CN104978530A - Application security management method, application security management device, application management server and application security management system - Google Patents
Application security management method, application security management device, application management server and application security management system Download PDFInfo
- Publication number
- CN104978530A CN104978530A CN201510109261.1A CN201510109261A CN104978530A CN 104978530 A CN104978530 A CN 104978530A CN 201510109261 A CN201510109261 A CN 201510109261A CN 104978530 A CN104978530 A CN 104978530A
- Authority
- CN
- China
- Prior art keywords
- application
- resource file
- described application
- channel
- main line
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The embodiment of invention discloses an application security management method, an application security management device, an application management server and an application security management system, wherein the application security management method comprises the following steps of: obtaining data abstracts of a mainline part of an application resource file of a target application when the target application is started; sending an application checking request to the application management server corresponding to the target application, so that the application management server performs application checking on the application resource file according to the data abstracts of the mainline part of the application resource file; obtaining an application checking result returned by the application management server; obtaining an application channel identification from the mainline part of the application resource file; reporting the application channel identification to the application management server, so that the application management server recognizes an obtaining channel of the application resource file of the target application. After the method, the device, the server and the system are used, the recognition and the statistics on the application channel can be realized on the premise of ensuring that the application resource file passes through the application security checking.
Description
Technical field
The present invention relates to Internet technical field, particularly relate to a kind of application safety management method, device, server and system.
Background technology
Along with the develop rapidly of Internet technology, increasing application program (App, Application) be mounted in user terminal, the application resource file that user obtains these application programs can pass through multiple channel usually, especially the application resource file (APK of android system, AndroidPackage) except official channel, various application market is also had can to obtain the application resource file of respective channel, at this moment each application developers just exists needs being used and popularization situation of the application resource file understanding each channel, general way is that each application market or channel provider can add distinctive channel data file in the application resource file of its issue.
And on the other hand, in order to ensure the use safety of App, the background server of App needs to carry out safety check when App starts to its application resource file, usual way is that client carries out summary computing to application resource file, and the data summarization of generation is committed to background server, background server to be compared with it according to the application data summary that prestores thus to obtain check results, owing to there is the different channel data file of various channel, background server needs to collect in advance and the application resource file that the application data summary coding preserving various corresponding version can be issued for each channel obtains correct check results, this causes great work load to undoubtedly application background server.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of application safety management method, device, server and system, can ensure the identification and the statistics that realize application channel under the prerequisite that application resource file is verified by application safety.
In order to solve the problems of the technologies described above, embodiments provide a kind of application safety management method, described method comprises:
When starting intended application, obtain the data summarization of the main line part of the application resource file of described intended application;
Application check request is sent to the application management server that described intended application is corresponding, carry the data summarization of the main line part of described application resource file, according to the data summarization of the main line part of described application resource file, application verification is carried out to described application resource file to make described application management server;
Obtain the application check results that application management server returns;
Application channel mark is obtained from the non-main line part of described application resource file;
Described application channel mark is reported, to make the acquisition channel of the application resource file of intended application described in described application management server identification to described application management server.
Correspondingly, the embodiment of the present invention additionally provides a kind of application safety management method, and described method comprises:
A kind of application safety management method, it is characterized in that, described method comprises:
Receiving the application check request that application safety management devices sends when starting intended application, carrying the data summarization of the main line part of the application resource file of described intended application;
Data summarization according to the main line part of described application resource file carries out application verification to described application resource file;
Application check results is returned to described application safety management devices;
Receive the application channel mark that described application safety management devices reports, the acquisition channel of the application resource file of intended application according to the identification of described application channel mark.
Correspondingly, the embodiment of the present invention additionally provides a kind of application safety management devices, comprising:
Data summarization acquisition module, for when starting intended application, obtains the data summarization of the main line part of the application resource file of described intended application;
Check request module, application check request is sent for the application management server corresponding to described application resource file, carry the data summarization of the main line part of described application resource file, according to the data summarization of the main line part of described application resource file, application verification is carried out to described application resource file to make described application management server;
Check results acquisition module, for obtaining the application check results that application management server returns;
Channel mark acquisition module, for obtaining application channel mark from the non-main line part of described application resource file;
Application channel reporting module, for reporting described application channel mark to described application management server, to make the acquisition channel of the application resource file of intended application described in described application management server identification.
Correspondingly, the embodiment of the present invention additionally provides a kind of application management server, comprising:
Check request receiver module, for receiving the application check request that application safety management devices sends when starting intended application, carries the data summarization of the main line part of the application resource file of described intended application;
Application correction verification module, the data summarization for the main line part according to described application resource file carries out application verification to described application resource file;
Check results returns module, for returning application check results to described application safety management devices;
Application channel identification module, for receiving the application channel mark that described application safety management devices reports, the acquisition channel of the application resource file of intended application according to the identification of described application channel mark.
Correspondingly, the embodiment of the present invention additionally provides a kind of application safety management system, comprises application safety management devices and application management server, wherein:
Described application safety management devices, for when starting intended application, obtains the data summarization of the main line part of the application resource file of described intended application; Send application check request to the application management server that described intended application is corresponding, carry the data summarization of the main line part of described application resource file;
Described application management server, the data summarization for the main line part according to described application resource file carries out application verification to described application resource file; Application check results is returned to described application safety management devices;
Described application safety management devices, also for obtaining application channel mark from the non-main line part of described application resource file; Described application channel mark is reported to described application management server;
Described application management server, also for the acquisition channel of the application resource file of intended application according to the identification of described application channel mark.
Application safety management method in the embodiment of the present invention is by part and the non-main line part of being served as theme by application resource Divide File, main line part is used for carrying out application safety verification, non-main line part comprises application channel mark, making application safety management devices when running application resource file, under the prerequisite that application resource file is verified by application safety can be ensured, realizing identification and the statistics of application channel.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of a kind of application safety management method in the embodiment of the present invention;
Fig. 2 is the specific implementation schematic flow sheet that in the embodiment of the present invention, application safety management devices obtains application channel mark;
Fig. 3 is the schematic flow sheet of the application safety management method in another embodiment of the present invention;
Fig. 4 is the schematic flow sheet realizing applying more new management in another embodiment of the present invention;
Fig. 5 is the structural representation of a kind of application safety management devices in the embodiment of the present invention;
Fig. 6 is the structural representation of the channel mark acquisition module of application safety management devices in the embodiment of the present invention;
Fig. 7 is the structural representation of a kind of application management server in the embodiment of the present invention;
Fig. 8 is the structural representation of a kind of application safety management system in the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
The application safety management mentioned in the embodiment of the present invention, it is the safety management of the application A pp in the client terminal systems such as smart mobile phone, panel computer, PC or electronic reader, the application safety management devices of specific implementation application safety management process can be interpreted as user terminal, also the operating system in user terminal can be interpreted as, or certain the application safety supervisory routine in user terminal, such as, AppStore in ios system, application market in Android system, mobile phone assistant class method, or certain application program self.Described application resource file can install for intended application the file data preserved in the user terminal, such as, can comprise resource file, library file, signature file, configuration file and code file etc.; Described application management server can be background server corresponding to intended application, and its access mode can, by write application resource file, allow application safety management devices can be connected to application management server when starting intended application.
Fig. 1 is the schematic flow sheet of a kind of application safety management method in the embodiment of the present invention, is mainly described with application safety management devices side, and the application safety management method as shown in the figure in the present embodiment comprises following flow process:
S101, when starting intended application, obtains the data summarization of the main line part of the application resource file of described intended application.
Concrete, application resource file in the embodiment of the present invention can comprise two parts content, main line part and non-main line part, wherein two parts content can divide according to the mode of making an appointment with application safety management devices, main line partial content is mainly used in carrying out application safety verification, the data summarization of this main line partial content is prestored in the application management server that intended application is corresponding, application data as intended application is made a summary, but not main line part is divided into negligible partial data in application safety checking procedure.In an alternative embodiment, file data under described application resource file assigned catalogue or the file data of create name are non-main line part, such as apply the All Files data under the assets/out/ under installation path, can comprise signature file, channel mark file, custom configuration file etc., the residue file data in described application resource file outside this catalogue is served as theme part.Application safety management devices thus can according to preset file name or directory name, determine the non-main line part in application resource file, residue file data is served as theme part, and then main line part in application resource file is divided and carries out summary computing, thus obtain its data summarization, such as MD5 (MessageDigest Algorithm) value etc. can be used for the summary info of data check.
S102, application check request is sent to the application management server that described application resource file is corresponding, carry the data summarization of the main line part of described application resource file, according to the data summarization of the main line part of described application resource file, application verification is carried out to described application resource file to make described application management server.
Concrete, described application management server preserves the application data summary of application resource file in advance, identical algorithms can be adopted to carry out the data summarization that obtains of computing of making a summary for the main line part of described application management server to application resource file, the data summarization carried in the application check request itself and application safety management devices are sent compares, if consistent, think the application verification succeeds of this application resource file, otherwise think that the application of this application resource file verifies unsuccessfully, namely think that this application resource file exists security risk.
In an alternative embodiment, described application management server can preserve the application data summary of the application resource file of multiple versions of same intended application in advance, corresponding, the described application check request that application safety management devices sends also carries the application version information of described application resource file, with the application data summary making described application management server corresponding according to described application version acquisition of information, and make a summary whether consistent with the data summarization of the main line part of the described application resource file of application safety management devices transmission by comparing application data corresponding to this version thus application verification is carried out to described application resource file.
S103, obtains the application check results that application management server returns.
Concrete, after the check results that is applied, application management server returns application check results to application safety management devices.
S104, obtains application channel mark from the non-main line part of described application resource file.
Concrete, described application channel mark can obtain in application management server registration or be assigned with in advance for the publication channel of this application resource file, the application channel mark that different publication channel is corresponding unique, the application channel mark such as applying precious channel is 10000, the application channel mark in 91 markets is 10001, etc.The publisher of this application resource file is before this application resource file of issue, this application channel mark is write in its non-main line part, such as in APK, put into channel.ini file below assets/out/ catalogue, channel.ini carries this application channel mark.Application safety management devices can get this application channel mark preset from the channel.ini this application resource file.
In an alternative embodiment, application safety management devices can when first installation targets application, when namely determining that described application resource file is the initial installation resource file of described intended application, the application channel mark got from the non-main line part of this application resource file is kept at the local channel information store path preset, optionally after being saved this store path can also be set to readable can not writing, and then after the follow-up generation update contruction of described intended application, when starting intended application, described application channel mark is obtained from described channel information store path, and when ensureing follow-up generation update contruction, the application channel mark in this channel information store path can not be changed.
S105, reports described application channel mark to described application management server, to make the acquisition channel of the application resource file of intended application described in described application management server identification.
Concrete, register or preserve the application channel title that each application channel mark is corresponding in application management server in advance, thus the application resource file that the application channel mark identification that can report according to application safety management devices obtains the intended application of its current startup from which application channel gets, and can add up different application channel issue application resource file by access times, thus can realize more efficient application safety management.
In an alternative embodiment, the specific implementation flow process of application safety management devices acquisition application channel mark can as shown in Figure 2, comprise:
S201, detects that intended application is activated.
S202, judges the initial installation resource file of the whether described intended application of described application resource file, if then perform S203, otherwise performs S205.
Initial installation resource file in embodiments of the present invention can for first in the user terminal installation targets application time obtain application resource file.In an alternative embodiment, the publisher of application resource file can label in order to distinguish in application resource file is initial installation resource file or the application resource file through upgrading; In an alternative embodiment, can by recording the initial set-up time, if the installed date in application resource file is later than the initial set-up time that this record obtains, determine that it is not initial installation resource file, if be only upgrade, the initial set-up time is constant, unless generation unloading or application resource file are erased entirely, then reinstall Shi Caihui and again record the initial set-up time.
S203, obtains application channel mark from the non-main line part of described application resource file.
Concrete, described application channel mark can obtain in application management server registration or be assigned with in advance for the publication channel of this application resource file, the application channel mark that different publication channel is corresponding unique, the application channel mark such as applying precious channel is 10000, the application channel mark in 91 markets is 10001, etc.The publisher of this application resource file is before this application resource file of issue, this application channel mark is write in its non-main line part, such as in APK, put into channel.ini file below assets/out/ catalogue, channel.ini carries this application channel mark.Application safety management devices can get this application channel mark preset in operation application resource file processes from the channel.ini this application resource file.
S204, is saved to default channel information store path by the application channel mark that described first mark reading unit gets.
Under some scene, the initial installation channel recognizing intended application wished by application server, instead of along with intended application upgraded by another channel after can only recognize the channel of last update, therefore can set application safety management devices carrying out in initial setup process, the application channel mark that the non-main line part from this application resource file gets being saved to the channel information store path preset user terminal this locality, when follow-up renewal or reparation, application safety management devices obtains application channel mark from this channel information store path, and the application channel mark of preserving under no longer revising this channel information store path when about fixing on follow-up renewal or repair, such as, after the application channel mark that the main line part from this application resource file gets being saved to the channel information store path preset user terminal this locality in initial setup process the application channel mark under this channel information store path is set to readable writing, thus after described intended application generation update contruction, when starting intended application, described application channel mark is obtained from described channel information store path, and when ensureing follow-up generation update contruction, the application channel mark in this channel information store path can not be changed.
S205, namely determines that described application resource file is not the initial installation resource file of described intended application, then obtains described application channel mark from described channel information store path.
Application safety management method in the embodiment of the present invention is by part and the non-main line part of being served as theme by application resource Divide File, main line part is used for carrying out application safety verification, non-main line part comprises application channel mark, making application safety management devices when running application resource file, under the prerequisite that application resource file is verified by application safety can be ensured, realizing identification and the statistics of application channel.
Fig. 3 is the schematic flow sheet of the application safety management method in another embodiment of the present invention, is mainly described from the angle of application safety management devices and application management server, and the application safety management method as shown in the figure in the present embodiment comprises following flow process:
S301, application safety management devices, when startup intended application being detected, obtains data summarization and the application version information of the main line part of the application resource file of described intended application.
Concrete, application resource file in the embodiment of the present invention can comprise two parts content, main line part and non-main line part, wherein two parts content can divide according to the mode of making an appointment with application safety management devices, main line partial content is mainly used in carrying out application safety verification, the data summarization of this main line partial content is prestored in the application management server that intended application is corresponding, application data as intended application is made a summary, but not main line part is divided into negligible partial data in application safety checking procedure.In an alternative embodiment, file data under described application resource file assigned catalogue or the file data of create name are non-main line part, such as apply the All Files data under the assets/out/ under installation path, can comprise signature file, channel mark file, custom configuration file etc., the residue file data in described application resource file outside this catalogue is served as theme part.Application safety management devices thus can according to preset file name or directory name, determine the non-main line part in application resource file, residue file data is served as theme part, and then the main line part of arranging in application resource file divided carry out summary computing, thus obtain its data summarization, such as MD5 (Message Digest Algorithm) value etc. can be used for the summary info of data check.
S302, application safety management devices sends application check request to the application management server that described target is corresponding, carries described data summarization and application version information.
S303, the application data summary that application management server is corresponding according to described application version acquisition of information, and make a summary whether consistent with the data summarization of the main line part of described application resource file by more described application data thus application verification is carried out to described application resource file.
Concrete, described application management server preserves the application data summary of application resource file in advance, identical algorithms can be adopted to carry out the data summarization that obtains of computing of making a summary for the main line part of described application management server to application resource file, the data summarization carried in the application check request itself and application safety management devices are sent compares, if consistent, think the application verification succeeds of this application resource file, otherwise think that the application of this application resource file verifies unsuccessfully, namely think that this application resource file exists security risk.
S304, application management server returns application check results to application safety management devices.
S305, application safety management devices obtains application channel mark.
Concrete, described application channel mark can obtain in application management server registration or be assigned with in advance for the publication channel of this application resource file, the application channel mark that different publication channel is corresponding unique, the application channel mark such as applying precious channel is 10000, the application channel mark in 91 markets is 10001, etc.The publisher of this application resource file is before this application resource file of issue, this application channel mark is write in its non-main line part, such as in APK, put into channel.ini file below assets/out/ catalogue, channel.ini carries this application channel mark.Application safety management devices can get this application channel mark preset in operation application resource file processes from the channel.ini this application resource file.
In embodiment, application safety management devices can when first installation targets application, when namely determining that described application resource file is the initial installation resource file of described intended application, the application channel mark got from the non-main line part of this application resource file is kept at the local channel information store path preset, optionally after being saved this store path can also be set to readable can not writing, thus after described intended application generation update contruction, when starting intended application, described application channel mark is obtained from described channel information store path, and when ensureing follow-up generation update contruction, the application channel mark in this channel information store path can not be changed.
S306, application safety management devices reports described application channel mark to described application management server.
S307, the acquisition channel of the application resource file of intended application described in the application channel mark identification that described application management server reports according to application safety management devices.
Concrete, register or preserve the application channel title that each application channel mark is corresponding in application management server in advance, thus the application channel mark identification that can report according to application safety management devices obtain its current that installing or success install application resource file from which application channel get, and can add up different application channel issue application resource file by access times, thus can realize more efficient application safety management.
Fig. 4 is the schematic flow sheet realizing applying more new management in another embodiment of the present invention, and be mainly described from the angle of application safety management devices and application management server, the application safety management method as shown in the figure in the present embodiment comprises following flow process:
S401, application safety management devices submits to application to upgrade judgement request to described application management server, carries application channel mark and the application version information of described application resource file;
S402, the upgrading ability of the described application resource file that described application management server prestores according to described application channel mark and application version acquisition of information, thus judge that described intended application is the need of upgrading.
Concrete, the upgrading ability of the application resource file of each version can be pre-set in application management server, such as comprise can not upgrade, the scalable and current upgradeable multiple situation of following setting-up time, thus application management server according to the application that application safety management devices is submitted upgrade judge to ask in the application channel mark of carrying and application version information can find the upgrading ability of the application resource file of this version.
S403, application management server returns application to application safety management devices and upgrades judged result.
Application safety management devices thus can according to application upgrade judged result prompting user carry out renewal updating operation.
It is pointed out that the S401 ~ S403 in the present embodiment, parallel or order performs with the S301 ~ S306 in embodiment above, and the execution sequence do not limited each other or priority Trigger Logic.
Application safety management method in the embodiment of the present invention is by part and the non-main line part of being served as theme by application resource Divide File, main line part is used for carrying out application safety verification, non-main line part comprises application channel mark, making application safety management devices when running application resource file, under the prerequisite that application resource file is verified by application safety can be ensured, realizing identification and the statistics of application channel.
Fig. 5 is the structural representation of a kind of application safety management devices in the embodiment of the present invention, application safety management devices in the embodiment of the present invention can be implemented in as in the user terminals such as PC, smart mobile phone, panel computer, electronic reader or vehicle mobile terminals, can at least comprise as shown in the figure:
Data summarization acquisition module 510, for when starting intended application, obtains the data summarization of the main line part of the application resource file of described intended application.
Concrete, application resource file in the embodiment of the present invention can comprise two parts content, main line part and non-main line part, wherein two parts content can divide according to the mode of making an appointment with application safety management devices, main line partial content is mainly used in carrying out application safety verification, the data summarization of this main line partial content is prestored in the application management server that intended application is corresponding, application data as intended application is made a summary, but not main line part is divided into negligible partial data in application safety checking procedure.In an alternative embodiment, file data under described application resource file assigned catalogue or the file data of create name are non-main line part, such as apply the All Files data under the assets/out/ under installation path, can comprise signature file, channel mark file, custom configuration file etc., the residue file data in described application resource file outside this catalogue is served as theme part.Thus data summarization acquisition module 510 can according to the file name preset or directory name, determine the non-main line part in application resource file, residue file data is served as theme part, and then the main line part in application resource file is divided and carries out summary computing, thus obtain its data summarization, such as MD5 (Message Digest Algorithm) value etc. can be used for the summary info of data check.
Check request module 520, application check request is sent for the application management server corresponding to described application resource file, carry the data summarization of the main line part of described application resource file, according to the data summarization of the main line part of described application resource file, application verification is carried out to described application resource file to make described application management server.
Concrete, described application management server preserves the application data summary of application resource file in advance, identical algorithms can be adopted to carry out the data summarization that obtains of computing of making a summary for the main line part of described application management server to application resource file, the data summarization carried in the application check request itself and application safety management devices are sent compares, if consistent, think the application verification succeeds of this application resource file, otherwise think that the application of this application resource file verifies unsuccessfully, namely think that this application resource file exists security risk.
In an alternative embodiment, described application management server can preserve the application data summary of the application resource file of multiple versions of same intended application in advance, corresponding, the described application check request that check request module 520 sends also carries the application version information of described application resource file, with the application data summary making described application management server corresponding according to described application version acquisition of information, and make a summary whether consistent with the data summarization of the main line part of the described application resource file of application safety management devices transmission by comparing described application data corresponding to this version thus application verification is carried out to described application resource file.
Check results acquisition module 530, for obtaining the application check results that application management server returns.
Channel mark acquisition module 540, for obtaining application channel mark from the non-main line part of described application resource file.
Concrete, described application channel mark can obtain in application management server registration or be assigned with in advance for the publication channel of this application resource file, the application channel mark that different publication channel is corresponding unique, the application channel mark such as applying precious channel is 10000, the application channel mark in 91 markets is 10001, etc.The publisher of this application resource file is before this application resource file of issue, this application channel mark is write in its non-main line part, such as in APK, put into channel.ini file below assets/out/ catalogue, channel.ini carries this application channel mark.Channel mark acquisition module 540 can get this application channel mark preset from the channel.ini this application resource file.
In an alternative embodiment, channel mark acquisition module 540 can when first installation targets application, when namely determining that described application resource file is the initial installation resource file of described intended application, the application channel mark got from the non-main line part of this application resource file is kept at the local channel information store path preset, optionally after being saved this store path can also be set to readable can not writing, and then after the follow-up generation update contruction of described intended application, when starting intended application, described application channel mark is obtained from described channel information store path, and when ensureing follow-up generation update contruction, the application channel mark in this channel information store path can not be changed.
Application channel reporting module 550, for reporting described application channel mark to described application management server.
Concrete, register or preserve the application channel title that each application channel mark is corresponding in application management server in advance, thus the application resource file that the application channel mark identification that can report according to application safety management devices obtains the intended application of its current startup from which application channel gets, and can add up different application channel issue application resource file by access times, thus can realize more efficient application safety management.
In an alternative embodiment, application safety management devices can also comprise:
Initial installation judge module 560, for judging the initial installation resource file of the whether described intended application of described application resource file, if judge, described application resource file is the initial installation resource file of described intended application, then trigger described channel mark acquisition module 540 from the non-main line part of described application resource file, obtain application channel mark.
Initial installation resource file in embodiments of the present invention can for first in the user terminal installation targets application time obtain application resource file.In an alternative embodiment, the publisher of application resource file can label in order to distinguish in application resource file is initial installation resource file or the application resource file through upgrading; In an alternative embodiment, can by recording the initial set-up time, if the installed date in application resource file is later than the initial set-up time that this record obtains, determine that it is not initial installation resource file, if be only upgrade, the initial set-up time is constant, unless generation unloading or application resource file are erased entirely, then reinstall Shi Caihui and again record the initial set-up time.
Thus in an alternative embodiment, channel mark acquisition module 540 may further include:
First mark reading unit 551, if determine that described application resource file is the initial installation resource file of described intended application for described initial installation judge module 560, then obtains application channel mark from the non-main line part of described application resource file;
Channel information storage unit 552, is saved to default channel information store path for the application channel mark got by described first mark reading unit.
Under some scene, the initial installation channel recognizing intended application wished by application server, instead of along with intended application upgraded by another channel after can only recognize the channel of last update, therefore can set application safety management devices carrying out the application channel mark that the non-main line part from this application resource file gets being saved to by channel information storage unit 552 the channel information store path preset user terminal this locality in initial setup process, and the application channel mark of preserving under no longer revising this channel information store path when about fixing on follow-up renewal or repair, such as, after the application channel mark that the main line part from this application resource file gets being saved to the channel information store path preset user terminal this locality in initial setup process the application channel mark under this channel information store path is set to readable writing, thus after described intended application generation update contruction, when starting intended application, described application channel mark is obtained from described channel information store path, and when ensureing follow-up generation update contruction, the application channel mark in this channel information store path can not be changed.
Second mark reading unit 553, if determine that described application resource file is not the initial installation resource file of described intended application for described initial installation judge module 560, then obtains described application channel mark from described channel information store path.
In an alternative embodiment, application safety management devices can also comprise:
Upgrade and judge request module 570, request is judged for submitting to application to upgrade to described application management server, carry application channel mark and the application version information of described application resource file, the upgrading ability of the described application resource file prestored according to described application channel mark and application version acquisition of information to make described application management server, thus judge that described intended application is the need of upgrading;
Judged result acquisition module 580, obtains the application renewal judged result that described application management server returns.
The embodiment of the present invention is by part and the non-main line part of being served as theme by application resource Divide File, main line part is used for carrying out application safety verification, non-main line part comprises application channel mark, making application safety management devices in the embodiment of the present invention when running application resource file, under the prerequisite that application resource file is verified by application safety can be ensured, realizing identification and the statistics of application channel.
Fig. 7 is the structural representation of a kind of application management server in the embodiment of the present invention, and the application management server as shown in the figure in the embodiment of the present invention can at least comprise:
Check request receiver module 710, for receiving the application check request that application safety management devices sends when starting intended application, carries the data summarization of the main line part of the application resource file of described intended application.
Application correction verification module 720, the data summarization for the main line part according to described application resource file carries out application verification to described application resource file.
Concrete, application resource file in the embodiment of the present invention can comprise two parts content, main line part and non-main line part, wherein two parts content can divide according to the mode of making an appointment with application safety management devices, main line partial content is mainly used in carrying out application safety verification, the data summarization of this main line partial content is prestored in the application management server that intended application is corresponding, application data as intended application is made a summary, but not main line part is divided into negligible partial data in application safety checking procedure.In an alternative embodiment, file data under described application resource file assigned catalogue or the file data of create name are non-main line part, such as apply the All Files data under the assets/out/ under installation path, can comprise signature file, channel mark file, custom configuration file etc., the residue file data in described application resource file outside this catalogue is served as theme part.Application safety management devices thus can according to preset file name or directory name, determine the non-main line part in application resource file, residue file data is served as theme part, and then main line part in application resource file is divided and carries out summary computing, thus obtain its data summarization, such as MD5 (MessageDigest Algorithm) value etc. can be used for the summary info of data check.
Described application management server preserves the application data summary of application resource file in advance, identical algorithms can be adopted to carry out the data summarization that obtains of computing of making a summary for the main line part of described application management server to application resource file, the data summarization carried in the application check request that itself and application safety management devices send by application correction verification module 720 compares, if consistent, think the application verification succeeds of this application resource file, otherwise think that the application of this application resource file verifies unsuccessfully, namely think that this application resource file exists security risk.
In an alternative embodiment, described application management server can preserve the application data summary of the application resource file of multiple versions of same intended application in advance, corresponding, the described application check request that application safety management devices sends also carries the application version information of described application resource file, application correction verification module 720 can the application data corresponding according to described application version acquisition of information be made a summary, and make a summary whether consistent with the data summarization of the main line part of the described application resource file of application safety management devices transmission by comparing described application data corresponding to this version thus application verification is carried out to described application resource file.
Check results returns module 730, for returning application check results to described application safety management devices.
Application channel identification module 740, for receiving the application channel mark that described application safety management devices reports, the acquisition channel of the application resource file of intended application according to the identification of described application channel mark.
Concrete, register or preserve the application channel title that each application channel mark is corresponding in application management server in advance, thus the application resource file that the application channel mark identification that application channel identification module 740 can report according to application safety management devices obtains the intended application of its current startup from which application channel gets, and can add up different application channel issue application resource file by access times, thus can realize more efficient application safety management.
In an alternative embodiment, application management server can also comprise:
Judge request receiving module 750, the application submitted to for receiving described application safety management devices upgrades and judges request, carries application channel mark and the application version information of described application resource file;
Upgrade judge module 760, for the upgrading ability of described application resource file prestored according to described application channel mark and application version acquisition of information, thus judge that described intended application is the need of upgrading.
Concrete, the upgrading ability of the application resource file of each version can be pre-set in application management server, such as comprise can not upgrade, the scalable and current upgradeable multiple situation of following setting-up time, thus upgrade judge module 760 according to the application that application safety management devices is submitted upgrade judge to ask in the application channel mark of carrying and application version information can find the upgrading ability of the application resource file of this version.
Judged result returns module 770, upgrades judged result for returning application to described application safety management devices.
Fig. 8 is the structural representation of a kind of application safety management system in the embodiment of the present invention, and the application safety management system as shown in the figure in the embodiment of the present invention comprises application safety management devices 810 and application management server 820, wherein:
Described application safety management devices 810, for when starting intended application, obtains the data summarization of the main line part of the application resource file of described intended application; Send application check request to the application management server that described intended application is corresponding, carry the data summarization of the main line part of described application resource file;
Described application management server 820, the data summarization for the main line part according to described application resource file carries out application verification to described application resource file; Application check results is returned to described application safety management devices;
Described application safety management devices 810, also for obtaining the application check results that application management server 820 returns; Application channel mark is obtained from the non-main line part of described application resource file; Described application channel mark is reported to described application management server 820.
Described application management server 820, also for the acquisition channel of the application resource file of intended application according to the identification of described application channel mark.
In an alternative embodiment, the file data under described application resource file assigned catalogue or the file data of create name are non-main line part, and the residue file data of described application resource file is served as theme part.
The embodiment of the present invention is by part and the non-main line part of being served as theme by application resource Divide File, main line part is used for carrying out application safety verification, non-main line part comprises application channel mark, making application safety management devices in the embodiment of the present invention when running application resource file, under the prerequisite that application resource file is verified by application safety can be ensured, realizing identification and the statistics of application channel.
One of ordinary skill in the art will appreciate that all or part of flow process realized in above-described embodiment method, that the hardware that can carry out instruction relevant by computer program has come, described program can be stored in a computer read/write memory medium, this program, when performing, can comprise the flow process of the embodiment as above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc.
Above disclosedly be only present pre-ferred embodiments, certainly can not limit the interest field of the present invention with this, therefore according to the equivalent variations that the claims in the present invention are done, still belong to the scope that the present invention is contained.
Claims (20)
1. an application resource file management method, is characterized in that, described method comprises:
When starting intended application, obtain the data summarization of the main line part of the application resource file of described intended application;
Application check request is sent to the application management server that described intended application is corresponding, carry the data summarization of the main line part of described application resource file, according to the data summarization of the main line part of described application resource file, application verification is carried out to described application resource file to make described application management server;
Obtain the application check results that application management server returns;
Application channel mark is obtained from the non-main line part of described application resource file;
Described application channel mark is reported, to make the acquisition channel of the application resource file of intended application described in described application management server identification to described application management server.
2. application safety management method as claimed in claim 1, it is characterized in that, the application check request that the described application management server corresponding to described application resource file sends also carries the application version information of described application resource file, with the application data summary making described application management server corresponding according to described application version acquisition of information, and make a summary whether consistent with the data summarization of the main line part of described application resource file by more described application data thus application verification is carried out to described application resource file.
3. application safety management method as claimed in claim 1, is characterized in that, described from the non-main line part of described application resource file, obtain application channel mark after also comprise:
Described application channel mark is saved to default channel information store path;
Described method also comprises:
After described intended application generation update contruction, when starting intended application, obtain described application channel mark from described channel information store path.
4. application safety management method as claimed in claim 3, is characterized in that, described described application channel mark is saved to default channel information store path before also comprise:
Determine that described application resource file is the initial installation resource file of described intended application.
5. application safety management method as claimed in claim 1, it is characterized in that, described method also comprises:
Submit to application to upgrade to described application management server and judge request, carry application channel mark and the application version information of described application resource file, the upgrading ability of the described application resource file prestored according to described application channel mark and application version acquisition of information to make described application management server, thus judge that described intended application is the need of upgrading;
Obtain the application renewal judged result that described application management server returns.
6. the application safety management method according to any one of claim 1-5, it is characterized in that, file data under described application resource file assigned catalogue or the file data of create name are non-main line part, and the residue file data of described application resource file is served as theme part.
7. an application safety management method, is characterized in that, described method comprises:
Receiving the application check request that application safety management devices sends when starting intended application, carrying the data summarization of the main line part of the application resource file of described intended application;
Data summarization according to the main line part of described application resource file carries out application verification to described application resource file;
Application check results is returned to described application safety management devices;
Receive the application channel mark that described application safety management devices reports, the acquisition channel of the application resource file of intended application according to the identification of described application channel mark.
8. application safety management method as claimed in claim 7, is characterized in that, also carry the application version information of described application resource file in described application check request;
The data summarization of the described main line part according to described application resource file carries out application verification to described application resource file and comprises:
The application data summary corresponding according to described application version acquisition of information, and make a summary whether consistent with the data summarization of the main line part of described application resource file by more described application data thus application verification is carried out to described application resource file.
9. application safety management method as claimed in claim 7, it is characterized in that, described method also comprises:
Receive the application renewal judgement request that described application safety management devices is submitted to, carry application channel mark and the application version information of described application resource file;
According to the upgrading ability of the described application resource file that described application channel mark and application version acquisition of information prestore, thus judge that described intended application is the need of upgrading;
Return application to described application safety management devices and upgrade judged result.
10. an application safety management devices, is characterized in that, comprising:
Data summarization acquisition module, for when starting intended application, obtains the data summarization of the main line part of the application resource file of described intended application;
Check request module, application check request is sent for the application management server corresponding to described application resource file, carry the data summarization of the main line part of described application resource file, according to the data summarization of the main line part of described application resource file, application verification is carried out to described application resource file to make described application management server;
Check results acquisition module, for obtaining the application check results that application management server returns;
Channel mark acquisition module, for obtaining application channel mark from the non-main line part of described application resource file;
Application channel reporting module, for reporting described application channel mark to described application management server, to make the acquisition channel of the application resource file of intended application described in described application management server identification.
11. application safety management devices as claimed in claim 10, it is characterized in that, described check request module also carries the application version information of described application resource file to the application check request that the application management server that described application resource file is corresponding sends, with the application data summary making described application management server corresponding according to described application version acquisition of information, and make a summary whether consistent with the data summarization of the main line part of described application resource file by more described application data thus application verification is carried out to described application resource file.
12. application safety management devices as claimed in claim 10, it is characterized in that, described channel mark acquisition module comprises:
First mark reading unit, for obtaining application channel mark from the non-main line part of described application resource file;
Channel information storage unit, is saved to default channel information store path for the application channel mark got by described first mark reading unit;
Second mark reading unit, for after described intended application generation update contruction, when starting intended application, obtains described application channel mark from described channel information store path.
13. application safety management devices as claimed in claim 12, it is characterized in that, described channel mark acquisition module also comprises:
Initial installation judge module, for judging the initial installation resource file of the whether described intended application of described application resource file, if judge, described application resource file is the initial installation resource file of described intended application, then trigger described first mark reading unit obtains from the non-main line part of described application resource file application channel mark, otherwise trigger described second identify reading unit obtain described application channel mark from described channel information store path.
14. application safety management methods as claimed in claim 10, is characterized in that, also comprise:
Upgrade and judge request module, request is judged for submitting to application to upgrade to described application management server, carry application channel mark and the application version information of described application resource file, the upgrading ability of the described application resource file prestored according to described application channel mark and application version acquisition of information to make described application management server, thus judge that described intended application is the need of upgrading;
Judged result acquisition module, obtains the application renewal judged result that described application management server returns.
15. application safety management methods according to any one of claim 10-14, it is characterized in that, file data under described application resource file assigned catalogue or the file data of create name are non-main line part, and the residue file data of described application resource file is served as theme part.
16. 1 kinds of application management server, is characterized in that, comprising:
Check request receiver module, for receiving the application check request that application safety management devices sends when starting intended application, carries the data summarization of the main line part of the application resource file of described intended application;
Application correction verification module, the data summarization for the main line part according to described application resource file carries out application verification to described application resource file;
Check results returns module, for returning application check results to described application safety management devices;
Application channel identification module, for receiving the application channel mark that described application safety management devices reports, the acquisition channel of the application resource file of intended application according to the identification of described application channel mark.
17. application management server as claimed in claim 16, is characterized in that, also carry the application version information of described application resource file in the application check request that described check request receiver module receives;
Described application correction verification module is used for:
The application data summary corresponding according to described application version acquisition of information, and make a summary whether consistent with the data summarization of the main line part of described application resource file by more described application data thus application verification is carried out to described application resource file.
18. application management server as claimed in claim 16, is characterized in that, also comprise:
Judge request receiving module, the application submitted to for receiving described application safety management devices upgrades and judges request, carries application channel mark and the application version information of described application resource file;
Upgrade judge module, for the upgrading ability of described application resource file prestored according to described application channel mark and application version acquisition of information, thus judge that described intended application is the need of upgrading;
Judged result returns module, upgrades judged result for returning application to described application safety management devices.
19. 1 kinds of application safety management systems, is characterized in that, comprise application safety management devices and application management server, wherein:
Described application safety management devices, for when starting intended application, obtains the data summarization of the main line part of the application resource file of described intended application; Send application check request to the application management server that described intended application is corresponding, carry the data summarization of the main line part of described application resource file;
Described application management server, the data summarization for the main line part according to described application resource file carries out application verification to described application resource file; Application check results is returned to described application safety management devices;
Described application safety management devices, also for obtaining application channel mark from the non-main line part of described application resource file; Described application channel mark is reported to described application management server;
Described application management server, also for the acquisition channel of the application resource file of intended application according to the identification of described application channel mark.
20. as the application safety management system of claim 19, and it is characterized in that, the file data under described application resource file assigned catalogue or the file data of create name are non-main line part, and the residue file data of described application resource file is served as theme part.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510109261.1A CN104978530B (en) | 2015-03-12 | 2015-03-12 | A kind of application method for managing security, device, server and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510109261.1A CN104978530B (en) | 2015-03-12 | 2015-03-12 | A kind of application method for managing security, device, server and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104978530A true CN104978530A (en) | 2015-10-14 |
| CN104978530B CN104978530B (en) | 2018-09-04 |
Family
ID=54275024
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510109261.1A Active CN104978530B (en) | 2015-03-12 | 2015-03-12 | A kind of application method for managing security, device, server and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104978530B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106874273A (en) * | 2015-12-11 | 2017-06-20 | 广州市动景计算机科技有限公司 | Channel information statistical method, device and system |
| CN106909357A (en) * | 2015-12-22 | 2017-06-30 | 中国移动通信集团公司 | A kind of application program channel information acquisition methods and device |
| CN106911734A (en) * | 2015-12-22 | 2017-06-30 | 北京奇虎科技有限公司 | A kind of method and server for generating application installation kit |
| CN106911738A (en) * | 2015-12-22 | 2017-06-30 | 北京奇虎科技有限公司 | A kind of method and server for generating application installation kit |
| CN108874437A (en) * | 2018-04-26 | 2018-11-23 | 深圳爱加密科技有限公司 | A kind of online cloud update method of android application program |
| CN108920910A (en) * | 2018-08-01 | 2018-11-30 | 北京奇安信科技有限公司 | A kind of mobile security service SDK authorization management method and device |
| CN109145591A (en) * | 2018-09-10 | 2019-01-04 | 上海连尚网络科技有限公司 | The plug-in loading method of application program |
| CN111488600A (en) * | 2020-04-09 | 2020-08-04 | 南京维沃软件技术有限公司 | Resource processing method, electronic equipment and server |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104133704A (en) * | 2014-07-31 | 2014-11-05 | 百度在线网络技术(北京)有限公司 | Software upgrading and upgrade package issuing method, device and equipment |
| CN104217140A (en) * | 2014-08-29 | 2014-12-17 | 北京奇虎科技有限公司 | Method and device for reinforcing application program |
| CN104346167A (en) * | 2014-08-25 | 2015-02-11 | 腾讯科技(深圳)有限公司 | Method and device for generating application channel package |
-
2015
- 2015-03-12 CN CN201510109261.1A patent/CN104978530B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104133704A (en) * | 2014-07-31 | 2014-11-05 | 百度在线网络技术(北京)有限公司 | Software upgrading and upgrade package issuing method, device and equipment |
| CN104346167A (en) * | 2014-08-25 | 2015-02-11 | 腾讯科技(深圳)有限公司 | Method and device for generating application channel package |
| CN104217140A (en) * | 2014-08-29 | 2014-12-17 | 北京奇虎科技有限公司 | Method and device for reinforcing application program |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106874273A (en) * | 2015-12-11 | 2017-06-20 | 广州市动景计算机科技有限公司 | Channel information statistical method, device and system |
| CN106874273B (en) * | 2015-12-11 | 2020-06-23 | 广州市动景计算机科技有限公司 | Channel information statistical method, device and system |
| CN106909357A (en) * | 2015-12-22 | 2017-06-30 | 中国移动通信集团公司 | A kind of application program channel information acquisition methods and device |
| CN106911734A (en) * | 2015-12-22 | 2017-06-30 | 北京奇虎科技有限公司 | A kind of method and server for generating application installation kit |
| CN106911738A (en) * | 2015-12-22 | 2017-06-30 | 北京奇虎科技有限公司 | A kind of method and server for generating application installation kit |
| CN106909357B (en) * | 2015-12-22 | 2020-12-01 | 中国移动通信集团公司 | Application program channel information acquisition method and device |
| CN108874437A (en) * | 2018-04-26 | 2018-11-23 | 深圳爱加密科技有限公司 | A kind of online cloud update method of android application program |
| CN108874437B (en) * | 2018-04-26 | 2022-01-21 | 深圳爱加密科技有限公司 | Online cloud updating method for android application program |
| CN108920910A (en) * | 2018-08-01 | 2018-11-30 | 北京奇安信科技有限公司 | A kind of mobile security service SDK authorization management method and device |
| CN109145591A (en) * | 2018-09-10 | 2019-01-04 | 上海连尚网络科技有限公司 | The plug-in loading method of application program |
| CN111488600A (en) * | 2020-04-09 | 2020-08-04 | 南京维沃软件技术有限公司 | Resource processing method, electronic equipment and server |
| CN111488600B (en) * | 2020-04-09 | 2023-03-21 | 南京维沃软件技术有限公司 | Resource processing method, electronic equipment and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104978530B (en) | 2018-09-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104978530A (en) | Application security management method, application security management device, application management server and application security management system | |
| EP3333704B1 (en) | Method and apparatus for repairing kernel vulnerability | |
| CN100570558C (en) | A kind of chip firmware updating method | |
| CN105653262A (en) | Application program upgrade method, device and system | |
| CN103329093A (en) | Updating software | |
| CN102340398A (en) | Security policy setting and determining method, and method and device for executing operation by application program | |
| CN106462422B (en) | System upgrading method and device for multi-system terminal and terminal | |
| CN105468384A (en) | Vehicle-mounted controller programming system and method, server and programming terminal | |
| CN104123490A (en) | Method and device for processing malicious bundled software and mobile terminal | |
| CN105786636A (en) | System repairing method and device | |
| CN102065088A (en) | Methods for automatically loading internet bank security assembly and authenticating internet bank security | |
| CN105045640A (en) | Software upgrading method and device and intelligent equipment | |
| CN105677409A (en) | System upgrading method and device | |
| CN104036193B (en) | Local cross-domain vulnerability detection method and device for application program | |
| CN110414218B (en) | Kernel detection method and device, electronic equipment and storage medium | |
| CN105095006A (en) | Method and device for repairing software installation failure | |
| CN104572169B (en) | A kind of software distribution and installation system based on UEFI | |
| CN103455750A (en) | High-security verification method and high-security verification system for embedded devices | |
| CN103365684A (en) | Updating method and multi-domain embedded system | |
| CN111984298B (en) | Program upgrading area in flash memory, program upgrading method and system | |
| CN106951771B (en) | Mobile terminal using method of android operating system | |
| CN106569851B (en) | Application program processing method and device | |
| CN107479923A (en) | Application program updating method, apparatus and display terminal | |
| CN107493288B (en) | Application network security control method and device based on Android POS | |
| CN105653412A (en) | Fingerprint device compatibility detection method and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211104 Address after: 518057 Tencent Building, No. 1 High-tech Zone, Nanshan District, Shenzhen City, Guangdong Province, 35 floors Patentee after: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd. Patentee after: TENCENT CLOUD COMPUTING (BEIJING) Co.,Ltd. Address before: 2, 518000, East 403 room, SEG science and Technology Park, Zhenxing Road, Shenzhen, Guangdong, Futian District Patentee before: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd. |
|
| TR01 | Transfer of patent right |