CN103905207A - Method and system for unifying APK signature - Google Patents
Method and system for unifying APK signature Download PDFInfo
- Publication number
- CN103905207A CN103905207A CN201410165104.8A CN201410165104A CN103905207A CN 103905207 A CN103905207 A CN 103905207A CN 201410165104 A CN201410165104 A CN 201410165104A CN 103905207 A CN103905207 A CN 103905207A
- Authority
- CN
- China
- Prior art keywords
- acquirer
- file
- signature
- signed
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000012795 verification Methods 0.000 claims description 7
- 238000012856 packing Methods 0.000 claims description 6
- 238000005498 polishing Methods 0.000 claims description 4
- 238000009434 installation Methods 0.000 abstract description 3
- 238000012423 maintenance Methods 0.000 description 7
- 238000001629 sign test Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 239000000203 mixture Substances 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Abstract
The invention discloses a method and a system for unifying an APK signature. The method comprises the steps that an acquirer generates a first public and private key pair and a second public and private key pair, and a first private key performs signature operation on a second public key to generate an acquirer work public key certificate; a first public key is distributed to terminal devices to generate respective acquirer root public key certificates to be preinstalled in the terminal devices; the acquirer generates acquirer signature information according to a signed source file and the acquirer work public key certificate, calculation is performed on the signed source file and the acquirer signature information to generate a hash value which is filled to generate a signed file, a second private key encrypts the signed file to generate acquirer signature data, and the signed APK file is downloaded to the terminal devices; the terminal devices verify validity of the acquirer work public key certificate through the acquirer root public key certificates, extract the acquirer signature data decrypted by the second public key to obtain a hash value, perform calculation to verify the hash value and judge whether the hash value is equal to the verified hash value, and if the hash value is equal to the verified hash value, installation and operation of an original APK are allowed.
Description
Technical field
The present invention relates to APK signature authentication field, relate in particular to a kind of method and system thereof of the APK of unification signature.
background technology-
(BANK Card) is more and more universal as the means of payment for bank card, common bank card paying system comprises point of sales terminal (Point Of Sale, POS), POS receives single system (POSP), code keypad (PIN PAD) and hardware encipher machine (Hardware and Security Module, HSM).Wherein POS terminal can be accepted bank card information, has communication function, and the instruction of accepting teller completes financial transaction information and the equipment of exchange for information about; POS receives single system POS terminal is managed concentratedly, comprises parameter downloads, and key is downloaded, and accepts, processes or forward the transaction request of POS terminal, and to POS terminal loopback transaction results information, is the system of centralized management and trading processing; The program of receiving on the POS in single system is downloaded and upgraded by acquirer.Due to the versatility of Android system, acquirer starts to purchase the POS terminal equipment of Android system.Android system installation procedure bag is called APK, the abbreviation of AndroidPackage.
But manufacturer is a lot of due to POS terminal equipment, each manufacturer is the fail safe that improves POS terminal equipment, all can be to downloading and installing or allow the program in POS to carry out signature verification, and only have legal signature procedure just to allow to install or operation.And due to manufacturer's realization mechanism difference, cause the APK that can download and install the Android of different vendor system POS terminal originally, file format after signature is all inconsistent, cause the Android system POS terminal equipment of acquirer buying different vendor, need to safeguard different APK signature instrument simultaneously and same APK be safeguarded to the signature file of different editions, bring loaded down with trivial details maintenance work and great maintenance cost to acquirer, therefore be necessary to propose a kind of scheme of the APK of unification signature, reduce the maintenance cost of acquirer to APK signature.
Summary of the invention
The object of the present invention is to provide a kind of signature of the Android system terminal equipment that facilitates acquirer unified management different vendor, a kind of method and system thereof of unifying APK signature of reduction maintenance cost.
For achieving the above object, the technical scheme that the present invention adopts is:
A method of unifying APK signature, comprising:
Acquirer signature server calls encryption device and generates the first public private key pair and the second public private key pair, acquirer signature server uses the first private key to carry out signature operation to the second PKI and generates acquirer work public key certificate, the first PKI is distributed to the CA server of different vendor;
The signature server of acquirer generates acquirer signing messages according to signed source file and acquirer work public key certificate, then signed source file and acquirer signing messages are calculated to generation cryptographic Hash, cryptographic Hash is filled and generated signed file, use the second private key to be encrypted and to generate acquirer signed data signed file; Provide the terminal equipment of different vendor to download the APK file of signing that comprises signed source file, acquirer signing messages, acquirer signed data and acquirer work public key certificate, wherein, signed source file comprises original APK file;
The CA server of different vendor uses the first PKI to generate after acquirer root public key certificate according to certificates constructing mechanism separately, and described acquirer root public key certificate is contained in manufacturer's terminal equipment separately in advance;
When signed APK file described in terminal equipment download, from the APK file of signing, extract acquirer work public key certificate, terminal equipment uses the legitimacy that is stored in the acquirer root public key certification authentication acquirer work public key certificate in terminal equipment, after the legitimate verification of work public key certificate passes through, terminal equipment uses acquirer work public key certificate to extract the second PKI, use the second PKI deciphering acquirer signed data, after successful decryption, obtain cryptographic Hash, terminal equipment is by calculating generation checking cryptographic Hash to signed source file and acquirer signing messages, terminal equipment judges whether described cryptographic Hash equates with checking cryptographic Hash, if equal allow original APK file to install and operation.
Another technical solution used in the present invention is:
A system of unifying APK signature, comprises acquirer server and terminal equipment server, and described acquirer server comprises the first signature blocks, key distribution module, the second signature blocks, the first computing module and the first encrypting module;
Described the first signature blocks, generates the first public private key pair and the second public private key pair for the encryption device of acquirer, and the signature server of acquirer uses the first private key to carry out signature operation to the second PKI and generates acquirer work public key certificate;
Described key distribution module, for being distributed to described the first PKI the CA server of different vendor;
Described the second signature blocks, generates acquirer signing messages for the signature server of acquirer according to signed source file and acquirer work public key certificate;
Described the first computing module, calculates generation cryptographic Hash for the signature server of acquirer to signed source file and acquirer signing messages, and cryptographic Hash is filled and generated signed file;
Described the first encrypting module: use the second private key to be encrypted and to generate acquirer signed data signed file for acquirer; Provide the terminal equipment of different vendor to download the APK file of signing that comprises signed source file, acquirer signing messages, acquirer signed data and acquirer work public key certificate, wherein, signed source file comprises original APK file;
Described terminal equipment server comprises the second encrypting module, signature file acquisition module, the first deciphering module, the second deciphering module and the 3rd deciphering module;
Described the second encrypting module, generates the first PKI after different acquirer root public key certificates according to mechanism separately for the CA server of different vendor, and described acquirer root public key certificate is contained in the terminal equipment of manufacturer in advance;
Described signature file acquisition module, for being downloaded to the APK file of signing that comprises signed source file, acquirer signing messages, acquirer signed data and acquirer work public key certificate on the terminal equipment of different vendor;
Described the first deciphering module, extract acquirer work public key certificate for terminal equipment from the APK file of signing, terminal equipment uses and is stored in the legitimacy of the acquirer root public key certification authentication acquirer work public key certificate in terminal equipment, when the legitimate verification of acquirer work public key certificate by after be sent to described the second deciphering module;
Described the second deciphering module, uses acquirer work public key certificate to extract the second PKI for terminal equipment, uses the second PKI deciphering acquirer signed data, obtains cryptographic Hash after successful decryption;
Described the 3rd deciphering module, pass through signed source file and acquirer signing messages to calculate generation checking cryptographic Hash for terminal equipment, terminal equipment judges that whether described cryptographic Hash equates with checking cryptographic Hash, allows original APK file to install and operation if equate.
By the present invention, realize acquirer as long as generate an APK file through unified signature, just can download on different terminal equipments by the sign test mechanism of terminal equipment, in integrality and APK legitimacy at the APK file that guarantees to have signed in data transmission procedure data, acquirer also only needs to safeguard a file of having signed and a set of signature sign test mechanism for the terminal equipment of different vendor, has greatly reduced the maintenance cost of acquirer for APK signature.
Accompanying drawing explanation
Fig. 1 is the execution FB(flow block) of a kind of method of the APK of unification signature in an embodiment of the present invention;
Fig. 2 is the composition diagram of a kind of APK of unification signature system in an embodiment of the present invention;
Fig. 3 is the composition diagram of terminal equipment server in a kind of APK of unification signature system in an embodiment of the present invention.
Main element symbol description:
1, the first signature blocks; 2, key distribution module; 3, the second signature blocks;
4, the first computing module; 5, the first encrypting module; 6, the second encrypting module;
7, signature file acquisition module; 8, the first deciphering module; 9, the second deciphering module;
10, the 3rd deciphering module; 11, packing module; 12, the first memory module;
13, the second memory module.
Embodiment
The present invention generates the terminal equipment that can download to different vendor after the APK file of unified signature by acquirer, terminal equipment utilizes the PKI of the unified distribution of acquirer to carry out sign test separately, guarantee to have signed APK file in the integrality and APK legitimacy of data transmission procedure, acquirer also only needs to safeguard a file of having signed and a set of signature realization mechanism for the terminal equipment of different vendor, has greatly reduced the maintenance cost of acquirer for APK signature.
By describing technology contents of the present invention, structural feature in detail, being realized object and effect, below in conjunction with execution mode and coordinate accompanying drawing to be explained in detail.
Referring to Fig. 1, is the FB(flow block) of a kind of method of the APK of unification signature in an embodiment of the present invention.This is unified APK endorsement method and applies in acquirer and terminal equipment, and the method comprises as follows:
Step S1: acquirer signature server calls encryption device and generates the first public private key pair and the second public private key pair, acquirer signature server uses the first private key to carry out signature operation to the second PKI and generates acquirer work public key certificate, the first PKI is distributed to the CA server of different vendor;
Step S2: the signature server of acquirer generates acquirer signing messages according to signed source file and acquirer work public key certificate, then signed source file and acquirer signing messages are calculated to generation cryptographic Hash, cryptographic Hash is filled and generated signed file, use the second private key to be encrypted and to generate acquirer signed data signed file; Provide the terminal equipment of different vendor to download the APK file of signing that comprises signed source file, acquirer signing messages, acquirer signed data and acquirer work public key certificate, wherein, signed source file comprises original APK file;
Step S3: the CA server of different vendor uses the first PKI to generate after acquirer root public key certificate according to certificates constructing mechanism separately, and described acquirer root public key certificate is contained in manufacturer's terminal equipment separately in advance;
Step S4: while having signed APK file described in terminal equipment download, from the APK file of signing, extract acquirer work public key certificate, terminal equipment uses the legitimacy that is stored in the acquirer root public key certification authentication acquirer work public key certificate in terminal equipment, after the legitimate verification of work public key certificate passes through, terminal equipment uses acquirer work public key certificate to extract the second PKI, use the second PKI deciphering acquirer signed data, after successful decryption, obtain cryptographic Hash, terminal equipment is by calculating generation checking cryptographic Hash to signed source file and acquirer signing messages, terminal equipment judges whether described cryptographic Hash equates with checking cryptographic Hash, if equal allow original APK file to install and operation.
The CA server of different vendor described in this programme uses the first PKI to generate after acquirer root public key certificate according to certificates constructing algorithm separately, described acquirer root public key certificate is contained in the terminal equipment of manufacturer in advance, the acquirer root public key certificate that each manufacturer generates is different, for the APK of the signature file that sign test is received separately in the future.The described APK file of having signed is to need program to download and install when different vendor or verifying when equipment periodic self check, be verified the legal AP K file of rear permission installation and operation.
In this programme, the signature server of acquirer uses cryptographic Hash according to PKCS#1 signature standard obtaining signed file after filling, re-using the second private key is encrypted and generates acquirer signing messages signed file, by acquirer work public key certificate, acquirer signing messages, the signing messages of signature acquirer and signed source file APK form the APK file of having signed, then the APK file of having signed is downloaded to the terminal equipment of different vendor, cryptographic Hash is by acquirer signing messages and original APK file are carried out to computing generation,
Execution mode one:
On the basis of such scheme, also comprise, described " signature server of acquirer generates acquirer signing messages according to signed source file and acquirer work public key certificate " also comprises the generation step of described signed source file before, specifically comprises:
Acquirer signature server fills original APK end-of-file with 0x00 nybble polishing as signed source file.
In present embodiment, for guaranteeing that described original APK file makes it nybble alignment, by not enough position fill 0x00 at end-of-file, mend again afterwards 4 0x00, the end of guaranteeing signed source file is 0x00.
Execution mode two:
On the basis of such scheme, also comprise, described " acquirer signing messages " is for storing the algorithm and the signature time that comprise that No. ID of acquirer work public key certificate, signature are used;
Described " the APK file of having signed " also comprises signature file head and signed source file;
The storage of described signature file head comprises original APK file size, signed source file length, the skew of acquirer signing messages and length, for identifying skew and the length of the signed and signature file of this file.
In present embodiment, the optimal algorithm selection that the signature of storing in described signature mechanism signing messages uses is SHA-256 and RSA; The deviation post of described acquirer signing messages and the deflected length of signature file are all the deflected lengths that calculate from file beginning.
Refer to Fig. 2-Fig. 3, be respectively in the composition diagram of a kind of APK of unification signature system of the present invention and an embodiment of the present invention the composition diagram of terminal equipment server in a kind of APK of unification signature system.Another kind of technical scheme provided by the invention is:
A system of unifying APK signature, comprises acquirer server and terminal equipment server, and described acquirer server comprises the first signature blocks 1, key distribution module 2, the second signature blocks 3, the first computing module 4 and the first encrypting module 5;
Described the first signature blocks 1, generates the first public private key pair and the second public private key pair for the encryption device of acquirer, and the signature server of acquirer uses the first private key to carry out signature operation to the second PKI and generates acquirer work public key certificate;
Described key distribution module 2, for being distributed to described the first PKI the CA server of different vendor;
Described the second signature blocks 3, generates acquirer signing messages for the signature server of acquirer according to signed source file and acquirer work public key certificate;
Described the first computing module 4, calculates generation cryptographic Hash for the signature server of acquirer to signed source file and acquirer signing messages, and cryptographic Hash is filled and generated signed file;
Described the first encrypting module 5: use the second private key to be encrypted and to generate acquirer signed data signed file for acquirer; Provide the terminal equipment of different vendor to download the APK file of signing that comprises signed source file, acquirer signing messages, acquirer signed data and acquirer work public key certificate, wherein, signed source file comprises original APK file;
Described terminal equipment server comprises the second encrypting module 6, signature file acquisition module 7, the first deciphering module 8, the second deciphering module 9 and the 3rd deciphering module 10;
Described the second encrypting module 6, generates the first PKI after different acquirer root public key certificates according to mechanism separately for the CA server of different vendor, and described acquirer root public key certificate is contained in the terminal equipment of manufacturer in advance;
Described signature file acquisition module 7, for being downloaded to the APK file of signing that comprises signed source file, acquirer signing messages, acquirer signed data and acquirer work public key certificate on the terminal equipment of different vendor;
Described the first deciphering module 8, extract acquirer work public key certificate for terminal equipment from the APK file of signing, terminal equipment uses and is stored in the legitimacy of the acquirer root public key certification authentication acquirer work public key certificate in terminal equipment, when the legitimate verification of acquirer work public key certificate by after be sent to described the second deciphering module 9;
Described the second deciphering module 9, uses acquirer work public key certificate to extract the second PKI for terminal equipment, uses the second PKI deciphering acquirer signed data, obtains cryptographic Hash after successful decryption;
Described the 3rd deciphering module 10, pass through signed source file and acquirer signing messages to calculate generation checking cryptographic Hash for terminal equipment, terminal equipment judges that whether described cryptographic Hash equates with checking cryptographic Hash, allows original APK file to install and operation if equate.
Embodiment mono-:
On the basis of such scheme, also comprise, described acquirer server also comprises packing module 11;
Described packing module 11, fills original APK end-of-file with 0x00 nybble polishing for the signature server of acquirer, guarantee original APK end-of-file using after 0x00 ending as encrypted source file.
In present embodiment, packing module 11 is in order to guarantee the alignment of original APK end-of-file nybble, not enough position fill 0x00 at end-of-file, mend again afterwards 4 0x00, the end of guaranteeing signed source file is 0x00.
Embodiment bis-:
On the basis of such scheme, also comprise memory module, described memory module comprises the first memory module 12 and the second memory module 13;
Described the first memory module 12, the algorithm and the signature time that use for storing No. ID of acquirer work public key certificate of described acquirer signing messages, signature;
Described " the APK file of having signed " also comprises signature file head and signed source file;
Described the second memory module 13, for storing the deviation post that described signature file head comprises original APK file size, signed source file length, acquirer signing messages, acquirer signing messages, for identifying the deflected length of the signed and signature file of this file.
In present embodiment, the optimal algorithm selection that the signature of storing in described signature mechanism signing messages uses is SHA-256 and RSA; The deviation post of described acquirer signing messages and the deflected length of signature file are all the deflected lengths that calculate from file beginning.
A kind of method and system thereof of unifying APK signature provided by the invention, realize acquirer and only need generate an APK file through unified signature, just can download on different terminal equipments by the sign test mechanism of terminal equipment, guaranteeing that the APK file of having signed is when data transmission procedure data are put into integrality and APK legitimacy, acquirer also only needs to safeguard a file of having signed and a set of signature sign test mechanism for the terminal equipment of different vendor, has greatly reduced the maintenance cost of acquirer for APK signature.
The foregoing is only embodiments of the invention; not thereby limit the scope of the claims of the present invention; every equivalent structure or conversion of equivalent flow process that utilizes specification of the present invention and accompanying drawing content to do; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.
Claims (6)
1. a method of unifying APK signature, is characterized in that, comprising:
Acquirer signature server calls encryption device and generates the first public private key pair and the second public private key pair, acquirer signature server uses the first private key to carry out signature operation to the second PKI and generates acquirer work public key certificate, the first PKI is distributed to the CA server of different vendor;
The signature server of acquirer generates acquirer signing messages according to signed source file and acquirer work public key certificate, then signed source file and acquirer signing messages are calculated to generation cryptographic Hash, cryptographic Hash is filled and generated signed file, use the second private key to be encrypted and to generate acquirer signed data signed file; Provide the terminal equipment of different vendor to download the APK file of signing that comprises signed source file, acquirer signing messages, acquirer signed data and acquirer work public key certificate, wherein, signed source file comprises original APK file;
The CA server of different vendor uses the first PKI to generate after acquirer root public key certificate according to certificates constructing mechanism separately, and described acquirer root public key certificate is contained in manufacturer's terminal equipment separately in advance;
When signed APK file described in terminal equipment download, from the APK file of signing, extract acquirer work public key certificate, terminal equipment uses the legitimacy that is stored in the acquirer root public key certification authentication acquirer work public key certificate in terminal equipment, after the legitimate verification of work public key certificate passes through, terminal equipment uses acquirer work public key certificate to extract the second PKI, use the second PKI deciphering acquirer signed data, after successful decryption, obtain cryptographic Hash, terminal equipment is by calculating generation checking cryptographic Hash to signed source file and acquirer signing messages, terminal equipment judges whether described cryptographic Hash equates with checking cryptographic Hash, if equal allow original APK file to install and operation.
2. a kind of method of unifying APK signature according to claim 1, it is characterized in that, described " signature server of acquirer generates acquirer signing messages according to signed source file and acquirer work public key certificate " also comprises the generation step of described signed source file before, specifically comprises:
Acquirer signature server fills original APK end-of-file with 0x00 nybble polishing as signed source file.
3. a kind of method of unifying APK signature according to claim 1, is characterized in that, described " acquirer signing messages " is for storing the algorithm and the signature time that comprise that No. ID of acquirer work public key certificate, signature are used;
Described " the APK file of having signed " also comprises signature file head and signed source file;
The storage of described signature file head comprises the deviation post of original APK file size, signed source file length, acquirer signing messages, acquirer signing messages, for identifying the deflected length of the signed and signature file of this file.
4. unify the system of APK signature for one kind, it is characterized in that, comprise acquirer server and terminal equipment server, described acquirer server comprises the first signature blocks, key distribution module, the second signature blocks, the first computing module and the first encrypting module;
Described the first signature blocks, generates the first public private key pair and the second public private key pair for the encryption device of acquirer, and the signature server of acquirer uses the first private key to carry out signature operation to the second PKI and generates acquirer work public key certificate;
Described key distribution module, for being distributed to described the first PKI the CA server of different vendor;
Described the second signature blocks, generates acquirer signing messages for the signature server of acquirer according to signed source file and acquirer work public key certificate;
Described the first computing module, calculates generation cryptographic Hash for the signature server of acquirer to signed source file and acquirer signing messages, and cryptographic Hash is filled and generated signed file;
Described the first encrypting module: use the second private key to be encrypted and to generate acquirer signed data signed file for acquirer; Provide the terminal equipment of different vendor to download the APK file of signing that comprises signed source file, acquirer signing messages, acquirer signed data and acquirer work public key certificate, wherein, signed source file comprises original APK file;
Described terminal equipment server comprises the second encrypting module, signature file acquisition module, the first deciphering module, the second deciphering module and the 3rd deciphering module;
Described the second encrypting module, generates the first PKI after different acquirer root public key certificates according to mechanism separately for the CA server of different vendor, and described acquirer root public key certificate is contained in the terminal equipment of manufacturer in advance;
Described signature file acquisition module, for being downloaded to the APK file of signing that comprises signed source file, acquirer signing messages, acquirer signed data and acquirer work public key certificate on the terminal equipment of different vendor;
Described the first deciphering module, extract acquirer work public key certificate for terminal equipment from the APK file of signing, terminal equipment uses and is stored in the legitimacy of the acquirer root public key certification authentication acquirer work public key certificate in terminal equipment, when the legitimate verification of acquirer work public key certificate by after be sent to described the second deciphering module;
Described the second deciphering module, uses acquirer work public key certificate to extract the second PKI for terminal equipment, uses the second PKI deciphering acquirer signed data, obtains cryptographic Hash after successful decryption;
Described the 3rd deciphering module, pass through signed source file and acquirer signing messages to calculate generation checking cryptographic Hash for terminal equipment, terminal equipment judges that whether described cryptographic Hash equates with checking cryptographic Hash, allows original APK file to install and operation if equate.
5. a kind of system of unifying APK signature according to claim 4, is characterized in that, described acquirer server also comprises packing module;
Described packing module, fills original APK end-of-file with 0x00 nybble polishing for the signature server of acquirer, guarantee original APK end-of-file using after 0x00 ending as encrypted source file.
6. a kind of method of unifying APK signature according to claim 4, is characterized in that, also comprise memory module, described memory module comprises the first memory module and the second memory module;
Described the first memory module, the algorithm and the signature time that use for storing No. ID of acquirer work public key certificate of described acquirer signing messages, signature;
Described " the APK file of having signed " also comprises signature file head and signed source file;
Described the second memory module, for storing the deviation post that described signature file head comprises original APK file size, signed source file length, acquirer signing messages, acquirer signing messages, for identifying the deflected length of the signed and signature file of this file.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410165104.8A CN103905207B (en) | 2014-04-23 | 2014-04-23 | Method and system for unifying APK signature |
| PCT/CN2015/070254 WO2015161683A1 (en) | 2014-04-23 | 2015-01-07 | Unified apk signing method and system thereof |
| JP2016563849A JP6263644B2 (en) | 2014-04-23 | 2015-01-07 | Method and system for unifying APK signature |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410165104.8A CN103905207B (en) | 2014-04-23 | 2014-04-23 | Method and system for unifying APK signature |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103905207A true CN103905207A (en) | 2014-07-02 |
| CN103905207B CN103905207B (en) | 2017-02-01 |
Family
ID=50996364
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410165104.8A Active CN103905207B (en) | 2014-04-23 | 2014-04-23 | Method and system for unifying APK signature |
Country Status (3)
| Country | Link |
|---|---|
| JP (1) | JP6263644B2 (en) |
| CN (1) | CN103905207B (en) |
| WO (1) | WO2015161683A1 (en) |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015161682A1 (en) * | 2014-04-23 | 2015-10-29 | 福建联迪商用设备有限公司 | Multi-party authorized apk signing method and system |
| WO2015161683A1 (en) * | 2014-04-23 | 2015-10-29 | 福建联迪商用设备有限公司 | Unified apk signing method and system thereof |
| CN105391717A (en) * | 2015-11-13 | 2016-03-09 | 福建联迪商用设备有限公司 | APK signature authentication method and APK signature authentication system |
| CN105553672A (en) * | 2015-12-25 | 2016-05-04 | 北京握奇智能科技有限公司 | Electronic signature method and device |
| CN105743910A (en) * | 2016-03-30 | 2016-07-06 | 福建联迪商用设备有限公司 | Method and system for installing programs through digital signatures |
| CN106130718A (en) * | 2016-06-29 | 2016-11-16 | 谈建 | The signed data of a kind of digital record generates method and verification method |
| CN106569865A (en) * | 2016-11-14 | 2017-04-19 | 青岛海信移动通信技术股份有限公司 | Producing method and producing device for system upgrade file of terminal |
| CN106656513A (en) * | 2017-02-24 | 2017-05-10 | 福建魔方电子科技有限公司 | Secondary packaging signature verification method for APK files on Android platform |
| CN106910066A (en) * | 2017-01-22 | 2017-06-30 | 武汉慧通云信息科技有限公司 | A kind of payment encryption storage system and method based on block chain technology |
| CN106921497A (en) * | 2015-12-25 | 2017-07-04 | 北京握奇智能科技有限公司 | A kind of electric endorsement method and device |
| WO2017166561A1 (en) * | 2016-03-28 | 2017-10-05 | 福建联迪商用设备有限公司 | Method of downloading android apk and system thereof |
| CN107769924A (en) * | 2017-09-11 | 2018-03-06 | 福建新大陆支付技术有限公司 | Verify the method and system of POS APK signatures |
| CN108595969A (en) * | 2018-04-20 | 2018-09-28 | 浙江正泰仪器仪表有限责任公司 | A kind of signature and method of calibration, device of file |
| CN109670828A (en) * | 2018-12-06 | 2019-04-23 | 福建联迪商用设备有限公司 | A kind of application on-line signature method and system |
| CN109756340A (en) * | 2018-12-03 | 2019-05-14 | 深圳市新国都支付技术有限公司 | A kind of number sign test method, apparatus and storage medium |
| CN109948375A (en) * | 2019-03-21 | 2019-06-28 | 北京深思数盾科技股份有限公司 | A kind of verification method and encryption equipment of encryption lock |
| CN110661621A (en) * | 2018-06-28 | 2020-01-07 | 中车株洲电力机车研究所有限公司 | Mixed encryption and decryption method based on HMAC, AES and RSA |
| CN110880969A (en) * | 2019-10-18 | 2020-03-13 | 如般量子科技有限公司 | Method and system for generating QKD network authentication key based on alliance chain and implicit certificate |
| CN111787529A (en) * | 2020-07-17 | 2020-10-16 | 江苏海全科技有限公司 | Signature method and system suitable for Android intelligent POS machine application |
| US10873466B2 (en) | 2015-11-06 | 2020-12-22 | Huawei International Pte. Ltd. | System and method for managing installation of an application package requiring high-risk permission access |
| CN112328279A (en) * | 2020-11-02 | 2021-02-05 | 宁波和利时信息安全研究院有限公司 | System firmware file upgrading method, device and system |
| CN114499891A (en) * | 2022-03-21 | 2022-05-13 | 宁夏凯信特信息科技有限公司 | Signature server system and signature verification method |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200356694A1 (en) * | 2019-05-07 | 2020-11-12 | Qualcomm Incorporated | Architecture for device ownership, data provenance, governance and trade |
| CN112364308A (en) * | 2020-11-13 | 2021-02-12 | 四川长虹电器股份有限公司 | Online authorized android APK signature method and device |
| CN114666063B (en) * | 2022-03-21 | 2023-09-19 | 矩阵时光数字科技有限公司 | Digital asset tracing method based on traditional hash algorithm |
| CN117118759B (en) * | 2023-10-24 | 2024-01-30 | 四川省数字证书认证管理中心有限公司 | Method for reliable use of user control server terminal key |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938473A (en) * | 2010-08-24 | 2011-01-05 | 北京易恒信认证科技有限公司 | Single-point login system and single-point login method |
| CN102064939A (en) * | 2009-11-13 | 2011-05-18 | 福建联迪商用设备有限公司 | Method for authenticating point of sail (POS) file and method for maintaining authentication certificate |
| CN102087605A (en) * | 2011-01-28 | 2011-06-08 | 宇龙计算机通信科技(深圳)有限公司 | Android-based platform application installation control method and system |
| US8387141B1 (en) * | 2011-09-27 | 2013-02-26 | Green Head LLC | Smartphone security system |
| US20130166456A1 (en) * | 2010-09-07 | 2013-06-27 | Zte Corporation | System and Method for Remote Payment Based on Mobile Terminal |
| CN103684768A (en) * | 2012-09-10 | 2014-03-26 | 中国银联股份有限公司 | POS system and method for bidirectional authentication in POS system |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8989390B2 (en) * | 2005-12-12 | 2015-03-24 | Qualcomm Incorporated | Certify and split system and method for replacing cryptographic keys |
| JP2008136063A (en) * | 2006-11-29 | 2008-06-12 | Tadayuki Hattori | P2p network application software program for efficiently distributing literary work in information communication network while protecting copyright and the distribution technique thereof |
| EP2626803B1 (en) * | 2010-10-04 | 2017-07-05 | Panasonic Intellectual Property Management Co., Ltd. | Information processing device and method for preventing unauthorized application cooperation |
| CN102467789A (en) * | 2010-11-18 | 2012-05-23 | 卓望数码技术(深圳)有限公司 | Retail outlet account transfer operating system and transaction data encryption transmission method |
| JP5723760B2 (en) * | 2011-12-28 | 2015-05-27 | Kddi株式会社 | Application analysis apparatus, application analysis system, and program |
| CN102891843B (en) * | 2012-09-18 | 2015-04-29 | 北京深思洛克软件技术股份有限公司 | Method for authorizing application program at android client side through local service unit |
| CN103067401B (en) * | 2013-01-10 | 2015-07-01 | 天地融科技股份有限公司 | Method and system for key protection |
| CN103473500A (en) * | 2013-09-06 | 2013-12-25 | 成都三零瑞通移动通信有限公司 | APK (Android Package) signature verification method in Android system |
| CN103905207B (en) * | 2014-04-23 | 2017-02-01 | 福建联迪商用设备有限公司 | Method and system for unifying APK signature |
-
2014
- 2014-04-23 CN CN201410165104.8A patent/CN103905207B/en active Active
-
2015
- 2015-01-07 JP JP2016563849A patent/JP6263644B2/en active Active
- 2015-01-07 WO PCT/CN2015/070254 patent/WO2015161683A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102064939A (en) * | 2009-11-13 | 2011-05-18 | 福建联迪商用设备有限公司 | Method for authenticating point of sail (POS) file and method for maintaining authentication certificate |
| CN101938473A (en) * | 2010-08-24 | 2011-01-05 | 北京易恒信认证科技有限公司 | Single-point login system and single-point login method |
| US20130166456A1 (en) * | 2010-09-07 | 2013-06-27 | Zte Corporation | System and Method for Remote Payment Based on Mobile Terminal |
| CN102087605A (en) * | 2011-01-28 | 2011-06-08 | 宇龙计算机通信科技(深圳)有限公司 | Android-based platform application installation control method and system |
| US8387141B1 (en) * | 2011-09-27 | 2013-02-26 | Green Head LLC | Smartphone security system |
| CN103684768A (en) * | 2012-09-10 | 2014-03-26 | 中国银联股份有限公司 | POS system and method for bidirectional authentication in POS system |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015161683A1 (en) * | 2014-04-23 | 2015-10-29 | 福建联迪商用设备有限公司 | Unified apk signing method and system thereof |
| WO2015161682A1 (en) * | 2014-04-23 | 2015-10-29 | 福建联迪商用设备有限公司 | Multi-party authorized apk signing method and system |
| US10873466B2 (en) | 2015-11-06 | 2020-12-22 | Huawei International Pte. Ltd. | System and method for managing installation of an application package requiring high-risk permission access |
| US11637707B2 (en) | 2015-11-06 | 2023-04-25 | Huawei International Pte. Ltd. | System and method for managing installation of an application package requiring high-risk permission access |
| CN105391717A (en) * | 2015-11-13 | 2016-03-09 | 福建联迪商用设备有限公司 | APK signature authentication method and APK signature authentication system |
| CN105391717B (en) * | 2015-11-13 | 2019-01-04 | 福建联迪商用设备有限公司 | A kind of APK signature authentication method and its system |
| WO2017080262A1 (en) * | 2015-11-13 | 2017-05-18 | 福建联迪商用设备有限公司 | Apk signature verification method and system therefor |
| CN106921497A (en) * | 2015-12-25 | 2017-07-04 | 北京握奇智能科技有限公司 | A kind of electric endorsement method and device |
| CN105553672A (en) * | 2015-12-25 | 2016-05-04 | 北京握奇智能科技有限公司 | Electronic signature method and device |
| WO2017166561A1 (en) * | 2016-03-28 | 2017-10-05 | 福建联迪商用设备有限公司 | Method of downloading android apk and system thereof |
| CN105743910B (en) * | 2016-03-30 | 2019-01-04 | 福建联迪商用设备有限公司 | Pass through the method and system of digital signature installation procedure |
| CN105743910A (en) * | 2016-03-30 | 2016-07-06 | 福建联迪商用设备有限公司 | Method and system for installing programs through digital signatures |
| CN106130718B (en) * | 2016-06-29 | 2019-05-21 | 谈建 | A kind of the signed data generation method and verification method of digital record |
| CN106130718A (en) * | 2016-06-29 | 2016-11-16 | 谈建 | The signed data of a kind of digital record generates method and verification method |
| CN106569865B (en) * | 2016-11-14 | 2020-04-10 | 青岛海信移动通信技术股份有限公司 | Method and device for manufacturing system upgrade file of terminal |
| CN106569865A (en) * | 2016-11-14 | 2017-04-19 | 青岛海信移动通信技术股份有限公司 | Producing method and producing device for system upgrade file of terminal |
| CN106910066A (en) * | 2017-01-22 | 2017-06-30 | 武汉慧通云信息科技有限公司 | A kind of payment encryption storage system and method based on block chain technology |
| CN106656513A (en) * | 2017-02-24 | 2017-05-10 | 福建魔方电子科技有限公司 | Secondary packaging signature verification method for APK files on Android platform |
| CN106656513B (en) * | 2017-02-24 | 2019-09-13 | 福建魔方电子科技有限公司 | The secondary packing signature verification method of APK file on Android platform |
| CN107769924A (en) * | 2017-09-11 | 2018-03-06 | 福建新大陆支付技术有限公司 | Verify the method and system of POS APK signatures |
| CN108595969A (en) * | 2018-04-20 | 2018-09-28 | 浙江正泰仪器仪表有限责任公司 | A kind of signature and method of calibration, device of file |
| CN110661621A (en) * | 2018-06-28 | 2020-01-07 | 中车株洲电力机车研究所有限公司 | Mixed encryption and decryption method based on HMAC, AES and RSA |
| CN109756340A (en) * | 2018-12-03 | 2019-05-14 | 深圳市新国都支付技术有限公司 | A kind of number sign test method, apparatus and storage medium |
| CN109670828A (en) * | 2018-12-06 | 2019-04-23 | 福建联迪商用设备有限公司 | A kind of application on-line signature method and system |
| CN109670828B (en) * | 2018-12-06 | 2020-12-11 | 福建联迪商用设备有限公司 | Application online signature method and system |
| CN109948375A (en) * | 2019-03-21 | 2019-06-28 | 北京深思数盾科技股份有限公司 | A kind of verification method and encryption equipment of encryption lock |
| CN110880969A (en) * | 2019-10-18 | 2020-03-13 | 如般量子科技有限公司 | Method and system for generating QKD network authentication key based on alliance chain and implicit certificate |
| CN110880969B (en) * | 2019-10-18 | 2021-10-22 | 如般量子科技有限公司 | Method and system for generating QKD network authentication key based on alliance chain and implicit certificate |
| CN111787529A (en) * | 2020-07-17 | 2020-10-16 | 江苏海全科技有限公司 | Signature method and system suitable for Android intelligent POS machine application |
| CN111787529B (en) * | 2020-07-17 | 2021-06-29 | 江苏海全科技有限公司 | Signature method and system suitable for Android intelligent POS machine application |
| CN112328279A (en) * | 2020-11-02 | 2021-02-05 | 宁波和利时信息安全研究院有限公司 | System firmware file upgrading method, device and system |
| CN114499891A (en) * | 2022-03-21 | 2022-05-13 | 宁夏凯信特信息科技有限公司 | Signature server system and signature verification method |
Also Published As
| Publication number | Publication date |
|---|---|
| JP2017516134A (en) | 2017-06-15 |
| CN103905207B (en) | 2017-02-01 |
| WO2015161683A1 (en) | 2015-10-29 |
| JP6263644B2 (en) | 2018-01-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103905207A (en) | Method and system for unifying APK signature | |
| JP6263643B2 (en) | APK signing method and system for multiparty credit inquiry | |
| CN110532735B (en) | Firmware upgrading method | |
| CN106656488B (en) | Key downloading method and device for POS terminal | |
| CN107743067B (en) | Method, system, terminal and storage medium for issuing digital certificate | |
| CN103067401B (en) | Method and system for key protection | |
| CN107248075B (en) | Method and device for realizing bidirectional authentication and transaction of intelligent key equipment | |
| CN103078742B (en) | Generation method and system of digital certificate | |
| WO2017166561A1 (en) | Method of downloading android apk and system thereof | |
| CN103714637A (en) | Method and system for sending transmission key and operation terminal | |
| CN103269271A (en) | Method and system for back-upping private key in electronic signature token | |
| CN102624711B (en) | Sensitive information transmission method and sensitive information transmission system | |
| CN107104795B (en) | Method, framework and system for injecting RSA key pair and certificate | |
| CN102624710B (en) | Sensitive information transmission method and sensitive information transmission system | |
| KR20140039400A (en) | System for paying card of smart phone using key exchange with van server and method therefor | |
| CN102270285B (en) | Key authorization information management method and device | |
| CN116909603A (en) | Vehicle safety upgrading method and system | |
| CN112446782A (en) | Method for downloading initial key, computer equipment and storage medium | |
| CN108242997B (en) | Method and apparatus for secure communication | |
| WO2018119852A1 (en) | Method for mutual authentication between device and secure element | |
| CN117063174A (en) | Security module and method for inter-app trust through app-based identity | |
| US10225240B2 (en) | Method to protect a set of sensitive data associated to public data in a secured container | |
| WO2017016756A1 (en) | Method to secure an applicative function in a cloud-based virtual secure element implementation | |
| CN109698815B (en) | Embedded chip card, card application server and application data transmission system and method | |
| CN113139162A (en) | Software verification method, software and hardware binding method and programmable device thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Hong Yixuan Inventor after: Su Wenlong Inventor after: Meng Luqiang Inventor after: Chen Feifei Inventor after: Peng Botao Inventor after: Wu Xuan Inventor after: Chen Zhen Inventor before: Su Wenlong Inventor before: Meng Luqiang Inventor before: Chen Feifei Inventor before: Peng Botao Inventor before: Wu Xuan Inventor before: Chen Zhen |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: SU WENLONG MENG LUQIANG CHEN FEIFEI PENG BOTAO WU XUAN CHEN ZHEN TO: HONG YIXUAN SU WENLONG MENG LUQIANG CHEN FEIFEI PENG BOTAO WU XUAN CHEN ZHEN |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221102 Address after: Floor 3-4, Building 3A, Area A, Fuzhou Software Park, No. 89, Software Avenue, Gulou District, Fuzhou City, Fujian Province 350003 Patentee after: Fujian Liandi Commercial Technology Co.,Ltd. Address before: Building 23, Zone 1, Fuzhou Software Park, No. 89, Software Avenue, Fuzhou, 350,000, Fujian Patentee before: FUJIAN LANDI COMMERCIAL EQUIPMENT Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: Floor 3-4, Building 3A, Area A, Fuzhou Software Park, No. 89, Software Avenue, Gulou District, Fuzhou City, Fujian Province 350003 Patentee after: Yinjie Nico (Fujian) Technology Co.,Ltd. Address before: Floor 3-4, Building 3A, Area A, Fuzhou Software Park, No. 89, Software Avenue, Gulou District, Fuzhou City, Fujian Province 350003 Patentee before: Fujian Liandi Commercial Technology Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |