CN102065077A - Method and system for distributing application software to terminal - Google Patents
Method and system for distributing application software to terminal Download PDFInfo
- Publication number
- CN102065077A CN102065077A CN2010105424416A CN201010542441A CN102065077A CN 102065077 A CN102065077 A CN 102065077A CN 2010105424416 A CN2010105424416 A CN 2010105424416A CN 201010542441 A CN201010542441 A CN 201010542441A CN 102065077 A CN102065077 A CN 102065077A
- Authority
- CN
- China
- Prior art keywords
- developer
- test
- certificate
- application
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000012360 testing method Methods 0.000 claims abstract description 165
- 238000011161 development Methods 0.000 claims abstract description 78
- 238000009434 installation Methods 0.000 claims description 68
- 238000013475 authorization Methods 0.000 claims description 47
- 238000012856 packing Methods 0.000 claims description 12
- 238000003860 storage Methods 0.000 claims description 11
- 238000000926 separation method Methods 0.000 claims description 5
- 238000012546 transfer Methods 0.000 claims description 4
- 230000008878 coupling Effects 0.000 claims description 3
- 238000010168 coupling process Methods 0.000 claims description 3
- 238000005859 coupling reaction Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 description 9
- 241000220225 Malus Species 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 239000007795 chemical reaction product Substances 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- HAAITRDZHUANGT-UHFFFAOYSA-N 1-[2-[(7-chloro-1-benzothiophen-3-yl)methoxy]-2-(2,4-dichlorophenyl)ethyl]imidazole;nitric acid Chemical compound O[N+]([O-])=O.ClC1=CC(Cl)=CC=C1C(OCC=1C2=CC=CC(Cl)=C2SC=1)CN1C=NC=C1 HAAITRDZHUANGT-UHFFFAOYSA-N 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Abstract
The invention provides a method and a system for distributing application software to terminal. The method comprises the following steps: an application development terminal registers a developer to be a user of a developer community; the application development terminal develops the application software; a developer test terminal tests the application software; and the application development terminal packages the application software passing the test and submits the packaged software to the developer community. The system and method is not limited to specific terminal products, has higher generality and higher safety, and can be constructed into a manageable, operational, safe and controllable application software distribution system by an operator; and by means of the method, application software distribution can be controlled in the stages of application software development and test by the developer, thus achieving higher controllability.
Description
Technical field
The present invention relates to a kind of terminal application software distribution method and system, belong to the intelligent terminal technical field.
Background technology
Intelligent terminal is meant terminal equipments such as smart mobile phone, E-book reader.The safety problem of intelligent terminal mainly comprises user data, and (for example: contact person, number of the account, password, photo etc. (for example: picture pick-up device, sound pick-up outfit, user's ID card, network access device, memory device etc.) safety, Internet resources are (for example: safety resources such as the contact person of online storage, photo) etc. for) safety, terminal resource.
Developing of application software on the too busy to get away intelligent terminal of the development of intelligent terminal.Application software is by various software suppliers or software design personnel design, for security consideration, the user needs believable application software download path, and at this situation, how tame terminal equipment merchant, system manufacturer or operator provide the technical scheme of multiple management and control application software distribution.
For example, the software store technical scheme of U.S. Apple is one of scheme that solves the application software distribution.The developer of Apple's terminal software gives Apple the application software upload of exploitation, after Apple examines successfully, application software is placed in the software store, downloads and uses for the terminal use of Apple.The auditing result of the intelligent terminal users to trust Apple of Apple, the downloading application software from the software store of Apple that can feel at ease.
Again for example, the software store technical scheme of U.S. Google also is one of scheme that solves the application software distribution.Compare with the relevant programme of Apple, Google does not examine developer's application software.Therefore, the user of Google's terminal can not trust the application software on the software store of Google fully.
Though existing application software dispatch scheme has solved the distribution problem of application software to a certain extent, but such scheme can only be used for the particular terminal product of specific company, and other company can not use, and does not therefore have versatility, and its scope of application is very limited.
Summary of the invention
The invention provides a kind of terminal application software distribution method and system, in order to improve the versatility and the fail safe of software dispatch.
One aspect of the present invention provides a kind of terminal application software distribution method, comprising:
Developer's registration is become the user of developer community by the application and development terminal;
By described application and development terminal development application software;
Test described application software by the developer test terminal;
By described application and development terminal to packing by the application software of test and submitting to described developer community.
The present invention provides a kind of terminal application software dissemination system on the other hand, comprising: application and development terminal, developer test terminal and developer's community server, wherein:
Described application and development terminal is used for developer's registration is become the user of developer community, and Application and Development software;
Described developer test terminal is used to test described application software;
Described application and development terminal also is used for packing by the application software of described test and submitting to described developer's community server;
Described developer's community server is used to preserve the described application software submitted to by the application and development terminal for download.
The present invention need not to be defined in specific end product, has high generality and fail safe, can by operator build can manage, can run, the controlled distribution system of application software of safety; And this method just can be controlled the distribution of application software from the stage of developer's development﹠ testing application software, therefore has higher controllability.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply, apparently, accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the layering schematic diagram of four layers of controlled software dispatch architecture of the present invention;
Fig. 2 is the flow chart of terminal application software distribution method embodiment of the present invention;
Fig. 3 is the concrete steps signaling diagram of step 100 shown in Figure 2;
Fig. 4 A is the concrete steps flow chart of step 300 shown in Figure 2;
Fig. 4 B is the concrete steps flow chart of step 310 shown in Fig. 4 A;
Fig. 4 C is the concrete steps flow chart of step 330 shown in Fig. 4 A;
Fig. 4 D is the concrete steps flow chart of step 350 shown in Fig. 4 A;
Fig. 5 A is the data format schematic diagram of the test of the back formation of packing described in the step 320 shown in Fig. 4 A with installation kit;
Fig. 5 B is a corresponding indexed format schematic diagram in the data format shown in Fig. 5 A;
Fig. 6 is the structural representation of terminal application software dissemination system embodiment of the present invention;
Fig. 7 is a kind of optional structural representation of application and development terminal 10 shown in Figure 6;
Fig. 8 is a kind of optional structural representation of developer's community server 30 shown in Figure 6;
Fig. 9 is the another kind of optional structural representation of application and development terminal 10 shown in Figure 6;
Figure 10 is the optional structural representation of developer shown in Figure 6 test terminal 20.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
At first introduce four layers of controlled software dispatch architecture that make up for the described method of present embodiment, as shown in Figure 1, comprising:
1, safety system layer
This layer mainly comprises the signature service system.The signature service system is the basic safety devices of using in the controlled distribution security system.The signature service system provides certificate and cipher key management services, developer's certificate signature and the service for checking credentials, application software signature and the service for checking credentials for developer community.
2, business system layer
This layer mainly comprises developer community.At business system layer, a plurality of developer community can be arranged.Signature service system can be simultaneously provides the security control service for a plurality of developer community.Developer's community management developer's information comprises: developer's descriptor, developer's certificate, developer's key, developer's end message, developer's class information etc.
3, terminating layer
This layer mainly comprises developer test terminal and application and development terminal.The developer uses the application and development terminal to develop terminal application software, uses the terminal application software of developer test terminal test development.Developer community provides application safety control service for developer's application and development terminal.
4, client layer
This layer mainly comprises the developer and the user (user) of terminal application software.The developer can have a plurality of developers test terminal or a plurality of application and development terminal.The user can have a plurality of user terminals.User terminal can be identical with the developer test terminal.The developer uses developer's application and development terminal development terminal application software, uses developer test terminal Test Application software.The user uses terminal application software on user terminal.
In above-mentioned four layers of controlled software dispatch architecture, use each functional entity of certificates identified.Use signature service system certificate (being also referred to as the root certificate) sign signature service system.Use certificates identified developer community of developer community.Use the developer of developer's certificates identified terminal application software, use the user of user certificate marking terminal application software.Use root certificate signature developer community certificate.Use the developer certificate signature developer of community certificate.User certificate can be by the root certificate signature, also can be by developer community certificate signature.Specifically can use common certificate format, for example X509.Corresponding with certificate is the PKI of related functional entities and private key.The signature service system generates and manages PKI and the private key of oneself.The PKI of developer community, developer, user's certificate correspondence and private key can be generated by the signature service system, are distributed to the function corresponding entity by secure way then.Wherein, all certificates use identical key and digest algorithm.In certificate, the key algorithm and the digest algorithm that need sign to use.
Fig. 2 is the flow chart of terminal application software distribution method embodiment of the present invention, and as shown in the figure, this method comprises the steps:
Step 100, the developer becomes the user of developer community by the application and development endpoint registration.
By this step, described developer can obtain developer's certificate and key.
Step 200 is by application and development terminal development application software.
Particularly, the developer can use application programming instrument editor, compiling, link and the Test Application software of application and development terminal, and uses application and development terminal editor and power of test file.
Step 300 is by developer test terminal Test Application software.
Particularly, the developer is before Test Application software on the developer test terminal, perhaps before developer community submits application software to, can generate the test installation kit to using the software packing earlier, then test is pushed to developer test terminal or developer community with installation kit.This test is with comprising application software, ability file and signature file in the installation kit.
Step 400, by the application and development terminal to packing and submit to developer community by the application software of test.
After this, user terminal can arrive corresponding developer community and download and obtain application software, to realize the distribution of terminal application software.
The distribution method of the described terminal application software of present embodiment need not to be defined in specific end product, has high generality and fail safe, can by operator build can manage, can run, the controlled distribution system of application software of safety; And this method just can be controlled the distribution of application software from the stage of developer's development﹠ testing application software, therefore has higher controllability.
As shown in Figure 3, above-mentioned steps 100 can specifically comprise the steps:
Step 101, the developer sends application for registration to the application and development terminal.
Step 102, the application and development terminal cryptographic algorithm according to a preconcerted arrangement application information that Generates Certificate.
Wherein, described certificate request information comprises the information such as hardware identifier of developer's title, developer's description, PKI, private key, developer test terminal.The hardware identifier of described developer test terminal can be CPU sequence number, hard disk sequence number, network equipment number, user's ID card device number of associated terminal etc., the perhaps summary that generates by these hardware devices number etc., when being used for testing, using and engine is installed is discerned the foundation whether tested application can be installed to the developer test terminal in the developer test terminal.Therefore, requiring the application and development terminal and the application of developer test terminal that engine is installed uses identical algorithm to generate hardware identification number.The PKI of developer's certificate correspondence and private key can be generated by the signature service system, are distributed to developer's application and development terminal by secure way then.The cryptographic algorithm of described agreement can adopt the elliptic curve cipher coding, and (Elliptic Curves Cryptography, be called for short: ECC) algorithm and public key encryption algorithm (RSA) scheduling algorithm, these algorithms can be by signature service system agreement.
Step 103, application and development terminal send the certificate request that comprises above-mentioned certificate request information to developer community.
Step 104, developer community judges whether to accept developer's application for registration according to described certificate request, if accept, then generates developer's certificate according to described certificate request information and with the agreement of signature service system, otherwise goes to step 108.
Wherein, the content of described developer's certificate comprises at least:
1) certificate format and version can adopt X.509 form;
2) certificate coding method can be used the BASE64 coded system;
3) signature algorithm, (Wireless LANAuthentication and Privacy Infrastructure is called for short: WAPI) ECC algorithm can to use WLAN authentication and privacy infrastructure;
4) digest algorithm can adopt miniature nomography (SHA-1);
5) certificate serial number is generated by the signature service system, can be random number;
6) certificate subject, the level of security, developer that can comprise hardware identifier string (can be a plurality of), the developer of country sign, developer's type, developer test terminal is in the number of the account of developer community etc., for convenience of explanation, abbreviate the hardware identifier string of the above-mentioned developer test terminal that comprises in developer's certificate as first hardware identifier string in the present embodiment;
7) signature mechanism of certificate sign also is the sign of developer community;
8) certificate profile is used to detect developer's certificate.
The PKI of developer's certificate correspondence is stored in developer's certificate.The private key of developer's certificate correspondence is stored in the safe storage place of application and development terminal, and can store in the mode of encrypting.The application and development terminal provides the method and the facility of the private key of safe storage and visit developer certificate correspondence.
Step 105, the developer community service system signature developer certificate that asks for an autograph.
Step 106, the signature service system is signed to developer's certificate, and the developer's certificate after will signing feeds back to developer community.
Wherein, the signature service system can be used developer community certificate and corresponding private key signature developer's certificate, also can use root certificate and corresponding private key signature developer's certificate.If PKI and private key by signature service system generation developer certificate correspondence then can feed back to developer community to described PKI and private key in the lump.
Concrete signature process can comprise: the certificate request information that the signature service system provides according to developer community generates developer's certificate A; As input source, (for example, SHA-1) summary of calculating developer certificate obtains the A that makes a summary to the signature service system by the digest algorithm of arranging the content of developer's certificate A; The signature service system uses the private key (the perhaps private key of root certificate correspondence) of developer community certificate correspondence to press the digest algorithm of arranging, and (for example, ECC) cryptographic digest A obtains the B that makes a summary; The signature service system obtains developer's certificate B to the place that summary B joins the agreement of developer's certificate A.At this moment, developer's certificate B promptly is the developer's certificate behind the signature.
Step 107, information such as the developer's certificate behind the developer community storage signature, developer's PKI.
If by the PKI and the private key of signature service system generation developer certificate correspondence, then developer community also needs to store described developer's private key.
Step 108, developer community feedback certificate request result is given the application and development terminal.
Particularly, if the registered and existing developer's certificate of developer, then developer's certificate request is refused by the developer community in step 104, and correspondingly certificate request result in this step then shows the certificate request failure; If successfully apply for certificate by step 105~107, then certificate request result in this step then shows the certificate request success.
Step 109, the certificate request result of application and development terminal storage developer community.
If developer community accepts developer's certificate request, then store information such as developer's certificate and corresponding public key and private key.
Step 110, the application and development terminal is fed back the application for registration result to the developer.
Particularly, if the certificate request success, then this application for registration result is the application for registration success; If the certificate request failure, then this application for registration result is the application for registration failure.
Shown in Fig. 4 A, above-mentioned steps 300 can specifically comprise the steps:
Particularly, can be by the signature strapping tool rule according to a preconcerted arrangement of application and development terminal, and information such as application software, ability file, developer's certificate, developer's private key, generate signature file.The content of signature file comprises at least:
1) the relevant content of developer's certificate: the coded system of the type of developer's certificate, developer's certificate, developer's certificate content, developer's certificate is as signing certificate;
2) the relevant content of developer community certificate: the coded system of the type of developer community certificate, developer community certificate, developer community certificate content, developer community certificate is as certificate trusty;
3) the relevant content of application software summary: coded system, sign and the clip Text of application software summary;
4) the relevant content of ability document: the coded system of ability document, sign and clip Text;
5) the relevant content of digest algorithm: the digest algorithm sign, the digest algorithm that uses in the signature file is identical;
6) the relevant content of signature file summary: coded system, the clip Text of signature file summary.
Signature file can use extend markup language, and (Extens ible Markup Language is called for short: XML) document format.In specific embodiment, can use the describing method in the following table, as follows:
1) signature file uses the XML document form, the UTF-8 coding;
2) certificate uses the X509 form, the BASE64 coding;
3) digest algorithm uses the WAPI-SHA1 algorithm, the BASE64 coding;
4) cryptographic algorithm of signature is used the ECC algorithm, BASE 64 codings.
Specific coding thes contents are as follows:
<?xml?version=″1.0″encoding=″utf-8″?>
<!--developer's certificate--〉
<SignCert?type=″x509″encoding=″base64″>......</SignCert>
<!--developer community certificate--〉
<TrustCert?type=″x509″encoding=″base64″>......</TrustCert>
<!--application software summary and ability document--〉
<Digests?encoding=″base64″>
<DigestValue?name=″application″>......</DigestValue>
<DigestValue?name=″menifest″>......</DigestValue>
</Digests>
<!--digest algorithm--〉
<Algorithm?name=″WAPI-SHA1″/>
<!--signature file summary--〉
<Signature?encoding=″base64″algorithm=”ECC ”
>......</Signature>
</Signed>
Step 320 generates the test installation kit according to described signature file.
Particularly, the signature strapping tool of application and development terminal becomes a file to application software, ability file, signature file by the principle combinations of agreement, and the file of combination is called application software package, when test, is also referred to as the test installation kit.This test can be followed successively by with the data of installation kit storage: application of software data bag, ability file data bag, signature file packet, application of software data bag index, ability file data bag index, signature file packet index, index quantity, version number.
The data format that installation kit is used in the test that the packing back forms is shown in Fig. 5 A, and its corresponding indexed format is shown in Fig. 5 B.This data format both had been applicable to the packing application software, also was applicable to packing authorization file.
Shown in Fig. 5 A, after data were packaged, the overall data bag was divided into four parts: data field, index area, index quantity and version number.Wherein: the data field is stored packet successively, for example, when the packing application software, data area stores application of software data, ability file data, signature file data.These data can be compressed, and also can not compress.Packet in the data field is order in no particular order; The index area is stored the index information of packet in the data field successively, each index is made of 16 bytes, shown in Fig. 5 B, store the type (4 byte), packet of packet byte offsets (4 byte), the byte length (4 byte) of packet, reserve bytes (4 byte) successively apart from the file header of overall data bag.The type of packet can define according to service needed, and for example, packet can be application software, ability file, signature file, purchase information etc.; The number of the index that comprises in the index quantity storage overall data bag; The version number of version number's storage overall data bag.
Step 330 generates test authorization file according to described test with installation kit.
Particularly, can generate above-mentioned test authorization file by the test mandate instrument of application and development terminal.This test comprises at least with the content of authorization file:
1) the relevant content of developer's certificate: the coded system of the type of developer's certificate, developer's certificate, developer's certificate content, developer's certificate is as signing certificate;
2) the relevant content of digest of purchase information: coded system, sign and the clip Text of buying informative abstract;
3) the relevant content of digest algorithm: the digest algorithm sign, the digest algorithm that uses in the signature file is identical.
The authorization file can use the XML document form.In specific embodiment, can use the describing method in the following table, as follows:
1) the authorization file uses the XML document form, the UTF-8 coding;
2) certificate uses the X509 form, the BASE64 coding;
3) digest algorithm uses the WAPI-SHA1 algorithm, the BASE64 coding;
4) cryptographic algorithm of signature is used the ECC algorithm, the BASE64 coding.
Specific coding thes contents are as follows:
<?xml?version=″1.0″encoding=″utf-8″?>
<!--developer's certificate--〉
<SignCert?type=″x509″encoding=″base64″>......</SignCert>
<!--buying Information Signature--〉
<Digests?encoding=″base64″algorithm=”ECC”>
<DigestValue?name=″license″>......</DigestValue>
</Digests>
<!--digest algorithm--〉
<Algorithm?name=″WAPI-SHA1″/>
</Signed>
Step 340 is given described developer test terminal with installation kit and described test with the authorization file transfer with described test.
Particularly, can be transferred to the developer test terminal by modes such as pushing or duplicate.
Step 350 after the legitimacy and validity of confirming described authorization file, installs and tests described test installation kit on described developer test terminal.
Particularly, can engine be installed by the application of developer test terminal and described test be installed with installation kit and verify developer's certificate.Wherein, using engine is installed is by developer's signature by the judgement of the signing certificate in authorization file authorization file, still by other functional entity signature.The type that comprises certificate in the signing certificate.If signing certificate be can't help developer signature, do not think that then test is with installing.Test should be identical with the signing certificate in the installation kit signature file with signing certificate in the authorization file and test.In signing certificate, comprise the information of certificate issuance mechanism.Use the installation engine and verify described developer's certificate by the described mechanism of signing and issuing.Specifically can confirm the legitimacy and the validity of described authorization file by the signature in the checking developer certificate.
Shown in Fig. 4 B, above-mentioned steps 310 can comprise:
Specifically can by the digest algorithm of agreement, generate the application software summary the content of whole or certain applications software as input source.
Step 312 generates the summary of described application software respective capabilities file.
Specifically can be the content of whole or part ability file as input source, by the digest algorithm of agreement, generative capacity document.
Step 313 is calculated the signing messages of the summary of the summary of described application software and described ability file.
Specifically can be the summary of the summary of application software and ability file polyphone as input source, digest algorithm by agreement, generation signature file summary, then, cryptographic algorithm by agreement, use developer's encrypted private key signature file summary, and the summary after encrypting is made a summary as new signature file.In the controlled distribution system of whole application, the digest algorithm unanimity can be used the SHA-1 algorithm.In the controlled distribution system of whole application, the cryptographic algorithm unanimity can be used the ECC algorithm.
Step 314 generates signature file according to described signing messages.
Shown in Fig. 4 C, above-mentioned steps 330 can comprise:
Step 331 generates purchase information according to described test with installation kit.
Wherein, this purchase information also can be described as use information.
Step 332 by the digest algorithm and the summary cryptographic algorithm of agreement, generates the summary of the described purchase information after encrypting.
Particularly, according to the part or all of content of buying information as input source, digest algorithm by agreement, generate and buy informative abstract, then by the summary cryptographic algorithm of arranging, use developer's encrypted private key to buy informative abstract, and the summary of the purchase informative abstract after encrypting as the information of purchase.
Shown in Fig. 4 D, above-mentioned steps 350 can comprise:
Step 351 with isolating application software, ability file and signature file the installation kit, and finds corresponding installation kit sign from described test.
Wherein, checkout installation kit and the discrete testing content of installation kit, with aforementioned signature application software, and the process of packing application software is identical, but reversed in order.Described installation kit sign is generated by the application programming instrument of application and development terminal, can adopt overall user ID (GUI) mode to generate, to guarantee the installation kit unique mark.
Step 352 is searched corresponding test authorization file according to described installation kit sign.
Wherein, test can be placed on same catalogue with installation kit and test with the authorization file, and uses identical name, but has different extension name.Use and engine is installed when searching test with the authorization file, can be directly at the test authorization file of test with the directory search same name at installation kit place.
Step 353 is checked with the authorization file described test, and is identical with signing certificate in the described signature file and when being developer's certificate with the signing certificate in the authorization file when this test, then continues execution in step 354; Otherwise execution in step 357.
Particularly, can check whether this test is complete with the authorization file, one make peace effectively, and whether legal.Wherein, check the method for this test with the authorization file, identical with this test of signature with the process of authorization file, but execution sequence is opposite.
Step 354 is isolated the first hardware identifier string from described developer's certificate, and obtains the second hardware identifier string of described developer test terminal.
Wherein, concrete obtaining step and similar process shown in Figure 3 repeat no more herein.
Step 355 judges whether described first hardware identifier string and the described second hardware identifier string mate, and when not matching, shows that then this test can not install with installation kit in this developer test terminal, causes installing failure, execution in step 357; Otherwise continue execution in step 356.
Step 356 is installed described application software and ability file.
Wherein, the concrete grammar that application software is installed is not done qualification herein.During the erectility file, ability file or its appearance be copied to the place of agreement.
Step 357 shows installation results.
If successful installation then shows the installation results that test is successful; If failure is installed, then show the installation results of test crash.
Fig. 6 is the structural representation of terminal application software dissemination system embodiment of the present invention, and this system can realize the described method of above-mentioned each method embodiment.As shown in the figure, this system comprises at least: application and development terminal 10, developer test terminal 20 and developer's community server 30, and its operation principle is as follows:
The developer uses by described application and development terminal 10 developer is registered the user who becomes developer community, and Application and Development software; By this step, can obtain developer's certificate and key, particularly, the developer can use application programming instrument editor, compiling, link and the Test Application software of application and development terminal 10, and uses application and development terminal editor and power of test file.
The developer is by the described application software of developer test terminal 20 tests.Particularly, the developer is before Test Application software on the developer test terminal, perhaps before developer community submits application software to, can generate the test installation kit to using the software packing earlier, then test is pushed to developer test terminal or developer community with installation kit.This test is with comprising application software, ability file and signature file in the installation kit.
After this, described developer also packs by 10 pairs of application software by described test of application and development terminal and submits to described developer's community server 30, preserves the described application software submitted to by application and development terminal 10 for user terminal downloads by this developer's community server 30.Thereby realize the distribution of terminal application software.
In addition, as shown in Figure 6, described system can further include signature service system 40; As shown in Figure 7, described application and development terminal 10 can specifically comprise: encrypting module 11, certificate request module 12, memory module 13 and feedback module 14 as a result; As shown in Figure 8, described developer's community server 30 comprises: certificate generation module 31 and certificate feedback module 32, and the operation principle of its registration process is described as follows:
After described application and development terminal 10 receives the application for registration that comes from the developer, encrypting module 11 cryptographic algorithm according to a preconcerted arrangement of application and development terminal 10 application information that Generates Certificate, the explanation of relevant certificate request information can repeat no more referring to the related description of above-mentioned steps 102 herein; Certificate request module 12 sends the certificate request that comprises described certificate request information to described developer's community server 30; Certificate generation module 31 in described developer's community server 30 reaches according to described certificate request information and the agreement of signature service system 40 generates developer's certificate, after becoming described developer's certificate of module 31 to sign by described signature service system 40 verification inteilectuals, feed back to described application and development terminal 10 by developer's certificate of certificate feedback module 32 after with described signature service system 40 signatures.
After this, 13 storages of the memory module of application and development terminal 10 come from developer's certificate of described developer's community server, and by feedback module 14 as a result to described developer's community server 30 feedback application for registration results, thereby the registration process of finishing.
As shown in Figure 9, described application and development terminal 10 can specifically comprise: signature file generation module 15, installation kit generation module 16, license file generation module 17 and transport module 18; As shown in figure 10, described developer test terminal 20 comprises: separation module 21, search module 22, check module 23, identification string processing module 24, judge module 25 and installed module 26.The test process of using software is described as follows:
Signature file generation module 15 in the application and development terminal 10 generates signature file according to described application software.Particularly, can be by the signature strapping tool rule according to a preconcerted arrangement of application and development terminal, and information such as application software, ability file, developer's certificate, developer's private key, generate signature file.The content of relevant signature file can repeat no more referring to the related description of above-mentioned steps 310 herein.
The described signature file that installation kit generation module 16 generates according to signature file generation module 15 generates the test installation kit.Relevant this test can repeat no more with reference to the related description of above-mentioned steps 320 with installation kit herein.License file generation module 17 generates test authorization file according to the described test that the installation kit generation module generates with installation kit.Relevant this test can repeat no more with reference to the related description of above-mentioned steps 330 with the authorization file herein.
Transport module 18 is given described developer test terminal 20 with the described test that installation kit and license file generation module 17 generate with the authorization file transfer with the described test that installation kit generation module 16 generates.
After this, separation module 21 in this developer test terminal 20 from described test with isolating application software, ability file and signature file the installation kit, and find corresponding installation kit to identify, wherein, checkout is used the content of installation kit with installation kit and discrete testing, with aforementioned signature application software, and the process of packing application software is identical, but reversed in order.Described installation kit sign is generated by the application programming instrument of application and development terminal, can adopt overall user ID (GUI) mode to generate, to guarantee the installation kit unique mark.
Search module 22 and search corresponding test authorization file according to separation module 21 isolated described installation kit signs.Wherein, test can be placed on same catalogue with installation kit and test with the authorization file, and uses identical name, but has different extension name.Use and engine is installed when searching test with the authorization file, can be directly at the test authorization file of test with the directory search same name at installation kit place.
23 pairs of described tests of inspection module are checked with the authorization file; Check out that when checking module 23 described test is identical with signing certificate in the described signature file and when being developer's certificate with the signing certificate in the authorization file, from described developer's certificate, isolate the first hardware identifier string by identification string processing module 24, and obtain the second hardware identifier string of described developer test terminal.Particularly, can check whether this test is complete with the authorization file, one make peace effectively, and whether legal.Wherein, check the method for this test with the authorization file, identical with this test of signature with the process of authorization file, but execution sequence is opposite.
The dissemination system of the described terminal application software of present embodiment need not to be defined in specific end product, has high generality and fail safe, can by operator build can manage, can run, the controlled distribution system of application software of safety; And this method just can be controlled the distribution of application software from the stage of developer's development﹠ testing application software, therefore has higher controllability.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (10)
1. terminal application software distribution method is characterized in that comprising:
Developer's registration is become the user of developer community by the application and development terminal;
By described application and development terminal development application software;
Test described application software by the developer test terminal;
By described application and development terminal to packing by the application software of test and submitting to described developer community.
2. method according to claim 1 is characterized in that describedly by the application and development terminal user that developer registration becomes developer community being comprised:
After described application and development terminal receives the application for registration that comes from the developer, the application information that Generates Certificate of cryptographic algorithm according to a preconcerted arrangement, and send the certificate request that comprises described certificate request information to developer community;
Described developer community generates developer's certificate according to described certificate request information and with the agreement of signature service system;
Described signature service system is signed to developer's certificate;
Developer's certificate after described developer community will sign feeds back to described application and development terminal;
The described developer's certificate of described application and development terminal storage and to described developer community feedback application for registration result.
3. method according to claim 1 is characterized in that describedly testing described application software by the developer test terminal and comprising:
Described application and development terminal generates signature file according to described application software;
Generate the test installation kit according to described signature file;
Generate test authorization file according to described test with installation kit;
Give described developer test terminal with installation kit and described test with the authorization file transfer with described test;
After the legitimacy and validity of confirming described authorization file, on described developer test terminal, install and test described test installation kit.
4. method according to claim 3 is characterized in that described application and development terminal generates signature file according to described application software and comprises:
Generate the summary of described application software;
Generate the summary of described application software respective capabilities file;
Calculate the signing messages of the summary of the summary of described application software and described ability file;
Generate signature file according to described signing messages.
5. method according to claim 3 is characterized in that described the test with the installation kit generation according to described test comprises with the authorization file:
Generate purchase information according to described test with installation kit;
By the digest algorithm and the summary cryptographic algorithm of agreement, generate the summary of the described purchase information after encrypting;
Summary according to described purchase information generates described test authorization file by the rule of arranging.
6. method according to claim 3, it is characterized in that described on described developer test terminal, install and test described test comprise with installation kit:
With isolating application software, ability file and signature file the installation kit, and find corresponding installation kit sign from described test;
Search corresponding test authorization file according to described installation kit sign;
Described test is checked with the authorization file, when this test identical with signing certificate in the described signature file and when being developer's certificate with the signing certificate in the authorization file, from described developer's certificate, isolate the first hardware identifier string, and obtain the second hardware identifier string of described developer test terminal;
Judge whether described first hardware identifier string and the described second hardware identifier string mate, when coupling, described application software and ability file are installed.
7. a terminal application software dissemination system is characterized in that comprising application and development terminal, developer test terminal and developer's community server, wherein:
Described application and development terminal is used for developer's registration is become the user of developer community, and Application and Development software;
Described developer test terminal is used to test described application software;
Described application and development terminal also is used for packing by the application software of described test and submitting to described developer's community server;
Described developer's community server is used to preserve the described application software submitted to by the application and development terminal for download.
8. system according to claim 7 is characterized in that described system also comprises the signature service system, wherein:
Described application and development terminal comprises:
Encrypting module is used for after described application and development terminal receives the application for registration that comes from the developer, the application information that Generates Certificate of cryptographic algorithm according to a preconcerted arrangement;
The certificate request module is used for sending the certificate request that comprises described certificate request information to described developer's community server;
Memory module is used to store the developer's certificate that comes from described developer's community server;
Feedback module is used for to described developer's community server feedback application for registration result as a result;
Described developer's community server comprises:
The certificate generation module is used for generating developer's certificate according to described certificate request information and with the agreement of signature service system;
The certificate feedback module is used for the developer's certificate behind the described signature service system signature is fed back to described application and development terminal;
Described signature service system is used to verify the inteilectual and becomes described developer's certificate of module generation to sign.
9. system according to claim 7 is characterized in that described application and development terminal comprises:
The signature file generation module is used for generating signature file according to described application software;
The installation kit generation module is used for generating the test installation kit according to the described signature file that the signature file generation module generates;
The license file generation module, the described test that is used for generating according to the installation kit generation module generates test authorization file with installation kit;
Transport module, the described test that is used for the installation kit generation module is generated is given described developer test terminal with the described test that installation kit and license file generation module generate with the authorization file transfer.
10. system according to claim 9 is characterized in that described developer test terminal comprises:
Separation module is used for isolating application software, ability file and signature file from described test with installation kit, and finds corresponding installation kit sign;
Search module, be used for searching corresponding test authorization file according to the isolated described installation kit sign of separation module;
Check module, be used for described test is checked with the authorization file;
The identification string processing module, be used for when checking that module check goes out described test identical with signing certificate in the described signature file and when being developer's certificate with the signing certificate of authorization file, from described developer's certificate, isolate the first hardware identifier string, and obtain the second hardware identifier string of described developer test terminal;
Judge module is used to judge whether described first hardware identifier string and the described second hardware identifier string mate;
Installed module when being used for judge module and judging the described first hardware identifier string and described second hardware identifier string coupling, is installed described application software and ability file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010542441 CN102065077B (en) | 2010-11-11 | 2010-11-11 | Method and system for distributing application software to terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010542441 CN102065077B (en) | 2010-11-11 | 2010-11-11 | Method and system for distributing application software to terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102065077A true CN102065077A (en) | 2011-05-18 |
| CN102065077B CN102065077B (en) | 2013-12-18 |
Family
ID=44000178
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010542441 Active CN102065077B (en) | 2010-11-11 | 2010-11-11 | Method and system for distributing application software to terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102065077B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102271130A (en) * | 2011-07-22 | 2011-12-07 | 四川长虹电器股份有限公司 | Method for safely delivering and distributing software |
| CN102546604A (en) * | 2011-12-22 | 2012-07-04 | 四川长虹电器股份有限公司 | Security control method of intelligent television application program |
| CN103106140A (en) * | 2013-01-24 | 2013-05-15 | Tcl集团股份有限公司 | Intelligent display device testing information display method |
| CN103198250A (en) * | 2013-03-11 | 2013-07-10 | 青岛海信传媒网络技术有限公司 | Method for auditing applications of intelligent television |
| CN103207943A (en) * | 2012-01-11 | 2013-07-17 | 磨相软件公司 | Platform system based on network |
| CN103235906A (en) * | 2013-03-27 | 2013-08-07 | 广东欧珀移动通信有限公司 | Method and device for encrypting and decrypting application program |
| CN104063668A (en) * | 2013-03-21 | 2014-09-24 | 深圳富泰宏精密工业有限公司 | Application installation package signing system and method |
| CN105487908A (en) * | 2015-12-22 | 2016-04-13 | 中软信息系统工程有限公司 | Secure application software ecological service method |
| CN107864038A (en) * | 2017-10-25 | 2018-03-30 | 中国平安人寿保险股份有限公司 | Certificate management method, device, equipment and computer-readable recording medium |
| CN109309645A (en) * | 2017-07-26 | 2019-02-05 | 中国人民解放军装备学院 | A kind of software distribution security guard method |
| CN110865802A (en) * | 2019-11-28 | 2020-03-06 | 山东浪潮商用系统有限公司 | Tax interface rapid development method based on micro-service architecture |
| CN111046376A (en) * | 2018-10-11 | 2020-04-21 | 中国人民解放军战略支援部队航天工程大学 | Distribution auditing method and device based on installation package |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2000065763A2 (en) * | 1999-04-26 | 2000-11-02 | Dodots, Inc. | Apparatus and method for delivering internet content |
| US6226784B1 (en) * | 1998-10-14 | 2001-05-01 | Mci Communications Corporation | Reliable and repeatable process for specifying developing distributing and monitoring a software system in a dynamic environment |
| CN101339595A (en) * | 2008-05-20 | 2009-01-07 | 北京深思洛克数据保护中心 | Device for operation by using permission control software |
| CN101404053A (en) * | 2008-05-04 | 2009-04-08 | 北京深思洛克软件技术股份有限公司 | Method for preventing repeatedly issuing software permission |
| CN101789967A (en) * | 2010-01-12 | 2010-07-28 | 重庆大学 | Remote test service system based on electronic commerce and use method thereof |
-
2010
- 2010-11-11 CN CN 201010542441 patent/CN102065077B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6226784B1 (en) * | 1998-10-14 | 2001-05-01 | Mci Communications Corporation | Reliable and repeatable process for specifying developing distributing and monitoring a software system in a dynamic environment |
| WO2000065763A2 (en) * | 1999-04-26 | 2000-11-02 | Dodots, Inc. | Apparatus and method for delivering internet content |
| CN101404053A (en) * | 2008-05-04 | 2009-04-08 | 北京深思洛克软件技术股份有限公司 | Method for preventing repeatedly issuing software permission |
| CN101339595A (en) * | 2008-05-20 | 2009-01-07 | 北京深思洛克数据保护中心 | Device for operation by using permission control software |
| CN101789967A (en) * | 2010-01-12 | 2010-07-28 | 重庆大学 | Remote test service system based on electronic commerce and use method thereof |
Non-Patent Citations (3)
| Title |
|---|
| 孙青,蒋伟,陈波: "《代码签名技术及应用探讨》", 《电脑编程技巧与维护》 * |
| 康金辉: "《基于数字校园网的客户端软件分发方法》", 《陕西理工学院学报(自然科学版)》 * |
| 黄君毅: "《基于PKI/CA架构的加密签名系统设计与实现》", 《万方数据-中山大学硕士学位论文》 * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102271130A (en) * | 2011-07-22 | 2011-12-07 | 四川长虹电器股份有限公司 | Method for safely delivering and distributing software |
| CN102271130B (en) * | 2011-07-22 | 2014-09-10 | 四川长虹电器股份有限公司 | Method for safely delivering and distributing software |
| CN102546604A (en) * | 2011-12-22 | 2012-07-04 | 四川长虹电器股份有限公司 | Security control method of intelligent television application program |
| CN102546604B (en) * | 2011-12-22 | 2014-12-24 | 四川长虹电器股份有限公司 | Security control method of intelligent television application program |
| CN103207943A (en) * | 2012-01-11 | 2013-07-17 | 磨相软件公司 | Platform system based on network |
| CN103106140A (en) * | 2013-01-24 | 2013-05-15 | Tcl集团股份有限公司 | Intelligent display device testing information display method |
| CN103198250A (en) * | 2013-03-11 | 2013-07-10 | 青岛海信传媒网络技术有限公司 | Method for auditing applications of intelligent television |
| CN104063668A (en) * | 2013-03-21 | 2014-09-24 | 深圳富泰宏精密工业有限公司 | Application installation package signing system and method |
| CN104063668B (en) * | 2013-03-21 | 2018-07-27 | 深圳富泰宏精密工业有限公司 | Program installation kit signature system and method |
| CN103235906A (en) * | 2013-03-27 | 2013-08-07 | 广东欧珀移动通信有限公司 | Method and device for encrypting and decrypting application program |
| CN105487908A (en) * | 2015-12-22 | 2016-04-13 | 中软信息系统工程有限公司 | Secure application software ecological service method |
| CN105487908B (en) * | 2015-12-22 | 2020-05-19 | 中软信息系统工程有限公司 | Safe application software ecological service method |
| CN109309645A (en) * | 2017-07-26 | 2019-02-05 | 中国人民解放军装备学院 | A kind of software distribution security guard method |
| CN107864038A (en) * | 2017-10-25 | 2018-03-30 | 中国平安人寿保险股份有限公司 | Certificate management method, device, equipment and computer-readable recording medium |
| CN111046376A (en) * | 2018-10-11 | 2020-04-21 | 中国人民解放军战略支援部队航天工程大学 | Distribution auditing method and device based on installation package |
| CN111046376B (en) * | 2018-10-11 | 2022-05-17 | 中国人民解放军战略支援部队航天工程大学 | Distribution auditing method and device based on installation package |
| CN110865802A (en) * | 2019-11-28 | 2020-03-06 | 山东浪潮商用系统有限公司 | Tax interface rapid development method based on micro-service architecture |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102065077B (en) | 2013-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102065077B (en) | Method and system for distributing application software to terminal | |
| CN102035653B (en) | Controllable distributing method and system used in software examining and verifying stage | |
| CN102024127B (en) | Control platform, user terminal, distribution system and method of application software | |
| CN108197891B (en) | Electronic signing device and method based on block chain | |
| JP4681554B2 (en) | How to use reliable hardware-based identity credentials in runtime package signing for secure mobile communications and expensive transaction execution | |
| KR101740256B1 (en) | Apparatus for mobile app integrity assurance and method thereof | |
| US20100257370A1 (en) | Apparatus And Method for Supporting Content Exchange Between Different DRM Domains | |
| CN102171652A (en) | Method for provisioning trusted software to an electronic device | |
| CN104426658B (en) | The method and device of authentication is carried out to the application on mobile terminal | |
| CN102024107A (en) | Application software control platform, developer terminal as well as application software distribution system and method | |
| JP2008517519A (en) | Method and system for content exchange between different digital rights management domains | |
| JP7235930B2 (en) | Methods and apparatus, electronic devices, storage media and computer programs for processing data requests | |
| US8578170B2 (en) | Bundle verification | |
| WO2011130713A1 (en) | Online secure device provisioning with updated offline identity data generation and offline device binding | |
| CN106936588B (en) | Hosting method, device and system of hardware control lock | |
| KR101523309B1 (en) | A system and method for distributing application | |
| WO2003003329A1 (en) | Data originality validating method and system | |
| CN103179176A (en) | Call method, device and system for web application in cloud/cluster environment | |
| CN114282193A (en) | Application authorization method, device, equipment and storage medium | |
| CN115796871A (en) | Resource data processing method and device based on block chain and server | |
| CN111210217A (en) | Data processing method, device and storage medium | |
| KR101858562B1 (en) | Security system for selling and using e-training contents | |
| CN115409511B (en) | Personal information protection system based on block chain | |
| CN111050326B (en) | Block chain-based short message verification method, device, equipment and medium | |
| CN105743651A (en) | Method and apparatus for utilizing card application in chip security domain, and application terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |