CN102024107A - Application software control platform, developer terminal as well as application software distribution system and method - Google Patents

Application software control platform, developer terminal as well as application software distribution system and method Download PDF

Info

Publication number
CN102024107A
CN102024107A CN2010105491406A CN201010549140A CN102024107A CN 102024107 A CN102024107 A CN 102024107A CN 2010105491406 A CN2010105491406 A CN 2010105491406A CN 201010549140 A CN201010549140 A CN 201010549140A CN 102024107 A CN102024107 A CN 102024107A
Authority
CN
China
Prior art keywords
developer
server
certificate
signature
application
Prior art date
Application number
CN2010105491406A
Other languages
Chinese (zh)
Inventor
加雄伟
Original Assignee
中国联合网络通信集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国联合网络通信集团有限公司 filed Critical 中国联合网络通信集团有限公司
Priority to CN2010105491406A priority Critical patent/CN102024107A/en
Publication of CN102024107A publication Critical patent/CN102024107A/en

Links

Abstract

The invention provides an application software control platform, a developer terminal as well as an application software distribution system and method. The application software control platform comprises a signature server and a developer server, wherein the signature server comprises a developer signature module, and the developer server comprises a developer certificate module, an identity auditing module, an application software auditing module and a software releasing module. The developer terminal comprises an application module, an identity information transmission module and an application software transmission module. The application software distribution system comprises the application software control platform and the developer terminal. The application software control platform, developer terminal, application software distribution system and method can be used for double auditions on the identity information and the application software so as to improve the security of the software distribution.

Description

Application software control platform, developer's terminal, dissemination system and method
Technical field
The present invention relates to the application software distribution technology, relate in particular to a kind of application software control platform, developer's terminal, dissemination system and method.
Background technology
(for example, smart mobile phone, e-book etc.) promotion and application, the terminal security problem becomes more and more important along with intelligent terminal.Safety problem (for example mainly comprises user data, contact person, account number, password, photo etc.) safety, terminal resource (for example, picture pick-up device, sound pick-up outfit, user's ID card, network access device, memory device etc.) safety, the safety of Internet resources (for example, resources such as the contact person who stores on the network, photo) etc.
Developing of application software on the too busy to get away intelligent terminal of the development of intelligent terminal.Common application software is by various software suppliers, or software design personnel design, and the function of various application software is not quite similar.Because the appearance of many malicious application software, the user is at a loss as to what to do for selecting application software, and the user does not have believable application software download path.
Summary of the invention
The invention provides a kind of application software control platform, developer's terminal, dissemination system and method, to improve the security of application software distribution.
The invention provides a kind of application software control platform, comprising:
Signature server comprises developer's signature blocks, is used for when accepting developer's signature request of developer's server, receives developer's certificate, described developer's certificate is signed, and the developer's certificate after described developer's server returns signature;
Developer's server comprises developer's certificate module, identity auditing module, application software auditing module and software release module;
Described developer's certificate module, be used for when accepting the application request of developer's terminal, receive developer's application information, generate developer's certificate according to described developer's application information, described developer's signature request and described developer's certificate are offered described signature server, and the developer's certificate behind the described signature that will receive offers the developer's terminal that proposes described application request, sends identity information and application software with the developer's certificate after indicating described developer's terminal according to described signature;
Described identity auditing module is used to receive the identity information that described developer's terminal is submitted to, and described identity information is examined;
Described application software auditing module is used to receive the application software that described developer's terminal is submitted to, and described application software is examined;
Described software release module is used for issuing described application software according to the auditing result of described identity auditing module and application software auditing module to using mall server.
Aforesaid application software control platform, wherein,
Described signature server also comprises developer's server signature module, be used for when accepting developer's server signature request of described developer's server, receive developer's server certificate, described developer's server certificate is signed, and the developer's server certificate after described developer's server returns signature;
Described developer's server also comprises developer's server certificate module, be used for the request of described developer's server signature and described developer's server certificate are offered described signature server, receive the developer's server certificate behind the described signature, and the developer's server certificate behind the described signature is offered described developer's terminal.
Aforesaid application software control platform, wherein, described signature server and described developer's server are wholely set.
Aforesaid application software control platform, described identity information comprises described developer's certificate and described developer's server certificate, wherein, described identity auditing module comprises developer's certificate audit unit and developer's server certificate audit unit, described the correctness that person's certificate audit unit is used to examine described developer's certificate, described developer's server certificate audit unit is used to examine the correctness of described developer's server certificate.
Aforesaid application software control platform, described application software comprises application file and signature file, described signature file comprises the signature file summary that generates according to described application file, wherein, described application software auditing module comprises summary audit unit, be used to examine the correctness of described signature file summary, to determine the correctness of described application file.
Aforesaid application software control platform, also comprise: use mall server, described application mall server is used to receive the application software that described developer's server provides, and when accepting the download request of user's terminal proposition, issues described application software to user's terminal.
Aforesaid application software control platform, wherein,
Described signature server also comprises user's signature blocks, be used for when accepting to use user's signature request of mall server, receive user's certificate, described user's certificate is signed, and the user's certificate after described application mall server returns signature;
Described application mall server comprises user's certificate module, software display module and software release module;
Described user's certificate module, be used for when accepting the authentication request of user's terminal, receive user's application information, generate user's certificate according to described user's application information, described user's signature request and described user's certificate are offered described signature server, and the user's certificate behind the described signature that will receive offers the developer's terminal that proposes described authentication request;
The software display module is used for when receiving application software, and the recommended information of described software information is shown;
The software download module is used for issuing described application software according to the user's certificate behind the described signature to described user's terminal.
The invention provides a kind of developer's terminal, comprising:
The application module is used for providing application information to developer's server, and receives developer's certificate and the developer's server certificate that described developer's server returns;
The identity information sending module is used for providing identity information according to the described developer's certificate that returns and developer's server certificate to developer's server;
The application software sending module is used for providing application software according to the described developer's certificate that returns to developer's server.
Aforesaid developer's terminal, described application software comprises application file and signature file, wherein, described application software sending module comprises:
The application programming unit is used for exploitation and tests described application file;
The signature file unit is used for generating described signature file according to described developer's certificate and described application file;
The software package generation unit is used for described application file and signature file are packed, to generate described application software.
The software transmitting element is used for providing described application software to described developer's server.
Aforesaid developer's terminal, wherein, described signature file unit comprises:
Summary generates subelement, is used for generating the application file summary according to described application file;
The digest subelement is used for generating the signature file summary according to the application file summary, and by described developer's certificate described signature file summary is signed, to form described signature file.
The invention provides a kind of application software dissemination system, wherein, comprising: application software control platform provided by the invention and developer's terminal provided by the invention.
The invention provides a kind of application software distribution method, comprising:
When developer's server is accepted the application request of developer's terminal proposition, receive developer's application information that described developer's terminal provides, generate developer's certificate according to described developer's application information;
Described developer's server proposes developer's signature request to signature server, and described developer's certificate is offered described signature server;
When described signature server is accepted described developer's signature request, the developer's certificate that receives is signed, and the developer's certificate after will signing returns described developer's server;
The developer certificate of described developer's server after with described signature returns described developer's terminal, sends identity information and application software according to the described developer's certificate that receives to described developer's server to indicate described developer's terminal;
Described developer's server is examined the identity information and the application software that receive;
Described developer's server provides described application software according to auditing result to using mall server, issues described application software according to the request of user's terminal to described user's terminal to indicate described mall server.
Aforesaid application software distribution method, described developer's server generates before developer's certificate according to described developer's application information, also comprises:
Described developer's server proposes the request of developer's server signature to described signature server, and developer's server certificate is offered described signature server;
When described signature server is accepted described developer's server signature request, the described developer's server certificate that receives is signed, and the described developer's server certificate after will signing is returned described developer's server.
Aforesaid application software distribution method, the described developer's server developer's certificate after with described signature returns after described developer's terminal, also comprises:
The developer server certificate of described developer's server after with described signature offers described developer's terminal.
Aforesaid application software distribution method, described identity information comprise described developer's certificate and described developer's server certificate, and wherein, described developer's server is examined described identity information and is specially:
Described developer's server is examined described developer's certificate and described developer's server certificate respectively.
Aforesaid application software distribution method, described application software comprises application file and signature file, described signature file comprises the signature file summary that generates according to described application file, and wherein, described developer's server is examined described application software and is specially:
Described developer's server is by the correctness of the described signature file summary of audit, to determine the correctness of described application file.
Aforesaid application software distribution method, wherein, described developer's server provides described application software to be specially according to auditing result to using mall server: when described identity information and described application software all pass through to examine, provide described application software to described application mall server.
Aforesaid application software distribution method, wherein, described application mall server is issued described application software according to the request of user's terminal to described user's terminal and is comprised:
When described application mall server receives application software, the recommended information of described software information is shown;
When described application mall server is accepted the software application request of user's terminal, receive user's application information, generate user's certificate according to described user's information, by using the mall server certificate described user's certificate is signed, and the user's certificate after will signing offers described user's terminal;
The user certificate of described application mall server after according to described signature issued described application software to described user's terminal.
Application software control platform provided by the invention, developer's terminal, dissemination system and method by identity information and the dual audit of application software that developer's terminal is provided, have improved the security of application software distribution.
Description of drawings
The application software control platform structure synoptic diagram that Fig. 1 provides for the embodiment of the invention one;
The application software control platform structure synoptic diagram that Fig. 2 provides for the embodiment of the invention two;
Fig. 3 is application of software data packing form synoptic diagram;
Fig. 4 is application of software data packing form indexed format synoptic diagram;
The application software control platform structure synoptic diagram that Fig. 5 provides for the embodiment of the invention three;
Developer's terminal structure synoptic diagram that Fig. 6 provides for the embodiment of the invention four;
The application software distribution method process flow diagram that Fig. 7 provides for the embodiment of the invention six.
Reference numeral:
11-application software control platform; 22-developer's terminal;
The 12-signature server; 13-developer's server;
14-uses mall server; 121-developer's signature blocks;
122-developer's server signature module; 131-developer's certificate module;
132-developer's server certificate module; 133-identity auditing module;
134-application software auditing module; 135-software release module;
1331-developer's certificate audit unit; 1332-developer's server certificate audit unit;
1341-summary audit unit; 141-user's certificate module;
142-software display module; 143-software download module;
221-applies for module; 222-identity information sending module;
223-application software sending module; 2231-signature file unit;
2232-application programming unit; 2233-software package generation unit;
2234-software transmitting element; 123-user's signature blocks.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention is clearer,, the technical scheme in the embodiment of the invention is clearly and completely described below in conjunction with the embodiment of the invention.Need to prove that in accompanying drawing or instructions, similar or components identical is all used identical Reference numeral.
Application software control platform embodiment one
The application software control platform structure synoptic diagram that Fig. 1 provides for the embodiment of the invention one, as shown in Figure 1, this application software control platform 11 comprises signature server 12 and developer's server 13.Signature server 12 comprises developer's signature blocks 121, is used for when accepting developer's signature request of developer's server 13, receives developer's certificate, developer's certificate is signed, and the developer's certificate after developer's server 13 returns signature.Developer's server 13 comprises developer's certificate module 131, identity auditing module 133, application software auditing module 134 and software release module 135.Developer's certificate module 131 is used for when accepting the application request of developer's terminal, receive developer's application information, generate developer's certificate according to developer's application information, developer's signature request and developer's certificate are offered signature server 12, specifically offer developer's signature blocks 121, and the developer's certificate behind the signature that will receive offers developer's terminal of filing an application to ask, and sends identity information and application software with developer's certificate of indication developer terminal after according to signature.Identity auditing module 133 is used to receive the identity information that developer's terminal is submitted to, and identity information is examined.Application software auditing module 134 is used to receive the application software that developer's terminal is submitted to, and examines using software.Software release module 135 is used for according to the auditing result of identity auditing module 133 and application software auditing module 134 to using the mall server issuing application software.
The application software control platform 11 that present embodiment provides, setting by signature server 12, developer's certificate is signed, developer's terminal is handled identity information and application software according to the developer's certificate after signing, developer's server 13 can be examined the identity information and the application software that receive, when meeting auditing result, application software is pushed to the application mall server buys download for the user.Developer's server 13 is not only examined the application software that developer's terminal provides, and also the identity information that developer's terminal is provided is examined, and preferably, application software and identity information all pass through just to determine the application software of application software for safety after the audit.13 pairs of dual audits of using software and identity information of developer's server have improved the security that application software is distributed.And the developer certificate of developer's terminal after according to signature generates application software and identity information, and be evidence-based to guarantee 13 audits of developer's server, and then avoid in transmittance process application software to be distorted.
In the present embodiment, signature server 12 can also comprise developer's server signature module 122, be used for when accepting developer's server signature request of developer's server 13, receive developer's server certificate, developer's server certificate is signed, and the developer's server certificate after developer's server 13 returns signature.Developer's server 13 can also comprise developer's server certificate module 132, be used for the request of developer's server signature and developer's server certificate are offered signature server 12, specifically offer developer's server signature module 122, receive the developer's server certificate after signing, and the developer's server certificate after will signing offers developer's terminal.In the present embodiment, signature server 12 both can be signed to developer's certificate, also can sign to developer's server certificate, for application software control platform 11 provides foundation for security.
In the present embodiment, signature server 12 and developer's server 13 can be wholely set, be in developer's server 13 signature server 12 to be set, developer's certificate and developer's server certificate are signed, guarantee the safety certification of developer's certificate and developer's server certificate.
Application software control platform embodiment two
The application software control platform structure synoptic diagram that Fig. 2 provides for the embodiment of the invention two, as shown in Figure 2, the application software control platform that embodiment two provides is to control platform based on the application software that embodiment one provides, in the present embodiment, identity information comprises developer's certificate and developer's server certificate, identity auditing module 133 can comprise developer's certificate audit unit 1331 and developer's server certificate audit unit 1332, the correctness that developer's certificate audit unit 1331 is used to examine developer's certificate, developer's server certificate audit unit 1332 is used to examine the correctness of developer's server certificate.By the correctness of audit developer certificate, determine whether the identity of developer's terminal is credible, by the correctness of audit developer server certificate, determine whether developer's terminal is the registration developer user of this developer's server.Preferably, when developer's certificate and developer's server certificate were all passed through audit, the information of determining one's identity was correct.When level of security was set to than low level, one of them can the information of determining one's identity be correct just by audit when developer's certificate and developer's server certificate.Application software specifically can comprise application file and signature file, signature file can comprise the signature file summary that generates according to application file, application software auditing module 134 comprises summary audit unit, be used to examine the correctness of signature file summary, to determine the correctness of application file.
In the present embodiment, the structure of identity auditing module 133 and application software auditing module 134 can be provided with according to the content of identity information and application software, as long as can reach identity information is examined and to using the purpose that software carries out dual audit, do not exceeded with present embodiment.
The course of work of application software control platform is specifically as follows: to developer's server 13 request of filing an application and developer's application information, both can propose the developer simultaneously by developer's terminal, the request of also can filing an application earlier.The application request is specifically as follows the application for registration request, the developer proposes the application for registration request by developer's terminal to developer's server 13, become the developer user of developer's server 13 with registration, if developer's certificate module 131 of developer's server 13 detects the developer user that this developer has been this developer's server 13, then refuse the application for registration request of developer's terminal, and prompting developer relevant information.The developer can use developer's subscriber identity information login of having registered.If developer's certificate module 131 of developer's server 13 detects the developer user that this developer is not this developer's server 13, then accept the application for registration request of developer's terminal.Developer's certificate module 131 generates developer's certificate according to developer's information of submitting to by default certificate generating algorithm, developer's certificate has corresponding developer's PKI and developer's private key usually, developer's PKI is included in developer's certificate, developer's PKI and developer's private key can generate by predetermined asymmetric key algorithm, and predetermined asymmetric key algorithm can adopt ECC, RSA scheduling algorithm.Developer's PKI and developer's private key can be generated by developer's terminal, also can generate by developer's server 13, can also generate by signature server 12, when generating developer's PKI and developer's private key by developer's server 13, developer's PKI and developer's private key need be offered developer's terminal, when generating developer's PKI and developer's private key, developer's PKI and developer's private key need be offered developer's server 13 and developer's terminal respectively by signature server 12.Developer's server 13 offers signature server 12 with developer's signature request and developer's certificate, developer's signature blocks 121 of signature server 12 can judge whether to accept this developer's signature request, if this developer's server 13 is non-trusted developer servers, developer's signature blocks 121 can be refused this developer's signature request, and feedback error information.If developer's signature blocks 121 is accepted this developer's signature request, then developer's certificate is signed.Developer's certificate after developer's signature blocks 121 will be signed returns to developer's certificate module 131 of developer's server 13, and the developer's certificate after developer's certificate module 131 will be signed returns to developer's terminal.
Developer's signature blocks 121 of signature server 12 can be by signature server 12 the private key of root certificate correspondence developer's certificate is signed, specifically can sign to developer's certificate according to following endorsement method: developer's signature blocks 121 the content of developer's certificate as input source, according to default digest algorithm (for example, the SHA-1 algorithm), calculate the summary of developer's certificate, obtain the A that makes a summary; The private key of the root certificate correspondence by signature server 12, according to default digest algorithm (for example, the ECC algorithm), summary A signed obtains the B that makes a summary; 121 summaries of developer's signature blocks B joins the default position of developer's certificate A, the developer's certificate after obtaining signing.
The content of the developer's certificate behind the signature specifically can comprise: certificate format, can adopt X.509 form; The certificate coding method can be used BASE64; Signature algorithm can use WAPI ECC algorithm; Digest algorithm can adopt miniature nomography (SHA-1); Certificate serial number can be a random number, specifically can be generated by signature server 12; Certificate subject, the level of security, developer that can comprise hardware identifier, the developer of country sign, developer's type, developer's terminal are in the number of the account of developer's server 13 etc.; The signature mechanism sign of certificate also is the sign of signature server 12; Certificate profile is used for the foundation as developer's certificate.
Developer's signature blocks 121 also can adopt other modes that developer's certificate is signed, and can come the complexity of set algorithm according to security needs, does not exceed with the endorsement method that present embodiment provides.
The endorsement method of 122 pairs of developer's server certificates of developer's server signature module of signature server 12 can be identical with the endorsement method of 121 pairs of developer's certificate signature of developer's signature blocks.Concrete, developer's server certificate is also for comprising the file of developer's server public key, developer's server public key and developer's privacy key generate by predetermined asymmetric key algorithm, can generate by developer's server 13, offer developer's server 13 again after also can generating by signature server 12.Developer's server certificate behind the signature that developer's server certificate module 132 will receive offers developer's terminal.The content-form of the developer's server certificate behind the signature is similar to the content-form of developer's certificate.Signature server 12 also can be signed to developer's certificate by developer's privacy key of developer's server certificate correspondence.
The developer server certificate generation identity information of developer's terminal and after signing according to the developer's certificate behind the signature that receives, and according to the developer's certificate behind the signature with exploitation is finished and generate application software through the application file of test, and identity information and application software submitted to developer's server 13, examine for developer's server 13.
The process that developer's terminal generates application software is specifically as follows: developer's terminal as input source, according to default digest algorithm, generates the application file summary to the content of whole or certain applications program file.Also can use symmetric key to use default symmetric encipherment algorithm application programs file before this encrypts, symmetric encipherment algorithm can be the DES algorithm, developer's terminal need provide symmetric key to developer's server 13, developer's terminal can also be encrypted symmetric key by developer's server public key, and symmetric encipherment algorithm, encrypted symmetric key and coded system be included in the signature file, developer's server 13 can be decrypted the symmetric key of encrypting by developer's privacy key, to obtain this symmetric key.If application file is encrypted, then can be with the input source of the application file after encrypting as computing application program file summary.Developer's terminal is made a summary application file as input source, by predetermined digest algorithm, generation signature file summary, developer's terminal is by default cryptographic algorithm then, use developer's encrypted private key signature file summary of developer's certificate correspondence, and the summary after encrypting is made a summary as new signature file.Preferably, application software control platform is consistent with the default digest algorithm that user's terminal is used, and can use the SHA-1 algorithm, and the default cryptographic algorithm unanimity of use can be used the ECC algorithm.Generate signature file by default signature file create-rule at last.
The content of signature file can comprise:
The relevant content of application file summary: coded system, sign and the clip Text of application program summary;
The content that digest algorithm is relevant: digest algorithm sign;
The relevant content of signature file summary: the coded system and the clip Text of signature file summary.
Also comprise the relevant information of symmetric key in the signature file if application file is encrypted: symmetric encipherment algorithm, encrypted symmetric key and coded system.
Signature file specifically can use the XML document form, and the describing method of signature file specifically can be as follows:
Signature file uses the XML document form, the UTF-8 coding;
Certificate uses the X509 form, the BASE64 coding;
Digest algorithm uses the WAPI-SHA1 algorithm, the BASE64 coding;
The cryptographic algorithm of signature is used the ECC algorithm, the BASE64 coding.
Present embodiment provides a kind of signature file specifically to generate method and form, and those skilled in the art also can adopt other modes to generate signature file, to reach the purpose of application programs file audit, does not exceed with present embodiment.
Developer's terminal is packed to generate application software to signature file and application file, and as shown in Figure 3, the packing form of application software specifically can comprise four parts: data field, index area, index quantity and version number.
The data field is stored packet successively, for example, when the packing application software, data area stores application file data, signature file data.These data can be compressed, and also can not compress.Packet in the data field is order in no particular order;
The index area is stored the index information of packet in the data field successively, each index specifically is made of 16 bytes, as shown in Figure 4, store the type (4 byte), packet of packet byte offsets (4 byte), the byte length (4 byte) of packet, reserve bytes (4 byte) successively apart from the file header of overall data bag.
Index quantity is the number of index;
Version number is the version number of overall data bag.
Developer's terminal also can adopt additive method to generate application software package, and the method that generates software package be that the method for arranging with application software control platform gets final product, and does not exceed with present embodiment.
Developer's terminal offers developer's server 13 with identity information and application software, and 133 pairs of identity informations of the identity auditing module of developer's server 13 are examined, and 134 pairs of the application software auditing module of developer's server 13 are used software and examined.The correctness of developer's certificate is determined by the summary that calculates developer's certificate in developer's certificate audit unit 1331, and the correctness of developer's server certificate is determined in developer's server certificate audit unit 1332 by the summary of calculating developer certificate.The process that 134 pairs of application of application software auditing module software is examined is specifically as follows:
Application software auditing module 134 is extracted signature file summary A from signature file, application software auditing module 134 is used developer's PKI and default summary cryptographic algorithm (for example, ECC) decrypted signature document A, the signature file summary C after obtaining deciphering.Use default digest algorithm (for example, SHA-1) computing application program file summary A according to signature file summary C.
Developer's server 13 uses predetermined digest algorithm and application data using method according to all or part of application data, computing application program file summary B.If application file summary A is different with application file summary B, thinks that then application file is distorted, and think that further application software is incorrect.Can use the application file data after the encryption, also can use unencrypted application file data computation application file summary.Developer's server 13 uses the method for application data identical with developer's terminal, and the algorithm that calculates summary is also identical.If application file is an encrypt file, developer's server 13 can use symmetric key application programs file to be decrypted.
Module to identity information and application software audit also can specifically be arranged in the signature server 12,13 of developer's servers need offer signature server 12 with identity information and the application software that receives, and signature server 12 feeds back to developer's server 13 and developer's terminal with auditing result.Examining qualified application software just can be published to and use mall server and buy for the user and downloaded.
Application software control platform embodiment three
The application software control platform structure synoptic diagram that Fig. 5 provides for the embodiment of the invention three, as shown in Figure 5, the application software control platform that embodiment three provides is based on embodiment one, this application software control platform 11 also comprises uses mall server 14, use mall server 14 and be used to receive the application software that developer's server 13 provides, and when accepting the download request of user's terminal proposition, to user's terminal issuing application software.Signature server 12 can also provide unified security control for using mall server 14, signature server 12 also comprises user's signature blocks 123, be used for when accepting to use user's signature request of mall server, receive user's certificate, user's certificate is signed, and to user's certificate of using after mall server 14 returns signature.Use mall server 14 and comprise user's certificate module 141, software display module 142 and software download module 143.User's certificate module 141 is used for when accepting the authentication request of user's terminal, receive user's application information, generate user's certificate according to user's application information, user's signature request and user's certificate are offered signature server 12, and the user's certificate behind the signature that will receive offers the user's terminal that proposes authentication request.Software display module 142 is used for when receiving application software, and the recommended information of software information is shown.Software download module 143 is used for according to the user's certificate behind the signature to user's terminal issuing application software.
Concrete, the user can become the user user who uses mall server 14 by user's endpoint registration, user's certificate after obtaining to sign, user's certificate also is the file that comprises user's PKI of user's certificate correspondence, user's PKI of user's certificate correspondence and user's private key can offer user's terminal after mall server generates by using, offer respectively after also can generating and use mall server and user's terminal by signature server, after can also generating by user's terminal oneself, offer the application mall server.Using mall server specifically encrypts by the corresponding soft software of user's PKI of user's certificate correspondence, user's terminal is verified the application software of downloading by user's private key of user's certificate correspondence again, with the security that guarantees that application software is downloaded.
Developer's terminal embodiment four
Developer's terminal structure synoptic diagram that Fig. 6 provides for the embodiment of the invention four, as shown in Figure 6, developer's terminal 22 that present embodiment provides can be used with the application software control platform that any embodiment of the present invention provides, and also can be used with other application software control platforms.Developer's terminal 22 comprises application module 221, identity information sending module 222 and application software sending module 223.Application module 221 is used for providing application information to developer's server, and receives developer's certificate and the developer's server certificate that developer's server returns.Identity information sending module 222 is used for providing identity information according to developer's certificate and the developer's server certificate returned to developer's server.Application software sending module 223 is used for providing application software according to the developer's certificate that returns to developer's server.Developer's terminal 22 is by sending identity information and application software to developer's server, and developer's server can carry out dual audit to identity information and application software, has improved the security of application file.
In the present embodiment, application software comprises application file and signature file, and the application software sending module comprises signature file unit 2231, application programming unit 2232, software package generation unit 2233 and software transmitting element 2234.Application programming unit 2232 is used for exploitation and test application file.Signature file unit 2231 is used for generating signature file according to developer's certificate and application file.Software package generation unit 2233 is used for application file and signature file are packed, to generate application software.Software transmitting element 2234 is used for providing application software to developer's server.Application programming unit 2232 can produce the hardware identifier of developer's terminal usually when the application programs file is tested; can be the CPU sequence number, hard disk sequence number, network equipment number, user's ID card device number etc. of associated developer terminal, the perhaps summary that number generates by these hardware devices etc.The hardware identification number of developer's terminal is used for when developer's terminal test, uses the installation engine and discerns the foundation whether tested application can be installed to developer's terminal.The terminal of development﹠ testing application file also can be different, develop as using exploitation terminal application programs file, and use test terminal application programs file is tested, and then requires to be generated by the test terminal hardware identifier of test terminal.Signature file unit 2231 comprises that summary generates subelement and digest subelement.Summary generates subelement and is used for generating the application file summary according to application file.The digest subelement is used for generating the signature file summary according to the application file summary, and by developer's private key of developer's certificate correspondence the signature file summary is signed, to form signature file.
The method that developer's terminal 22 generates application software and identity information will be arranged jointly according to the developer's server that matches with it, on the other hand, if developer's terminal 22 is not the trusted application software of developer's server when entity is provided, then can can't examine application software and identity information that developer's terminal provides, also further improve the security and the controllability of application software distribution because of treaty rule is different.
Application software dissemination system embodiment five
The application software dissemination system that present embodiment provides comprises developer's terminal that application software control platform that any embodiment of the present invention provides and any embodiment of the present invention provide.
Application software distribution method embodiment six
The application software distribution method process flow diagram that Fig. 7 provides for the embodiment of the invention six, as shown in Figure 7:
Step 10, when developer's server is accepted application request that developer's terminal proposes, receive developer's application information that developer's terminal provides, generate developer's certificate according to developer's application information;
Step 20, developer's server propose developer's signature request to signature server, and developer's certificate is offered signature server;
Step 30, when signature server is accepted developer's signature request, the developer's certificate that receives is signed, and the developer's certificate after will signing returns developer's server;
Developer's certificate after step 40, developer's server will be signed returns developer's terminal, sends identity information and application software according to the developer's certificate that receives to developer's server with indication developer terminal;
Step 50, developer's server are examined the identity information and the application software that receive;
Step 60, developer's server provide application software according to auditing result to using mall server, mall server according to the request of user's terminal to user's terminal issuing application software.
The software distribution method that present embodiment provides, developer's server should be examined the identity information of developer's terminal that software is provided, to guarantee that this developer's terminal is believable terminal, also to examine using software, to guarantee that application of software data is not distorted in transport process, guarantee its correctness.Developer's server will be by audit application software to using the mall server issue, for the user by user's terminal from using the mall server downloading application software, the user can trust the application software of using the store issue.
In the present embodiment, step 10, developer's server also comprise before generating developer's certificate according to developer's application information:
Step 70, developer's server propose the request of developer's server signature to signature server, and developer's server certificate is offered signature server;
Step 80, when signature server is accepted the request of developer's server signature, the developer's server certificate that receives is signed, and the developer's server certificate after will signing is returned developer's server.
The identity information that developer's terminal provides can both comprise that developer's certificate also comprised developer's server certificate, for developer's server developer's server certificate is examined, if the developer's server certificate that receives from developer's terminal is identical with developer's server certificate that this developer's server provides, can think that then developer's terminal is the trusted entity of this developer's server.By the audit of developer's server certificate having been strengthened authentication dynamics, further improved security to developer's terminal.
In the present embodiment, the developer's certificate after step 40, developer's server will be signed also comprises after returning developer's terminal:
Developer's server certificate after step 90, developer's server will be signed offers developer's terminal.
In the present embodiment, identity information comprises developer's certificate and developer's server certificate, and developer's server is examined identity information and is specially: developer's server is examined developer's certificate and developer's server certificate respectively.
In the present embodiment, application software comprises application file and signature file, signature file comprises the signature file summary that generates according to application file, developer's server is examined application software and is specially: developer's server is by the correctness of audit signature file summary, to determine the correctness of application file.
In the present embodiment, developer's server provides application software to be specially according to auditing result to using mall server: when identity information and application software all pass through audit, provide application software to the application mall server.The application mall server comprises to user's terminal issuing application software according to the request of user's terminal:
Step 801, when using mall server and receive application software, the recommended information of software information is shown;
Step 802, when using mall server and accept the software application request of user's terminal, receive user's application information, generate user's certificate according to user's information, by using the mall server certificate user's certificate is signed, and the user's certificate after will signing offers user's terminal;
Step 803, the user's certificate after the application mall server is according to signature are to user's terminal issuing application software.
Use the recommended information that mall server shows the application software that receives, recommended information can comprise the information of information, developer's server of application software and purchase information etc., buys and downloading application software according to user's needs for user's terminal.
Application software control platform provided by the invention, developer's terminal, dissemination system and method are carried out dual audit by identity information and application software that developer's terminal is provided, have improved the security of application software distribution procedure.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that previous embodiment is put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (18)

1. an application software control platform is characterized in that, comprising:
Signature server comprises developer's signature blocks, is used for when accepting developer's signature request of developer's server, receives developer's certificate, described developer's certificate is signed, and the developer's certificate after described developer's server returns signature;
Developer's server comprises developer's certificate module, identity auditing module, application software auditing module and software release module;
Described developer's certificate module, be used for when accepting the application request of developer's terminal, receive developer's application information, generate developer's certificate according to described developer's application information, described developer's signature request and described developer's certificate are offered described signature server, and the developer's certificate behind the described signature that will receive offers the developer's terminal that proposes described application request, sends identity information and application software with the developer's certificate after indicating described developer's terminal according to described signature;
Described identity auditing module is used to receive the identity information that described developer's terminal is submitted to, and described identity information is examined;
Described application software auditing module is used to receive the application software that described developer's terminal is submitted to, and described application software is examined;
Described software release module is used for issuing described application software according to the auditing result of described identity auditing module and application software auditing module to using mall server.
2. application software control platform according to claim 1 is characterized in that:
Described signature server also comprises developer's server signature module, be used for when accepting developer's server signature request of described developer's server, receive developer's server certificate, described developer's server certificate is signed, and the developer's server certificate after described developer's server returns signature;
Described developer's server also comprises developer's server certificate module, be used for the request of described developer's server signature and described developer's server certificate are offered described signature server, receive the developer's server certificate behind the described signature, and the developer's server certificate behind the described signature is offered described developer's terminal.
3. application software control platform according to claim 1 and 2, it is characterized in that: described signature server and described developer's server are wholely set.
4. application software control platform according to claim 2, described identity information comprises described developer's certificate and described developer's server certificate, it is characterized in that: described identity auditing module comprises developer's certificate audit unit and developer's server certificate audit unit, described the correctness that person's certificate audit unit is used to examine described developer's certificate, described developer's server certificate audit unit is used to examine the correctness of described developer's server certificate.
5. application software control platform according to claim 4, described application software comprises application file and signature file, described signature file comprises the signature file summary that generates according to described application file, it is characterized in that: described application software auditing module comprises summary audit unit, be used to examine the correctness of described signature file summary, to determine the correctness of described application file.
6. application software control platform according to claim 1, it is characterized in that, also comprise: use mall server, described application mall server is used to receive the application software that described developer's server provides, and when accepting the download request of user's terminal proposition, issue described application software to user's terminal.
7. application software control platform according to claim 6 is characterized in that:
Described signature server also comprises user's signature blocks, be used for when accepting to use user's signature request of mall server, receive user's certificate, described user's certificate is signed, and the user's certificate after described application mall server returns signature;
Described application mall server comprises user's certificate module, software display module and software release module;
Described user's certificate module, be used for when accepting the authentication request of user's terminal, receive user's application information, generate user's certificate according to described user's application information, described user's signature request and described user's certificate are offered described signature server, and the user's certificate behind the described signature that will receive offers the developer's terminal that proposes described authentication request;
The software display module is used for when receiving application software, and the recommended information of described software information is shown;
The software download module is used for issuing described application software according to the user's certificate behind the described signature to described user's terminal.
8. developer's terminal is characterized in that, comprising:
The application module is used for providing application information to developer's server, and receives developer's certificate and the developer's server certificate that described developer's server returns;
The identity information sending module is used for providing identity information according to the described developer's certificate that returns and developer's server certificate to developer's server;
The application software sending module is used for providing application software according to the described developer's certificate that returns to developer's server.
9. developer's terminal according to claim 8, described application software comprises application file and signature file, it is characterized in that, described application software sending module comprises:
The application programming unit is used for exploitation and tests described application file;
The signature file unit is used for generating described signature file according to described developer's certificate and described application file;
The software package generation unit is used for described application file and signature file are packed, to generate described application software;
The software transmitting element is used for providing described application software to described developer's server.
10. developer's terminal according to claim 9 is characterized in that, described signature file unit comprises:
Summary generates subelement, is used for generating the application file summary according to described application file;
The digest subelement is used for generating the signature file summary according to the application file summary, and by described developer's certificate described signature file summary is signed, to form described signature file.
11. an application software dissemination system is characterized in that, comprising: arbitrary described application software control platform of claim 1-7 and the arbitrary described developer's terminal of claim 8-10.
12. an application software distribution method is characterized in that, comprising:
When developer's server is accepted the application request of developer's terminal proposition, receive developer's application information that described developer's terminal provides, generate developer's certificate according to described developer's application information;
Described developer's server proposes developer's signature request to signature server, and described developer's certificate is offered described signature server;
When described signature server is accepted described developer's signature request, the developer's certificate that receives is signed, and the developer's certificate after will signing returns described developer's server;
The developer certificate of described developer's server after with described signature returns described developer's terminal, sends identity information and application software according to the described developer's certificate that receives to described developer's server to indicate described developer's terminal;
Described developer's server is examined the identity information and the application software that receive;
Described developer's server provides described application software according to auditing result to using mall server, issues described application software according to the request of user's terminal to described user's terminal to indicate described mall server.
13. application software distribution method according to claim 12 is characterized in that, described developer's server generates before developer's certificate according to described developer's application information, also comprises:
Described developer's server proposes the request of developer's server signature to described signature server, and developer's server certificate is offered described signature server;
When described signature server is accepted described developer's server signature request, the described developer's server certificate that receives is signed, and the described developer's server certificate after will signing is returned described developer's server.
14. application software distribution method according to claim 13 is characterized in that, the developer certificate of described developer's server after with described signature returns after described developer's terminal, also comprises:
The developer server certificate of described developer's server after with described signature offers described developer's terminal.
15. application software distribution method according to claim 14, described identity information comprise described developer's certificate and described developer's server certificate, it is characterized in that, described developer's server is examined described identity information and is specially:
Described developer's server is examined described developer's certificate and described developer's server certificate respectively.
16. application software distribution method according to claim 12, described application software comprises application file and signature file, described signature file comprises the signature file summary that generates according to described application file, it is characterized in that described developer's server is examined described application software and is specially:
Described developer's server is by the correctness of the described signature file summary of audit, to determine the correctness of described application file.
17. application software distribution method according to claim 12, it is characterized in that, described developer's server provides described application software to be specially according to auditing result to using mall server: when described identity information and described application software all pass through to examine, provide described application software to described application mall server.
18. application software distribution method according to claim 12 is characterized in that, described application mall server is issued described application software according to the request of user's terminal to described user's terminal and is comprised:
When described application mall server receives application software, the recommended information of described software information is shown;
When described application mall server is accepted the software application request of user's terminal, receive user's application information, generate user's certificate according to described user's information, by using the mall server certificate described user's certificate is signed, and the user's certificate after will signing offers described user's terminal;
The user certificate of described application mall server after according to described signature issued described application software to described user's terminal.
CN2010105491406A 2010-11-17 2010-11-17 Application software control platform, developer terminal as well as application software distribution system and method CN102024107A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010105491406A CN102024107A (en) 2010-11-17 2010-11-17 Application software control platform, developer terminal as well as application software distribution system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010105491406A CN102024107A (en) 2010-11-17 2010-11-17 Application software control platform, developer terminal as well as application software distribution system and method

Publications (1)

Publication Number Publication Date
CN102024107A true CN102024107A (en) 2011-04-20

Family

ID=43865393

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010105491406A CN102024107A (en) 2010-11-17 2010-11-17 Application software control platform, developer terminal as well as application software distribution system and method

Country Status (1)

Country Link
CN (1) CN102024107A (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546604A (en) * 2011-12-22 2012-07-04 四川长虹电器股份有限公司 Security control method of intelligent television application program
WO2012163066A1 (en) * 2011-05-30 2012-12-06 华为技术有限公司 Platform, method and device for managing applications
CN103188233A (en) * 2011-12-30 2013-07-03 卓望数码技术(深圳)有限公司 Method and system of dispatching and managing multiple applications
CN103198250A (en) * 2013-03-11 2013-07-10 青岛海信传媒网络技术有限公司 Method for auditing applications of intelligent television
CN103744686A (en) * 2013-10-18 2014-04-23 青岛海信传媒网络技术有限公司 Control method and system for installing application in intelligent terminal
CN103761480A (en) * 2014-01-13 2014-04-30 北京奇虎科技有限公司 Method and device for detecting file security
CN103916358A (en) * 2012-12-30 2014-07-09 航天信息股份有限公司 Key spread and verification method and system
CN103984552A (en) * 2014-05-21 2014-08-13 苏州橡山网络科技有限公司 iTV Android application store system and achieving method thereof
CN104426849A (en) * 2013-08-22 2015-03-18 深圳中兴网信科技有限公司 Method and system for realizing data security protection
CN104539634A (en) * 2015-01-22 2015-04-22 北京成众志科技有限公司 Security-enhanced authorizing and authenticating method of mobile application
CN104753676A (en) * 2013-12-31 2015-07-01 北龙中网(北京)科技有限责任公司 Identity verifying method and device for mobile application developer
CN105391714A (en) * 2015-11-11 2016-03-09 工业和信息化部电信研究院 Automatic signature and verification method and apparatus for mobile application
CN105873030A (en) * 2015-01-22 2016-08-17 卓望数码技术(深圳)有限公司 Method for performing countersigning on an application of terminal
CN106209754A (en) * 2015-05-08 2016-12-07 中标软件有限公司 Method and system to software kit automatic signature in version control system
CN106357597A (en) * 2015-07-24 2017-01-25 张仁平 System allowing whether verification is passed or not to be really safe
CN107077557A (en) * 2016-12-29 2017-08-18 深圳前海达闼云端智能科技有限公司 The method and device that software application is issued and verified
CN107864038A (en) * 2017-10-25 2018-03-30 中国平安人寿保险股份有限公司 Certificate management method, device, equipment and computer-readable recording medium
CN109617694A (en) * 2018-12-21 2019-04-12 网易(杭州)网络有限公司 A kind of application issued method and apparatus
CN109977643A (en) * 2019-03-29 2019-07-05 安信数字(广州)科技有限公司 User authen method, device and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080178010A1 (en) * 2007-01-18 2008-07-24 Vaterlaus Robert K Cryptographic web service
CN101238470A (en) * 2005-08-10 2008-08-06 西姆毕恩软件有限公司 Protected software identifiers for improving security in a computing device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101238470A (en) * 2005-08-10 2008-08-06 西姆毕恩软件有限公司 Protected software identifiers for improving security in a computing device
US20080178010A1 (en) * 2007-01-18 2008-07-24 Vaterlaus Robert K Cryptographic web service

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
《万方数据》 20051231 黄君毅 基于PKI/CA架构的加密签名系统设计与实现 第2-6章 1-18 , *
《电脑编程技巧与维护》 20090331 孙青等 代码签名技术及应用探讨 第21-26页 1-18 , *
《陕西理工学院学报(自然科学版)》 20081231 康金辉 基于数字校园网的客户端软件分发方法 7,11,18 第24卷, 第4期 *

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012163066A1 (en) * 2011-05-30 2012-12-06 华为技术有限公司 Platform, method and device for managing applications
CN102546604B (en) * 2011-12-22 2014-12-24 四川长虹电器股份有限公司 Security control method of intelligent television application program
CN102546604A (en) * 2011-12-22 2012-07-04 四川长虹电器股份有限公司 Security control method of intelligent television application program
CN103188233B (en) * 2011-12-30 2016-03-16 卓望数码技术(深圳)有限公司 A kind of many application distributions and the method and system managed
CN103188233A (en) * 2011-12-30 2013-07-03 卓望数码技术(深圳)有限公司 Method and system of dispatching and managing multiple applications
CN103916358A (en) * 2012-12-30 2014-07-09 航天信息股份有限公司 Key spread and verification method and system
CN103198250A (en) * 2013-03-11 2013-07-10 青岛海信传媒网络技术有限公司 Method for auditing applications of intelligent television
CN104426849A (en) * 2013-08-22 2015-03-18 深圳中兴网信科技有限公司 Method and system for realizing data security protection
CN103744686A (en) * 2013-10-18 2014-04-23 青岛海信传媒网络技术有限公司 Control method and system for installing application in intelligent terminal
CN103744686B (en) * 2013-10-18 2017-03-08 聚好看科技股份有限公司 Control method and the system of installation is applied in intelligent terminal
CN104753676A (en) * 2013-12-31 2015-07-01 北龙中网(北京)科技有限责任公司 Identity verifying method and device for mobile application developer
CN103761480A (en) * 2014-01-13 2014-04-30 北京奇虎科技有限公司 Method and device for detecting file security
CN103984552A (en) * 2014-05-21 2014-08-13 苏州橡山网络科技有限公司 iTV Android application store system and achieving method thereof
CN104539634A (en) * 2015-01-22 2015-04-22 北京成众志科技有限公司 Security-enhanced authorizing and authenticating method of mobile application
CN104539634B (en) * 2015-01-22 2017-08-29 北京成众志科技有限公司 A kind of method that mobile application security strengthens authorization and identification
CN105873030A (en) * 2015-01-22 2016-08-17 卓望数码技术(深圳)有限公司 Method for performing countersigning on an application of terminal
CN106209754A (en) * 2015-05-08 2016-12-07 中标软件有限公司 Method and system to software kit automatic signature in version control system
CN106209754B (en) * 2015-05-08 2019-01-22 中标软件有限公司 To the method and system of software package automatic signature in version control system
CN106357597A (en) * 2015-07-24 2017-01-25 张仁平 System allowing whether verification is passed or not to be really safe
CN106357597B (en) * 2015-07-24 2019-11-05 深圳中利汇信息技术有限公司 Whether one kind allows by auditing intrinsically safe system
CN105391714A (en) * 2015-11-11 2016-03-09 工业和信息化部电信研究院 Automatic signature and verification method and apparatus for mobile application
CN105391714B (en) * 2015-11-11 2018-09-07 工业和信息化部电信研究院 Mobile application software automation signature and verification method and device
CN107077557A (en) * 2016-12-29 2017-08-18 深圳前海达闼云端智能科技有限公司 The method and device that software application is issued and verified
WO2018119892A1 (en) * 2016-12-29 2018-07-05 深圳前海达闼云端智能科技有限公司 Method and device for publishing and validating software application program
CN107077557B (en) * 2016-12-29 2020-07-31 深圳前海达闼云端智能科技有限公司 Method and device for releasing and verifying software application program
CN107864038A (en) * 2017-10-25 2018-03-30 中国平安人寿保险股份有限公司 Certificate management method, device, equipment and computer-readable recording medium
CN109617694A (en) * 2018-12-21 2019-04-12 网易(杭州)网络有限公司 A kind of application issued method and apparatus
CN109977643A (en) * 2019-03-29 2019-07-05 安信数字(广州)科技有限公司 User authen method, device and electronic equipment

Similar Documents

Publication Publication Date Title
US20200403806A1 (en) Method And System For Signing And Authenticating Electronic Documents Via A Signature Authority Which May Act In Concert With Software Controlled By The Signer
US10652015B2 (en) Confidential communication management
EP3346633B1 (en) Permission information management system, user terminal, proprietor terminal, permission information management method, and permission information management program
JP2019507510A (en) Common secret determination for secure exchange of information and hierarchical and deterministic encryption keys
US10708072B2 (en) Mutual authentication of confidential communication
US9866376B2 (en) Method, system, and device of provisioning cryptographic data to electronic devices
CN104935626B (en) For effective, secure distribution of digital content system and method
Chen et al. Flexible and scalable digital signatures in TPM 2.0
Buchmann et al. Introduction to public key infrastructures
CN106357396B (en) Digital signature method and system and quantum key card
KR20170139093A (en) A method for a network access device to access a wireless network access point, a network access device, an application server, and a non-volatile computer readable storage medium
Popa et al. Building web applications on top of encrypted data using Mylar
CN106961336B (en) A kind of key components trustship method and system based on SM2 algorithm
CN104811450B (en) The date storage method and integrity verification method of a kind of identity-based in cloud computing
US20160224768A1 (en) Digital Rights Management Engine Systems and Methods
US9800416B2 (en) Distributed validation of digitally signed electronic documents
Lin et al. A new remote user authentication scheme for multi-server architecture
CN103379098B (en) Content sharing method, device and network system thereof
US7574600B2 (en) System and method for combining user and platform authentication in negotiated channel security protocols
AU2006304655B2 (en) Methods for digital rights management
US8086859B2 (en) Generation of electronic signatures
KR102124413B1 (en) System and method for identity based key management
US7797532B2 (en) Device authentication system
US9419806B2 (en) Trusted certificate authority to create certificates based on capabilities of processes
US8555072B2 (en) Attestation of computing platforms

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20110420