CN105787357A - APK (Android Package) downloading method and system based on Android system - Google Patents
APK (Android Package) downloading method and system based on Android system Download PDFInfo
- Publication number
- CN105787357A CN105787357A CN201610182554.7A CN201610182554A CN105787357A CN 105787357 A CN105787357 A CN 105787357A CN 201610182554 A CN201610182554 A CN 201610182554A CN 105787357 A CN105787357 A CN 105787357A
- Authority
- CN
- China
- Prior art keywords
- apk
- public key
- key certificate
- acquirer
- legitimacy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an APK (Android Package) downloading method and system based on the Android system. The method comprises steps as follows: APKs containing credit-granted application list files are signed, the signed APKs are obtained, and each credit-granted application list file comprises package names of each credit-granted APK and a corresponding public key certificate; a terminal acquires the signed APKs; the legality of the signed APKs is verified, and the credit-granted application list files are stored after verification is passed; one APK is acquired, and the legality of the APK is verified; if the verification isn't passed, whether a package head of the APK and the corresponding public key certificate are stored in the credit-granted application list files is judged; if yes, the legality of the APK is verified by continuously using an Android signature mechanism. The credit-granted application list files are added, the credit-granted APK downloading and installing process is simplified, and the updating and upgrading process of the credit-granted APKs is further simplified; influence of application update and upgrade to normal work of the terminal is reduced.
Description
Technical field
The present invention relates to signature authentication field, particularly relate to a kind of based on Android system APK method for down loading and system thereof.
Background technology
Android Android system is the open source operating system based on Linux framework of Google company exploitation, and installation procedure thereon is APK (AndroidPackage) form.
In financial payment field, it is usually the intelligent terminal (POS) being purchased payment terminal manufacturer (such as each POS manufacturer) by acquirer (such as banking system), by receiving single system, payment terminal is managed concentratedly, download including parameter, key is downloaded, accept, process or forward the transaction request of payment terminal, and to payment terminal loopback transaction results information, be the system of centralized management and trading processing.Receive single system and the program of oneself can be installed in payment terminal, and safeguard the APK signed for payment terminal equipment, it is also possible to need to be installed in other Android device APK.
For the legitimacy of program in terminal of guaranteeing payment, terminal needs to introduce digital signature scheme, at the root public key certificate that terminal preset acquirer issues, only payment terminal just can be installed to by the APK of private key signature corresponding to the work public key certificate of root public key certificate subordinate.If the information such as the version of APK needs to update upgrading, then, after the APK of new upgrading just needs to carry out above-mentioned signature again through acquirer, just can be downloaded and be installed to payment terminal.So, even the APK of credit, each renewal upgrading all needs for re-starting signature and checking, and the process repeating signature verification has increased the weight of the work load of terminal, extend APK simultaneously and update the time that upgrading is spent, delay the normal operation of payment terminal.
Publication number is the Chinese patent of CN101425114, a kind of method disclosing software upgrading encapsulation, specifically discloses and comprises the following steps: a, software upgrade package publisher determine the multiple certification authorities needing that upgrading software kit is verified;The informative abstract that b, upgrading software expressly obtain after Hash operation is encrypted respectively through the private key of multiple certification authorities, obtains the digital signature of each certification authority;Software plaintext, the digital signature of each certification authority and the digital certificate of each certification authority are reconfigured and send to terminal unit into software upgrade package by c, software upgrade package publisher.
Above-mentioned update contruction needs for the signature verification through certification authority, is required for terminal and again signs and sign test and impact that terminal normal operation is brought when still cannot eliminate each APK upgrading.
Summary of the invention
The technical problem to be solved is: provides a kind of based on Android system APK method for down loading and system thereof, under the premise ensureing APK safety, simplifies the sign test flow process of downloading process, it is simple to credit APK updates upgrading.
In order to solve above-mentioned technical problem, the technical solution used in the present invention is:
A kind of based on Android system APK method for down loading, including:
The APK comprising credit list of application file is signed, and APK after being signed, described credit list of application file includes the bag name of each credit APK and corresponding public key certificate;
APK after the terminal described signature of acquisition;Verify the legitimacy of APK after described signature, after being verified, store described credit list of application file;
Obtain an APK, the legitimacy of an APK described in terminal authentication;
If checking is not passed through, then judge whether the packet header of a described APK and corresponding public key certificate are stored in described credit list of application file;
If so, Android signature mechanism is then used to verify the legitimacy of a described APK.
Another technical scheme provided by the invention is:
A kind of based on Android system APK download system, including:
First signature blocks, for the APK comprising credit list of application file is signed, APK after being signed, described credit list of application file includes the bag name of each credit APK and corresponding public key certificate;
First acquisition module, for APK after the terminal described signature of acquisition;
First authentication module, for verifying the legitimacy of APK after described signature;
Memory module, during for the result of the first authentication module for being verified, stores described credit list of application file;
Second authentication module, is used for obtaining an APK, the legitimacy of an APK described in terminal authentication;
First judge module, the result for the second authentication module is obstructed out-of-date, it is judged that whether the packet header of a described APK and corresponding public key certificate are stored in described credit list of application file;
3rd authentication module, during for the judged result of the first judge module for being, then uses Android signature mechanism to verify the legitimacy of a described APK.
The beneficial effects of the present invention is: the APK method for down loading of the present invention and system thereof, it is allowed to the APK of credit needs not move through the work private key signature corresponding to public key certificate of terminal root public key certificate subordinate, it is possible to download to terminal.Owing to being the APK of credit, therefore, it is possible to guarantee that this APK's is from the horse's mouth, meet security requirement;Meanwhile, owing to the safety of this APK is affirmed, just without the signature then through acquirer, and terminal is according to the sign test flow process of acquirer root public key certificate, safe and reliable credit APK can directly download and be installed to terminal, enormously simplify the renewal escalation process of credit APK;The upgrading that updates avoiding credit APK affects the normal operation of terminal, alleviates the work load receiving single system and terminal simultaneously, can ensure that again the legitimacy of the APK of installation.
Accompanying drawing explanation
Fig. 1 is a kind of method flow schematic diagram based on Android system APK method for down loading of the present invention;
Fig. 2 is that the present invention is a kind of downloads schematic flow sheet based on the APK comprising credit list of application in Android system APK method for down loading;
Fig. 3 is that the present invention is a kind of based on APK sign test schematic flow sheet in Android system APK method for down loading;
Fig. 4 is that a kind of functional module based on Android system APK download system of the present invention forms schematic diagram;
Fig. 5 is that the present invention is based on the composition schematic diagram of the first signature blocks in Android system APK download system;
Fig. 6 is that the present invention is based on the composition schematic diagram of the first authentication module in Android system APK download system;
Fig. 7 is that the present invention is based on the composition schematic diagram of the 3rd authentication module in Android system APK download system.
Label declaration:
1, the first signature blocks;2, the first acquisition module;3, the first authentication module;
4, memory module;5, the second authentication module;6, the first judge module;7, the 3rd authentication module;
11, first unit is generated;12, the first signature unit;13, second unit is generated;
31, the 3rd unit is generated;32, the first authentication unit;33, the second authentication unit;
71, the 3rd authentication unit;72, the 4th authentication unit;73, the 5th authentication unit.
Detailed description of the invention
By describing the technology contents of the present invention in detail, being realized purpose and effect, below in conjunction with embodiment and coordinate accompanying drawing to be explained.
The design of most critical of the present invention is in that: according to existing signature sign test mechanism, the APK comprising credit list of application file is downloaded to terminal;Judgement cannot pass through the APK of acquirer sign test mechanism and whether signing certificate is stored in credit list of application, it is determined that this APK whether credit, only the APK of credit just proceeds the primary sign test of system.
Refer to Fig. 1, the present invention provides a kind of based on Android system APK method for down loading, including:
The APK comprising credit list of application file is signed, and APK after being signed, described credit list of application file includes the bag name of each credit APK and corresponding public key certificate;
APK after the terminal described signature of acquisition;Verify the legitimacy of APK after described signature, after being verified, store described credit list of application file;
Obtain an APK, the legitimacy of an APK described in terminal authentication;
If checking is not passed through, then judge whether the packet header of a described APK and corresponding public key certificate are stored in described credit list of application file;
If so, Android signature mechanism is then used to verify the legitimacy of a described APK.
Known from the above, the beneficial effects of the present invention is: terminal preset acquirer root public key certificate, only use the APK of the acquirer work private key signature corresponding to public key certificate of acquirer root public key certificate subordinate or be present in the APK in credit list of application and just can download to terminal, ensure that illegal APK cannot download to terminal payment devices, it is ensured that downloaded the safety of APK.Simultaneously, credit APK can need not move through the work private key signature corresponding to public key certificate of terminal root public key certificate subordinate, as long as using work public key certificate and the private key signature of credit, just terminal authentication can be passed through, terminal payment devices can be downloaded to, it is easy to the renewal upgrading of credit APK, removes credit APK from and after updating upgrading, be required for the process then through acquirer signature sign test every time.
Refer to Fig. 2, further, described " APK comprising credit list of application file being signed, APK after being signed " particularly as follows:
Acquirer generates acquirer work public key certificate, issues acquirer work PKI corresponding to public key certificate to different vendor;
Acquirer uses the private key that acquirer work public key certificate is corresponding that the APK comprising credit list of application file is signed, and generates signed data;
Generate comprise acquirer work public key certificate and described signed data signature after APK.
Further, described " verifying the legitimacy of APK after described signature, after being verified, store described credit list of application file " particularly as follows:
Different vendor uses described PKI to generate acquirer root public key certificate according to respective certificates constructing mechanism, and is contained in advance in respective terminal;
Terminal uses the legitimacy of the acquirer work public key certificate after signing described in acquirer root certification authentication in APK;
If being verified, then acquirer work public key certificate is used to verify the legitimacy of described signing messages;
If being verified, then store described credit list of application file to terminal.
Seen from the above description, credit list of application file is by the form with APK, through the signature of acquirer, and the sign test of terminal, it is ensured that after its legitimate secure, just can be stored in terminal, judgement for APK whether credit, it is ensured that credit list of application safe and reliable, is not illegally distorted.
Refer to Fig. 3, further, described " described in terminal authentication the legitimacy of an APK " particularly as follows:
Terminal uses the legitimacy of the work public key certificate of storage in an APK described in acquirer root certification authentication;
If being verified, then described work public key certificate is used to verify the legitimacy of the signed data in a described APK;
If being verified, then Android signature mechanism is used to verify the legitimacy of a described APK.
Seen from the above description, after terminal gets an APK, judge its legitimacy first by preset acquirer root public key certificate, only confirm that this APK is legal, could install in the terminal, it is ensured that the legitimacy of program on terminal unit.
Further, described credit list of application file also includes authorized application list FileVersion, establishment time, authorizes the public key certificate of each bag name authorizing APK and correspondence in APK list bar number, wall scroll mandate APK list.
Seen from the above description, be may identify which the version height of described credit list of application by version, it is simple to follow-up highest version replaces lowest version;The source attribute of list is reviewed by the establishment time;Different credit APK is identified by special bag name;By third party's public key certificate that the developer of each credit APK corresponding uses, it is achieved the sign test of the primary sign test mechanism of system;Simultaneously by bag name and public key certificate together as judging whether to be stored in the foundation of credit list of application, improve and judge degree of accuracy.
Referring to Fig. 4, another technical scheme provided by the invention is:
A kind of based on Android system APK download system, including:
First signature blocks 1, for the APK comprising credit list of application file is signed, APK after being signed, described credit list of application file includes the bag name of each credit APK and corresponding public key certificate;
First acquisition module 2, for APK after the terminal described signature of acquisition;
First authentication module 3, for verifying the legitimacy of APK after described signature;
Memory module 4, during for the result of the first authentication module for being verified, stores described credit list of application file;
Second authentication module 5, is used for obtaining an APK, the legitimacy of an APK described in terminal authentication;
First judge module 6, the result for the second authentication module is obstructed out-of-date, it is judged that whether the packet header of a described APK and corresponding public key certificate are stored in described credit list of application file;
3rd authentication module 7, during for the judged result of the first judge module for being, then uses Android signature mechanism to verify the legitimacy of a described APK.
Referring to Fig. 5, further, described first signature blocks 1 includes:
First generates unit 11, generates acquirer work public key certificate for acquirer, issues acquirer work PKI corresponding to public key certificate to different vendor;
First signature unit 12, uses the private key that acquirer work public key certificate is corresponding that the APK comprising credit list of application file is signed for acquirer, generates signed data;
Second generate unit 13, for generate comprise acquirer work public key certificate and described signed data signature after APK.
Referring to Fig. 6, further, described first authentication module 3 includes:
3rd generates unit 31, uses described PKI to generate acquirer root public key certificate for different vendor according to respective certificates constructing mechanism, and is contained in advance in respective terminal;
First authentication unit 32, the legitimacy of the acquirer work public key certificate used for terminal after signing described in acquirer root certification authentication in APK;
Second authentication unit 33, for the result of the first authentication unit 32 for being verified, then uses acquirer work public key certificate to verify the legitimacy of described signing messages;
Described memory module 4, specifically for the result of the second authentication unit 33 for being verified, then stores described credit list of application file to terminal.
Referring to Fig. 7, further, described 3rd authentication module 71 includes:
3rd authentication unit 71, uses the legitimacy of the work public key certificate of storage in an APK described in acquirer root certification authentication for terminal;
4th authentication unit 72, for the result of the 3rd authentication unit 71 for being verified, then uses described work public key certificate to verify the legitimacy of the signed data in a described APK;
5th authentication unit 73, for the result of the 4th authentication unit for being verified, then uses Android signature mechanism to verify the legitimacy of a described APK.
Further, described credit list of application file also includes authorized application list FileVersion, establishment time, authorizes the public key certificate of each bag name authorizing APK and correspondence in APK list bar number, wall scroll mandate APK list.
Embodiment one
Refer to Fig. 1-Fig. 3, the present embodiment provides a kind of based on Android system APK method for down loading, and the method specifically may include that
S1: the original APK file comprising credit list of application file is signed by acquirer, APK after being signed;
As shown in the table, described credit list of application file includes authorized application list FileVersion, establishment time, authorizes the public key certificate of each bag name authorizing APK and correspondence in APK list bar number, wall scroll mandate APK list.Credit list of application file is placed in original APK file, and file path is assets/trustedapp.list;It is special packet name: com.acquirer.trustedapplist that storage has the APK of credit list of application file;For distinguishing common APK.
As a concrete credit list of application file is:
TrustedApp-Version:1
CreateTime:2016-01-01
TrustedApp-Number:2
Name:com.example.test
SHA2-Digest-PubKey:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3O DkwMTI=
Info:test
Name:com.example2.test2
SHA2-Digest-PubKey:cTIzNDU2Nzg5MDFyZXc1Njc4OTAxMjM0NTY3O DkwMTI=
Info:
S1 specifically may include that
S11: the signature server of acquirer calls encryption device and generates the first public private key pair and the second public private key pair, the signature server of acquirer uses the first private key that the second PKI carries out signature operation and generates acquirer work public key certificate, and the first PKI is distributed to the CA server of different vendor;
S12: the CA server of different vendor uses the first PKI that acquirer issues to generate acquirer root public key certificate according to respective certificates constructing mechanism, and is contained in advance in the respective terminal unit of manufacturer by described acquirer root public key certificate;
S13: the signature server of acquirer will comprise the original APK file of credit list of application file;Original APK file is calculated Hash, it is thus achieved that the first cryptographic Hash HASH1;
S14: the signature server of acquirer obtains the second private key that the public key certificate that works with acquirer is corresponding from secure storage medium, and utilizes the second private key that described first cryptographic Hash HASH1 is encrypted signature, generates acquirer signed data;
S15: description information of being signed by acquirer, acquirer signed data, acquirer work public key certificate generates APK after signature together;
S2: APK after the terminal described signature of acquisition;
Concrete, the terminal unit of different vendor can pass through the mode of download or cycle self-inspection automatically and obtain APK after described signature;
S3: verify the legitimacy of APK after described signature, after being verified, store described credit list of application file;Concrete, refer to Fig. 2, it is possible to comprise the following steps:
S31: determine whether the special packet name storing credit list of application according to the bag name of APK;If so, S32 is then performed;If it is not, then perform S32 equally, but do not perform step list stored to terminal security module;
S32: terminal uses the legitimacy of the acquirer work public key certificate after signing described in the acquirer root certification authentication prestored in the terminal in APK;
If being verified, then terminal uses acquirer work public key certificate to extract the second PKI, uses acquirer signed data, successful decryption described in the second public key decryptions, it is thus achieved that the first cryptographic Hash HASH1;
S33: original APK file is calculated Hash by terminal, obtains the second cryptographic Hash HASH2;
S34: judge that whether described second cryptographic Hash HASH1 and the first cryptographic Hash HASH2 is consistent, if it is consistent, after then proving the signature accessed by terminal, APK is legal, it is not tampered with, vendor equipment, to being verified of APK after signature, is continuing with the legitimacy of original APK file described in Android system primary sign test mechanism sign test;If passing through, then allow terminal that described original APK file is installed;If not passing through, then install failure;
If inconsistent, then after the signature of described acquisition, APK is illegal, it is possible to be tampered, install failure;
Concrete, the primary sign test mechanism of described Android system may include that
Primary signature flow process:
S35: third party APK developer uses encryption equipment to generate third party and works public key certificate;
S36: use described third party private key corresponding to public key certificate that work that the APK file developed is signed, generate exploitation signing messages;
S37: generate and comprise described third party and work the original APK file of public key certificate and described exploitation signing messages;
Primary sign test flow process:
S38: Android system obtains the third party in described original APK file and works public key certificate and described exploitation signing messages;Use described third party work public key certificate verify described exploitation signing messages legitimacy;
If being verified, then perform S39;
S39: install described original APK file, stores described credit list of application file therein to terminal.
By above-mentioned steps, just complete terminal downloads and obtain credit list of application file, determine whether that credit APK provides foundation for follow-up direct basis credit list of application file;And described credit list of application file is through the signature of acquirer, and the sign test of terminal, safe legitimacy is guaranteed, and then is able to ensure that the credit APK accuracy judged.
Incorporated by reference to Fig. 3, the following sign test flow process for terminal when obtaining any one APK:
S4: terminal unit again may be by the mode of download or cycle self-inspection automatically and obtains an APK;And acquired APK is carried out legitimate verification;Legitimate verification can include following:
S41: terminal is first by the legitimacy of the work public key certificate of storage in the acquired APK of the acquirer root certification authentication prestored in the terminal;If being verified, performing S42, proving that described work public key certificate is acquirer work public key certificate simultaneously, and this acquirer work public key certificate is legal, described APK is through the signature of acquirer;If checking is not passed through, then performing S43 and prove that described work public key certificate is illegal, by illegally tampered, or described work public key certificate is not acquirer work public key certificate, it may be possible to third party works public key certificate.
S42: terminal uses acquirer work public key certificate to verify the legitimacy of the signed data in this APK;
If being verified, then prove that this APK is legal, be not tampered with, be the APK of legitimate signature through acquirer, be continuing with the legitimacy of Android system primary sign test mechanism this APK of sign test;If primary sign test is passed through, then allow terminal that this APK file is installed;If not passing through, then install failure;
If checking is not passed through, then perform S43, it was demonstrated that this APK is likely to illegally be distorted, or sign without the signature mechanism of acquirer;
Terminal concrete in S42 is similar with above-mentioned S32-S34 and S35-S39 to the sign test process of APK and the primary sign test process of Android system, does not repeat tired stating at this.
S43: obtain the work public key certificate in described APK and the packet header of correspondence;
S44: judge whether the packet header of described APK and work public key certificate are stored in the credit list of application file of terminal;If having, then perform S45;If no, then performing S46;
S45: judge that described APK is as credit APK, is continuing with Android signature mechanism and verifies the legitimacy of a described APK;
S46: prompting install failure;Prove described APK neither credit APK, again not past the legitimate signature of acquirer, belong to rogue AP K.
By above-mentioned, after terminal gets an APK, first giving tacit consent to described APK through existing, acquirer signature mechanism carries out legitimate signature, uses preset acquirer root pact certificate that APK legitimacy is verified;Although the signature sign test process of APK is complex, consuming time, can ensure that the legitimacy of accessed APK;And when APK cannot pass through the sign test mechanism of terminal foundation acquirer, then judge that whether described APK and work public key certificate thereof are present in credit list of application, namely judge whether this APK is credit APK, if so, then can carry out next step the primary sign test of system.Although this APK cannot pass through the terminal sign test mechanism based on acquirer, ensure that its legitimacy equally, belong to the APK of credit, same legal trusted;This save the APK signature process by acquirer, simplify the renewal escalation process of the APK of credit, it is to avoid update escalation process and the work of terminal is brought impact.
Embodiments of the invention two are:
Refer to Fig. 4, the present embodiment provides a kind of Android system APK download system based on embodiment one, including:
First signature blocks 1, for the APK comprising credit list of application file is signed, APK after being signed, described credit list of application file includes the bag name of each credit APK and corresponding public key certificate;Described credit list of application file specifically includes authorized application list FileVersion, establishment time, authorizes the public key certificate of each bag name authorizing APK and correspondence in APK list bar number, wall scroll mandate APK list;
Concrete, referring to Fig. 5, described first signature blocks 1 includes:
First generates unit 11, generates acquirer work public key certificate for acquirer, issues acquirer work PKI corresponding to public key certificate to different vendor;
First signature unit 12, uses the private key that acquirer work public key certificate is corresponding that the APK comprising credit list of application file is signed for acquirer, generates signed data;
Second generate unit 13, for generate comprise acquirer work public key certificate and described signed data signature after APK.
First acquisition module 2, for APK after the terminal described signature of acquisition;
First authentication module 3, for verifying the legitimacy of APK after described signature;
Concrete, referring to Fig. 6, described first authentication module includes:
3rd generates unit 31, uses described PKI to generate acquirer root public key certificate for different vendor according to respective certificates constructing mechanism, and is contained in advance in respective terminal;
First authentication unit 32, the legitimacy of the acquirer work public key certificate used for terminal after signing described in acquirer root certification authentication in APK;
Second authentication unit 33, for the result of the first authentication unit 32 for being verified, then uses acquirer work public key certificate to verify the legitimacy of described signing messages;
Described memory module 4, specifically for the result of the second authentication unit 33 for being verified, then stores described credit list of application file to terminal.
Memory module 4, during for the result of the first authentication module 3 for being verified, stores described credit list of application file;
Second authentication module 33, is used for obtaining an APK, the legitimacy of an APK described in terminal authentication;
First judge module 6, the result for the second authentication module 5 is obstructed out-of-date, it is judged that whether the packet header of a described APK and corresponding public key certificate are stored in described credit list of application file;
3rd authentication module 7, during for the judged result of the first judge module 6 for being, then uses Android signature mechanism to verify the legitimacy of a described APK.
Concrete, referring to Fig. 7, described 3rd authentication module 7 includes:
3rd authentication unit 71, uses the legitimacy of the work public key certificate of storage in an APK described in acquirer root certification authentication for terminal;
4th authentication unit 72, for the result of the 3rd authentication unit 71 for being verified, then uses described work public key certificate to verify the legitimacy of the signed data in a described APK;
5th authentication unit 73, for the result of the 4th authentication unit 72 for being verified, then uses Android signature mechanism to verify the legitimacy of a described APK.
Terminal unit in embodiment one to embodiment three is POS or other intelligent payment terminals.
In sum, one provided by the invention, based on Android system APK method for down loading and system thereof, solves simple renewal upgrading each for the existing APK of credit and is required for again through the signature sign test mechanism of acquirer, thus the problem affecting the normal operation of terminal;By having credit list of application in terminal storage, when terminal cannot be passed through based on the sign test of acquirer, only need to judge whether APK and work public key certificate thereof are stored in credit list of application, just can determine that whether APK is credit APK, credit APK directly skips the sign test of acquirer, the primary sign test process of entrance system, thus enormously simplify the renewal escalation process of credit APK;The upgrading that updates avoiding credit APK affects the normal operation of terminal, alleviates the work load receiving single system and terminal simultaneously, can ensure that again the legitimacy of the APK of installation.
The foregoing is only embodiments of the invention; not thereby the scope of the claims of the present invention is limited; every equivalents utilizing description of the present invention and accompanying drawing content to make, or directly or indirectly it is used in relevant technical field, all in like manner include in the scope of patent protection of the present invention.
Claims (10)
1. one kind based on Android system APK method for down loading, it is characterised in that including:
The APK comprising credit list of application file is signed, and APK after being signed, described credit list of application file includes the bag name of each credit APK and corresponding public key certificate;
APK after the terminal described signature of acquisition;Verify the legitimacy of APK after described signature, after being verified, store described credit list of application file;
Obtain an APK, the legitimacy of an APK described in terminal authentication;
If checking is not passed through, then judge whether the packet header of a described APK and corresponding public key certificate are stored in described credit list of application file;
If so, Android signature mechanism is then used to verify the legitimacy of a described APK.
2. as claimed in claim 1 a kind of based on Android system APK method for down loading, it is characterised in that described " APK comprising credit list of application file being signed, APK after being signed " particularly as follows:
Acquirer generates acquirer work public key certificate, issues acquirer work PKI corresponding to public key certificate to different vendor;
Acquirer uses the private key that acquirer work public key certificate is corresponding that the APK comprising credit list of application file is signed, and generates signed data;
Generate comprise acquirer work public key certificate and described signed data signature after APK.
3. as claimed in claim 2 a kind of based on Android system APK method for down loading, it is characterised in that described " verifying the legitimacy of APK after described signature, after being verified, store described credit list of application file " particularly as follows:
Different vendor uses described PKI to generate acquirer root public key certificate according to respective certificates constructing mechanism, and is contained in advance in respective terminal;
Terminal uses the legitimacy of the acquirer work public key certificate after signing described in acquirer root certification authentication in APK;
If being verified, then acquirer work public key certificate is used to verify the legitimacy of described signing messages;
If being verified, then store described credit list of application file to terminal.
4. as claimed in claim 3 a kind of based on Android system APK method for down loading, it is characterised in that described " described in terminal authentication the legitimacy of an APK " particularly as follows:
Terminal uses the legitimacy of the work public key certificate of storage in an APK described in acquirer root certification authentication;If being verified, then described work public key certificate is used to verify the legitimacy of the signed data in a described APK;
If being verified, then Android signature mechanism is used to verify the legitimacy of a described APK.
5. the one as described in claim 1-4 any one is based on Android system APK method for down loading, it is characterized in that, described credit list of application file specifically includes authorized application list FileVersion, establishment time, authorizes the public key certificate of each bag name authorizing APK and correspondence in APK list bar number, wall scroll mandate APK list.
6. one kind based on Android system APK download system, it is characterised in that including:
First signature blocks, for the APK comprising credit list of application file is signed, APK after being signed, described credit list of application file includes the bag name of each credit APK and corresponding public key certificate;
First acquisition module, for APK after the terminal described signature of acquisition;
First authentication module, for verifying the legitimacy of APK after described signature;
Memory module, during for the result of the first authentication module for being verified, stores described credit list of application file;
Second authentication module, is used for obtaining an APK, the legitimacy of an APK described in terminal authentication;
First judge module, the result for the second authentication module is obstructed out-of-date, it is judged that whether the packet header of a described APK and corresponding public key certificate are stored in described credit list of application file;
3rd authentication module, during for the judged result of the first judge module for being, then uses Android signature mechanism to verify the legitimacy of a described APK.
7. according to the one described in claim 6 based on Android system APK download system, it is characterised in that described first signature blocks includes:
First generates unit, generates acquirer work public key certificate for acquirer, issues acquirer work PKI corresponding to public key certificate to different vendor;
First signature unit, uses the private key that acquirer work public key certificate is corresponding that the APK comprising credit list of application file is signed for acquirer, generates signed data;
Second generate unit, for generate comprise acquirer work public key certificate and described signed data signature after APK.
8. according to the one described in claim 7 based on Android system APK download system, it is characterised in that described first authentication module includes:
3rd generates unit, uses described PKI to generate acquirer root public key certificate for different vendor according to respective certificates constructing mechanism, and is contained in advance in respective terminal;
First authentication unit, the legitimacy of the acquirer work public key certificate used for terminal after signing described in acquirer root certification authentication in APK;
Second authentication unit, for the result of the first authentication unit for being verified, then uses acquirer work public key certificate to verify the legitimacy of described signing messages;
Described memory module, specifically for the result of the second authentication unit for being verified, then stores described credit list of application file to terminal.
9. according to the one described in claim 8 based on Android system APK download system, it is characterised in that described 3rd authentication module includes:
3rd authentication unit, uses the legitimacy of the work public key certificate of storage in an APK described in acquirer root certification authentication for terminal;
4th authentication unit, for the result of the 3rd authentication unit for being verified, then uses described work public key certificate to verify the legitimacy of the signed data in a described APK;
5th authentication unit, for the result of the 4th authentication unit for being verified, then uses Android signature mechanism to verify the legitimacy of a described APK.
10. according to the one described in claim 6-9 any one based on Android system APK download system, it is characterized in that, described credit list of application file specifically includes authorized application list FileVersion, establishment time, authorizes the public key certificate of each bag name authorizing APK and correspondence in APK list bar number, wall scroll mandate APK list.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610182554.7A CN105787357B (en) | 2016-03-28 | 2016-03-28 | One kind being based on Android system APK method for down loading and its system |
| PCT/CN2016/093437 WO2017166561A1 (en) | 2016-03-28 | 2016-08-05 | Method of downloading android apk and system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610182554.7A CN105787357B (en) | 2016-03-28 | 2016-03-28 | One kind being based on Android system APK method for down loading and its system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105787357A true CN105787357A (en) | 2016-07-20 |
| CN105787357B CN105787357B (en) | 2019-01-04 |
Family
ID=56390965
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610182554.7A Active CN105787357B (en) | 2016-03-28 | 2016-03-28 | One kind being based on Android system APK method for down loading and its system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105787357B (en) |
| WO (1) | WO2017166561A1 (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106656513A (en) * | 2017-02-24 | 2017-05-10 | 福建魔方电子科技有限公司 | Secondary packaging signature verification method for APK files on Android platform |
| WO2017166561A1 (en) * | 2016-03-28 | 2017-10-05 | 福建联迪商用设备有限公司 | Method of downloading android apk and system thereof |
| CN107391166A (en) * | 2017-06-05 | 2017-11-24 | 深圳市优博讯科技股份有限公司 | The installation method and system of Android applications, computer installation and readable storage medium storing program for executing |
| CN107506207A (en) * | 2017-07-07 | 2017-12-22 | 上海汇尔通信息技术有限公司 | The safe verification method and terminal of a kind of POS |
| CN107958150A (en) * | 2017-12-05 | 2018-04-24 | 中科信息安全共性技术国家工程研究中心有限公司 | A kind of method for detecting Android hot patch security |
| CN108092947A (en) * | 2016-11-23 | 2018-05-29 | 腾讯科技(深圳)有限公司 | A kind of method and device that identity discriminating is carried out to third-party application |
| WO2018119608A1 (en) * | 2016-12-26 | 2018-07-05 | 华为技术有限公司 | Application processing method, network device and terminal device |
| CN109450883A (en) * | 2018-10-26 | 2019-03-08 | 北京梆梆安全科技有限公司 | A kind of digital certificate cracks risk checking method and device |
| CN110741650A (en) * | 2017-07-18 | 2020-01-31 | 谷歌有限责任公司 | Method, system, and medium for protecting and verifying video files |
| CN111176685A (en) * | 2019-12-27 | 2020-05-19 | 深圳市优必选科技股份有限公司 | Upgrading method and device |
| CN111695109A (en) * | 2020-06-02 | 2020-09-22 | 中国工商银行股份有限公司 | Receiving procedure access control method, receiving terminal and server |
| CN112134711A (en) * | 2020-09-24 | 2020-12-25 | 深圳市捷诚技术服务有限公司 | Safety verification method and device for APK signature information and POS machine |
| CN115879098A (en) * | 2023-02-20 | 2023-03-31 | 北京麟卓信息科技有限公司 | Android application installation optimization method based on atomic transaction operation |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113609529B (en) * | 2021-07-16 | 2023-07-18 | 苏州浪潮智能科技有限公司 | Method and system for safely supplying computer firmware |
| CN117093245B (en) * | 2023-10-18 | 2024-01-16 | 湖北芯擎科技有限公司 | OTA upgrade package verification method, device, equipment and readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103944903A (en) * | 2014-04-23 | 2014-07-23 | 福建联迪商用设备有限公司 | Multi-party authorized APK signature method and system |
| CN104639506A (en) * | 2013-11-13 | 2015-05-20 | 中国电信股份有限公司 | Terminal and application program installation controlling method and system |
| CN105391717A (en) * | 2015-11-13 | 2016-03-09 | 福建联迪商用设备有限公司 | APK signature authentication method and APK signature authentication system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101425114B (en) * | 2008-12-12 | 2010-08-25 | 四川长虹电器股份有限公司 | Software upgrading bag packaging method and software upgrading method |
| US20140007074A1 (en) * | 2012-06-27 | 2014-01-02 | Google Inc. | Methods for updating applications |
| CN103905207B (en) * | 2014-04-23 | 2017-02-01 | 福建联迪商用设备有限公司 | Method and system for unifying APK signature |
| CN105787357B (en) * | 2016-03-28 | 2019-01-04 | 福建联迪商用设备有限公司 | One kind being based on Android system APK method for down loading and its system |
-
2016
- 2016-03-28 CN CN201610182554.7A patent/CN105787357B/en active Active
- 2016-08-05 WO PCT/CN2016/093437 patent/WO2017166561A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104639506A (en) * | 2013-11-13 | 2015-05-20 | 中国电信股份有限公司 | Terminal and application program installation controlling method and system |
| CN103944903A (en) * | 2014-04-23 | 2014-07-23 | 福建联迪商用设备有限公司 | Multi-party authorized APK signature method and system |
| CN105391717A (en) * | 2015-11-13 | 2016-03-09 | 福建联迪商用设备有限公司 | APK signature authentication method and APK signature authentication system |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017166561A1 (en) * | 2016-03-28 | 2017-10-05 | 福建联迪商用设备有限公司 | Method of downloading android apk and system thereof |
| CN108092947A (en) * | 2016-11-23 | 2018-05-29 | 腾讯科技(深圳)有限公司 | A kind of method and device that identity discriminating is carried out to third-party application |
| CN108092947B (en) * | 2016-11-23 | 2020-12-04 | 腾讯科技(深圳)有限公司 | Method and device for identity authentication of third-party application |
| WO2018119608A1 (en) * | 2016-12-26 | 2018-07-05 | 华为技术有限公司 | Application processing method, network device and terminal device |
| CN106656513B (en) * | 2017-02-24 | 2019-09-13 | 福建魔方电子科技有限公司 | The secondary packing signature verification method of APK file on Android platform |
| CN106656513A (en) * | 2017-02-24 | 2017-05-10 | 福建魔方电子科技有限公司 | Secondary packaging signature verification method for APK files on Android platform |
| CN107391166A (en) * | 2017-06-05 | 2017-11-24 | 深圳市优博讯科技股份有限公司 | The installation method and system of Android applications, computer installation and readable storage medium storing program for executing |
| CN107391166B (en) * | 2017-06-05 | 2022-01-25 | 深圳市优博讯科技股份有限公司 | Android application installation method and system, computer device and readable storage medium |
| CN107506207A (en) * | 2017-07-07 | 2017-12-22 | 上海汇尔通信息技术有限公司 | The safe verification method and terminal of a kind of POS |
| CN107506207B (en) * | 2017-07-07 | 2021-04-20 | 上海汇尔通信息技术有限公司 | Security verification method of POS machine and terminal |
| CN110741650A (en) * | 2017-07-18 | 2020-01-31 | 谷歌有限责任公司 | Method, system, and medium for protecting and verifying video files |
| US11750577B2 (en) | 2017-07-18 | 2023-09-05 | Google Llc | Methods, systems, and media for protecting and verifying video files |
| US11368438B2 (en) | 2017-07-18 | 2022-06-21 | Google Llc | Methods, systems, and media for protecting and verifying video files |
| CN107958150A (en) * | 2017-12-05 | 2018-04-24 | 中科信息安全共性技术国家工程研究中心有限公司 | A kind of method for detecting Android hot patch security |
| CN109450883A (en) * | 2018-10-26 | 2019-03-08 | 北京梆梆安全科技有限公司 | A kind of digital certificate cracks risk checking method and device |
| CN109450883B (en) * | 2018-10-26 | 2021-08-27 | 北京梆梆安全科技有限公司 | Method and device for detecting cracking risk of digital certificate |
| CN111176685A (en) * | 2019-12-27 | 2020-05-19 | 深圳市优必选科技股份有限公司 | Upgrading method and device |
| CN111695109A (en) * | 2020-06-02 | 2020-09-22 | 中国工商银行股份有限公司 | Receiving procedure access control method, receiving terminal and server |
| CN111695109B (en) * | 2020-06-02 | 2024-04-26 | 中国工商银行股份有限公司 | Order receiving access control method, order receiving terminal and server |
| CN112134711B (en) * | 2020-09-24 | 2021-05-07 | 深圳市捷诚技术服务有限公司 | Safety verification method and device for APK signature information and POS machine |
| CN112134711A (en) * | 2020-09-24 | 2020-12-25 | 深圳市捷诚技术服务有限公司 | Safety verification method and device for APK signature information and POS machine |
| CN115879098A (en) * | 2023-02-20 | 2023-03-31 | 北京麟卓信息科技有限公司 | Android application installation optimization method based on atomic transaction operation |
| CN115879098B (en) * | 2023-02-20 | 2023-05-05 | 北京麟卓信息科技有限公司 | Android application installation optimization method based on atomic transaction operation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105787357B (en) | 2019-01-04 |
| WO2017166561A1 (en) | 2017-10-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105787357B (en) | One kind being based on Android system APK method for down loading and its system | |
| CN103905207B (en) | Method and system for unifying APK signature | |
| CN103944903B (en) | Multi-party authorized APK signature method and system | |
| CN110677418B (en) | Trusted voiceprint authentication method and device, electronic equipment and storage medium | |
| CN108399329B (en) | Method for improving security of trusted application program | |
| CN103685138B (en) | The authentication method of the Android platform application software that mobile interchange is online and system | |
| CN107463806B (en) | Signature and signature verification method for Android application program installation package | |
| JP2019505887A (en) | Mobile device with reliable execution environment | |
| CN104639506B (en) | Method, system and the terminal for carrying out management and control are installed to application program | |
| JP2004265026A (en) | Application authentication system and device | |
| CN104992082B (en) | Software authorization method, device and electronic equipment | |
| CN103577206A (en) | Method and device for installing application software | |
| CN110795126A (en) | Firmware safety upgrading system | |
| CN103051451A (en) | Encryption authentication of security service execution environment | |
| CN107124431A (en) | Method for authenticating, device, computer-readable recording medium and right discriminating system | |
| CN108496323B (en) | Certificate importing method and terminal | |
| CN105893837B (en) | Application program installation method, security encryption chip and terminal | |
| CN103269271A (en) | Method and system for back-upping private key in electronic signature token | |
| CN103248495B (en) | A kind of method, server, client and system applying interior paying | |
| CN107980132A (en) | A kind of APK signature authentications method and system | |
| CN111611593A (en) | Secure data processing apparatus | |
| CN110378105A (en) | Security upgrading method, system, server and car-mounted terminal | |
| JP6387908B2 (en) | Authentication system | |
| CN107003918A (en) | Method and apparatus for providing checking application integrity | |
| CN109814934A (en) | Data processing method, device, readable medium and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |