CN105873030B - Method for performing countersignature on terminal application - Google Patents
Method for performing countersignature on terminal application Download PDFInfo
- Publication number
- CN105873030B CN105873030B CN201510032950.7A CN201510032950A CN105873030B CN 105873030 B CN105873030 B CN 105873030B CN 201510032950 A CN201510032950 A CN 201510032950A CN 105873030 B CN105873030 B CN 105873030B
- Authority
- CN
- China
- Prior art keywords
- application
- terminal
- countersignature
- digital signature
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a method for signing terminal application by countersigning, which carries out digital signature on the terminal application and also comprises the following steps: performing application countersignature on terminal application in a development terminal; verifying the application countersignature through the development terminal; releasing the terminal application to a third-party application system; verifying the application countersignature through a third-party application system; and performing release channel countersignature on the terminal application in a third-party application system. The application method has the advantages that the signature is applied to developers, terminal applications and application release channels through countersignature, so that the signature problem of an application owner can be fully traced, the safety problem of the terminal applications can be solved, and the application release channels can be ensured to be safer and more reliable.
Description
Technical Field
The invention relates to the technical field of digital signatures, in particular to a method for countersigning a terminal application.
Background
Along with popularization of mobile intelligent terminals and development of mobile internet services, the mobile terminals are developing towards intellectualization and openness and face more and more security threats, wherein an Android platform becomes a main infection platform of mobile phone malicious software. The main reason for the above problems is that the application only has a native signature, i.e., a signature based on Android system check during installation, and for the developer of the application, the security of the application itself and the security of the distribution channel are not subjected to security certification.
In summary, the main disadvantages of the digital signature mechanism in the prior art are:
1. the application of the Android platform is easy to crack and re-sign the native signature. At present, Android application programs are mainly developed by using Java programming language, compiling results are Java-like byte codes, the Java-like byte codes run on a Dalvik virtual machine autonomously defined by Google, and compared with machine codes obtained by compiling C, C + + programs, the Dalvik byte codes contain rich object type information, can be very accurately disassembled to obtain virtual machine instruction codes, and even can be relatively accurately and directly inversely compiled into Java source codes. Therefore, resource files such as pictures, character strings and the like in the Android application are easier to modify, and can be directly replaced by tools such as WinZip and the like, and then the new falsification application can be generated by re-signing.
2. Referring to fig. 1, fig. 1 is a flowchart of constructing a malicious code file with the same name under a conventional Android signature mechanism, and digital signature verification is performed only once on a plurality of files with the same file name based on the Android signature verification mechanism, so that a lawbreaker can take the opportunity to construct the malicious code file with the same name, bypass the Android system verification, and replace the original normal file. Namely, the security requirement of the application program cannot be met by simply adopting the Android-based native signature.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a method for countersigning a terminal application, which aims to solve the technical problems that in the prior art, a terminal application only performs digital signature verification once, a digital signature is easily distorted, and an application based on digital signature authentication is not safe.
The technical scheme of the invention is realized as follows:
the method for signing the countersignature of the terminal application is provided, and the method for digitally signing the terminal application further comprises the following steps:
performing application countersignature on terminal application in a development terminal;
verifying the application countersignature by the development terminal;
releasing the terminal application to a third-party application system;
verifying, by the third party application system, the application countersignature;
and performing release channel countersignature on the terminal application in the third-party application system.
In the method of the present invention, in the step of signing the application countersignature of the terminal application in the development terminal, the following substeps are included:
s11, the development terminal applies for the personal user identity certificate from the certificate authority;
s12, the development terminal calls a terminal countersignature tool to request for application countersignature of the terminal application;
s13, the developing terminal analyzes the terminal application through the terminal countersignature tool and verifies the digital signature in the terminal application;
s14, if the verification is successful, the development terminal reads the installed certificate list and selects one of the installed certificate list as a signature certificate;
and S15, the development terminal performs application countersignature on the terminal application through the private key corresponding to the signature certificate.
In the method of the present invention, the step S13 further includes, if the verification fails, prompting that the verification of the digital signature fails, ending the process, and if the verification succeeds, going to step S14.
In the method of the present invention, in the step of signing the application countersignature of the terminal application in the development terminal, the following substeps are included:
s21, the development terminal requests to verify the application countersignature of the terminal application;
s22, the developing terminal analyzes the terminal application through the terminal countersignature tool and verifies the digital signature in the terminal application;
s23, if the verification is successful, the development terminal reads and verifies the application countersignature one by one;
and S24, if each countersignature signature passes the verification, displaying the application countersignature.
In the method of the present invention, the step S22 further includes, if the verification fails, prompting that the verification of the digital signature fails, ending the process, and if the verification succeeds, going to step S23.
In the method of the present invention, the step of verifying the application countersignature by the third-party application system includes the following sub-steps:
s41, the third-party application system inputs path information of the terminal application to be verified, and requests to judge whether the digital signature of the terminal application is correct;
s42, the third-party application system responds to the request information, calls a server-side countersign tool package to analyze the terminal application, and judges whether the digital signature of the terminal application is correct or not;
s43, if the digital signature is correct, judging whether the terminal application has an application countersignature;
and S44, if the signature exists, the third-party application system reads the countersignature signature list so as to verify the application countersignature one by one.
In the method of the present invention, the step S42 further includes returning an error message if the digital signature is incorrect, ending the process, and going to step S43 if the digital signature is correct.
In the method of the present invention, the step S43 further includes ending the process if the application countersignature does not exist, and going to step S44 if the application countersignature exists.
In the method of the present invention, the step of signing the release channel countersignature of the terminal application in the third-party application system includes the following substeps:
s51, the third-party application system inputs the terminal application to be verified and requests to perform application countersignature on the terminal application;
s52, the third-party application system calls a server-side countersign tool package to analyze the terminal application and judge whether the digital signature of the terminal application is correct or not;
and S53, if the digital signature is correct, reading a private key corresponding to the digital signature to perform release channel countersignature on the terminal application.
In the method of the present invention, the step S52 further includes returning an error message if the digital signature is incorrect, ending the process, and going to step S53 if the digital signature is correct.
Therefore, the method has the advantages that the signature is applied to developers, terminal applications and application release channels through countersigning, so that the signature problem of an application owner can be fully traced, the safety problem of the terminal applications can be solved, and the application release channels can be ensured to be safer and more reliable.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a flow chart of constructing a file of malicious code of the same name in the prior art;
fig. 2 is a flowchart of a method for countersigning a terminal application according to the present invention;
FIG. 3 is a block diagram of a signature tool between a client and a server according to the present invention;
fig. 4 is a flowchart of an application countersignature performed by a terminal application by a development terminal according to the present invention;
FIG. 5 is a flowchart of the development terminal verifying the signature of the countersignature of the application according to the present invention;
FIG. 6 is a flowchart of a third-party application system verifying an application countersignature provided by the present invention;
fig. 7 is a flowchart of a third-party application system issuing a channel countersignature to a terminal application according to the present invention.
Detailed Description
In order to more clearly understand the technical features, objects, and effects of the present invention, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It is to be understood that the following description is only a specific illustration of the embodiments of the present invention and should not be taken as limiting the scope of the invention.
The invention provides a method for carrying out countersignature on terminal application, which aims to provide a set of terminal application safety protection method for ensuring the use safety of application by a developer through countersignature of a developer, application countersignature of application and channel countersignature based on digital signature authentication in order to improve the application safety of mobile internet, ensure the use safety of users, avoid phishing application, protect the legal rights and interests of an application provider and ensure that the application is legal. The tracing problem of an application owner is solved by countersigning the signature by a developer; by applying countersignature, the application security problem is solved; the signature is countersigned through the application publishing channel, so that the application publishing channel is safe and reliable.
Referring to fig. 2, fig. 2 is a flowchart of a method for signing a countersignature of a terminal application according to the present invention, where the method digitally signs the terminal application, and further includes:
s1, performing application countersignature on the terminal application in the development terminal; preferably, the development terminal is a PC terminal adopted by an APP developer of the Android client, referring to fig. 3, fig. 3 is a signature tool block diagram of the client and the server provided by the present invention, and the Android application countersignature tool is divided into two parts, namely a PC-side countersignature tool and a server-side countersignature tool kit. On the PC side, a developer uses a countersignature tool to perform application countersignature and countersignature verification on an APK (terminal application). The invention aims to respectively adopt countersignature tools to respectively perform countersignature on the APK by the development terminal and the server terminal, thereby enhancing the safety problem of the digital signature.
Referring to fig. 4, fig. 4 is a flowchart of signature of application countersignature on a terminal application by a development terminal according to the present invention, which includes the following sub-steps:
s11, the developer applies for the personal user identity certificate from the certificate authority (i.e. CA organization) through the development terminal.
S12, the development terminal calls a terminal countersignature tool to request for application countersignature of the terminal application; for example, a developer selects an apk package to be signed, calls a PC side countersignature tool and requests a countersignature operation.
S13, the developing terminal analyzes the terminal application through the terminal countersignature tool and verifies the digital signature in the terminal application; if the verification fails, the developer is prompted that the digital signature verification fails, the process is ended, and if the verification succeeds, the process goes to step S14. For example, the signing tool parses the apk package, verifying the apk package native signature (i.e., "digital signature", also known as "native code signature").
And S14, if the verification is successful, the development terminal reads the installed certificate list and prompts the developer to select one of the installed certificate list as a signature certificate. The certificates of the terminals in the certificate list are all applied by developers.
And S15, the development terminal performs application countersignature on the terminal application through the private key corresponding to the signature certificate, and returns the countersignature operation result to the developer.
S2, verifying the application countersignature through the development terminal;
referring to fig. 5, fig. 5 is a flowchart of verifying an application countersignature by a development terminal according to the present invention, and the step includes the following sub-steps:
s21, the developer verifies the application countersignature of the terminal application through the request of the development terminal; for example, the developer selects an apk package to be verified, requesting countersignature verification.
S22, the developing terminal analyzes the terminal application through the terminal countersignature tool and verifies the digital signature in the terminal application; if the verification fails, prompting that the digital signature verification fails, ending the process, and if the verification succeeds, going to step S23. I.e. verifying the native signature of the APK.
S23, if the verification is successful, the development terminal reads and verifies the application countersignature one by one;
and S24, if each countersignature is verified, displaying the application countersignature to the developer.
S3, releasing the terminal application to a third-party application system;
s4, verifying the application countersignature through the third-party application system;
referring to fig. 6, fig. 6 is a flowchart of the third party application system verifying the signature of the countersignature of the application, which includes the following sub-steps:
s41, the third-party application system inputs path information of the terminal application to be verified, and requests to judge whether the digital signature of the terminal application is correct;
s42, the third-party application system responds to the request information, calls a server-side deployment signature toolkit to analyze the terminal application, and judges whether the digital signature (namely, the native code signature) of the terminal application is correct or not; if the digital signature is wrong, an error message is returned, the process is ended, and if the digital signature is correct, the process goes to step S43.
S43, if the digital signature is correct, judging whether the terminal application has an application countersignature; if the application countersignature does not exist, the process is ended, and if the application countersignature exists, the process goes to step S44.
And S44, if the APK package path to be verified exists, inputting the APK package path to be verified, requesting to verify the countersignature, and the third-party application system analyzes the APK package to read the countersignature list, thereby verifying the application countersignature one by one and returning a countersignature verification result to the third-party application system.
And S5, performing publishing channel countersigning on the terminal application in the third-party application system. Referring to fig. 3, fig. 3 is a block diagram of a signature tool between a client and a server, where the signature tool is at the server, and a third-party application system calls a server-side countersignature tool package to perform operations such as countersignature verification, countersignature information extraction, and application of countersignature.
Referring to fig. 7, fig. 7 is a flowchart of a third-party application system for issuing a channel countersignature to a terminal application according to the present invention, where the step includes the following sub-steps:
s51, the third-party application system inputs the terminal application to be verified and requests to perform application countersignature on the terminal application; the countersignature of the terminal application is verified based on a third-party application system, and the terminal application is issued to a mall corresponding to the third-party application system.
S52, the third-party application system calls the server-side countersignature tool package to analyze the terminal application and judge whether the digital signature of the terminal application is correct or not; if the digital signature is not correct, an error message is returned, the process is ended, and if the digital signature is correct, the process goes to step S53.
And S53, if the digital signature is correct, reading a private key corresponding to the digital signature to perform release channel countersignature on the terminal application. The premise of the step is that the third-party application system applies for a digital certificate and applies for issuing a channel certificate for the application, and the signed terminal application is returned to the issuing channel for countersigning.
Therefore, when the user installs and uses the application, the countersignature of the application package can be verified one by one, so that traceability of the application developer, completeness of the application package and legality of a release channel are guaranteed.
The method for countersigning the terminal application has the following beneficial effects:
1. through countersignature of the developer, the developer can be traced and cannot be repudiated;
2. the integrity and the tamper resistance of the application are ensured through the countersignature of the application, so that the safety of an application user is protected;
3. the countersigning of the application publishing channel ensures that the publishing channel of the third-party application mall is safe, reliable and traceable.
Although the present invention has been described with reference to the preferred embodiments, it is not intended to be limited thereto, and variations and modifications may be made by those skilled in the art without departing from the spirit and scope of the present invention.
Claims (10)
1. A method for countersigning a terminal application, the method digitally signing the terminal application, the method comprising:
performing application countersignature on terminal application in a development terminal, which specifically comprises the following steps: the development terminal verifies the digital signature in the terminal application, if the verification is successful, one of the digital signatures is selected from the installed certificate list as a signature certificate, and the application countersignature signature is carried out on the terminal application through a private key corresponding to the signature certificate;
verifying the application countersignature by the development terminal specifically comprises: the development terminal verifies the digital signature in the terminal application, and if the verification is successful, the application countersignature of the terminal application is read and verified one by one;
releasing the terminal application to a third-party application system;
verifying the application countersignature by the third-party application system specifically comprises: the third-party application system analyzes the terminal application and judges whether the digital signature of the terminal application is correct or not, and if the digital signature is correct, application countersignature signatures of the terminal application are read and verified one by one;
performing a release channel countersignature on the terminal application in the third-party application system, which specifically includes: and the third-party application system analyzes the terminal application and judges whether the digital signature of the terminal application is correct or not, and if the digital signature is correct, a private key corresponding to the digital signature is read so as to issue a channel countersignature to the terminal application.
2. The method according to claim 1, wherein the step of signing the terminal application in the development terminal for application countersignature comprises the following sub-steps:
s11, the development terminal applies for the personal user identity certificate from the certificate authority;
s12, the development terminal calls a terminal countersignature tool to request for application countersignature of the terminal application;
s13, the developing terminal analyzes the terminal application through the terminal countersignature tool and verifies the digital signature in the terminal application;
s14, if the verification is successful, the development terminal reads the installed certificate list and selects one of the installed certificate list as a signature certificate;
and S15, the development terminal performs application countersignature on the terminal application through the private key corresponding to the signature certificate.
3. The method according to claim 2, wherein the step S13 further comprises, if the verification fails, prompting that the digital signature fails to be verified, ending the process, and if the verification succeeds, going to step S14.
4. The method according to claim 1, wherein the step of signing the terminal application in the development terminal for application countersignature comprises the following sub-steps:
s21, the development terminal requests to verify the application countersignature of the terminal application;
s22, the developing terminal analyzes the terminal application through the terminal countersignature tool and verifies the digital signature in the terminal application;
s23, if the verification is successful, the development terminal reads and verifies the application countersignature one by one;
and S24, if each countersignature signature passes the verification, displaying the application countersignature.
5. The method according to claim 4, wherein the step S22 further comprises, if the verification fails, prompting that the verification of the digital signature fails, ending the process, and if the verification succeeds, going to step S23.
6. The method according to claim 1, wherein in the step of verifying the application countersignature by the third party application system, the sub-steps of:
s41, the third-party application system inputs path information of the terminal application to be verified, and requests to judge whether the digital signature of the terminal application is correct;
s42, the third-party application system responds to the request information, calls a server-side countersign tool package to analyze the terminal application, and judges whether the digital signature of the terminal application is correct or not;
s43, if the digital signature is correct, judging whether the terminal application has an application countersignature;
and S44, if the signature exists, the third-party application system reads the countersignature signature list so as to verify the application countersignature one by one.
7. The method according to claim 6, wherein the step S42 further comprises returning an error message if the digital signature is incorrect, ending the process, and going to step S43 if the digital signature is correct.
8. The method according to claim 6, wherein the step S43 further comprises ending the process if the application countersignature does not exist, and going to step S44 if the application countersignature exists.
9. The method according to claim 1, wherein the step of signing the release channel countersignature of the terminal application in the third-party application system comprises the following sub-steps:
s51, the third-party application system inputs the terminal application to be verified and requests to perform application countersignature on the terminal application;
s52, the third-party application system calls a server-side countersign tool package to analyze the terminal application and judge whether the digital signature of the terminal application is correct or not;
and S53, if the digital signature is correct, reading a private key corresponding to the digital signature to perform release channel countersignature on the terminal application.
10. The method according to claim 9, wherein the step S52 further comprises returning an error message if the digital signature is incorrect, ending the process, and going to step S53 if the digital signature is correct.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510032950.7A CN105873030B (en) | 2015-01-22 | 2015-01-22 | Method for performing countersignature on terminal application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510032950.7A CN105873030B (en) | 2015-01-22 | 2015-01-22 | Method for performing countersignature on terminal application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105873030A CN105873030A (en) | 2016-08-17 |
| CN105873030B true CN105873030B (en) | 2020-05-01 |
Family
ID=56624023
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510032950.7A Active CN105873030B (en) | 2015-01-22 | 2015-01-22 | Method for performing countersignature on terminal application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105873030B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106888094B (en) * | 2017-02-16 | 2019-06-14 | 中国移动通信集团公司 | A kind of endorsement method and server |
| CN107301343B (en) * | 2017-06-19 | 2021-03-26 | 大连中科创达软件有限公司 | Safety data processing method and device and electronic equipment |
| CN112989435A (en) * | 2021-03-26 | 2021-06-18 | 武汉深之度科技有限公司 | Digital signature method and computing device |
| CN113221072A (en) * | 2021-04-16 | 2021-08-06 | 江苏先安科技有限公司 | Third party countersignature and verification method based on android system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2226966A1 (en) * | 2009-03-03 | 2010-09-08 | Gemalto SA | Method for securely establishing a virtual multi-party contract which can be materialised |
| CN102024107A (en) * | 2010-11-17 | 2011-04-20 | 中国联合网络通信集团有限公司 | Application software control platform, developer terminal as well as application software distribution system and method |
| CN102546604B (en) * | 2011-12-22 | 2014-12-24 | 四川长虹电器股份有限公司 | Security control method of intelligent television application program |
| CN102546819B (en) * | 2012-02-14 | 2014-09-10 | 中国民航信息网络股份有限公司 | Cross-platform system and method in mobile terminal application |
| CN103886260B (en) * | 2014-04-16 | 2016-09-14 | 中国科学院信息工程研究所 | A kind of application program management-control method based on dual signature sign test technology |
-
2015
- 2015-01-22 CN CN201510032950.7A patent/CN105873030B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN105873030A (en) | 2016-08-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101740256B1 (en) | Apparatus for mobile app integrity assurance and method thereof | |
| CN103295046B (en) | The method and apparatus generated and use safe Quick Response Code | |
| CN105873030B (en) | Method for performing countersignature on terminal application | |
| CN103744686A (en) | Control method and system for installing application in intelligent terminal | |
| CN106897606B (en) | Brush machine protection method and device | |
| CN101969440B (en) | Software certificate generating method | |
| JP2006293417A (en) | Application program verification system and method, and computer program | |
| CN109495268B (en) | Two-dimensional code authentication method and device and computer readable storage medium | |
| WO2020233308A1 (en) | Self-checking method, apparatus and device based on local certificate, and storage medium | |
| CN108259479B (en) | Business data processing method, client and computer readable storage medium | |
| CN107220547B (en) | Terminal equipment and starting method thereof | |
| CN105787357A (en) | APK (Android Package) downloading method and system based on Android system | |
| KR101523309B1 (en) | A system and method for distributing application | |
| CN109660353A (en) | A kind of application program installation method and device | |
| CN110096849A (en) | A kind of License authorization and authentication method, device, equipment and readable storage medium storing program for executing | |
| JP2017538217A (en) | Method and device for providing application integrity verification | |
| CN110135149A (en) | A kind of method and relevant apparatus of application installation | |
| CN106709281B (en) | Patch granting and acquisition methods, device | |
| CN108737338B (en) | Authentication method and system | |
| CN113541966A (en) | Authority management method, device, electronic equipment and storage medium | |
| KR100458515B1 (en) | System and method that can facilitate secure installation of JAVA application for mobile client through wireless internet | |
| CN112115430A (en) | Apk reinforcement method, electronic equipment and storage medium | |
| CN116707758A (en) | Authentication method, equipment and server of trusted computing equipment | |
| CN110581833B (en) | Service security protection method and device | |
| EP3005207B1 (en) | Digital content execution control mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |