备100还包括:处理器23,用于在所述发送器21向所述服务器发送证书链以及签名数据之前,利用设备CA证书为所述待识别APP签发所述业务证书,所述业务证书的内容包含所述待识别APP的包名和所述待识别APP的第一签名证书指纹。8 again, in a possible implementation manner, the terminal device 100 further includes: a processor 23, configured to use the device CA certificate before the transmitter 21 sends the certificate chain and signature data to the server The service certificate is issued for the APP to be identified, and the content of the service certificate includes the package name of the APP to be identified and the fingerprint of the first signature certificate of the APP to be identified.
一种可行的实现方式中,所述业务证书为所述终端设备的证书管理服务生成和管理,所述证书管理服务位于所述终端设备的系统的框架Framework层。In a feasible implementation manner, the service certificate is generated and managed for the certificate management service of the terminal device, and the certificate management service is located in the framework layer of the system of the terminal device.
一种可行的实现方式中,所述业务证书还包括所述待识别APP的公钥,所述公钥与对所述第一随机数进行加密的私钥对应。In a feasible implementation manner, the service certificate further includes a public key of the APP to be identified, and the public key corresponds to a private key that encrypts the first random number.
一种可行的实现方式中,所述终端设备的操作系统包括富执行环境REE操作系统和可信执行环境TEE操作系统,所述发送器21,用于通过运行在所述REE操作系统上的客户应用CA,向运行在所述TEE操作系统上的可信应用TA发送业务证书申请请求消息;In a feasible implementation manner, the operating system of the terminal device includes a rich execution environment REE operating system and a trusted execution environment TEE operating system, and the transmitter 21 is used to pass a client running on the REE operating system The application CA sends a service certificate application request message to the trusted application TA running on the TEE operating system;
所述处理器23,用于控制所述TA利用所述设备CA证书为所述待识别APP签发所述业务证书。The processor 23 is configured to control the TA to use the device CA certificate to issue the service certificate for the APP to be identified.
图9为本申请实施例提供的另一种服务器的结构示意图。该服务器300可以包括:处理器31、收发器32和存储器33;所述收发器32,用于发送和接收数据;所述存储器33,用于存储指令;所述处理器31,用于指示所述存储器33中的所述指令,使得所述服务器执行如上应用于服务器的仿冒APP识别方法。Fig. 9 is a schematic structural diagram of another server provided by an embodiment of the application. The server 300 may include: a processor 31, a transceiver 32, and a memory 33; the transceiver 32 is used to send and receive data; the memory 33 is used to store instructions; the processor 31 is used to instruct The instructions in the memory 33 cause the server to execute the counterfeit APP identification method applied to the server as described above.
图10为本申请实施例提供的另一种终端设备的结构示意图。该终端设备400可以包 括:处理器41、收发器42和存储器43;所述收发器42,用于发送和接收数据;所述存储器43,用于存储指令;所述处理器41,用于指示所述存储器43中的所述指令,使得所述终端设备执行如上应用于终端设备的仿冒APP识别方法。FIG. 10 is a schematic structural diagram of another terminal device provided by an embodiment of this application. The terminal device 400 may include: a processor 41, a transceiver 42, and a memory 43; the transceiver 42 is used to send and receive data; the memory 43 is used to store instructions; the processor 41 is used to instruct The instructions in the memory 43 cause the terminal device to execute the counterfeit APP identification method applied to the terminal device as described above.
图11为本申请实施例提供的一种方面APP识别系统的架构示意图。请参照图9,本实施例提供的仿冒APP识别系统1000,包括如图7所述的服务器100,和至少一个如图8所述的终端设备200。FIG. 11 is a schematic structural diagram of an APP identification system according to an embodiment of the application. Referring to FIG. 9, the counterfeit APP identification system 1000 provided in this embodiment includes a server 100 as shown in FIG. 7 and at least one terminal device 200 as shown in FIG. 8.
另外,在上述仿冒APP识别方法的基础上,本申请实施例还提供:In addition, on the basis of the above-mentioned counterfeit APP identification method, the embodiments of this application also provide:
一种计算机可读存储介质,该计算机可读存储介质上存储有计算机程序,在所述计算机程序被处理器执行时,执行如上应用于服务器的仿冒APP识别方法。A computer-readable storage medium with a computer program stored on the computer-readable storage medium, and when the computer program is executed by a processor, the counterfeit APP identification method applied to the server as above is executed.
一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,在所述计算机程序被处理器执行时,执行如上应用于终端设备的仿冒APP识别方法。A computer-readable storage medium in which a computer program is stored, and when the computer program is executed by a processor, the counterfeit APP identification method applied to a terminal device as described above is executed.
一种芯片,所述芯片上存储有计算机程序,在所述计算机程序被处理器执行时,执行如上应用于服务器的仿冒APP识别方法。A chip with a computer program stored on the chip, and when the computer program is executed by a processor, the counterfeit APP identification method applied to the server as described above is executed.
一种芯片,所述芯片上存储有计算机程序,在所述计算机程序被处理器执行时,执行如上应用于终端设备的仿冒APP识别方法。A chip with a computer program stored on the chip, and when the computer program is executed by a processor, the counterfeit APP identification method applied to a terminal device as described above is executed.
上述本申请提供的实施例中,主要从终端设备和服务器之间交互的角度对本申请实施例提供的方法进行了介绍。可以理解的是,终端设备、服务器为了实现上述本申请实施例提供的方法中的各功能,终端设备和服务器包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的算法步骤,本申请能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。In the above-mentioned embodiments provided in the present application, the method provided in the embodiments of the present application is mainly introduced from the perspective of interaction between the terminal device and the server. It can be understood that, in order for the terminal device and the server to implement each function in the method provided in the above embodiments of the present application, the terminal device and the server include hardware structures and/or software modules corresponding to each function. Those skilled in the art should easily realize that in combination with the algorithm steps of the examples described in the embodiments disclosed herein, the present application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is executed by hardware or computer software-driven hardware depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
本申请实施例可以根据上述方法示例对终端设备、服务器进行功能模块的划分,例如,可以对应各个功能划分各个功能模块,也可以将两个或两个以上的功能集成在一个处理模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。需要说明的是,本申请实施例中对模块的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。The embodiment of the present application may divide the terminal device and the server into functional modules according to the foregoing method examples. For example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The above-mentioned integrated modules can be implemented in the form of hardware or software functional modules. It should be noted that the division of modules in the embodiments of the present application is illustrative, and is only a logical function division, and there may be other division methods in actual implementation.
本文中的术语“多个”是指两个或两个以上。本文中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系;在公式中,字符“/”,表示前后关联对象是一种“相除”的关系。The term "plurality" herein refers to two or more. The term "and/or" in this article is only an association relationship describing associated objects, which means that there can be three relationships, for example, A and/or B, which can mean: A alone exists, A and B exist at the same time, exist alone B these three situations. In addition, the character "/" in this article generally indicates that the associated objects before and after are in an "or" relationship; in the formula, the character "/" indicates that the associated objects before and after are in a "division" relationship.
可以理解的是,在本申请的实施例中涉及的各种数字编号仅为描述方便进行的区分,并不用来限制本申请的实施例的范围。It can be understood that the various numerical numbers involved in the embodiments of the present application are only for easy distinction for description, and are not used to limit the scope of the embodiments of the present application.
可以理解的是,在本申请的实施例中,上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请的实施例的实施过程构成任何限定。It can be understood that, in the embodiments of the present application, the size of the sequence numbers of the foregoing processes does not mean the order of execution. The execution order of each process should be determined by its function and internal logic, and should not be implemented in this application. The implementation process of the example constitutes any limitation.
可以理解的是,在本申请的实施例中,存储器可以是非易失性存储器,比如硬盘(hard disk drive,HDD)或固态硬盘(solid-state drive,SSD)等,还可以是易失性存储 器(volatile memory),例如随机存取存储器(random-access memory,RAM)。存储器是能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。本申请实施例中的存储器还可以是电路或者其它任意能够实现存储功能的装置,用于存储程序指令和/或数据。It is understandable that, in the embodiment of the present application, the memory may be a non-volatile memory, such as a hard disk drive (HDD) or a solid-state drive (SSD), etc., or a volatile memory. (volatile memory), such as random-access memory (random-access memory, RAM). The memory is any other medium that can be used to carry or store desired program codes in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto. The memory in the embodiments of the present application may also be a circuit or any other device capable of realizing a storage function, for storing program instructions and/or data.
通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将装置的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。Through the description of the above embodiments, those skilled in the art can clearly understand that for the convenience and brevity of the description, only the division of the above-mentioned functional modules is used as an example for illustration. In practical applications, the above-mentioned functions can be allocated as needed. It is completed by different functional modules, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above.
在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个装置,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed device and method may be implemented in other ways. For example, the device embodiments described above are merely illustrative. For example, the division of the modules or units is only a logical function division. In actual implementation, there may be other division methods, for example, multiple units or components may be It can be combined or integrated into another device, or some features can be omitted or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是一个物理单元或多个物理单元,即可以位于一个地方,或者也可以分布到多个不同地方。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate parts may or may not be physically separate. The parts displayed as units may be one physical unit or multiple physical units, that is, they may be located in one place, or they may be distributed to multiple different places. . Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, the functional units in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
本申请实施例提供的方法中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、服务器、终端或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(digital subscriber line,DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机可以存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质(例如,软盘、硬盘、磁带)、光介质(例如,数字视频光盘(digital video disc,DVD))、或者半导体介质(例如,SSD)等。The methods provided in the embodiments of the present application may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented by software, it can be implemented in the form of a computer program product in whole or in part. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions described in the embodiments of the present application are generated in whole or in part. The computer may be a general-purpose computer, a special-purpose computer, a computer network, a server, a terminal, or other programmable devices. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from a website, computer, server, or data center. Transmission to another website, computer, server or data center via wired (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or data center integrated with one or more available media. The usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, a magnetic tape), an optical medium (for example, a digital video disc (digital video disc, DVD)), or a semiconductor medium (for example, SSD).
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何在本申请揭露的技术范围内的变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。The above are only specific implementations of this application, but the protection scope of this application is not limited to this. Any change or replacement within the technical scope disclosed in this application shall be covered by the protection scope of this application . Therefore, the protection scope of this application should be subject to the protection scope of the claims.

Claims (18)

  1. 一种仿冒APP识别方法,其特征在于,包括:A method for identifying counterfeit APP, which is characterized in that it includes:
    服务器向终端设备发送第一随机数;The server sends the first random number to the terminal device;
    所述服务器接收终端设备发送的证书链和签名数据,所述证书链中的证书包括待识别应用程序APP的业务证书,所述业务证书携带所述待识别APP的包名和所述待识别APP的第一签名证书指纹,所述签名数据是所述终端设备利用所述业务证书对应的私钥对所述第一随机数进行加密得到的;The server receives the certificate chain and signature data sent by the terminal device. The certificate in the certificate chain includes the service certificate of the application to be identified, and the service certificate carries the package name of the APP to be identified and the name of the APP to be identified. A fingerprint of the first signature certificate, where the signature data is obtained by encrypting the first random number by the terminal device using the private key corresponding to the service certificate;
    所述服务器根据所述证书链和所述签名数据,判断所述业务证书是否为所述待识别APP的业务证书;The server determines whether the service certificate is the service certificate of the APP to be identified according to the certificate chain and the signature data;
    若所述业务证书是所述待识别APP的业务证书,则所述服务器根据所述包名和所述第一签名证书指纹,判断所述待识别APP是否为仿冒APP。If the service certificate is the service certificate of the APP to be identified, the server determines whether the APP to be identified is a counterfeit APP according to the package name and the fingerprint of the first signature certificate.
  2. 根据权利要求1所述的方法,其特征在于,所述服务器根据所述证书链和所述签名数据,判断所述业务证书是否为所述待识别APP的业务证书,包括:The method according to claim 1, wherein the server judging whether the service certificate is the service certificate of the APP to be identified according to the certificate chain and the signature data comprises:
    所述服务器判断所述证书链中的证书是否合法;The server judges whether the certificate in the certificate chain is legal;
    若所述证书链中的证书合法,所述服务器根据所述证书链中的业务证书携带的公钥,解密所述签名数据,得到第二随机数;If the certificate in the certificate chain is valid, the server decrypts the signature data according to the public key carried in the service certificate in the certificate chain to obtain a second random number;
    所述服务器判断所述第一随机数与所述第二随机数是否相同;The server judges whether the first random number is the same as the second random number;
    若所述第一随机数和所述第二随机数相同,则所述服务器确定所述业务证书为所述待识别APP的业务证书;If the first random number and the second random number are the same, the server determines that the service certificate is the service certificate of the APP to be identified;
    若所述第一随机数和所述第二随机数不相同,则所述服务器确定所述业务证书不是所述待识别APP的业务证书。If the first random number and the second random number are not the same, the server determines that the service certificate is not the service certificate of the APP to be identified.
  3. 根据权利要求1或2所述的方法,其特征在于,所述证书链中的证书还包含所述终端设备的根证书、设备认证授权CA证书,所述服务器判断所述证书链中的证书是否合法,包括:The method according to claim 1 or 2, wherein the certificate in the certificate chain further includes the root certificate of the terminal device and the device certification authority CA certificate, and the server determines whether the certificate in the certificate chain is Legal, including:
    所述服务器确定预先部署的可信任的根证书集合中,是否存在所述证书链中的根证书;The server determines whether there is a root certificate in the certificate chain in the set of pre-deployed trusted root certificates;
    若所述根证书集合中存在所述证书链中的根证书,则所述服务器利用所述根证书携带的公钥,解密所述证书链包含的所述设备CA证书,得到第一哈希值;If the root certificate in the certificate chain exists in the root certificate set, the server uses the public key carried in the root certificate to decrypt the device CA certificate included in the certificate chain to obtain the first hash value ;
    所述服务器根据所述设备CA证书携带的哈希算法,对所述设备CA证书进行哈希运算,得到第二哈希值;The server performs a hash operation on the device CA certificate according to the hash algorithm carried in the device CA certificate to obtain a second hash value;
    若所述第一哈希值和所述第二哈希值相同,则所述服务器确定所述设备CA证书为合法证书,并根据所述设备CA证书携带的公钥,解密所述业务证书,得到第三哈希值;If the first hash value and the second hash value are the same, the server determines that the device CA certificate is a valid certificate, and decrypts the service certificate according to the public key carried in the device CA certificate, Get the third hash value;
    所述服务器根据所述业务证书携带的哈希算法,对所述业务证书进行哈希运算,得到第四哈希值;The server performs a hash operation on the service certificate according to the hash algorithm carried in the service certificate to obtain a fourth hash value;
    若所述第三哈希值和所述第四哈希值相同,则所述服务器确定所述业务证书为合法证书。If the third hash value and the fourth hash value are the same, the server determines that the service certificate is a legal certificate.
  4. 根据权利要求1或2所述的方法,其特征在于,所述证书链中的证书还包含所述终端设备的设备授权CA证书,所述服务器判断所述证书链中的证书是否合法,包 括:The method according to claim 1 or 2, wherein the certificate in the certificate chain further includes the device authorization CA certificate of the terminal device, and the server determines whether the certificate in the certificate chain is legal, including:
    所述服务器确定预先部署的可信任的CA证书集合中,是否存在所述证书链中的设备CA证书;The server determines whether the device CA certificate in the certificate chain exists in the set of pre-deployed trusted CA certificates;
    若所述CA证书集合中存在所述证书链中的设备CA证书,则所述服务器利用所述可信任设备CA证书携带的公钥,解密业务证书,得到第三哈希值;If the device CA certificate in the certificate chain exists in the CA certificate set, the server uses the public key carried in the trusted device CA certificate to decrypt the service certificate to obtain a third hash value;
    所述服务器根据所述业务证书携带的哈希算法,对所述业务证书进行哈希运算,得到第四哈希值;The server performs a hash operation on the service certificate according to the hash algorithm carried in the service certificate to obtain a fourth hash value;
    若所述第三哈希值和所述第四哈希值相同,则所述服务器确定所述业务证书为合法证书。If the third hash value and the fourth hash value are the same, the server determines that the service certificate is a legal certificate.
  5. 根据权利要求1~4任一项所述的方法,其特征在于,若所述业务证书是所述待识别APP的业务证书,则所述服务器根据所述包名和所述第一签名证书指纹,判断所述待识别APP是否为仿冒APP,包括:The method according to any one of claims 1 to 4, wherein if the service certificate is the service certificate of the APP to be identified, the server uses the package name and the fingerprint of the first signature certificate, Determining whether the APP to be identified is a counterfeit APP includes:
    若所述业务证书是所述待识别APP的业务证书,则所述服务器根据所述包名,确定第二签名证书指纹,所述服务器存储所述包名与所述第二签名证书指纹的对应关系;If the service certificate is the service certificate of the APP to be identified, the server determines the second signature certificate fingerprint according to the package name, and the server stores the correspondence between the package name and the second signature certificate fingerprint relationship;
    所述服务器判断所述第一签名证书指纹和所述第二签名证书指纹是否相同;The server judges whether the fingerprint of the first signature certificate and the fingerprint of the second signature certificate are the same;
    若所述第一签名证书指纹和所述第二签名证书指纹不相同,则所述服务器确定所述待识别APP为仿冒APP。If the fingerprint of the first signature certificate and the fingerprint of the second signature certificate are not the same, the server determines that the APP to be identified is a counterfeit APP.
  6. 一种仿冒应用APP的识别方法,其特征在于,所述方法包括:A method for identifying counterfeit apps, which is characterized in that the method includes:
    终端设备向服务器发送待识别应用程序APP与所述服务器建立链接的请求消息;The terminal device sends a request message for establishing a link between the application APP to be identified and the server to the server;
    所述终端接收所述服务器发送的验证所述待识别APP的验证消息,所述验证消息包含第一随机数;Receiving, by the terminal, a verification message sent by the server for verifying the APP to be identified, where the verification message includes a first random number;
    所述终端设备向所述服务器发送证书链以及签名数据,所述签名数据为经过所述待识别APP对应的私钥对所述第一随机数加密得到;Sending, by the terminal device, a certificate chain and signature data to the server, where the signature data is obtained by encrypting the first random number with the private key corresponding to the APP to be identified;
    所述终端接收所述服务器根据所述证书链和所述签名数据对所述待识别APP进行验证是否是仿冒APP的结果。The terminal receives the result of the server verifying whether the APP to be identified is a counterfeit APP according to the certificate chain and the signature data.
  7. 根据权利要求6所述的方法,其特征在于,所述证书链包含所述待识别APP的业务证书,所述业务证书携带所述待识别APP的包名和所述待识别APP的第一签名证书指纹;所述终端接收所述服务器根据所述证书链和所述签名数据对所述待识别APP进行验证是否是仿冒APP的结果,包括:The method according to claim 6, wherein the certificate chain includes a service certificate of the APP to be recognized, and the service certificate carries the package name of the APP to be recognized and the first signature certificate of the APP to be recognized Fingerprint; the terminal receiving the result of the server verifying whether the APP to be identified is a counterfeit APP according to the certificate chain and the signature data includes:
    所述终端设备接收所述服务器将所述APP的包名注册时对应的第二签证证书指纹与所述第一签名证书指纹进行匹配得到的仿冒识别结果;若匹配成功,则所述仿冒结果指示所述APP不为仿冒APP,或者,若匹配失败,则所述仿冒识别结果指示所述APP为仿冒APP。The terminal device receives the counterfeit identification result obtained by matching the second visa certificate fingerprint corresponding to the package name registration of the APP by the server with the fingerprint of the first signature certificate; if the matching is successful, the counterfeiting result indicates The APP is not a counterfeit APP, or if the matching fails, the counterfeit recognition result indicates that the APP is a counterfeit APP.
  8. 根据权利要求6或7所述的方法,其特征在于,所述终端设备向所述服务器发送证书链以及签名数据之前,还包括:The method according to claim 6 or 7, wherein before the terminal device sends the certificate chain and the signature data to the server, the method further comprises:
    所述终端设备利用设备CA证书为所述待识别APP签发所述业务证书,所述业务证书的内容包含所述待识别APP的包名和所述待识别APP的第一签名证书指纹。The terminal device uses the device CA certificate to issue the service certificate for the APP to be identified, and the content of the service certificate includes the package name of the APP to be identified and the first signature certificate fingerprint of the APP to be identified.
  9. 根据权利要求8所述的方法,其特征在于,所述业务证书为所述终端设备的证书管理服务生成和管理,所述证书管理服务位于所述终端设备的系统的框架 Framework层。The method according to claim 8, wherein the business certificate is generated and managed for the certificate management service of the terminal device, and the certificate management service is located at the framework layer of the system of the terminal device.
  10. 根据权利要求8或9所述的方法,其特征在于,所述业务证书还包括所述待识别APP的公钥,所述公钥与对所述第一随机数进行加密的私钥对应。The method according to claim 8 or 9, wherein the service certificate further includes a public key of the APP to be identified, and the public key corresponds to a private key that encrypts the first random number.
  11. 根据权利要求8~10任一项所述的方法,其特征在于,所述终端设备的操作系统包括富执行环境REE操作系统和可信执行环境TEE操作系统,所述终端设备利用设备CA证书为所述待识别APP签发所述业务证书,包括:The method according to any one of claims 8 to 10, wherein the operating system of the terminal device includes a rich execution environment REE operating system and a trusted execution environment TEE operating system, and the terminal device uses the device CA certificate as The issuance of the service certificate by the APP to be identified includes:
    所述终端设备通过运行在所述REE操作系统上的客户应用CA,向运行在所述TEE操作系统上的可信应用TA发送业务证书申请请求消息;The terminal device sends a service certificate application request message to the trusted application TA running on the TEE operating system through the client application CA running on the REE operating system;
    所述终端设备控制所述TA利用所述设备CA证书为所述待识别APP签发所述业务证书。The terminal device controls the TA to use the device CA certificate to issue the service certificate for the APP to be identified.
  12. 一种服务器,其特征在于,包括:处理器、收发器和存储器;A server, characterized by comprising: a processor, a transceiver and a memory;
    所述收发器,用于发送和接收数据;The transceiver is used to send and receive data;
    所述存储器,用于存储指令;The memory is used to store instructions;
    所述处理器,用于指示所述存储器中的所述指令,使得所述服务器执行如权利要求1~5所述的方法。The processor is configured to instruct the instructions in the memory to enable the server to execute the method according to claims 1 to 5.
  13. 一种终端设备,其特征在于,包括:处理器、收发器和存储器;A terminal device, characterized by comprising: a processor, a transceiver and a memory;
    所述收发器,用于发送和接收数据;The transceiver is used to send and receive data;
    所述存储器,用于存储指令;The memory is used to store instructions;
    所述处理器,用于指示所述存储器中的所述指令,使得所述终端设备执行如权利要求6~11所述的方法。The processor is configured to instruct the instructions in the memory to enable the terminal device to execute the method according to claims 6-11.
  14. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,在所述计算机程序被处理器执行时,执行如权利要求1~5中任一项所述的仿冒APP识别方法。A computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program as described in any one of claims 1 to 5 is executed. Counterfeit APP identification method.
  15. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,在所述计算机程序被处理器执行时,执行如权利要求6~11中任一项所述的仿冒APP识别方法。A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program described in any one of claims 6 to 11 is executed Counterfeit APP identification method.
  16. 一种芯片,其特征在于,所述芯片上存储有计算机程序,在所述计算机程序被处理器执行时,执行如权利要求1~5中任一项所述的仿冒APP识别方法。A chip, characterized in that a computer program is stored on the chip, and when the computer program is executed by a processor, the counterfeit APP identification method according to any one of claims 1 to 5 is executed.
  17. 一种芯片,其特征在于,所述芯片上存储有计算机程序,在所述计算机程序被处理器执行时,执行如权利要求6~11中任一项所述的仿冒APP识别方法。A chip, characterized in that a computer program is stored on the chip, and when the computer program is executed by a processor, the counterfeit APP identification method according to any one of claims 6 to 11 is executed.
  18. 一种仿冒APP识别系统,其特征在于,包括如权利要求12~17任一项所述的服务器,和至少一个如权利要求18~23任一项所述的终端设备。A counterfeit APP identification system, characterized by comprising the server according to any one of claims 12 to 17, and at least one terminal device according to any one of claims 18 to 23.
PCT/CN2019/077311 2019-03-07 2019-03-07 Counterfeit app identification method and apparatus WO2020177116A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201980066172.XA CN112805702A (en) 2019-03-07 2019-03-07 Counterfeit APP identification method and device
PCT/CN2019/077311 WO2020177116A1 (en) 2019-03-07 2019-03-07 Counterfeit app identification method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/077311 WO2020177116A1 (en) 2019-03-07 2019-03-07 Counterfeit app identification method and apparatus

Publications (1)

Publication Number Publication Date
WO2020177116A1 true WO2020177116A1 (en) 2020-09-10

Family

ID=72337231

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/077311 WO2020177116A1 (en) 2019-03-07 2019-03-07 Counterfeit app identification method and apparatus

Country Status (2)

Country Link
CN (1) CN112805702A (en)
WO (1) WO2020177116A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20120090711A (en) * 2011-02-08 2012-08-17 (주)바이너리소프트 System and method for verifying counterfeit or falsification of application for mobile
CN104657634A (en) * 2015-02-28 2015-05-27 百度在线网络技术(北京)有限公司 Method and device for identifying pirate application
CN107480519A (en) * 2017-08-04 2017-12-15 深圳市金立通信设备有限公司 A kind of method and server for identifying risk application
CN108229131A (en) * 2016-12-14 2018-06-29 中国移动通信集团设计院有限公司 Counterfeit APP recognition methods and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103685138B (en) * 2012-08-30 2016-12-21 卓望数码技术(深圳)有限公司 The authentication method of the Android platform application software that mobile interchange is online and system
CN106487511B (en) * 2015-08-27 2020-02-04 阿里巴巴集团控股有限公司 Identity authentication method and device
CN108199830A (en) * 2017-12-22 2018-06-22 沈阳通用软件有限公司 Based on the legal method of the stringent management and control Android application programs of certificate

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20120090711A (en) * 2011-02-08 2012-08-17 (주)바이너리소프트 System and method for verifying counterfeit or falsification of application for mobile
CN104657634A (en) * 2015-02-28 2015-05-27 百度在线网络技术(北京)有限公司 Method and device for identifying pirate application
CN108229131A (en) * 2016-12-14 2018-06-29 中国移动通信集团设计院有限公司 Counterfeit APP recognition methods and device
CN107480519A (en) * 2017-08-04 2017-12-15 深圳市金立通信设备有限公司 A kind of method and server for identifying risk application

Also Published As

Publication number Publication date
CN112805702A (en) 2021-05-14

Similar Documents

Publication Publication Date Title
JP6262278B2 (en) Method and apparatus for storage and computation of access control client
US9864608B2 (en) Client authentication during network boot
US9281949B2 (en) Device using secure processing zone to establish trust for digital rights management
US9867043B2 (en) Secure device service enrollment
CA2616358C (en) Secure software updates
JP2017050875A (en) Mobile apparatus supporting plural access control clients, and corresponding methods
US20080077592A1 (en) method and apparatus for device authentication
US10609070B1 (en) Device based user authentication
US20080189695A1 (en) Updating of Data Instructions
WO2019085531A1 (en) Method and device for network connection authentication
WO2016118523A1 (en) Systems and methods for trusted path secure communication
CN111209558B (en) Internet of things equipment identity authentication method and system based on block chain
JP2011507091A (en) Method and system for managing software applications on mobile computing devices
US11665532B2 (en) Securing private wireless gateways
WO2019071650A1 (en) Method for upgrading application in security element and related device
CN112765684A (en) Block chain node terminal management method, device, equipment and storage medium
JP2017152880A (en) Authentication system, key processing coordination method, and key processing coordination program
CN113614720A (en) Device and method for dynamically configuring access control of trusted application program
TWI469655B (en) Methods and apparatus for large scale distribution of electronic access clients
WO2020177116A1 (en) Counterfeit app identification method and apparatus
CN114143198B (en) Firmware upgrading method
US20220350586A1 (en) Methods of Distributing Software/Firmware Updates
AU2011202785B2 (en) Secure software updates

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19917774

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19917774

Country of ref document: EP

Kind code of ref document: A1