CN106326723A - Method and device for certifying APK (Android Package) signature - Google Patents

Method and device for certifying APK (Android Package) signature Download PDF

Info

Publication number
CN106326723A
CN106326723A CN201610680738.6A CN201610680738A CN106326723A CN 106326723 A CN106326723 A CN 106326723A CN 201610680738 A CN201610680738 A CN 201610680738A CN 106326723 A CN106326723 A CN 106326723A
Authority
CN
China
Prior art keywords
apk
signature
application
digital certificate
restricted rights
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610680738.6A
Other languages
Chinese (zh)
Inventor
吴汉勇
李成成
李鑫
吕宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao Hisense Electronics Co Ltd
Original Assignee
Qingdao Hisense Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao Hisense Electronics Co Ltd filed Critical Qingdao Hisense Electronics Co Ltd
Priority to CN201610680738.6A priority Critical patent/CN106326723A/en
Publication of CN106326723A publication Critical patent/CN106326723A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method and a device for certifying an APK (Android Package) signature. The method comprises the following steps: in a process of running an APK, if an application program corresponding to the APK requests to acquire a first limited permission is detected, certifying a self-signature corresponding to the APK according to prestored particular signatures, wherein the first limited permission is a calling permission provided aiming at a specified key operation, the particular signatures aim at different product sets, and the particular signatures corresponding to the different product sets are different from one another; if the certification passes, allocating the first limited permission for the application program corresponding to the APK. By application of the method, the calling permissions for the specified operations, which can be acquired by the same application program on different smart devices, can be flexibly controlled.

Description

The method and device of APK signature authentication
Technical field
The application relates to signature authentication field, particularly relates to APK (Android Package, Android installation kit) signature The method and device of certification.
Background technology
SDK (Software Development Kit, SDK) be some by software engineer for for Specific software kit, software frame, hardware platform, operating system etc. set up the set of the developing instrument of application software.Android (Android) system is a kind of open source code operating system based on Linux Yu JAVA.The application program installed on it is equal For APK form.Some assigned operations can be provided by the smart machine that SDK is application Android (Android) system, such as, The assigned operation such as tuning, switching channels is provided for intelligent television.
In some collaborative projects, intelligent television producer generally defines application program that its partner provided can only be spy On fixed cooperation type, obtain assigned operation calls authority, and not allowing for this application program can on all intelligent televisions Obtain assigned operation calls authority.
But, in existing signature authentication method, owing to the intelligent television of different model all uses identical system label Name, thus cause on the intelligent television of different model, when operation has the APK with this system signature same signature, this APK pair The application program answered all can obtain the authority of calling of assigned operation, thus cannot meet intelligent television producer and not allow partner The same application provided can obtain the demand calling authority of assigned operation on all intelligent televisions.
Summary of the invention
In view of this, the application provides the method and device of a kind of APK signature authentication, to realize controlling same answering neatly With what program can get on different smart machines, assigned operation is called authority.
Specifically, the application is achieved by the following technical solution:
First aspect according to the embodiment of the present application, it is provided that a kind of method of APK signature authentication, described method includes:
During running APK, if detecting, application requests corresponding for described APK obtains the first restricted rights, Then according to the particular signature that pre-saves to corresponding the verifying from signature of described APK, described first restricted rights be for What the key operation specified was provided calls authority, and described particular signature is for different product set, different product set Corresponding particular signature is different;
If being verified, then for the first restricted rights described in application assigned corresponding for described APK.
Optionally, described method also includes:
Sending the request for obtaining digital certificate to digital certificate server, product set identification is carried in described request, So that after described digital certificate server receives described request, according to described product set identification, the current time in system, random Number generates digital certificate;
Receive the described digital certificate that described digital certificate server sends;
Described particular signature is generated according to described digital certificate.
Optionally, described method also includes:
When detecting that application requests corresponding for described APK performs the operation corresponding to described first restricted rights, Judge whether described application program has described first restricted rights;
If described application program has described first restricted rights, then it is described right to perform according to the request of described application program The operation answered.
Optionally, the signature certainly that described APK is corresponding is verified by the particular signature that described basis pre-saves, including:
Judge from sign the most consistent corresponding with described APK of the particular signature that pre-saves;
Be verified if described, then for the first restricted rights described in application assigned corresponding for described APK, including:
If certainly signing that described particular signature is corresponding with described APK is consistent, then it it is application assigned corresponding for described APK Described first restricted rights.
Optionally, described method also includes:
During running described APK, if detecting, application requests corresponding for described APK obtains the second limited power Limit, then according to the system signature pre-saved to corresponding the verifying from signature of described APK, described second restricted rights is pin Thered is provided the normal operations in addition to the described key operation specified calls authority, and described system signature is for all products Set, the system signature corresponding to each product set is the most identical;
If being verified, then for the second restricted rights described in application assigned corresponding for described APK.
Second aspect according to the embodiment of the present application, it is provided that the device of a kind of APK signature authentication, described device includes:
First Authority Verification module, for during running APK, if application program corresponding to described APK being detected Acquisition request the first restricted rights, then according to the particular signature pre-saved to corresponding the verifying from signature of described APK, institute Stating the first restricted rights is to be called authority for what the key operation specified provided, and described particular signature is for different products Set, the different particular signature corresponding to product set is different;
First authority distribution module, for testing the signature certainly that described APK is corresponding according to the particular signature pre-saved Card is by rear, for the first restricted rights described in the application assigned that described APK is corresponding.
Optionally, described device also includes:
Send request module, for sending the request for obtaining digital certificate, described request to digital certificate server Carry product set identification so that after described digital certificate server receives described request, according to described product set identification, Current time in system, generating random number digital certificate;
Receiver module, for receiving the described digital certificate that described digital certificate server sends;
Signature generation module, for generating described particular signature according to described digital certificate.
Optionally, described device also includes:
Authority judge module, for when detecting that application requests corresponding for described APK performs described first limited power During operation corresponding to limit, it is judged that whether described application program has described first restricted rights;
Performing module, if showing that described application program has described first restricted rights for judgement, then answering according to described Request by program performs the operation of described correspondence.
Optionally, described first Authority Verification module, specifically for: the particular signature that judgement pre-saves and described APK Corresponding is the most consistent from signature;
Described first authority distribution module, specifically for: draw oneself corresponding with described APK of described particular signature judging After signature is consistent, then for the first restricted rights described in application assigned corresponding for described APK.
Optionally, described device also includes:
Second Authority Verification module, for during running described APK, if application corresponding to described APK being detected PROGRAMMED REQUESTS obtains the second restricted rights, then according to the system signature pre-saved to corresponding the testing from signature of described APK Card, described second restricted rights is to be called authority for what the normal operations in addition to the described key operation specified provided, Described system signature is for all product set, and the system signature corresponding to each product set is the most identical;
Second authority distribution module, for testing the signature certainly that described APK is corresponding according to the system signature pre-saved Card is by rear, for the second restricted rights described in the application assigned that described APK is corresponding.
As seen from the above-described embodiment, during running APK, when detecting that application requests corresponding for this APK obtains When taking the first restricted rights, by the particular signature pre-saved, the signature certainly that this APK is corresponding is verified, be verified After, for this application assigned the first restricted rights.Owing to this particular signature is for different product set, different product collection Particular signature corresponding to conjunction is different, only can be at the product collection specified it is thus possible to realize controlling same application Acquisition of closing is called authority for what the key operation specified provided.
Accompanying drawing explanation
Fig. 1 illustrates an embodiment flow chart of the method for the application APK signature authentication;
Fig. 2 illustrates the embodiment flow chart that the application is product set distribution particular signature;
Fig. 3 is a kind of hardware structure diagram of the device place smart machine of the application APK signature authentication;
Fig. 4 illustrates an embodiment block diagram of the device of the application APK signature authentication;
Fig. 5 illustrates another embodiment block diagram of the device of the application APK signature authentication.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Explained below relates to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they are only with the most appended The example of the apparatus and method that some aspects that described in detail in claims, the application are consistent.
It is only merely for describing the purpose of specific embodiment at term used in this application, and is not intended to be limiting the application. " a kind of ", " described " and " being somebody's turn to do " of singulative used in the application and appended claims is also intended to include majority Form, unless context clearly shows that other implications.It is also understood that term "and/or" used herein refers to and wraps Any or all containing one or more projects of listing being associated may combination.
Although should be appreciated that in the application possible employing term first, second, third, etc. to describe various information, but this A little information should not necessarily be limited by these terms.These terms are only used for same type of information is distinguished from each other out.Such as, without departing from In the case of the application scope, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depend on linguistic context, word as used in this " if " can be construed to " ... time " or " when ... Time " or " in response to determining ".
First the application scenarios applied the method for APK signature authentication provided herein makes following example:
Intelligent television manufacturer A can pass through SDK, provides certain operations for intelligent television, such as, switching channels, searches Platform, volume adjusting, etc., and, it is also possible to those operations are divided into two parts, and a part is the key operation specified, another Part be then normal operations, such as switching channels, tuning be the key operation specified, volume adjusting etc. is normal operations.In reality In the application of border, whether the application program that intelligent television manufacturer A can control to be installed on intelligent television has for appointment Key operation call authority, i.e. intelligent television manufacturer A can limit only some application program just can call finger Fixed key operation.
The application need of the key operation specified can be called in order to meet intelligent television manufacturer A restriction application program Ask, in prior art, can be intelligent television distribution system signature, only have identical with this system signature when application program During signature, corresponding to the key operation just specified for this application assigned, call authority, it is allowed to this application call refers to Fixed key operation.
In some collaborative projects, such as, intelligent television manufacturer A and its software partner B co-production one style Number it is the intelligent television of C, for convenience, model C is referred to as cooperation type.Under normal circumstances, intelligent television manufacturer A The application program only allowing software partner B to provide is only capable of calling the key specified on the intelligent television corresponding to cooperation type Operation.But, in above-mentioned described prior art, the system signature assigned by the intelligent television of different model is Identical, thus, software partner B provides, and carrying the application program with system signature same signature can be at all models Number intelligent television on call the key operation specified.As can be seen here, prior art cannot meet intelligent television manufacturer A's Application demand.
In order to meet the application demand of the intelligent television manufacturer A of foregoing description, the application provides a kind of APK signature to recognize The method of card, in the method, can be particular signature corresponding to the intelligent television additional allocation of every kind of model, mentioned here " additional allocation " refers to, on the basis of retaining the original system signature of intelligent television, for different models, increases for intelligent television Add a particular signature.This particular signature is different from described system signature, and the spy corresponding to the intelligent television of same model Surely signing identical, the particular signature corresponding to the intelligent television of different model is different.
Intelligent television manufacturer A can share the particular signature corresponding to cooperation type with its software partner B.From And, software partner B can be its this particular signature of application assigned provided, to realize answering of software partner B offer Can be on the intelligent television corresponding to cooperation type by program, obtain the key operation specified calls authority, and at other On intelligent television corresponding to type, it is impossible to obtain specify key operation call authority.
As follows, enumerate following embodiment and the method for APK signature authentication provided herein is elaborated:
Referring to Fig. 1, illustrate an embodiment flow chart of the method for the application APK signature authentication, this flow process is upper On the basis of stating described application scenarios, may comprise steps of:
Step S101: during running APK, if detecting, application requests corresponding for described APK obtains first Restricted rights, then according to the particular signature pre-saved to corresponding the verifying from signature of described APK, described first limited power Limit is to be called authority for what the key operation specified provided, and described particular signature is for different product set, different Particular signature corresponding to product set is different.
In this application, for convenience, described power can be called for the key operation specified by above-mentioned Limit is referred to as the first restricted rights.Additionally, for convenience, it is also possible to general by addition to the described key operation specified The authority of calling that logical operation is provided is referred to as the second restricted rights.
In this application, based on above-mentioned described application scenarios, the intelligent television of same model can be regarded as one Product set, then the intelligent television of different model belongs to different product set, by intelligent television manufacturer A and software cooperation Side B co-production the intelligent television corresponding to cooperation type regard specific products set as.
In this application, can be the particular signature of different product set distribution correspondences, and different product set institutes Corresponding particular signature is different, i.e. particular signature corresponding to the intelligent television of different model is different.Specifically, originally Application is how to distribute corresponding particular signature for different product set, may refer to the description in following embodiment, First it is not described further at this.
Intelligent television is during installing the APK that software partner B is provided, if application corresponding to this APK being detected PROGRAMMED REQUESTS obtains and calls authority for the key operation specified, and i.e. detects that application requests corresponding for this APK obtains First restricted rights, the most now, intelligent television can use the particular signature of self correspondence to corresponding the carrying out from signature of this APK Checking.
In an optional implementation, intelligent television use self correspondence particular signature to this APK corresponding from The process that signature carries out verifying may include that and judges that certainly sign corresponding with this APK of particular signature that this intelligent television is corresponding is No unanimously.
Additionally, intelligent television is during installing the APK that software partner B is provided, if detecting, this APK is corresponding Application requests obtains and calls authority for the normal operations in addition to the key operation specified, and i.e. detects this APK pair The application requests answered obtains the second restricted rights, and the most now, intelligent television can use the system signature pair of self correspondence Corresponding the verifying from signature of this APK.
Step S102: if being verified, then for the first restricted rights described in application assigned corresponding for described APK.
By performing step S101, intelligent television uses the particular signature of self correspondence to corresponding the carrying out from signature of APK Checking, if being verified, i.e. judges to draw from sign consistent, then corresponding with this APK of particular signature that this intelligent television is corresponding It is believed that intelligent television manufacturer A allows application program corresponding for this APK to call the key specified on this intelligent television Operation, then can be that application assigned corresponding for this APK calls authority for the key operation specified, the i.e. first limited power Limit.
Additionally, the signature certainly that APK is corresponding is verified, if checking is logical by the system signature that intelligent television uses self correspondence Cross, then it is believed that intelligent television manufacturer A allows application program corresponding for this APK to call on this intelligent television except specifying Key operation beyond normal operations, then can be application assigned calling for this normal operations corresponding for this APK Authority, the i.e. second restricted rights.
Additionally, in this application, after installing application program corresponding to APK, if intelligent television detects this application journey The key operation that sequence request call is specified, during operation corresponding to the i.e. first restricted rights, it can be determined that whether this application program There is the first restricted rights;If judging to draw when this application program has the first restricted rights, then can allow this application program Call the key operation specified, specifically, the key operation can specified according to the request execution of this application program.
As seen from the above-described embodiment, during running APK, when detecting that application requests corresponding for this APK obtains When taking the first restricted rights, by the particular signature pre-saved, the signature certainly that this APK is corresponding is verified, be verified After, for this application assigned the first restricted rights.Owing to this particular signature is for different product set, different product collection Particular signature corresponding to conjunction is different, only can be at the product collection specified it is thus possible to realize controlling same application Acquisition of closing is called authority for what the key operation specified provided.
Refer to Fig. 2, illustrate the embodiment flow chart that the application is product set distribution particular signature, this flow process On the basis of above-mentioned described application scenarios, regard as a example by identical product set by the intelligent television by same model, can To comprise the following steps:
Step S201: sending the request for obtaining digital certificate to digital certificate server, product is carried in described request Set identification, so that after described digital certificate server receives described request, current according to described product set identification, system Time, generating random number digital certificate.
In this application, the intelligent television of same model can be regarded as identical product set, then, product set identification It can be then model identification.
Intelligent television or intelligent television management server can send to digital certificate server and be used for obtaining digital certificate Request, this request can carry model identification.So, after digital certificate server receives this request, can be according to type Number mark, current time in system, random number, utilize the algorithm preset, such as asymmetry AES to generate digital certificate, logical Crossing this kind of operation, the digital certificate that can be generated with the intelligent television that basic guarantee digital certificate server is different model is each the most not Identical.
Step S202: receive the described digital certificate that described digital certificate server sends.
Step S203: generate described particular signature according to described digital certificate.
The digital certificate that generated of intelligent television being different model due to digital certificate server is different, thus, The particular signature that the intelligent television being different model according to digital certificate is generated is the most different.The most how according to numeral Certificates constructing signature, may refer to description of the prior art, this is not described further by the application.
As seen from the above-described embodiment, by sending the request for obtaining digital certificate to digital certificate server, described Product set identification is carried in request, so that after described digital certificate server receives described request, according to described product set Mark, current time in system, generating random number digital certificate, after receiving the digital certificate that digital certificate server sends, Particular signature is generated according to this digital certificate.Can effectively ensure that the particular signature distributed by different product set is each not Identical, follow-up determine whether as application assigned for specifying according to this particular signature such that it is able to be effectively realized Key operation call authority, the i.e. first restricted rights.
Corresponding with the embodiment of the method for aforementioned APK signature authentication, present invention also provides the device of APK signature authentication Embodiment.
The embodiment of the device of the application APK signature authentication can be applied at smart machine, such as on intelligent television.Device Embodiment can be realized by software, it is also possible to realizes by the way of hardware or software and hardware combining.As a example by implemented in software, As the device on a logical meaning, it is that the processor by its place smart machine is by corresponding in nonvolatile memory Computer program instructions reads and runs formation in internal memory.For hardware view, as it is shown on figure 3, sign for the application APK A kind of hardware structure diagram of the device place smart machine of certification, except the processor 31 shown in Fig. 3, internal memory 32, network interface 33 and nonvolatile memory 34 outside, in embodiment, the smart machine at device place is generally according to the reality of this smart machine Border function, it is also possible to include other hardware, this is repeated no more.
Refer to Fig. 4, illustrate an embodiment block diagram of the device of the application APK signature authentication, this device can wrap Include: first Authority Verification module the 41, first authority distribution module 42.
Wherein, this first Authority Verification module 41, may be used for during running APK, if detecting described APK pair The application requests answered obtains the first restricted rights, then according to the particular signature pre-saved to corresponding certainly the signing of described APK Name is verified, described first restricted rights is to be called authority, described particular signature for what the key operation specified provided For different product set, the different particular signature corresponding to product set is different;
This first authority distribution module 42, may be used for corresponding to described APK according to the particular signature pre-saved After signature verification is passed through, for the first restricted rights described in the application assigned that described APK is corresponding.
In one embodiment, the first Authority Verification module 41, specifically may be used for: judge the particular signature that pre-saves with Signature certainly corresponding for described APK is the most consistent;
In another embodiment, this device can also include (not shown in Fig. 4): the second Authority Verification module, the second power Limit distribution module.
Wherein, this second Authority Verification module, may be used for during running described APK, if described APK being detected Corresponding application requests obtains the second restricted rights, then according to the system signature pre-saved to described APK corresponding from Signature is verified, described second restricted rights is to be provided for the normal operations in addition to the described key operation specified Calling authority, described system signature is for all product set, and the system signature corresponding to each product set is the most identical;
This second authority distribution module, may be used for according to the system signature that pre-saves to described APK corresponding from After signature verification is passed through, for the second restricted rights described in the application assigned that described APK is corresponding.
In another embodiment, this device can also include (not shown in Fig. 4): authority judge module, execution module.
Wherein, this authority judge module, may be used for when detecting that application requests corresponding for described APK performs described During operation corresponding to the first restricted rights, it is judged that whether described application program has described first restricted rights;
This execution module, if may be used for judging to show that described application program has described first restricted rights, then basis The request of described application program performs the operation of described correspondence.
Refer to Fig. 5, illustrate another embodiment block diagram of the device of the application APK signature authentication, shown in this Fig. 5 Device, on the basis of above-mentioned Fig. 4 shown device, it is also possible to including: send request module 43, receiver module 44, signature generation Module 45.
Wherein, this transmission request module 43, may be used for sending for obtaining digital certificate to digital certificate server Asking, product set identification is carried in described request, so that after described digital certificate server receives described request, according to described Product set identification, current time in system, generating random number digital certificate;
This receiver module 44, may be used for receiving the described digital certificate that described digital certificate server sends;
This signature generation module 45, may be used for generating described particular signature according to described digital certificate.
In said apparatus, the function of unit and the process that realizes of effect specifically refer to corresponding step in said method Realize process, do not repeat them here.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part sees method in fact The part executing example illustrates.Device embodiment described above is only schematically, wherein said as separating component The unit illustrated can be or may not be physically separate, and the parts shown as unit can be or can also It not physical location, i.e. may be located at a place, or can also be distributed on multiple NE.Can be according to reality Need to select some or all of module therein to realize the purpose of the application scheme.Those of ordinary skill in the art are not paying In the case of going out creative work, i.e. it is appreciated that and implements.
The foregoing is only the preferred embodiment of the application, not in order to limit the application, all essences in the application Within god and principle, any modification, equivalent substitution and improvement etc. done, should be included within the scope of the application protection.

Claims (10)

1. the method for an Android installation kit APK signature authentication, it is characterised in that described method includes:
During running APK, if detecting, application requests corresponding for described APK obtains the first restricted rights, then root According to the particular signature pre-saved to corresponding the verifying from signature of described APK, described first restricted rights is for appointment Key operation provided call authority, described particular signature is for different product set, and different product set institutes is right The particular signature answered is different;
If being verified, then for the first restricted rights described in application assigned corresponding for described APK.
Method the most according to claim 1, it is characterised in that described method also includes:
Sending the request for obtaining digital certificate to digital certificate server, product set identification is carried in described request, so that After described digital certificate server receives described request, according to described product set identification, current time in system, random number life Become digital certificate;
Receive the described digital certificate that described digital certificate server sends;
Described particular signature is generated according to described digital certificate.
Method the most according to claim 1, it is characterised in that described method also includes:
When detecting that application requests corresponding for described APK performs the operation corresponding to described first restricted rights, it is judged that Whether described application program has described first restricted rights;
If described application program has described first restricted rights, then perform described correspondence according to the request of described application program Operation.
Method the most according to claim 1, it is characterised in that the particular signature that described basis pre-saves is to described APK Corresponding verifies from signature, including:
Judge from sign the most consistent corresponding with described APK of the particular signature that pre-saves;
Be verified if described, then for the first restricted rights described in application assigned corresponding for described APK, including:
If certainly signing that described particular signature is corresponding with described APK is consistent, then for described in application assigned corresponding for described APK First restricted rights.
Method the most according to claim 1, it is characterised in that described method also includes:
During running described APK, if detecting, application requests corresponding for described APK obtains the second restricted rights, Then according to the system signature that pre-saves to corresponding the verifying from signature of described APK, described second restricted rights be for What the normal operations in addition to the described key operation specified was provided calls authority, and described system signature is for all product collection Closing, the system signature corresponding to each product set is the most identical;
If being verified, then for the second restricted rights described in application assigned corresponding for described APK.
6. the device of an APK signature authentication, it is characterised in that described device includes:
First Authority Verification module, for during running APK, if application requests corresponding to described APK being detected Obtain the first restricted rights, then according to the particular signature pre-saved to corresponding the verifying from signature of described APK, described the One restricted rights is to be called authority for what the key operation specified provided, and described particular signature is for different product collection Closing, the different particular signature corresponding to product set is different;
First authority distribution module, for according to the particular signature that pre-saves to corresponding the leading to from signature verification of described APK Later, for the first restricted rights described in application assigned corresponding for described APK.
Device the most according to claim 6, it is characterised in that described device also includes:
Sending request module, for sending the request for obtaining digital certificate to digital certificate server, described request is carried Product set identification, so that after described digital certificate server receives described request, according to described product set identification, system Current time, generating random number digital certificate;
Receiver module, for receiving the described digital certificate that described digital certificate server sends;
Signature generation module, for generating described particular signature according to described digital certificate.
Device the most according to claim 6, it is characterised in that described device also includes:
Authority judge module, for when detecting that application requests corresponding for described APK performs described first restricted rights institute During corresponding operation, it is judged that whether described application program has described first restricted rights;
Perform module, if showing that described application program has described first restricted rights, then according to described application journey for judgement The request of sequence performs the operation of described correspondence.
Device the most according to claim 6, it is characterised in that described first Authority Verification module, specifically for: judge pre- Certainly signing that the particular signature first preserved is corresponding with described APK is the most consistent;
Described first authority distribution module, specifically for: draw, in judgement, the signature certainly that described particular signature is corresponding with described APK After Yi Zhi, then for the first restricted rights described in application assigned corresponding for described APK.
Device the most according to claim 6, it is characterised in that described device also includes:
Second Authority Verification module, for during running described APK, if application program corresponding to described APK being detected Acquisition request the second restricted rights, then according to the system signature pre-saved to corresponding the verifying from signature of described APK, institute Stating the second restricted rights is to be called authority, described system for what the normal operations in addition to the described key operation specified provided System signature is for all product set, and the system signature corresponding to each product set is the most identical;
Second authority distribution module, for according to the system signature that pre-saves to corresponding the leading to from signature verification of described APK Later, for the second restricted rights described in application assigned corresponding for described APK.
CN201610680738.6A 2016-08-16 2016-08-16 Method and device for certifying APK (Android Package) signature Pending CN106326723A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610680738.6A CN106326723A (en) 2016-08-16 2016-08-16 Method and device for certifying APK (Android Package) signature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610680738.6A CN106326723A (en) 2016-08-16 2016-08-16 Method and device for certifying APK (Android Package) signature

Publications (1)

Publication Number Publication Date
CN106326723A true CN106326723A (en) 2017-01-11

Family

ID=57743157

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610680738.6A Pending CN106326723A (en) 2016-08-16 2016-08-16 Method and device for certifying APK (Android Package) signature

Country Status (1)

Country Link
CN (1) CN106326723A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106899593A (en) * 2017-02-27 2017-06-27 深圳数字电视国家工程实验室股份有限公司 A kind of APP beats again bag verification method and device
CN108629189A (en) * 2018-03-20 2018-10-09 蔚来汽车有限公司 Engine end data guard method, device and vehicle
CN109492387A (en) * 2018-10-31 2019-03-19 北京指掌易科技有限公司 A method of distinguishing dual domain space by mobile applications signing certificate

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103119907A (en) * 2010-07-21 2013-05-22 思杰系统有限公司 Systems and methods for providing a smart group
CN103648090A (en) * 2013-12-12 2014-03-19 北京利云技术开发公司 Method for realizing security and credibility of intelligent mobile terminal and system thereof
CN103858130A (en) * 2013-08-23 2014-06-11 华为终端有限公司 Method, apparatus and terminal for administration of permission

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103119907A (en) * 2010-07-21 2013-05-22 思杰系统有限公司 Systems and methods for providing a smart group
CN103858130A (en) * 2013-08-23 2014-06-11 华为终端有限公司 Method, apparatus and terminal for administration of permission
CN103648090A (en) * 2013-12-12 2014-03-19 北京利云技术开发公司 Method for realizing security and credibility of intelligent mobile terminal and system thereof

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106899593A (en) * 2017-02-27 2017-06-27 深圳数字电视国家工程实验室股份有限公司 A kind of APP beats again bag verification method and device
CN106899593B (en) * 2017-02-27 2021-02-02 深圳数字电视国家工程实验室股份有限公司 APP repackaging verification method and device
CN108629189A (en) * 2018-03-20 2018-10-09 蔚来汽车有限公司 Engine end data guard method, device and vehicle
CN109492387A (en) * 2018-10-31 2019-03-19 北京指掌易科技有限公司 A method of distinguishing dual domain space by mobile applications signing certificate

Similar Documents

Publication Publication Date Title
CN111355718B (en) Block chain intelligent contract cloud deployment system and method
US9819661B2 (en) Method of authorizing an operation to be performed on a targeted computing device
JP2021022395A (en) Secure provisioning and management of devices
US8881308B2 (en) Method to enable development mode of a secure electronic control unit
US20100229242A1 (en) Program execution control system, program execution control method and computer program for program execution control
US20120117566A1 (en) Information processing device, information processing method, and program distribution system
US20140075517A1 (en) Authorization scheme to enable special privilege mode in a secure electronic control unit
KR20160054556A (en) Mobile communication device and method of operating thereof
TW202038120A (en) Security data processing device
KR20160055208A (en) Mobile communication device and method of operating thereof
CN102034058B (en) Method for controlling safety of application software and terminal
US20210035120A1 (en) Adaptive and verifiable bill of materials
US20110145586A1 (en) Integrated circuit and system for installing computer code thereon
US11546165B2 (en) Attestation using device-specific and application-specific attestation messages
CN111414640B (en) Key access control method and device
CN109086578A (en) A kind of method that soft ware authorization uses, equipment and storage medium
WO2014150737A2 (en) Method and system for enabling the federation of unrelated applications
CN106326723A (en) Method and device for certifying APK (Android Package) signature
Kostiainen et al. Practical property-based attestation on mobile devices
CN106161037B (en) Digital signature method and device
CN107479923A (en) Application program updating method, apparatus and display terminal
CN114629658B (en) Application signature method, device, equipment and storage medium
CN116226883A (en) Password service method, device, electronic equipment and storage medium
KR20220042992A (en) Applet package sending method and device, electronic apparatus, and computer readable medium
KR102721695B1 (en) Data processing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170111

RJ01 Rejection of invention patent application after publication