CN104298915A - Installation package tampering preventing method - Google Patents
Installation package tampering preventing method Download PDFInfo
- Publication number
- CN104298915A CN104298915A CN201410548501.3A CN201410548501A CN104298915A CN 104298915 A CN104298915 A CN 104298915A CN 201410548501 A CN201410548501 A CN 201410548501A CN 104298915 A CN104298915 A CN 104298915A
- Authority
- CN
- China
- Prior art keywords
- encryption
- signature
- application program
- digital signature
- installation kit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an installation package tampering preventing method. The method comprises obtaining the digital signatures of developers of an application, performing encryption to obtain original encrypted signatures, and integrating the original encrypted signatures into the application; when the application is started, automatically obtaining the digital signature of the application, performing encryption to obtain an application encrypted signature; comparing the consistency of the original encrypted signatures and the application encrypted signature and prompting a user to perform corresponding treatments. Therefore, the installation package tampering preventing method can automatically achieve detection of installation packages and timely prompt the user, thereby reducing malicious behaviors or security risks brought by malicious software, ensuring system security and reducing damage to the maximum degree.
Description
Technical field
The present invention relates to moving communicating field, particularly a kind of method preventing installation kit to be tampered.
Background technology
Present intelligent terminal is more and more universal, application software also gets more and more, when user needs downloading application software, usual meeting is downloaded in the third party market of intelligent terminal, because the supervision of Android application program is in the market not yet in place, in these third party markets, the security of application program detects and there is leak, the application program of user installation is caused to there is malicious act or security risk, such as: by mountain vallage or the mode malice such as to crack and bundle ad plug-in, or, in the unwitting situation of user, externally transmit the privacy information of client without permission, consume customer flow etc.Therefore need now a kind of method can effectively avoid user installation Malware, the malicious act that minimizing Malware brings or security risk, thus improve the security of system.
Summary of the invention
The present invention, for solving the problem, provides a kind of method that can effectively prevent installation kit to be tampered, thus avoids the flow consuming user, and improves the security of system.
For achieving the above object, the technical solution used in the present invention is:
Prevent the method that installation kit is tampered, it is characterized in that, comprise the following steps:
10. obtain the digital signature of application developer;
The digital signature of described developer is encrypted by 20., obtains original encryption signature;
Described original encryption signature is integrated in this application program by 30.;
The digital signature of this application program of automatic acquisition during 40. startup application program;
The digital signature of described application program is encrypted by 50., obtains program encryption signature;
Whether 60. comparison original encryption signatures sign consistent with program encryption, if inconsistent, then this application program is distorted by third party, and prompting user processes accordingly.
Preferably, obtain the digital signature of application developer in described step 10, after mainly acquisition application developer is registered in development platform, this development platform is provided to the unique signature digital certificate of developer.
Preferably, in described step 20, the digital signature of described developer is encrypted with described step 50 in the digital signature of described application program is encrypted, the encryption method of the two is identical.
Preferably, the encryption of described digital signature, is mainly encrypted the cryptographic hash of digital signature.
Preferably, in described step 60, whether comparison original encryption signature signs consistent with program encryption, and whether the cryptographic hash mainly after both comparisons encryption is identical.
Preferably, user in described step 60, is pointed out to process accordingly, mainly by forbidding that this application program uses all methods relevant to rate.
Preferably, in described step 60, point out user to process accordingly, mainly inform that its application program of installing of user is tampered by third party by ejecting prompting frame, and the download button of correct installation kit is provided.
The invention has the beneficial effects as follows:
A kind of method preventing installation kit to be tampered of the present invention, it is by obtaining the digital signature of application developer, and be encrypted obtain original encryption signature, and described original encryption signature is integrated in this application program, when starting application program, the digital signature of this application program of automatic acquisition, and be encrypted obtain program encryption signature, sign to the consistance that program encryption is signed finally by comparison original encryption and point out user to carry out corresponding process, thus automatically can carry out the detection of installation kit and notify user in time, the malicious act that minimizing Malware brings or security risk, ensure that the security of system, at utmost reduce infringement.
Accompanying drawing explanation
Accompanying drawing described herein is used to provide a further understanding of the present invention, forms a part of the present invention, and schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the general flow chart of a kind of method preventing installation kit to be tampered of the present invention.
Embodiment
In order to make technical matters to be solved by this invention, technical scheme and beneficial effect clearly, understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
As shown in Figure 1, a kind of method preventing installation kit to be tampered of the present invention, it comprises the following steps:
10. obtain the digital signature of application developer;
The digital signature of described developer is encrypted by 20., obtains original encryption signature;
Described original encryption signature is integrated in this application program by 30.;
The digital signature of this application program of automatic acquisition during 40. startup application program;
The digital signature of described application program is encrypted by 50., obtains program encryption signature;
Whether 60. comparison original encryption signatures sign consistent with program encryption, if inconsistent, then this application program is distorted by third party, and prompting user processes accordingly.
Obtain the digital signature of application developer in described step 10, after mainly acquisition application developer is registered in development platform, this development platform is provided to the unique signature digital certificate of developer, such as, in Android platform number of signature word certificate.
In described step 20, the digital signature of described developer is encrypted with described step 50 in the digital signature of described application program is encrypted, mainly the cryptographic hash of digital signature is encrypted, and the encryption method of the two is identical, and disclosed in this encryption method can be, also can be that developer is self-defining.In addition, the original encryption signature after encryption is integrated in this application program, can facilitate following and program encryption to sign and compare.
In described step 60, whether comparison original encryption signature signs consistent with program encryption, whether the cryptographic hash mainly after both comparisons encryption is identical, if identical, then represent that this application program is that normal installation kit is installed, if have inconsistent, then this application program is distorted by third party.If directly adopted here, the cryptographic hash of digital signature is compared, the person that is not then likely cracked revises, and be adjusted to the two unanimously, thus cause the insecurity of installation kit, therefore the present invention adopts comparison cryptographic hash, make can not be modified cryptographic hash in the transmitting procedure of installation kit between developer to user, really effectively ensure that the security of installation kit.
Further, if not identical, also prompting user processes accordingly further, such as: forbid that this application program uses all methods relevant to rate, comprise network communication, phone, note etc.; Or, inform that its application program of installing of user is tampered by third party by ejecting prompting frame, and the download button of correct installation kit is provided, when user clicks this button, then can start to download correct installation kit, fast very convenient, search correct installation kit voluntarily without the need to user, for user has saved the plenty of time.
A kind of method preventing installation kit to be tampered of the present invention, it utilizes the signature digital certificate authentication of installation kit to judge whether to be tampered, and original encryption signature is just integrated in application program when developing application by advance, and automatically detect this application program when being set in advance in application program launching and whether be tampered, if be tampered, all methods relevant to rate can be prohibitted the use and eject prompting frame prompting user and provide the button downloading correct installation kit to download for user, thus avoid the flow consuming user, reduce infringement.
Above-mentioned explanation illustrate and describes the preferred embodiments of the present invention, be to be understood that the present invention is not limited to the form disclosed by this paper, should not regard the eliminating to other embodiments as, and can be used for other combinations various, amendment and environment, and can in invention contemplated scope herein, changed by the technology of above-mentioned instruction or association area or knowledge.And the change that those skilled in the art carry out and change do not depart from the spirit and scope of the present invention, then all should in the protection domain of claims of the present invention.
Claims (7)
1. the method preventing installation kit to be tampered, is characterized in that, comprises the following steps:
10. obtain the digital signature of application developer;
The digital signature of described developer is encrypted by 20., obtains original encryption signature;
Described original encryption signature is integrated in this application program by 30.;
The digital signature of this application program of automatic acquisition during 40. startup application program;
The digital signature of described application program is encrypted by 50., obtains program encryption signature;
Whether 60. comparison original encryption signatures sign consistent with program encryption, if inconsistent, then this application program is distorted by third party, and prompting user processes accordingly.
2. a kind of method preventing installation kit to be tampered according to claim 1, it is characterized in that: the digital signature obtaining application developer in described step 10, after mainly acquisition application developer is registered in development platform, this development platform is provided to the unique signature digital certificate of developer.
3. a kind of method preventing installation kit to be tampered according to claim 1, it is characterized in that: in described step 20, the digital signature of described developer is encrypted with described step 50 in the digital signature of described application program is encrypted, the encryption method of the two is identical.
4. a kind of method preventing installation kit to be tampered according to claim 3, is characterized in that: the encryption of described digital signature, is mainly encrypted the cryptographic hash of digital signature.
5. a kind of method preventing installation kit to be tampered according to claim 4, is characterized in that: in described step 60, whether comparison original encryption signature signs consistent with program encryption, and whether the cryptographic hash mainly after both comparisons encryption is identical.
6. a kind of method preventing installation kit to be tampered according to claim 1, is characterized in that: point out user to process accordingly in described step 60, mainly by forbidding that this application program uses all methods relevant to rate.
7. a kind of method preventing installation kit to be tampered according to claim 1, it is characterized in that: in described step 60, point out user to process accordingly, mainly inform that its application program of installing of user is tampered by third party by ejecting prompting frame, and the download button of correct installation kit is provided.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410548501.3A CN104298915A (en) | 2014-10-16 | 2014-10-16 | Installation package tampering preventing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410548501.3A CN104298915A (en) | 2014-10-16 | 2014-10-16 | Installation package tampering preventing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104298915A true CN104298915A (en) | 2015-01-21 |
Family
ID=52318638
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410548501.3A Pending CN104298915A (en) | 2014-10-16 | 2014-10-16 | Installation package tampering preventing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104298915A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105320545A (en) * | 2015-11-27 | 2016-02-10 | 北京指掌易科技有限公司 | Method and device for supporting application software to inspect certificate of third-party software |
| CN106230777A (en) * | 2016-07-12 | 2016-12-14 | 珠海市魅族科技有限公司 | A kind of method preventing file to be cracked and terminal |
| CN106778086A (en) * | 2016-11-28 | 2017-05-31 | 北京小米移动软件有限公司 | theme packet processing method and device |
| CN106971105A (en) * | 2017-03-30 | 2017-07-21 | 电子科技大学 | A kind of application program based on iOS meets with the defence method of flank attack |
| CN107092505A (en) * | 2017-03-31 | 2017-08-25 | 努比亚技术有限公司 | The erecting device and method of a kind of application program, storage medium, terminal |
| CN108363580A (en) * | 2018-03-12 | 2018-08-03 | 平安普惠企业管理有限公司 | Application program installation method, device, computer equipment and storage medium |
| CN110362967A (en) * | 2019-07-15 | 2019-10-22 | 北京奇艺世纪科技有限公司 | The anti-tamper detection method of application program, device, terminal device and storage medium |
| CN111274459A (en) * | 2020-01-19 | 2020-06-12 | 福建天晴在线互动科技有限公司 | Method and terminal for preventing re-signing of IPA installation package |
| CN111950035A (en) * | 2020-06-18 | 2020-11-17 | 中国电力科学研究院有限公司 | Method, system, equipment and storage medium for protecting integrity of apk file |
| CN112651031A (en) * | 2020-12-14 | 2021-04-13 | 展讯半导体(成都)有限公司 | Digital signature method, digital signature verification method, electronic device and storage medium |
| CN113761587A (en) * | 2020-09-23 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Method and device for signature verification |
| WO2022134419A1 (en) * | 2020-12-23 | 2022-06-30 | 北京奇虎科技有限公司 | Tamper detection method and apparatus for application program, device, and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101175267A (en) * | 2006-10-31 | 2008-05-07 | 华为技术有限公司 | Communication terminal and software detecting method and device |
| CN101605310A (en) * | 2009-06-30 | 2009-12-16 | 厦门敏讯信息技术股份有限公司 | A kind of method of mobile electronic signature |
| CN102314578A (en) * | 2011-09-26 | 2012-01-11 | 浪潮(北京)电子信息产业有限公司 | System and method for realizing software protection |
| CN103577206A (en) * | 2012-07-27 | 2014-02-12 | 北京三星通信技术研究有限公司 | Method and device for installing application software |
-
2014
- 2014-10-16 CN CN201410548501.3A patent/CN104298915A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101175267A (en) * | 2006-10-31 | 2008-05-07 | 华为技术有限公司 | Communication terminal and software detecting method and device |
| CN101605310A (en) * | 2009-06-30 | 2009-12-16 | 厦门敏讯信息技术股份有限公司 | A kind of method of mobile electronic signature |
| CN102314578A (en) * | 2011-09-26 | 2012-01-11 | 浪潮(北京)电子信息产业有限公司 | System and method for realizing software protection |
| CN103577206A (en) * | 2012-07-27 | 2014-02-12 | 北京三星通信技术研究有限公司 | Method and device for installing application software |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105320545A (en) * | 2015-11-27 | 2016-02-10 | 北京指掌易科技有限公司 | Method and device for supporting application software to inspect certificate of third-party software |
| CN105320545B (en) * | 2015-11-27 | 2018-09-18 | 北京指掌易科技有限公司 | A kind of method and apparatus for the certificate for supporting application software to check third party software |
| CN106230777A (en) * | 2016-07-12 | 2016-12-14 | 珠海市魅族科技有限公司 | A kind of method preventing file to be cracked and terminal |
| CN106778086B (en) * | 2016-11-28 | 2019-11-29 | 北京小米移动软件有限公司 | Theme packet processing method and device |
| CN106778086A (en) * | 2016-11-28 | 2017-05-31 | 北京小米移动软件有限公司 | theme packet processing method and device |
| CN106971105A (en) * | 2017-03-30 | 2017-07-21 | 电子科技大学 | A kind of application program based on iOS meets with the defence method of flank attack |
| CN106971105B (en) * | 2017-03-30 | 2020-02-18 | 电子科技大学 | IOS-based application program defense method against false face attack |
| CN107092505A (en) * | 2017-03-31 | 2017-08-25 | 努比亚技术有限公司 | The erecting device and method of a kind of application program, storage medium, terminal |
| CN108363580A (en) * | 2018-03-12 | 2018-08-03 | 平安普惠企业管理有限公司 | Application program installation method, device, computer equipment and storage medium |
| CN110362967A (en) * | 2019-07-15 | 2019-10-22 | 北京奇艺世纪科技有限公司 | The anti-tamper detection method of application program, device, terminal device and storage medium |
| CN111274459A (en) * | 2020-01-19 | 2020-06-12 | 福建天晴在线互动科技有限公司 | Method and terminal for preventing re-signing of IPA installation package |
| CN111274459B (en) * | 2020-01-19 | 2022-08-09 | 福建天晴在线互动科技有限公司 | Method and terminal for preventing re-signing of IPA installation package |
| CN111950035A (en) * | 2020-06-18 | 2020-11-17 | 中国电力科学研究院有限公司 | Method, system, equipment and storage medium for protecting integrity of apk file |
| CN113761587A (en) * | 2020-09-23 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Method and device for signature verification |
| CN112651031A (en) * | 2020-12-14 | 2021-04-13 | 展讯半导体(成都)有限公司 | Digital signature method, digital signature verification method, electronic device and storage medium |
| WO2022134419A1 (en) * | 2020-12-23 | 2022-06-30 | 北京奇虎科技有限公司 | Tamper detection method and apparatus for application program, device, and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104298915A (en) | Installation package tampering preventing method | |
| CN104573435A (en) | Method for terminal authority management and terminal | |
| KR101498820B1 (en) | Method for Detecting Application Repackaging in Android | |
| WO2015109668A1 (en) | Application program management method, device, terminal, and computer storage medium | |
| CN104751054A (en) | Malicious program identification method and device and mobile terminal | |
| CN105554091A (en) | Method for guaranteeing security of source of web application in mobile terminal | |
| US20160330030A1 (en) | User Terminal For Detecting Forgery Of Application Program Based On Hash Value And Method Of Detecting Forgery Of Application Program Using The Same | |
| CN104751049A (en) | Application program installing method and mobile terminal | |
| CN101399659B (en) | Cipher key authentication method and device between user identification module and terminal | |
| CN104123488A (en) | Method and device for verifying application program | |
| CN106789894A (en) | Inter-network safety data transmission equipment and its implementation based on three CPU architectures | |
| CN106897606A (en) | A kind of brush machine means of defence and device | |
| KR20160006925A (en) | Apparatus and method for verifying application integrities | |
| KR101642267B1 (en) | System for preventing forgery of application and method therefor | |
| CN115244896A (en) | Identifying trusted service set identifiers for wireless networks | |
| KR101566141B1 (en) | User Terminal to Detect the Tampering of the Applications Using Signature Information and Method for Tamper Detection Using the Same | |
| KR101518689B1 (en) | User Terminal to Detect the Tampering of the Applications Using Core Code and Method for Tamper Detection Using the Same | |
| CN104392168A (en) | Application program verification method | |
| WO2016173174A1 (en) | Network locking data upgrading method and device | |
| CN111181898A (en) | Data security protection method based on background server and APP client | |
| CN106446620B (en) | Permission setting and processing method and device of WIFI module | |
| CN102968588B (en) | Intelligent terminal system | |
| EP3221996A1 (en) | Symmetric keying and chain of trust | |
| CN105930730A (en) | Terminal system security update method and apparatus in trusted execution environment | |
| CN106599619A (en) | Verification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150121 |
|
| WD01 | Invention patent application deemed withdrawn after publication |