CN106326779A - App copyright information loading method and system based on digital signature - Google Patents
App copyright information loading method and system based on digital signature Download PDFInfo
- Publication number
- CN106326779A CN106326779A CN201610987252.7A CN201610987252A CN106326779A CN 106326779 A CN106326779 A CN 106326779A CN 201610987252 A CN201610987252 A CN 201610987252A CN 106326779 A CN106326779 A CN 106326779A
- Authority
- CN
- China
- Prior art keywords
- app
- signature
- electronic
- data
- digital signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000011068 loading method Methods 0.000 title claims abstract description 24
- 238000000034 method Methods 0.000 abstract description 7
- 238000010200 validation analysis Methods 0.000 abstract 1
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 210000004556 brain Anatomy 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an app copyright information loading method and system based on digital signature. The method may include obtaining the signature data in the app package, acquiring the electronic copyright data of the app program, generating an electronic signature through the encryption algorithm based on the signature data and the electronic copyright data, storing the electronic signature in the app package, and based on the electronic copyright data generating a validation packet. The app copyright information loading method realizes the security management of the app program by storing the electronic copyright data in the app program and verifying the development time and the version of the app program.
Description
Technical field
The present invention relates to computer realm, more particularly, to a kind of app copyright information loading side based on digital signature
Method and system.
Background technology
In computer realm, owing to people are more and more universal to the demand of mobile device, it is applied to the app journey of mobile device
The software application of sequence also obtains tremendous development.This development is to depend directly on consumer to use smart phone and flat board electricity
Brain.But, along with this development, another problem occurs in that, i.e. the safety of these app programs on cell phone apparatus and management.
Writing relatively simple and being difficult to leave a trace due to app program, the app program of some malice product placement or wooden horse may be drawn
Play the badly damaged of handheld device, and loss of data may be caused or transmit data unintentionally.They cause the weakness of equipment, with
And the security risk of user.Therefore, it is necessary to develop a kind of app copyright information loading method based on digital signature and system.
The information being disclosed in background of invention part is merely intended to deepen the reason of the general background technology to the present invention
Solve, and be not construed as recognizing or imply in any form the most known to those skilled in the art existing of this information structure
Technology.
Summary of the invention
The present invention proposes a kind of app copyright information loading method based on digital signature and system, and it can pass through will
Electronic copyright data are stored in app program, the development time of checking app program and version, it is achieved the safety management to app program.
According to an aspect of the invention, it is proposed that a kind of app copyright information loading method based on digital signature.Described side
Method may include that the signed data obtained in app program bag;Obtain the electronic copyright data of described app program;Based on described label
Name data and described electronic copyright data, by AES, generate electronic signature;Described electronic signature is stored in described app
In program bag;And verify packet based on described electronic copyright data genaration.
According to another aspect of the invention, it is proposed that a kind of app copyright information loading system based on digital signature, described
System may include that acquiring unit, and described acquiring unit obtains the electricity of the signed data in app program bag and described app program
Sub-copyright data;Ciphering unit, described signed data is passed through AES with described electronic copyright data by described ciphering unit,
It is encrypted computing;Signal generating unit, described signal generating unit is based on described signed data and described electronic copyright data genaration electronics
Signature and checking packet;And storage unit, described electronic signature is stored in described app program bag by described storage unit.
It is attached from be incorporated herein that methods and apparatus of the present invention has other characteristic and advantage, these characteristics and advantage
Figure and detailed description of the invention subsequently will be apparent from, or by the accompanying drawing being incorporated herein and concrete reality subsequently
Executing in mode and state in detail, these the drawings and specific embodiments are provided commonly for explaining the certain principles of the present invention.
Accompanying drawing explanation
By combining accompanying drawing, exemplary embodiment of the invention is described in more detail, the present invention above-mentioned and its
Its purpose, feature and advantage will be apparent from, wherein, in exemplary embodiment of the invention, and identical reference number
Typically represent same parts.
Fig. 1 shows the flow chart of the step of the app copyright information loading method based on digital signature according to the present invention.
Detailed description of the invention
It is more fully described the present invention below with reference to accompanying drawings.Although accompanying drawing shows the side of being preferable to carry out of the present invention
Formula, however, it is to be appreciated that may be realized in various forms the present invention and should not limited by embodiments set forth herein.Phase
Instead, it is provided that these embodiments are to make the present invention more thorough and complete, and can by the scope of the present invention intactly
Convey to those skilled in the art.
Embodiment 1
Fig. 1 shows the flow chart of the step of the app copyright information loading method based on digital signature according to the present invention.
In this embodiment, may include that according to the app copyright information loading method based on digital signature of the present invention
Step 101, obtains the signed data in app program bag;Step 102, obtains the electronic copyright data of app program;Step 103,
Based on signed data and electronic copyright data, by AES, generate electronic signature;Step 104, is stored in electronic signature
In app program bag;And step 105, verify packet based on electronic copyright data genaration.
This embodiment, by electronic copyright data are stored in app program, verifies development time and the version of app program,
Realize the safety management to app program.
Concrete steps the following detailed description of the app copyright information loading method based on digital signature according to the present invention.
In one example, the signed data in app program bag can be obtained.
In one example, signed data can include that APK resource is signed with developer.
In one example, APK resource can include APK bytecode, basic resources and version number.
Specifically, the signed data in app program bag can be obtained, sign with developer including APK resource, wherein, APK
Resource includes APK bytecode, basic resources and version number.
Developer's signature can be saved under the subdirectory of app program bag, is developer's signature of carrying out APK resource,
For Android system installing, update, provide checking when starting.
In one example, the electronic copyright data of app program can be obtained.
In one example, electronic copyright data may include that copyright protection center signature, copyright protection centre time
Stamp, DCI code and copyright essential information.
In one example, copyright essential information can include app program name, developer's title, deliver the time first
With version number.
Specifically, the file format of electronic copyright data follows PKCS7 signature signedData specification.Content includes DCI
Code, copyright protection centre time stamp, copyright essential information are signed with copyright protection center, and wherein, copyright essential information includes app
Program name, developer's title, delivering time and version number first, copyright protection center signature uses SM2 with SM3 algorithm to carry out
Cryptographic calculation.
Electronic copyright data can also include copyright protection center certificate, developer's signature digest and signature algorithm.
In one example, based on signed data and electronic copyright data, by AES, electronics label can be generated
Name.
In one example, AES can include SM1 algorithm, SM2 algorithm, SM3 algorithm, at least the one of SM4 algorithm
?.
In one example, electronic signature can be stored in app program bag.
In one example, under electronic signature can independently be saved in the subdirectory of app program bag.
Specifically, electronic signature can independently be saved under the subdirectory of app program bag, signs the son preserved with developer
Catalogue is same subdirectory, does not affect Android system to developer's signature verification mechanism.
In one example, checking packet can be generated based on electronic copyright data.
Specifically, packet can be verified based on electronic copyright data genaration, verify the safety of app program for user
Property.
Application example
For ease of understanding scheme and the effect thereof of embodiment of the present invention, a concrete application example given below.Ability
Field technique personnel should be understood that this example only for the purposes of understanding the present invention, its any detail is not intended to by any way
Limit the present invention.
Obtaining the signed data in app program bag, sign with developer including APK resource, wherein, APK resource includes APK
Bytecode, basic resources and version number.Developer's signature is saved under the META-INF catalogue of app program bag, is developer couple
The signature that APK resource is carried out, for Android system installing, update, provide checking when starting.
Obtaining the electronic copyright data of app program, the file format of electronic copyright data follows PKCS7 signature
SignedData specification, content includes that DCI code, copyright protection centre time stamp, copyright essential information, copyright protection center are signed
Name, copyright protection center certificate, developer's signature digest and signature algorithm, wherein, copyright essential information includes app program name
Title, developer's title, delivering time and version number first, copyright protection center signature uses SM2 Yu SM3 algorithm to be encrypted fortune
Calculate.
Based on signed data and electronic copyright data, by AES, electronic signature can be generated.Wherein, encryption is calculated
Method includes SM1 algorithm, SM2 algorithm, SM3 algorithm, SM4 algorithm.
Electronic signature independently is saved under the META-INF catalogue of app program bag, signs the catalogue phase of preservation with developer
With, do not affect Android system to developer's signature verification mechanism.
Verify packet based on electronic copyright data genaration, verify the safety of app program for user.
In sum, this method by electronic copyright data being stored in app program, checking app program development time with
Version, it is achieved the safety management to app program.
It will be understood by those skilled in the art that the purpose of description to embodiments of the present invention above is only for exemplarily
The beneficial effect of embodiments of the present invention is described, is not intended to be limited to embodiments of the present invention given any show
Example.
Embodiment 2
According to the embodiment of the present invention, it is provided that a kind of app copyright information loading system based on digital signature, described
System may include that acquiring unit, and acquiring unit obtains the electronic edition flexible strategy of the signed data in app program bag and app program
According to;Ciphering unit, signed data is passed through AES with electronic copyright data, is encrypted computing by ciphering unit;Generate single
Unit, signal generating unit is based on signed data and the electronic signature of electronic copyright data genaration and checking packet;And storage unit, protect
Electronic signature is stored in app program bag by memory cell.
This embodiment, by electronic copyright data are stored in app program, verifies development time and the version of app program,
Realize the safety management to app program.
In one example, AES include SM1 algorithm, SM2 algorithm, SM3 algorithm, SM4 algorithm at least one.
In one example, under electronic signature is independently saved in the subdirectory of app program bag.
It will be understood by those skilled in the art that the purpose of description to embodiments of the present invention above is only for exemplarily
The beneficial effect of embodiments of the present invention is described, is not intended to be limited to embodiments of the present invention given any show
Example.
Being described above the embodiments of the present invention, described above is exemplary, and non-exclusive, and
It is also not necessarily limited to disclosed each embodiment.In the case of the scope and spirit without departing from illustrated each embodiment, right
For those skilled in the art, many modifications and changes will be apparent from.The choosing of term used herein
Select, it is intended to explain the principle of each embodiment, actual application or the improvement to the technology in market best, or make this technology
Other those of ordinary skill in field is understood that each embodiment disclosed herein.
Claims (10)
1. an app copyright information loading method based on digital signature, including:
Obtain the signed data in app program bag;
Obtain the electronic copyright data of described app program;
Based on described signed data and described electronic copyright data, by AES, generate electronic signature;
Described electronic signature is stored in described app program bag;And
Packet is verified based on described electronic copyright data genaration.
App copyright information loading method based on digital signature the most according to claim 1, wherein, described electronic copyright
Data include: copyright protection center signature, copyright protection centre time stamp, DCI code and copyright essential information.
App copyright information loading method based on digital signature the most according to claim 2, wherein, described copyright is basic
Information includes app program name, developer's title, delivers time and version number first.
App copyright information loading method based on digital signature the most according to claim 1, wherein, described signed data
Sign with developer including APK resource.
App copyright information loading method based on digital signature the most according to claim 4, wherein, described APK resource bag
Include APK bytecode, basic resources and version number.
App copyright information loading method based on digital signature the most according to claim 1, wherein, described AES
Including SM1 algorithm, SM2 algorithm, SM3 algorithm, SM4 algorithm at least one.
App copyright information loading method based on digital signature the most according to claim 1, wherein, described electronic signature
Independently it is saved under the subdirectory of described app program bag.
8. an app copyright information loading system based on digital signature, including:
Acquiring unit, described acquiring unit obtains the electronic edition flexible strategy of the signed data in app program bag and described app program
According to;
Ciphering unit, described signed data is passed through AES with described electronic copyright data, adds by described ciphering unit
Close computing;
Signal generating unit, described signal generating unit is based on described signed data and the electronic signature of described electronic copyright data genaration and checking
Packet;And
Storage unit, described electronic signature is stored in described app program bag by described storage unit.
App copyright information loading system based on digital signature the most according to claim 8, wherein, described AES
Including SM1 algorithm, SM2 algorithm, SM3 algorithm, SM4 algorithm at least one.
App copyright information loading system based on digital signature the most according to claim 8, wherein, described electronic signature
Independently it is saved under the subdirectory of described app program bag.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610987252.7A CN106326779A (en) | 2016-11-09 | 2016-11-09 | App copyright information loading method and system based on digital signature |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610987252.7A CN106326779A (en) | 2016-11-09 | 2016-11-09 | App copyright information loading method and system based on digital signature |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106326779A true CN106326779A (en) | 2017-01-11 |
Family
ID=57816590
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610987252.7A Pending CN106326779A (en) | 2016-11-09 | 2016-11-09 | App copyright information loading method and system based on digital signature |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106326779A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109086621A (en) * | 2018-07-23 | 2018-12-25 | 深圳市科陆精密仪器有限公司 | Electric energy meter verification report data tamper-proof method and system and storage medium |
| CN111753278A (en) * | 2020-06-17 | 2020-10-09 | 北京版信通技术有限公司 | Comprehensive management system and method for electronic copyright authentication certificate |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101192261A (en) * | 2006-11-29 | 2008-06-04 | 三星电子株式会社 | Method and apparatus for generating proxy-signature on right object and issuing proxy signature certificate |
| CN101821746A (en) * | 2007-08-17 | 2010-09-01 | 弗劳恩霍夫应用研究促进协会 | The equipment and the method that are used for the backup of right objects |
| US20110153445A1 (en) * | 2009-12-18 | 2011-06-23 | Wen-Cheng Huang | Digital data management system and method |
| CN103886260A (en) * | 2014-04-16 | 2014-06-25 | 中国科学院信息工程研究所 | Application program control method based on two-time signature verification technology |
| CN104782137A (en) * | 2012-11-23 | 2015-07-15 | 索尼公司 | Information processing device and information processing method |
-
2016
- 2016-11-09 CN CN201610987252.7A patent/CN106326779A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101192261A (en) * | 2006-11-29 | 2008-06-04 | 三星电子株式会社 | Method and apparatus for generating proxy-signature on right object and issuing proxy signature certificate |
| CN101821746A (en) * | 2007-08-17 | 2010-09-01 | 弗劳恩霍夫应用研究促进协会 | The equipment and the method that are used for the backup of right objects |
| US20110153445A1 (en) * | 2009-12-18 | 2011-06-23 | Wen-Cheng Huang | Digital data management system and method |
| CN104782137A (en) * | 2012-11-23 | 2015-07-15 | 索尼公司 | Information processing device and information processing method |
| CN103886260A (en) * | 2014-04-16 | 2014-06-25 | 中国科学院信息工程研究所 | Application program control method based on two-time signature verification technology |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109086621A (en) * | 2018-07-23 | 2018-12-25 | 深圳市科陆精密仪器有限公司 | Electric energy meter verification report data tamper-proof method and system and storage medium |
| CN111753278A (en) * | 2020-06-17 | 2020-10-09 | 北京版信通技术有限公司 | Comprehensive management system and method for electronic copyright authentication certificate |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101436141B (en) | Firmware upgrading and encapsulating method and device based on digital signing | |
| CN105391717B (en) | A kind of APK signature authentication method and its system | |
| CN103905207B (en) | Method and system for unifying APK signature | |
| CN104156638B (en) | A kind of implementation method of extension signature towards Android system software | |
| EP3806382A1 (en) | Virtual key binding method and system | |
| CN104426658B (en) | The method and device of authentication is carried out to the application on mobile terminal | |
| CN103944903A (en) | Multi-party authorized APK signature method and system | |
| CN107301343B (en) | Safety data processing method and device and electronic equipment | |
| US10726130B2 (en) | Method and device for verifying upgrade of diagnosis connector of diagnostic equipment, and diagnosis connector | |
| EP2854070A1 (en) | Method and apparatus of creating application package, method and apparatus of executing application package, and recording medium storing application package | |
| CN104111832A (en) | Android application program installation package packing method and system and unpacking method | |
| CN102035653A (en) | Controllable distributing method and system used in software examining and verifying stage | |
| CN107980132A (en) | A kind of APK signature authentications method and system | |
| CN111382397B (en) | Configuration method of upgrade software package, software upgrade method, equipment and storage device | |
| CN111934873A (en) | Bidding file encryption and decryption method and device | |
| CN103297816B (en) | A kind of method for safely downloading and receiving terminal for digital television | |
| CN107359999A (en) | A kind of uboot firmwares guard method | |
| CN107171808B (en) | A kind of verification method and device of electronic record authenticity | |
| CN107315945B (en) | The disk decryption method and device of a kind of electronic equipment | |
| US8745375B2 (en) | Handling of the usage of software in a disconnected computing environment | |
| CN106326779A (en) | App copyright information loading method and system based on digital signature | |
| Hutter et al. | A trusted platform module for near field communication | |
| CN102831357B (en) | Encryption and authentication protection method and system of secondary development embedded type application program | |
| CN109728912A (en) | Broadcasting content safe transmission method, system and terminal | |
| CN107506207A (en) | The safe verification method and terminal of a kind of POS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170111 |