CN105306434A - Program file checking method and device, server and terminal - Google Patents

Program file checking method and device, server and terminal Download PDF

Info

Publication number
CN105306434A
CN105306434A CN201510578850.4A CN201510578850A CN105306434A CN 105306434 A CN105306434 A CN 105306434A CN 201510578850 A CN201510578850 A CN 201510578850A CN 105306434 A CN105306434 A CN 105306434A
Authority
CN
China
Prior art keywords
terminal
hash value
file
server
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510578850.4A
Other languages
Chinese (zh)
Inventor
秦皓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingsoft Internet Security Software Co Ltd
Original Assignee
Beijing Kingsoft Internet Security Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingsoft Internet Security Software Co Ltd filed Critical Beijing Kingsoft Internet Security Software Co Ltd
Priority to CN201510578850.4A priority Critical patent/CN105306434A/en
Publication of CN105306434A publication Critical patent/CN105306434A/en
Priority to PCT/CN2016/094628 priority patent/WO2017041606A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the invention provides a program file checking method and device, a server and a terminal, wherein the program file checking method applied to the server can comprise the following steps: after establishing communication connection with a terminal, acquiring the version number of an application program package; obtaining a random number for the application package; generating a first hash value by using a predetermined hash algorithm according to the random number and the file content of a preset file to be checked in an application program packet with a version number stored in advance by a server; sending the random number to a terminal so that the terminal generates a second hash value according to the random number and the file content of a preset file to be checked in an application program package of the local terminal by using a preset hash algorithm; obtaining related information about a second hash value generated by the terminal; and determining the integrity check result of the preset file to be checked in the terminal. Therefore, the accuracy rate of verifying the integrity of the program file can be improved through the scheme.

Description

Program file checking method and device, server and terminal
Technical Field
The invention relates to the technical field of file detection, in particular to a program file checking method and device, a server and a terminal.
Background
Because the application software applied to some operating systems adopts a general-purpose coding language, some files in an application program package which is used as a carrier of the application software are easily decompiled, modified and repackaged and released by an attacker, so that pirated software is transverse, for example: the application software suitable for the android system is mainly compiled by adopting Java language, so that the APK (android Package) serving as a carrier of the application software is very easy to decompile, modify and repackage for release by an attacker.
In order to prevent the secondary packaging of the application package, it is necessary to perform integrity check on some files in the application package, i.e. check whether the files are modified. The existing program file checking method comprises the following steps: and a section of code is arranged in some files in the application package, the section of code can check the signatures of the files in the loading process of the application package, if the signatures are correct, the files in the application package are complete, the operation is continued, and otherwise, the program is exited. The signature is a hash value calculated for the file contents of the files in the application package.
However, since the existing program file verification is implemented locally through code, an attacker can see relevant codes, and the effective running of the codes is prevented in various ways, which results in a low accuracy of integrity verification, wherein the effective running of the codes is specifically: and (4) the verification results are correct signatures, or the whole verification process is skipped.
Disclosure of Invention
The embodiment of the invention aims to provide a program file checking method and device, a server and a terminal so as to improve the accuracy of checking the integrity of a program file. The specific technical scheme is as follows:
in a first aspect, an embodiment of the present invention provides a program file verification method, which is applied to a server, where the server is: the server is used for providing network service for application software which runs in the terminal and is loaded in the application program package; the method comprises the following steps:
after communication connection is established with the terminal, the version number of the application program package is obtained;
obtaining a random number for the application package;
generating a first hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package with the version number stored in advance by the server and by utilizing a preset hash algorithm;
sending the random number to the terminal, so that after receiving the random number, the terminal generates a second hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package local to the terminal and by utilizing the preset hash algorithm;
obtaining related information about the second hash value generated by the terminal;
and determining an integrity check result of the preset file to be checked in the terminal according to the relevant information about the second hash value and the relevant information about the first hash value.
Optionally, the obtaining the relevant information about the second hash value generated by the terminal includes:
requesting the terminal to obtain the second hash value generated by the terminal;
or,
receiving the second hash value reported by the terminal after the second hash value is generated;
the determining, according to the related information about the second hash value and the related information about the first hash value, an integrity check result of the preset file to be checked in the terminal includes:
judging whether the obtained second hash value is the same as the first hash value or not, and if so, determining that the preset file to be verified in the terminal is complete; otherwise, determining that the preset file to be verified in the terminal is incomplete.
Optionally, the obtaining the relevant information about the second hash value generated by the terminal includes:
requesting the terminal to obtain a plurality of values of the second hash value related to the predetermined data bits in sequence;
the determining, according to the related information about the second hash value and the related information about the first hash value, an integrity check result of the preset file to be checked in the terminal includes:
sequentially judging whether a plurality of numerical values of the second hash value related to the preset data bits are the same as the numerical values of the first hash value related to the corresponding preset data bits, and if so, determining that the preset file to be verified in the terminal is complete; otherwise, determining that the preset file to be verified in the terminal is incomplete.
Optionally, the values associated with the predetermined data bits include:
a value on a predetermined data bit;
or,
a value obtained by performing a mathematical operation on the values on at least two predetermined data bits.
Optionally, when it is determined that the preset file to be checked in the terminal is incomplete, the method further includes:
and disconnecting the communication connection with the terminal.
Optionally, when it is determined that the preset file to be checked in the terminal is incomplete, the method further includes:
pushing a prompt message to a terminal, wherein the prompt message is used for prompting that the preset file to be verified is incomplete;
or,
and pushing a prompt message and a download link address to a terminal, wherein the prompt message is used for prompting that the preset file to be verified is incomplete, and the download link address is the download address of the application program package.
In a second aspect, an embodiment of the present invention provides a method for verifying a program file, which is applied to a terminal, where the terminal is: a terminal for running application software loaded in the application package; the method comprises the following steps:
after establishing communication connection with a server for providing network service for the application software, receiving a random number which is sent by the server and aims at the application program package, wherein the random number is as follows: the server is obtained and sent after establishing communication connection with the terminal;
generating a second hash value aiming at the preset file to be verified according to the random number and the file content of the preset file to be verified in the application program package local to the terminal by utilizing a preset hash algorithm;
sending the relevant information of the second hash value to the server, so that after the server obtains the relevant information about the second hash value, according to the relevant information about the second hash value and the relevant information about the first hash value, an integrity check result of the preset file to be checked in the terminal is determined, wherein the first hash value is: and the server generates the file content according to the random number and the file content of a preset file to be verified in the application program package which is stored in advance and has the version number of the application program package in the terminal by utilizing the preset Hash algorithm.
Optionally, the sending information about the second hash value to the server includes:
after receiving a request about the second hash value sent by the server, feeding back the second hash value to the server;
or,
and after the second hash value is generated, reporting the second hash value to the server.
Optionally, the sending information about the second hash value to the server includes:
receiving a plurality of requests of numerical values related to the preset data bits of the second hash value sent by the server in sequence;
after receiving a request sent by a server about each value of the second hash values associated with a predetermined data bit, feeding back to the server respective values associated with the predetermined data bit in relation to the second hash values.
Optionally, the values associated with the predetermined data bits include:
a value on a predetermined data bit;
or,
a value obtained by performing a mathematical operation on the values on at least two predetermined data bits.
Optionally, the method for verifying a program file provided in the embodiment of the present invention further includes:
receiving a prompt message pushed by the server, wherein the prompt message is used for prompting that the preset file to be verified is incomplete;
or,
and receiving a prompt message and a download link address pushed by a server, wherein the prompt message is used for prompting that the preset file to be verified is incomplete, and the download link address is a download address of the application program package.
In a third aspect, an embodiment of the present invention provides a program file checking apparatus, which is applied to a server, where the server is: the server is used for providing network service for application software which runs in the terminal and is loaded in the application program package; the device comprises:
the version number obtaining module is used for obtaining the version number of the application program package after establishing communication connection with the terminal;
a random number obtaining module for obtaining a random number for the application package;
the first hash value generation module is used for generating a first hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program packet with the version number stored in advance by the server and by utilizing a preset hash algorithm;
the random number sending module is used for sending the random number to the terminal so that the terminal generates a second hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package local to the terminal and by utilizing the preset hash algorithm after receiving the random number;
a second hash value information obtaining module for obtaining related information about the second hash value generated by the terminal;
and the integrity checking module is used for determining an integrity checking result of the preset file to be checked in the terminal according to the relevant information about the second hash value and the relevant information about the first hash value.
Optionally, the second hash value information obtaining module includes:
a first information obtaining unit, configured to request the terminal to obtain the second hash value generated by the terminal;
or,
a second information obtaining unit, configured to receive the second hash value reported by the terminal after the terminal generates the second hash value;
the integrity check module includes:
the first integrity checking unit is used for judging whether the obtained second hash value is the same as the first hash value or not, and if so, determining that the preset file to be checked in the terminal is complete; otherwise, determining that the preset file to be verified in the terminal is incomplete.
Optionally, the second hash value information obtaining module includes:
a third information obtaining unit configured to sequentially request the terminal to obtain a plurality of values of the second hash value associated with a predetermined data bit;
the integrity check module includes:
the second integrity checking unit is used for sequentially judging whether a plurality of numerical values of the second hash value related to the preset data bits are the same as the numerical values of the first hash value related to the corresponding preset data bits, and if the judgment results are yes, determining that the preset file to be checked in the terminal is complete; otherwise, determining that the preset file to be verified in the terminal is incomplete.
Optionally, the values associated with the predetermined data bits include:
a value on a predetermined data bit;
or,
a value obtained by performing a mathematical operation on the values on at least two predetermined data bits.
Optionally, the program file verification apparatus provided in the embodiment of the present invention further includes:
and the connection disconnection module is used for disconnecting the communication connection with the terminal when the incompleteness of the preset file to be checked in the terminal is determined.
Optionally, the program file verification apparatus provided in the embodiment of the present invention further includes:
the first information sending module is used for pushing a prompt message to the terminal when the incompleteness of the preset file to be verified in the terminal is determined, wherein the prompt message is used for prompting the incompleteness of the preset file to be verified;
or,
and the second information sending module is used for pushing a prompt message and a download link address to the terminal when the incompleteness of the preset file to be checked in the terminal is determined, wherein the prompt message is used for prompting the incompleteness of the preset file to be checked, and the download link address is the download address of the application package.
In a fourth aspect, an embodiment of the present invention provides a program file checking apparatus, which is applied to a terminal, where the terminal is: a terminal for running application software loaded in the application package; the device comprises:
a random number receiving module, configured to receive a random number, which is sent by a server and is for the application package, after establishing a communication connection with the server for providing the network service for the application software, where the random number is: the server is obtained and sent after establishing communication connection with the terminal;
the second hash value generation module is used for generating a second hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package local to the terminal and by utilizing a preset hash algorithm;
a second hash value information sending module, configured to send relevant information of the second hash value to the server, so that after the server obtains the relevant information about the second hash value, according to the relevant information about the second hash value and the relevant information about the first hash value, an integrity check result of the preset file to be checked in the terminal is determined, where the first hash value is: and the server generates the file content according to the random number and the file content of a preset file to be verified in the application program package which is stored in advance and has the version number of the application program package in the terminal by utilizing the preset Hash algorithm.
Optionally, the second hash value information sending module includes:
a first information sending unit, configured to, after receiving a request about the second hash value sent by the server, feed back the second hash value to the server;
or,
and the second information sending unit is used for reporting the second hash value to the server after the second hash value is generated.
Optionally, the second hash value information sending module includes:
a value request obtaining unit configured to sequentially receive a plurality of requests for values associated with predetermined data bits of the second hash value from a server;
a third information sending unit, configured to, after receiving a request sent by a server regarding each of the second hash values associated with a predetermined data bit, feed back to the server a corresponding predetermined data bit-related value regarding the second hash value.
Optionally, the values associated with the predetermined data bits include:
a value on a predetermined data bit;
or,
a value obtained by performing a mathematical operation on the values on at least two predetermined data bits.
Optionally, the program file verification apparatus provided in the embodiment of the present invention further includes:
the first message receiving unit is used for receiving a prompt message pushed by the server, wherein the prompt message is used for prompting that the preset file to be verified is incomplete;
or,
and the second message receiving unit is used for receiving a prompt message and a download link address pushed by the server, wherein the prompt message is used for prompting that the preset file to be verified is incomplete, and the download link address is the download address of the application program package.
In a fifth aspect, an embodiment of the present invention provides a server, where the server is: a server for providing a network service for application software loaded in an application package running in a terminal, wherein the server comprises:
a processor, a memory, a communication interface, and a bus;
the processor, the memory and the communication interface are connected through the bus and complete mutual communication;
the memory stores executable program code;
the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory, so as to execute a program file verification method; the program file checking method comprises the following steps:
after communication connection is established with the terminal, the version number of the application program package is obtained;
obtaining a random number for the application package;
generating a first hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package with the version number stored in advance by the server and by utilizing a preset hash algorithm;
sending the random number to the terminal, so that after receiving the random number, the terminal generates a second hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package local to the terminal and by utilizing the preset hash algorithm;
obtaining related information about the second hash value generated by the terminal;
and determining an integrity check result of the preset file to be checked in the terminal according to the relevant information about the second hash value and the relevant information about the first hash value.
In a sixth aspect, an embodiment of the present invention provides a terminal, where the terminal is: a terminal for running application software loaded in the application package; wherein, the terminal includes: a processor, a memory, a communication interface, and a bus;
the processor, the memory and the communication interface are connected through the bus and complete mutual communication;
the memory stores executable program code;
the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory, so as to execute a program file verification method; the program file checking method comprises the following steps:
after establishing communication connection with a server for providing network service for the application software, receiving a random number which is sent by the server and aims at the application program package, wherein the random number is as follows: the server is obtained and sent after establishing communication connection with the terminal;
generating a second hash value aiming at the preset file to be verified according to the random number and the file content of the preset file to be verified in the application program package local to the terminal by utilizing a preset hash algorithm;
sending the relevant information of the second hash value to the server, so that after the server obtains the relevant information about the second hash value, according to the relevant information about the second hash value and the relevant information about the first hash value, an integrity check result of the preset file to be checked in the terminal is determined, wherein the first hash value is: and the server generates the file content according to the random number and the file content of a preset file to be verified in the application program package which is stored in advance and has the version number of the application program package in the terminal by utilizing the preset Hash algorithm.
In the embodiment of the invention, when the program file is verified, the verification is completed through the server, so that the change of an attacker to the integrity verification code is avoided, and the random number is added on the basis of presetting the file to be verified when the hash value is calculated, so that the uncertainty of the hash value is improved, and the risks of the hash value given by the attacker are reduced, therefore, the accuracy of verifying the integrity of the program file can be improved through the scheme.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart of a method for verifying a program file provided from a server according to an embodiment of the present invention;
FIG. 2 is another flowchart of a method for verifying a program file from a server according to an embodiment of the present invention;
FIG. 3 is another flowchart of a method for verifying a program file from a server according to an embodiment of the present invention;
FIG. 4 is another flowchart of a method for verifying a program file from a server according to an embodiment of the present invention;
fig. 5 is a flowchart of a method for verifying a program file provided from a terminal perspective according to an embodiment of the present invention;
FIG. 6 is another flowchart of a method for verifying a program file from a terminal according to an embodiment of the present invention;
FIG. 7 is another flowchart of a method for verifying a program file from a terminal according to an embodiment of the present invention;
FIG. 8 is another flowchart of a method for verifying a program file from a terminal according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a program file verifying apparatus provided from a server perspective according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of a program file verifying apparatus provided from a terminal perspective in an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
First, in order to improve accuracy of verifying integrity of a program file, an embodiment of the present invention provides a program file verification method from the perspective of a server, where the server is: and the server is used for providing network services for the application software which runs in the terminal and is carried in the application program package.
The application package may be a file suitable for the android operating system, but is not limited to this, and for example, the application package may also be a file suitable for the IOS operating system (which is an operating system developed by apple for iPhone), and so on. In addition, the application package referred to in the embodiment of the present invention is: the loaded application software requires a server to provide the files of the network service. In addition, the preset files to be verified in the application package may be part of the files in the application package or all the files.
As shown in fig. 1, the method for verifying a program file provided in this embodiment may include the following steps:
s101, after communication connection is established with a terminal, the version number of an application program package is obtained;
after the server establishes communication connection with the terminal, the integrity verification process of the program file can be started, specifically, the server can first obtain the version number of the application package, and then execute the subsequent process by using the version number.
It is understood that the server may obtain the version number of the application package file through the prior art after establishing the communication connection with the terminal. It should be emphasized that the program file verification process may be executed after each communication connection is established with the terminal, and of course, in practical applications, it is reasonable to execute the program file verification process after communication connections are established for some times, instead of executing the program file verification process after communication connections are established for each time, or execute the program file verification process after communication connections are established for some time periods, and so on.
S102, obtaining a random number aiming at the application program package;
after the program file verification process is started, the random number for the application program package can be obtained, and then the subsequent processing flow is executed by using the random number.
The obtaining of the random number for the application package may specifically include: the random number for the application package is generated by a preset random number generation algorithm, or one random number is randomly selected from a pre-constructed random number set as the random number for the application package. It can be understood that the preset random number generation algorithm may be a random number generation algorithm in the prior art, or a random number generation algorithm designed by itself, and a specific random number generation algorithm may be selected according to an actual situation, which is not limited herein.
It should be noted that, in practical applications, there is no strict execution order between the step of obtaining the version number of the application package and the step of obtaining the random number for the application package, for example: the step of obtaining the version number of the application package and the step of obtaining the random number for the application package may be performed at the same time, or the step of obtaining the version number of the application package may be performed first and then the step of obtaining the random number for the application package may be performed, or of course, the step of obtaining the random number for the application package may be performed first and then the step of obtaining the version number of the application package may be performed.
S103, generating a first hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package with the version number and stored in advance by the server, and by utilizing a preset hash algorithm;
after the random number for the application package and the version number of the application package are obtained, in order to verify the integrity of the preset file to be verified in the application package in the terminal, a first hash value for the preset file to be verified may be generated according to the random number and the file content of the preset file to be verified in the application package with the version number, which is stored in advance by the server itself, and by using a predetermined hash algorithm. The predetermined hash algorithm may be an existing hash algorithm or a self-designed hash algorithm, which is reasonable.
The server itself stores application packages with different version numbers of the application software in advance, and when a first hash value for the preset file to be verified is generated, file content of the preset file to be verified in the obtained application package with the version number can be used.
S104, sending the random number to the terminal, so that after receiving the random number, the terminal generates a second hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package local to the terminal and by utilizing the preset hash algorithm;
wherein after obtaining the random number for the application package, the random number may be sent to the terminal; correspondingly, after receiving the random number, the terminal may generate a second hash value for the preset file to be checked according to the random number and file contents of the preset file to be checked in the application package local to the terminal, and by using the predetermined hash algorithm. The hash value algorithm used by the terminal for generating the second hash value is the same as the hash algorithm used by the server for generating the first hash value, so that the first hash value and the second hash value are comparable.
It can be understood that, since the preset file to be verified in the application package with the obtained version number stored by the server is a complete file, and the file content and the random number of the preset file to be verified in the application package with the obtained version number are used when the first hash value is generated, if the preset file to be verified in the application package in the terminal is a complete file, the second hash value generated by the terminal is inevitably the same as the first hash value generated by the server, and if the preset file to be verified in the application package in the terminal is a modified file, that is, an incomplete file, the second hash value generated by the terminal is inevitably different from the first hash value generated by the server.
Wherein, the step of sending the random number to the terminal is necessarily after the step of obtaining the random number for the application package, and the step of generating the first hash value for the preset file to be verified is necessarily after the step of obtaining the random number for the application package, however, there is no strict execution order between the step of sending the random number to the terminal and the step of generating the first hash value for the preset file to be verified, for example: it is reasonable to perform the step of sending the random number to the terminal and the step of generating the first hash value for the preset file to be verified at the same time, or perform the step of generating the first hash value for the preset file to be verified first and then perform the step of sending the random number to the terminal, or, of course, perform the step of sending the random number to the terminal first and then perform the step of generating the first hash value for the preset file to be verified first.
S105, obtaining relevant information about the second hash value generated by the terminal;
the random number generated by the server and the preset file to be verified in the application package with the same version number are both used when the first hash value and the second hash value are constructed, so that on the premise that the used hash algorithms are the same, if the preset file to be verified in the application package in the terminal is complete (i.e., not changed), the first hash value and the second hash value are necessarily the same. Therefore, in order to implement integrity check, after sending the random number to the terminal, the server may obtain the relevant information about the second hash value generated by the terminal, and further determine an integrity check result of a preset file to be checked in the terminal according to the relevant information about the second hash value and the relevant information about the first hash value.
For clarity, a specific implementation manner of obtaining the related information about the second hash value generated by the terminal is described in the following by way of example.
And S106, determining the integrity check result of the preset file to be checked in the terminal according to the relevant information about the second hash value and the relevant information about the first hash value.
After obtaining the related information about the second hash value generated by the terminal, an integrity check result of the preset file to be checked in the terminal may be determined according to the related information about the second hash value and the related information about the first hash value, where the integrity check result may include: the preset file to be verified is complete or the preset file to be verified is incomplete.
It is to be understood that, a specific implementation manner of determining the integrity check result of the preset file to be checked in the terminal according to the related information about the second hash value and the related information about the first hash value is determined based on a specific implementation manner of obtaining the related information about the second hash value generated by the terminal, and for clarity, a specific implementation manner of determining the integrity check result of the preset file to be checked in the terminal according to the related information about the second hash value and the related information about the first hash value is described as an example in the following description of a specific implementation manner of obtaining the related information about the second hash value generated by the terminal.
In the embodiment of the invention, when the program file is verified, the verification is completed through the server, so that the change of an attacker to the integrity verification code is avoided, and the random number is added on the basis of presetting the file to be verified when the hash value is calculated, so that the uncertainty of the hash value is improved, and the risks of the hash value given by the attacker are reduced, therefore, the accuracy of verifying the integrity of the program file can be improved through the scheme.
It can be understood that, in the program file verification process, a complete second hash value generated by the terminal may be obtained, so that the second hash value and the first hash value are used to complete the determination of the integrity verification result of the preset file to be verified in the terminal. Based on the idea of obtaining the complete second hash value generated by the terminal, in one implementation, referring to fig. 2, compared to the foregoing embodiment formed by S101-S106, obtaining the related information about the second hash value generated by the terminal (S105) may include:
s1051, requesting the terminal to obtain the second hash value generated by the terminal;
accordingly, referring to fig. 2, compared to the foregoing embodiment formed by S101 to S106, determining the integrity check result of the preset file to be checked in the terminal according to the related information about the second hash value and the related information about the first hash value (S106) may include:
s1061, judging whether the obtained second hash value is the same as the first hash value, if so, executing S1062, and if not, executing S1063;
s1062, determining that the preset file to be verified in the terminal is complete;
s1063, determining that the preset file to be verified in the terminal is incomplete.
In this implementation manner, the server may actively request the terminal to obtain the second hash value generated by the terminal, and after the terminal receives the request of the server about the second hash value, the terminal may feed back the generated second hash value to the server, and further, the server may determine whether the obtained second hash value is the same as the first hash value, and if so, determine that the preset file to be checked in the terminal is complete, and if not, determine that the preset file to be checked in the terminal is incomplete.
Based on the idea of obtaining the complete second hash value generated by the terminal, in another implementation manner, referring to fig. 3, compared to the foregoing embodiment formed by S101-S106, obtaining the related information about the second hash value generated by the terminal (S105) may include:
s1052, receiving the second hash value reported by the terminal after generating the second hash value;
accordingly, referring to fig. 3, compared to the foregoing embodiment formed by S101 to S106, determining the integrity check result of the predetermined file to be checked in the terminal according to the related information about the second hash value and the related information about the first hash value (S106) may include:
s1064, judging whether the obtained second hash value is the same as the first hash value, if so, executing S1065, and if not, executing S1066;
s1065, determining that the preset file to be verified in the terminal is complete;
s1066, determining that the preset file to be verified in the terminal is incomplete.
In this implementation manner, after the terminal generates the second hash value, the terminal may actively report the second hash value to the server, and after the server receives the second hash value reported by the terminal after the terminal generates the second hash value, the server may determine whether the obtained second hash value is the same as the first hash value, if so, determine that the preset file to be checked in the terminal is complete, and if not, determine that the preset file to be checked in the terminal is incomplete.
Further, in consideration of network security, instead of requesting the terminal for the complete second hash value, the terminal may be requested for obtaining a value of the second hash value associated with a predetermined data bit by a challenge response manner multiple times. Based on the idea of obtaining the value of the second hash value related to the predetermined data bit, in another implementation manner, referring to fig. 4, compared to the foregoing embodiment configured by S101-S106, obtaining the related information about the second hash value generated by the terminal (S105) may include:
s1053, sequentially requesting the terminal to obtain a plurality of values of the second hash value related to the predetermined data bits;
accordingly, referring to fig. 4, compared to the foregoing embodiment formed by S101 to S106, determining the integrity check result of the file to be checked in the terminal according to the related information about the second hash value and the related information about the first hash value (S106) may include:
s1067, sequentially judging whether a plurality of numerical values of the second hash value related to the preset data bits are the same as the numerical values of the first hash value related to the corresponding preset data bits, if so, executing S1068, otherwise, executing S1069;
s1068, determining that the preset file to be verified in the terminal is complete;
s1069, determining that the preset file to be verified in the terminal is incomplete.
In this specific implementation, the values associated with the predetermined data bits may include: a value on a predetermined data bit; or, a value obtained by performing mathematical operation on values on at least two predetermined data bits, for example, requesting the terminal to obtain a value on a first bit, a value on a third bit, and a value on a fourth bit of the second hash value in sequence, and further sequentially determining whether the value on the first bit of the second hash value is the same as the value on the first bit of the first hash value, whether the value on the third bit of the second hash value is the same as the value on the third bit of the first hash value, and whether the value on the fourth bit of the second hash value is the same as the value on the fourth bit of the first hash value, and determining that the preset file to be verified in the terminal is complete when the determination results are the same, or determining that the preset file to be verified in the terminal is incomplete; for another example: and sequentially requesting the terminal to obtain a value on the first bit, a sum of the value on the first bit and the value on the third bit, and a value on the fourth bit of the second hash value, further sequentially judging whether the value on the first bit of the second hash value is the same as the value on the first bit of the first hash value, whether the sum of the value on the first bit of the second hash value and the value on the third bit is the same as the sum of the value on the first bit of the first hash value and the value on the third bit, and whether the value on the fourth bit of the second hash value is the same as the value on the fourth bit of the first hash value, wherein when the judgment results are the same, it can be determined that the preset file to be verified in the terminal is complete, otherwise, it is determined that the preset file to be verified in the terminal is incomplete.
It is emphasized that the specific implementations of S105 and S106 described above are merely examples, and should not be construed as limiting the embodiments of the present invention.
Furthermore, when it is determined that the preset file to be verified in the terminal is complete, the communication connection with the terminal can be continuously maintained, and network service is continuously provided for the terminal, that is, network service is provided for the application software loaded in the application package in the terminal; in order to effectively attack pirated software, when it is determined that the preset file to be verified in the terminal is incomplete, the method provided by the embodiment of the present invention may further include: and disconnecting the communication connection with the terminal, namely no longer providing network service for the application software loaded in the application program package in the terminal.
Certainly, in order to further improve the user experience of the user, when it is determined that the preset file to be verified in the terminal is incomplete, the method provided in the embodiment of the present invention may further include:
pushing a prompt message to a terminal, wherein the prompt message is used for prompting that the preset file to be verified is incomplete;
or,
and pushing a prompt message and a download link address to the terminal, wherein the prompt message is used for prompting that the preset file to be verified is incomplete, and the download link address is the download address of the application program package.
The user can be prompted only through the prompt message that the preset file to be verified is incomplete, so that the user can search the application program package including the complete preset file to be verified again and download the application program package, and certainly, after the prompt message is pushed, the communication connection with the terminal can be disconnected; furthermore, in order to improve the user experience, the prompt message and the download link address can be simultaneously pushed to the terminal, so that the download address is provided for the user while the user is prompted that the preset file to be verified is incomplete, and the user can conveniently re-download the application package including the complete preset file to be verified.
Secondly, in order to improve the accuracy of verifying the integrity of the program file, the embodiment of the invention provides a program file verifying method from the perspective of a terminal. Wherein, this terminal is: and the terminal is used for running the application software loaded in the application program package. In practical application, the terminal can be a smart phone, a tablet computer, a notebook computer and the like. Moreover, the functional software for executing the program file verification method provided by the embodiment is a functional module embedded in the application package.
As shown in fig. 5, the method for verifying a program file provided in this embodiment may include:
s201, after establishing communication connection with a server for providing network service for the application software, receiving a random number aiming at the application program package sent by the server;
wherein the random number is: the server is obtained and transmitted after establishing a communication connection with the terminal.
The server can start the program file verification process after establishing communication connection with the terminal, and further obtain and send the random number aiming at the application program package to the terminal, so that the terminal can receive the random number aiming at the application program package sent by the server after establishing communication connection with the server, and further execute the subsequent steps.
S202, generating a second hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package of the local terminal by utilizing a preset hash algorithm;
after receiving the random number, the terminal generates a second hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package local to the terminal and by utilizing a preset hash algorithm in order to realize integrity check. The predetermined hash algorithm may be an existing hash algorithm or a self-designed hash algorithm, which is reasonable.
S203, sending the information related to the second hash value to the server.
Wherein the first hash value is: the server generates the file content according to the random number and the file content of the preset file to be verified in the application program package which is stored in advance and has the version number of the application program package in the terminal by utilizing the preset Hash algorithm.
In order to verify the integrity of the program file, after the terminal generates a second hash value aiming at the preset file to be verified, the terminal can send the related information of the second hash value to the server; furthermore, after the server obtains the relevant information about the second hash value, the server determines an integrity check result of the preset file to be checked in the terminal according to the relevant information about the second hash value and the relevant information about the first hash value. Moreover, there are various specific implementation manners for sending the information related to the second hash value to the server, and for clarity, examples will be described later.
It should be noted that, a hash algorithm used by the terminal to generate the second hash value is the same as a hash algorithm used by the server to generate the first hash value, so as to ensure that the first hash value and the second hash value have comparability.
In the embodiment of the invention, when the program file is verified, the verification is completed through the server, so that the change of an attacker to the integrity verification code is avoided, and the random number is added on the basis of presetting the file to be verified when the hash value is calculated, so that the uncertainty of the hash value is improved, and the risks of the hash value given by the attacker are reduced, therefore, the accuracy of verifying the integrity of the program file can be improved through the scheme.
It can be understood that, in the program file verification process, the server may obtain a complete second hash value generated by the terminal, so that the determination of the integrity verification result of the preset file to be verified in the terminal is completed by using the second hash value and the first hash value. Based on the idea that the server obtains the complete second hash value generated by the terminal, in an implementation manner, referring to fig. 6, compared with the foregoing embodiment formed by S201 to S203, the sending information related to the second hash value to the server (S203) may include:
s2031, after receiving the request about the second hash value sent by the server, feeding back the second hash value to the server.
In this specific implementation manner, after requesting the terminal to obtain the second hash value generated by the terminal, the server determines whether the obtained second hash value is the same as the first hash value, determines that the preset file to be checked in the terminal is complete if the obtained second hash value is the same as the first hash value, and determines that the preset file to be checked in the terminal is incomplete if the obtained second hash value is not the same as the first hash value.
Based on the idea that the server obtains the complete second hash value generated by the terminal, in an implementation manner, referring to fig. 7, compared with the foregoing embodiment formed by S201 to S203, the sending information related to the second hash value to the server (S203) may include:
s2032, after generating the second hash value, reporting the second hash value to the server.
In this specific implementation manner, after receiving the second hash value reported by the terminal after generating the second hash value, the server determines whether the obtained second hash value is the same as the first hash value, determines that the preset file to be checked in the terminal is complete if the obtained second hash value is the same as the first hash value, and determines that the preset file to be checked in the terminal is incomplete if the obtained second hash value is not the same as the first hash value.
Further, in consideration of network security, the server may not request the terminal for the complete second hash value, but request the terminal for a value associated with a predetermined number of data bits of the second hash value by a challenge response method a plurality of times. Based on the idea of obtaining the value of the second hash value related to the predetermined data bit, in another implementation manner, referring to fig. 8, the sending the information related to the second hash value to the server (S203) may include:
s2033, receiving in sequence a request sent by the server for a plurality of values of the second hash value related to a predetermined number of data bits;
s2034, after receiving the request sent by the server about each value of the second hash value associated with a predetermined data bit, feeding back to the server about the corresponding value of the second hash value associated with the predetermined data bit.
Wherein the value associated with the predetermined data bit may include: a value on a predetermined data bit; or a value obtained by performing a mathematical operation on the values on at least two predetermined data bits.
In this implementation manner, after the server sequentially requests the terminal to obtain a plurality of values of the second hash value related to the predetermined data bits, the server sequentially determines whether the plurality of values of the second hash value related to the predetermined data bits are the same as the values of the first hash value related to the corresponding predetermined data bits, if yes, it is determined that the preset file to be verified in the terminal is complete, otherwise, it is determined that the preset file to be verified in the terminal is incomplete.
Furthermore, when the server determines that the preset file to be verified in the terminal is complete, the server can continue to maintain the communication connection with the terminal and continue to provide network service for the terminal, that is, network service is provided for the application software loaded in the application package in the terminal; in order to effectively attack pirated software, when the server determines that the preset file to be verified in the terminal is incomplete, the server can disconnect the communication connection with the terminal, namely, the server no longer provides network service for the application software loaded in the application program package in the terminal.
Certainly, in order to further improve the user experience of the user, when the server determines that the preset file to be verified in the terminal is incomplete, the server may push a prompt message to the terminal, where the prompt message is used to prompt that the preset file to be verified is incomplete; therefore, the terminal can receive a prompt message pushed by the server, wherein the prompt message is used for prompting that the preset file to be verified is incomplete. In addition, when the server determines that the preset file to be verified in the terminal is incomplete, a prompt message and a download link address can be pushed to the terminal, wherein the prompt message is used for prompting that the preset file to be verified is incomplete, and the download link address is a download address of the application package; correspondingly, the terminal can receive a prompt message and a download link address pushed by the server, wherein the prompt message is used for prompting that the preset file to be verified is incomplete, and the download link address is a download address of the application program package.
Corresponding to the program file checking device provided from the server perspective, an embodiment of the present invention further provides a program file checking device applied to a server, where the server is: the server is used for providing network service for application software which runs in the terminal and is loaded in the application program package; as shown in fig. 9, the apparatus may include:
a version number obtaining module 310, configured to obtain a version number of the application package after establishing a communication connection with the terminal;
a random number obtaining module 320, configured to obtain a random number for the application package;
a first hash value generation module 330, configured to generate a first hash value for a preset file to be checked according to the random number and file content of the preset file to be checked in an application package with the version number and stored in advance by the server, and by using a predetermined hash algorithm;
a random number sending module 340, configured to send the random number to the terminal, so that after receiving the random number, the terminal generates a second hash value for the preset file to be checked according to the random number and the file content of the preset file to be checked in the application package local to the terminal, and by using the predetermined hash algorithm;
a second hash value information obtaining module 350, configured to obtain related information about the second hash value generated by the terminal;
the integrity checking module 360 is configured to determine an integrity checking result of the preset file to be checked in the terminal according to the relevant information about the second hash value and the relevant information about the first hash value.
In the embodiment of the invention, when the program file is verified, the verification is completed through the server, so that the change of an attacker to the integrity verification code is avoided, and the random number is added on the basis of presetting the file to be verified when the hash value is calculated, so that the uncertainty of the hash value is improved, and the risks of the hash value given by the attacker are reduced, therefore, the accuracy of verifying the integrity of the program file can be improved through the scheme.
Specifically, in an implementation manner, the second hash value information obtaining module 350 may include:
a first information obtaining unit, configured to request the terminal to obtain the second hash value generated by the terminal;
or,
a second information obtaining unit, configured to receive the second hash value reported by the terminal after the terminal generates the second hash value;
the integrity check module 360 may include:
the first integrity checking unit is used for judging whether the obtained second hash value is the same as the first hash value or not, and if so, determining that the preset file to be checked in the terminal is complete; otherwise, determining that the preset file to be verified in the terminal is incomplete.
Specifically, in another implementation manner, the second hash value information obtaining module 350 may include:
a third information obtaining unit configured to sequentially request the terminal to obtain a plurality of values of the second hash value associated with a predetermined data bit;
the integrity check module 360 may include:
the second integrity checking unit is used for sequentially judging whether a plurality of numerical values of the second hash value related to the preset data bits are the same as the numerical values of the first hash value related to the corresponding preset data bits, and if the judgment results are yes, determining that the preset file to be checked in the terminal is complete; otherwise, determining that the preset file to be verified in the terminal is incomplete.
Specifically, the value associated with the predetermined data bit may include:
a value on a predetermined data bit;
or,
a value obtained by performing a mathematical operation on the values on at least two predetermined data bits.
Furthermore, the program file verification apparatus provided in this embodiment may further include:
and the connection disconnection module is used for disconnecting the communication connection with the terminal when the incompleteness of the preset file to be checked in the terminal is determined.
Furthermore, the program file verification apparatus provided in this embodiment may further include:
the first information sending module is used for pushing a prompt message to the terminal when the incompleteness of the preset file to be verified in the terminal is determined, wherein the prompt message is used for prompting the incompleteness of the preset file to be verified;
or,
and the second information sending module is used for pushing a prompt message and a download link address to the terminal when the incompleteness of the preset file to be checked in the terminal is determined, wherein the prompt message is used for prompting the incompleteness of the preset file to be checked, and the download link address is the download address of the application package.
Corresponding to the program file checking device provided from the terminal angle, the embodiment of the invention also provides a program file checking device, which is applied to a terminal, wherein the terminal comprises: a terminal for running application software loaded in the application package; as shown in fig. 10, the apparatus may include:
a random number receiving module 410, configured to receive a random number, which is sent by a server and is for the application package, after establishing a communication connection with the server for providing the network service for the application software, where the random number is: the server is obtained and sent after establishing communication connection with the terminal;
a second hash value generating module 420, configured to generate a second hash value for a preset file to be checked according to the random number and file content of the preset file to be checked in the application package local to the terminal, and by using a predetermined hash algorithm;
a second hash value information sending module 430, configured to send relevant information of the second hash value to the server, so that after the server obtains the relevant information about the second hash value, according to the relevant information about the second hash value and the relevant information about the first hash value, an integrity check result of the preset file to be checked in the terminal is determined, where the first hash value is: and the server generates the file content according to the random number and the file content of a preset file to be verified in the application program package which is stored in advance and has the version number of the application program package in the terminal by utilizing the preset Hash algorithm.
In the embodiment of the invention, when the program file is verified, the verification is completed through the server, so that the change of an attacker to the integrity verification code is avoided, and the random number is added on the basis of presetting the file to be verified when the hash value is calculated, so that the uncertainty of the hash value is improved, and the risks of the hash value given by the attacker are reduced, therefore, the accuracy of verifying the integrity of the program file can be improved through the scheme.
Specifically, in an implementation manner, the second hash value information sending module 430 may include:
a first information sending unit, configured to, after receiving a request about the second hash value sent by the server, feed back the second hash value to the server;
or,
and the second information sending unit is used for reporting the second hash value to the server after the second hash value is generated.
Specifically, in another specific implementation manner, the second hash value information sending module 430 may include:
a value request obtaining unit configured to sequentially receive a plurality of requests for values associated with predetermined data bits of the second hash value from a server;
a third information sending unit, configured to, after receiving a request sent by a server regarding each of the second hash values associated with a predetermined data bit, feed back to the server a corresponding predetermined data bit-related value regarding the second hash value.
Specifically, the value associated with the predetermined data bit may include:
a value on a predetermined data bit;
or,
a value obtained by performing a mathematical operation on the values on at least two predetermined data bits.
Furthermore, the program file verification apparatus provided in this embodiment further includes:
the first message receiving unit is used for receiving a prompt message pushed by the server, wherein the prompt message is used for prompting that the preset file to be verified is incomplete;
or,
and the second message receiving unit is used for receiving a prompt message and a download link address pushed by the server, wherein the prompt message is used for prompting that the preset file to be verified is incomplete, and the download link address is the download address of the application program package.
In addition, an embodiment of the present invention further provides a server, where the server is: a server for providing a network service for application software loaded in an application package running in a terminal, wherein the server comprises:
a processor, a memory, a communication interface, and a bus;
the processor, the memory and the communication interface are connected through the bus and complete mutual communication;
the memory stores executable program code;
the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory, so as to execute a program file verification method; the program file checking method comprises the following steps:
after communication connection is established with the terminal, the version number of the application program package is obtained;
obtaining a random number for the application package;
generating a first hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package with the version number stored in advance by the server and by utilizing a preset hash algorithm;
sending the random number to the terminal, so that after receiving the random number, the terminal generates a second hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package local to the terminal and by utilizing the preset hash algorithm;
obtaining related information about the second hash value generated by the terminal;
and determining an integrity check result of the preset file to be checked in the terminal according to the relevant information about the second hash value and the relevant information about the first hash value.
In addition, an embodiment of the present invention further provides a terminal, where the terminal is: a terminal for running application software loaded in the application package; wherein, the terminal includes: a processor, a memory, a communication interface, and a bus;
the processor, the memory and the communication interface are connected through the bus and complete mutual communication;
the memory stores executable program code;
the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory, so as to execute a program file verification method; the program file checking method comprises the following steps:
after establishing communication connection with a server for providing network service for the application software, receiving a random number which is sent by the server and aims at the application program package, wherein the random number is as follows: the server is obtained and sent after establishing communication connection with the terminal;
generating a second hash value aiming at the preset file to be verified according to the random number and the file content of the preset file to be verified in the application program package local to the terminal by utilizing a preset hash algorithm;
sending the relevant information of the second hash value to the server, so that after the server obtains the relevant information about the second hash value, according to the relevant information about the second hash value and the relevant information about the first hash value, an integrity check result of the preset file to be checked in the terminal is determined, wherein the first hash value is: and the server generates the file content according to the random number and the file content of a preset file to be verified in the application program package which is stored in advance and has the version number of the application program package in the terminal by utilizing the preset Hash algorithm.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (10)

1. A program file verification method is applied to a server, wherein the server is as follows: the server is used for providing network service for application software which runs in the terminal and is loaded in the application program package; the method comprises the following steps:
after communication connection is established with the terminal, the version number of the application program package is obtained;
obtaining a random number for the application package;
generating a first hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package with the version number stored in advance by the server and by utilizing a preset hash algorithm;
sending the random number to the terminal, so that after receiving the random number, the terminal generates a second hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package local to the terminal and by utilizing the preset hash algorithm;
obtaining related information about the second hash value generated by the terminal;
and determining an integrity check result of the preset file to be checked in the terminal according to the relevant information about the second hash value and the relevant information about the first hash value.
2. The method according to claim 1, wherein the obtaining of the relevant information about the second hash value generated by the terminal comprises:
requesting the terminal to obtain the second hash value generated by the terminal;
or,
receiving the second hash value reported by the terminal after the second hash value is generated;
the determining, according to the related information about the second hash value and the related information about the first hash value, an integrity check result of the preset file to be checked in the terminal includes:
judging whether the obtained second hash value is the same as the first hash value or not, and if so, determining that the preset file to be verified in the terminal is complete; otherwise, determining that the preset file to be verified in the terminal is incomplete.
3. The method according to claim 1, wherein the obtaining of the relevant information about the second hash value generated by the terminal comprises:
requesting the terminal to obtain a plurality of values of the second hash value related to the predetermined data bits in sequence;
the determining, according to the related information about the second hash value and the related information about the first hash value, an integrity check result of the preset file to be checked in the terminal includes:
sequentially judging whether a plurality of numerical values of the second hash value related to the preset data bits are the same as the numerical values of the first hash value related to the corresponding preset data bits, and if so, determining that the preset file to be verified in the terminal is complete; otherwise, determining that the preset file to be verified in the terminal is incomplete.
4. The method of claim 3, wherein the value associated with the predetermined number of data bits comprises:
a value on a predetermined data bit;
or,
a value obtained by performing a mathematical operation on the values on at least two predetermined data bits.
5. The method according to any one of claims 1 to 4, wherein when it is determined that the preset file to be verified in the terminal is incomplete, the method further comprises:
and disconnecting the communication connection with the terminal.
6. A program file checking method is characterized in that the method is applied to a terminal, and the terminal is as follows: a terminal for running application software loaded in the application package; the method comprises the following steps:
after establishing communication connection with a server for providing network service for the application software, receiving a random number which is sent by the server and aims at the application program package, wherein the random number is as follows: the server is obtained and sent after establishing communication connection with the terminal;
generating a second hash value aiming at the preset file to be verified according to the random number and the file content of the preset file to be verified in the application program package local to the terminal by utilizing a preset hash algorithm;
sending the relevant information of the second hash value to the server, so that after the server obtains the relevant information about the second hash value, according to the relevant information about the second hash value and the relevant information about the first hash value, an integrity check result of the preset file to be checked in the terminal is determined, wherein the first hash value is: and the server generates the file content according to the random number and the file content of a preset file to be verified in the application program package which is stored in advance and has the version number of the application program package in the terminal by utilizing the preset Hash algorithm.
7. A program file verifying device is applied to a server, wherein the server is as follows: the server is used for providing network service for application software which runs in the terminal and is loaded in the application program package; the device comprises:
the version number obtaining module is used for obtaining the version number of the application program package after establishing communication connection with the terminal;
a random number obtaining module for obtaining a random number for the application package;
the first hash value generation module is used for generating a first hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program packet with the version number stored in advance by the server and by utilizing a preset hash algorithm;
the random number sending module is used for sending the random number to the terminal so that the terminal generates a second hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package local to the terminal and by utilizing the preset hash algorithm after receiving the random number;
a second hash value information obtaining module for obtaining related information about the second hash value generated by the terminal;
and the integrity checking module is used for determining an integrity checking result of the preset file to be checked in the terminal according to the relevant information about the second hash value and the relevant information about the first hash value.
8. A program file checking device is characterized in that the program file checking device is applied to a terminal, and the terminal is as follows: a terminal for running application software loaded in the application package; the device comprises:
a random number receiving module, configured to receive a random number, which is sent by a server and is for the application package, after establishing a communication connection with the server for providing the network service for the application software, where the random number is: the server is obtained and sent after establishing communication connection with the terminal;
the second hash value generation module is used for generating a second hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package local to the terminal and by utilizing a preset hash algorithm;
a second hash value information sending module, configured to send relevant information of the second hash value to the server, so that after the server obtains the relevant information about the second hash value, according to the relevant information about the second hash value and the relevant information about the first hash value, an integrity check result of the preset file to be checked in the terminal is determined, where the first hash value is: and the server generates the file content according to the random number and the file content of a preset file to be verified in the application program package which is stored in advance and has the version number of the application program package in the terminal by utilizing the preset Hash algorithm.
9. A server, characterized in that the server is: a server for providing a network service for application software loaded in an application package running in a terminal, wherein the server comprises:
a processor, a memory, a communication interface, and a bus;
the processor, the memory and the communication interface are connected through the bus and complete mutual communication;
the memory stores executable program code;
the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory, so as to execute a program file verification method; the program file checking method comprises the following steps:
after communication connection is established with the terminal, the version number of the application program package is obtained;
obtaining a random number for the application package;
generating a first hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package with the version number stored in advance by the server and by utilizing a preset hash algorithm;
sending the random number to the terminal, so that after receiving the random number, the terminal generates a second hash value aiming at the preset file to be checked according to the random number and the file content of the preset file to be checked in the application program package local to the terminal and by utilizing the preset hash algorithm;
obtaining related information about the second hash value generated by the terminal;
and determining an integrity check result of the preset file to be checked in the terminal according to the relevant information about the second hash value and the relevant information about the first hash value.
10. A terminal, characterized in that the terminal is: a terminal for running application software loaded in the application package; wherein, the terminal includes: a processor, a memory, a communication interface, and a bus;
the processor, the memory and the communication interface are connected through the bus and complete mutual communication;
the memory stores executable program code;
the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory, so as to execute a program file verification method; the program file checking method comprises the following steps:
after establishing communication connection with a server for providing network service for the application software, receiving a random number which is sent by the server and aims at the application program package, wherein the random number is as follows: the server is obtained and sent after establishing communication connection with the terminal;
generating a second hash value aiming at the preset file to be verified according to the random number and the file content of the preset file to be verified in the application program package local to the terminal by utilizing a preset hash algorithm;
sending the relevant information of the second hash value to the server, so that after the server obtains the relevant information about the second hash value, according to the relevant information about the second hash value and the relevant information about the first hash value, an integrity check result of the preset file to be checked in the terminal is determined, wherein the first hash value is: and the server generates the file content according to the random number and the file content of a preset file to be verified in the application program package which is stored in advance and has the version number of the application program package in the terminal by utilizing the preset Hash algorithm.
CN201510578850.4A 2015-09-11 2015-09-11 Program file checking method and device, server and terminal Pending CN105306434A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510578850.4A CN105306434A (en) 2015-09-11 2015-09-11 Program file checking method and device, server and terminal
PCT/CN2016/094628 WO2017041606A1 (en) 2015-09-11 2016-08-11 Program file check method and apparatus, server, and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510578850.4A CN105306434A (en) 2015-09-11 2015-09-11 Program file checking method and device, server and terminal

Publications (1)

Publication Number Publication Date
CN105306434A true CN105306434A (en) 2016-02-03

Family

ID=55203189

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510578850.4A Pending CN105306434A (en) 2015-09-11 2015-09-11 Program file checking method and device, server and terminal

Country Status (2)

Country Link
CN (1) CN105306434A (en)
WO (1) WO2017041606A1 (en)

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105897781A (en) * 2016-06-30 2016-08-24 北京奇虎科技有限公司 Control method and control device for data transmission between mobile terminal and server
CN106161465A (en) * 2016-08-29 2016-11-23 浪潮(北京)电子信息产业有限公司 A kind of cloud storage method, cloud storage system and safe cloud storage system
WO2017041606A1 (en) * 2015-09-11 2017-03-16 北京金山安全软件有限公司 Program file check method and apparatus, server, and terminal
CN106648762A (en) * 2016-11-30 2017-05-10 武汉斗鱼网络科技有限公司 Development environment building method and device
CN107480068A (en) * 2017-08-22 2017-12-15 武汉斗鱼网络科技有限公司 Code integrity detection method, device, electric terminal and readable storage medium storing program for executing
CN107786504A (en) * 2016-08-26 2018-03-09 腾讯科技(深圳)有限公司 ELF file publishing methods, ELF file verifications method, server and terminal
CN108846266A (en) * 2018-07-11 2018-11-20 中国联合网络通信集团有限公司 A kind of method, system and the communication terminal of application program operation authorization
CN109582907A (en) * 2018-12-06 2019-04-05 深圳前海微众银行股份有限公司 Method of calibration, device, equipment and the readable storage medium storing program for executing of web page resources integrality
CN109939441A (en) * 2019-03-14 2019-06-28 深圳市腾讯信息技术有限公司 Using discs verifying method and system
CN109995700A (en) * 2017-12-29 2019-07-09 北京易安睿龙科技有限公司 A kind of safety protecting method of application program, applications client and ACR server
CN110750444A (en) * 2019-09-10 2020-02-04 中国平安财产保险股份有限公司 Application program handover method, application program handover device, computer device and storage medium
CN111104669A (en) * 2018-10-29 2020-05-05 中兴通讯股份有限公司 Cracking detection method, device, system, server, terminal and storage medium
CN112003704A (en) * 2020-07-31 2020-11-27 中科扶云(杭州)科技有限公司 Electronic evidence processing method and device and computer equipment
CN112307511A (en) * 2020-11-06 2021-02-02 珠海格力电器股份有限公司 File protection method and system
CN113127860A (en) * 2019-12-30 2021-07-16 Oppo广东移动通信有限公司 Executable file detection method, device, terminal and storage medium
CN113139716A (en) * 2021-03-31 2021-07-20 成都飞机工业(集团)有限责任公司 Remote automatic error-proof checking method for numerical control machining program package
TWI735841B (en) * 2019-01-19 2021-08-11 宏碁股份有限公司 Computer system and method for verifying archived data
CN114398102A (en) * 2022-01-18 2022-04-26 杭州米络星科技(集团)有限公司 Application package generation method and device, compiling server and computer readable storage medium

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111199039B (en) * 2018-11-20 2023-02-28 成都鼎桥通信技术有限公司 Application security verification method and device and terminal equipment
CN109739529A (en) * 2018-12-04 2019-05-10 贵阳朗玛信息技术股份有限公司 A kind of method and device that program is issued automatically
CN111400102B (en) * 2020-03-18 2024-06-18 深圳前海微众银行股份有限公司 Method, device, equipment and storage medium for monitoring change of application program
CN113674805A (en) * 2020-05-15 2021-11-19 甄伟哲 Optimized high-throughput biomedical experimental platform based on Hash algorithm
CN112256304B (en) * 2020-11-02 2024-09-10 深圳市海浦蒙特科技有限公司 DSP chip software online updating method and system
CN117478175B (en) * 2023-10-25 2024-04-30 中通服网盈科技有限公司 Power communication transmission optimization system and operation method
CN117725572B (en) * 2024-02-07 2024-07-05 支付宝(杭州)信息技术有限公司 SDK integrity checking method, device, medium and equipment
CN118350065B (en) * 2024-06-17 2024-09-03 江西斐耳科技有限公司 Important code protection method, system, storage medium and electronic equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6782477B2 (en) * 2002-04-16 2004-08-24 Song Computer Entertainment America Inc. Method and system for using tamperproof hardware to provide copy protection and online security
CN101782801A (en) * 2009-11-16 2010-07-21 赵延斌 Laptop adapter with built-in battery
CN101976322A (en) * 2010-11-11 2011-02-16 清华大学 Safety metadata management method based on integrality checking
US20120266022A1 (en) * 2010-10-06 2012-10-18 Siemens Aktiengesellschaft Method for Verifying an Application Program in a Failsafe Programmable Logic Controller, and Programmable Logic Controller for Performing the Method
CN103488952A (en) * 2013-09-24 2014-01-01 华为技术有限公司 File integrity verification method and file processor
CN104134021A (en) * 2013-06-20 2014-11-05 腾讯科技(深圳)有限公司 Software tamper-proofing verification method and software tamper-proofing verification device
CN104778410A (en) * 2015-04-16 2015-07-15 电子科技大学 Application program integrity verification method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8254569B2 (en) * 2007-12-29 2012-08-28 Nec (China) Co., Ltd. Provable data integrity verifying method, apparatuses and system
CN101783801B (en) * 2010-01-29 2013-04-24 福建星网锐捷网络有限公司 Software protection method based on network, client side and server
CN104751049B (en) * 2015-03-09 2018-09-04 广东欧珀移动通信有限公司 A kind of application program installation method and mobile terminal
CN105306434A (en) * 2015-09-11 2016-02-03 北京金山安全软件有限公司 Program file checking method and device, server and terminal

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6782477B2 (en) * 2002-04-16 2004-08-24 Song Computer Entertainment America Inc. Method and system for using tamperproof hardware to provide copy protection and online security
CN101782801A (en) * 2009-11-16 2010-07-21 赵延斌 Laptop adapter with built-in battery
US20120266022A1 (en) * 2010-10-06 2012-10-18 Siemens Aktiengesellschaft Method for Verifying an Application Program in a Failsafe Programmable Logic Controller, and Programmable Logic Controller for Performing the Method
CN101976322A (en) * 2010-11-11 2011-02-16 清华大学 Safety metadata management method based on integrality checking
CN104134021A (en) * 2013-06-20 2014-11-05 腾讯科技(深圳)有限公司 Software tamper-proofing verification method and software tamper-proofing verification device
CN103488952A (en) * 2013-09-24 2014-01-01 华为技术有限公司 File integrity verification method and file processor
CN104778410A (en) * 2015-04-16 2015-07-15 电子科技大学 Application program integrity verification method

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017041606A1 (en) * 2015-09-11 2017-03-16 北京金山安全软件有限公司 Program file check method and apparatus, server, and terminal
CN105897781A (en) * 2016-06-30 2016-08-24 北京奇虎科技有限公司 Control method and control device for data transmission between mobile terminal and server
CN105897781B (en) * 2016-06-30 2019-05-31 北京奇虎科技有限公司 The control method and device that data are transmitted between mobile terminal and server
CN107786504A (en) * 2016-08-26 2018-03-09 腾讯科技(深圳)有限公司 ELF file publishing methods, ELF file verifications method, server and terminal
CN107786504B (en) * 2016-08-26 2020-09-04 腾讯科技(深圳)有限公司 ELF file release method, ELF file verification method, server and terminal
CN106161465A (en) * 2016-08-29 2016-11-23 浪潮(北京)电子信息产业有限公司 A kind of cloud storage method, cloud storage system and safe cloud storage system
CN106648762A (en) * 2016-11-30 2017-05-10 武汉斗鱼网络科技有限公司 Development environment building method and device
CN106648762B (en) * 2016-11-30 2020-08-04 武汉斗鱼网络科技有限公司 Method and device for building development environment
CN107480068A (en) * 2017-08-22 2017-12-15 武汉斗鱼网络科技有限公司 Code integrity detection method, device, electric terminal and readable storage medium storing program for executing
CN109995700A (en) * 2017-12-29 2019-07-09 北京易安睿龙科技有限公司 A kind of safety protecting method of application program, applications client and ACR server
CN108846266A (en) * 2018-07-11 2018-11-20 中国联合网络通信集团有限公司 A kind of method, system and the communication terminal of application program operation authorization
CN111104669A (en) * 2018-10-29 2020-05-05 中兴通讯股份有限公司 Cracking detection method, device, system, server, terminal and storage medium
CN109582907A (en) * 2018-12-06 2019-04-05 深圳前海微众银行股份有限公司 Method of calibration, device, equipment and the readable storage medium storing program for executing of web page resources integrality
TWI735841B (en) * 2019-01-19 2021-08-11 宏碁股份有限公司 Computer system and method for verifying archived data
CN109939441B (en) * 2019-03-14 2023-03-14 深圳市腾讯信息技术有限公司 Application multi-disk verification processing method and system
CN109939441A (en) * 2019-03-14 2019-06-28 深圳市腾讯信息技术有限公司 Using discs verifying method and system
CN110750444A (en) * 2019-09-10 2020-02-04 中国平安财产保险股份有限公司 Application program handover method, application program handover device, computer device and storage medium
CN110750444B (en) * 2019-09-10 2024-05-10 中国平安财产保险股份有限公司 Application program handover method, apparatus, computer device and storage medium
CN113127860A (en) * 2019-12-30 2021-07-16 Oppo广东移动通信有限公司 Executable file detection method, device, terminal and storage medium
CN113127860B (en) * 2019-12-30 2023-10-20 Oppo广东移动通信有限公司 Executable file detection method, device, terminal and storage medium
CN112003704A (en) * 2020-07-31 2020-11-27 中科扶云(杭州)科技有限公司 Electronic evidence processing method and device and computer equipment
CN112307511A (en) * 2020-11-06 2021-02-02 珠海格力电器股份有限公司 File protection method and system
CN113139716A (en) * 2021-03-31 2021-07-20 成都飞机工业(集团)有限责任公司 Remote automatic error-proof checking method for numerical control machining program package
CN114398102A (en) * 2022-01-18 2022-04-26 杭州米络星科技(集团)有限公司 Application package generation method and device, compiling server and computer readable storage medium
CN114398102B (en) * 2022-01-18 2023-08-08 杭州米络星科技(集团)有限公司 Application package generation method and device, compiling server and computer readable storage medium

Also Published As

Publication number Publication date
WO2017041606A1 (en) 2017-03-16

Similar Documents

Publication Publication Date Title
CN105306434A (en) Program file checking method and device, server and terminal
CN106534160B (en) Identity authentication method and system based on block chain
US11258792B2 (en) Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium
CN102982258B (en) A kind of system of mobile applications being carried out to master verification
US9430640B2 (en) Cloud-assisted method and service for application security verification
TWI758260B (en) Website login method and login system based on mobile phone short message
CN108334753B (en) Pirate application verification method and distributed server node
CN107743115B (en) Identity authentication method, device and system for terminal application
CN107911222B (en) Digital signature generating method, digital signature verifying method, digital signature generating apparatus, digital signature verifying apparatus, and storage medium storing digital signature verifying program
CN103744686B (en) Control method and the system of installation is applied in intelligent terminal
CN111200589A (en) Data protection method and system for alliance chain
CN111538517B (en) Method and system for upgrading server firmware, electronic equipment and storage medium
CN109284585B (en) Script encryption method, script decryption operation method and related device
CN108805571B (en) Data protection method, platform, block chain node, system and storage medium
CN109634615B (en) Issuing method, verification method and device of application installation package
CN103248495B (en) A kind of method, server, client and system applying interior paying
CN103679005A (en) Method to enable development mode of a secure electronic control unit
CN104133704B (en) Software upgrading, AKU delivery method, device and equipment
CN104735086A (en) Method and device for downloading files safely
CN106331009A (en) Application program downloading method, device and system
JP2018519596A (en) Application download method and apparatus
WO2017197869A1 (en) Version file checking method and apparatus, encryption method and apparatus, and storage medium
CN109040056B (en) User verification method based on server
CN112732676B (en) Block chain-based data migration method, device, equipment and storage medium
CN102262717B (en) Method, device and equipment for changing original installation information and detecting installation information

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160203