CN106549957B - terminal application copyright authentication method and system - Google Patents

terminal application copyright authentication method and system Download PDF

Info

Publication number
CN106549957B
CN106549957B CN201610946981.8A CN201610946981A CN106549957B CN 106549957 B CN106549957 B CN 106549957B CN 201610946981 A CN201610946981 A CN 201610946981A CN 106549957 B CN106549957 B CN 106549957B
Authority
CN
China
Prior art keywords
terminal application
terminal
authentication
module
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610946981.8A
Other languages
Chinese (zh)
Other versions
CN106549957A (en
Inventor
谈剑锋
朱瑞鹤
姜立稳
胡剑波
谢勇
钱金金
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Peoplenet Security Technology Co Ltd
Original Assignee
Shanghai Peoplenet Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Peoplenet Security Technology Co Ltd filed Critical Shanghai Peoplenet Security Technology Co Ltd
Priority to CN201610946981.8A priority Critical patent/CN106549957B/en
Publication of CN106549957A publication Critical patent/CN106549957A/en
Application granted granted Critical
Publication of CN106549957B publication Critical patent/CN106549957B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Abstract

The invention discloses a authentication method of terminal application copyright, which comprises the steps that a terminal application sends an access request to a service server, the service server receives the access request, authenticates the terminal application through an authentication server, judges that the terminal application is the copyright if the terminal application passes the authentication, responds to the access request of the terminal application, otherwise judges that the terminal application is the pirate, and rejects the access request of the terminal application, and in addition, , the invention also discloses a authentication system of the terminal application copyright, which comprises a terminal, a terminal application, a service server and an authentication server, wherein the terminal application is positioned on the terminal, and the service server is respectively in communication connection with the terminal application and the authentication server, the terminal application comprises a information transceiver module, the service server comprises a second information transceiver module and an information verification module connected with the second information transceiver module.

Description

terminal application copyright authentication method and system
Technical Field
The invention belongs to the technical field of communication, and particularly relates to an terminal application copyright authentication method and system.
Background
With the development of mobile phone applications, the number of developers developing official mobile phone applications in enterprises is increasing. Some developers with poor mind may record the communication protocol, access method, etc. of the enterprise service server during the development of the enterprise application. After mastering such information, these "badly-minded" developers may develop "pirated mobile phone applications" in private.
Since the access method and the communication protocol of the pirated mobile phone application are completely compared with the official enterprise application, the server cannot distinguish the access of the pirated application and can provide service for the pirated application.
Pirated cell phone applications would benefit by offering the same services as official business applications after marketing. However, pirated mobile phone applications consume resources of official enterprise servers, and users originally owned by enterprises are distributed. Ultimately pirated mobile phone applications cause significant economic losses to the enterprise.
Some enterprises require that feature information of the mobile phone application sending the request must be added in the service request. The server compares the characteristic information in the request each time to judge whether the application which sends the request currently is a pirate application. However, the request message is actively sent by the mobile phone application, and a developer of the pirate application can intercept the request message sent by the official application, analyze the data segment representing the feature information of the legal mobile phone application, and then "paste" the legal feature information data into the request message of the pirate application. Therefore, pirated applications can be disguised as official applications and can still normally access enterprise business services. These problems are also present in other end-use applications.
Disclosure of Invention
The invention provides an authentication method for terminal application copyright, which is used for solving the problem in the prior art of how to verify the legality of a terminal application sending a business request under the condition that an enterprise business service access method is completely exposed.
The invention discloses an authentication method of terminal application copyright, which comprises the following steps:
s100, the terminal application sends an access request to a service server;
s200, the service server receives the access request, authenticates the terminal application through an authentication server, and executes the step S300 if the authentication is passed; otherwise, executing step S400;
s300, judging that the terminal application is a legal version, and responding to an access request of the terminal application;
s400, judging that the terminal application is pirated, and rejecting the access request of the terminal application.
By adopting an authentication mechanism, the terminal application is authenticated, access of pirated terminal application is refused, and the legal rights and interests of legal terminal application are protected.
, storing security plug-ins associated with the terminal application in the terminal and the authentication server respectively, for implementing the legal authentication of the terminal application by the authentication server, wherein the security plug-ins include an operation algorithm associated with the terminal application.
Further , in step S200, the step of the service server authenticating the terminal application through the authentication server specifically includes:
s210, a security plug-in the terminal acquires the characteristic information of the terminal application;
s220, the security plug-in the terminal takes the challenge code issued by the authentication server and the acquired characteristic information of the terminal application as calculation factors, uses an operation algorithm to perform operation to generate a dynamic authentication code, and returns the dynamic authentication code to the terminal application;
s230, the terminal application sends an authentication request containing the dynamic authentication code to a service server;
s240, the service server extracts the dynamic authentication code in the authentication request and initiates a dynamic check code generation request to the authentication server;
s250, the security plug-in the authentication server takes the challenge code and the pre-stored feature information of the legal terminal application as calculation factors, uses an operation algorithm to perform operation to generate a dynamic check code, and returns the dynamic check code to the service server;
s260 the service server compares the dynamic verification code with the dynamic authentication code to see if is true, if yes, step S300 is executed, otherwise, step S400 is executed.
The dynamic authentication is realized through the security plug-in, the terminal and the authentication server are both provided with the security plug-in, the two sides acquire dynamic passwords by adopting the characteristic information and the challenge code of the terminal application, the security plug-in of the terminal actively acquires the characteristic information of the terminal application, so that a pirate is difficult to forge, and in addition, the security plug-in of the authentication server acquires the pre-stored legal terminal application characteristic information, so that the service server can judge whether the characteristic information of the terminal application is by only comparing whether the two passwords are , thereby judging whether the terminal application is legal.
, the operation algorithm contained in the security plug-in is related to the feature information of the terminal application, and when the version of the legal terminal application is updated, the step of obtaining the operation algorithm by the security plug-in the authentication server according to the stored new feature information of the terminal application includes:
s010 generates a random number according to the obtained new terminal application characteristic information, and sets the random number as a key parameter;
and S020 reconstructing an operation algorithm through preset reconstruction mechanism according to the key parameter.
The algorithm in the security plug-in is not unchanged, the version of the terminal application is changed, and the algorithm can be correspondingly changed through an algorithm reconstruction mechanism, so that the security is further enhanced.
Further , in step S100, the access request sent by the terminal application includes terminal MAC address information where the terminal application is located;
in step S200, before the service server authenticates the terminal application through the authentication server, the method further includes a step in which the authentication server obtains an operation algorithm according to the MAC address information of the terminal application submitted by the service server and compiles the operation algorithm into a security plug-in, and specifically includes:
s030 generates a random number according to the received MAC address information of the terminal application, and sets the random number as a key parameter;
s040 reconstructs a preset algorithm through a preset reconstruction mechanism according to the key parameter;
and S050, compiling the received application information and the reconstructed operation algorithm to obtain a security plug-in and sending the security plug-in to the terminal application.
The terminal application is different in terminal, so that the algorithm is also not , and when the terminal accesses the service server , the terminal can obtain a security plug-in through the authentication server, and the security plug-in contains the -only algorithm related to the MAC address of the terminal.
Further , in the step S030, the operation algorithm for reconstructing the image by using the preset reconstruction scheme at least includes the following steps:
031 determining an operation sequence of the reconstructed operation algorithm according to the key parameter;
032 determining a structure of a packet data block of the reconstructed arithmetic algorithm and an arithmetic sequence of the packet data block according to the key parameter;
033 determining a fixed parameter in the reconstructed arithmetic algorithm according to the key parameter.
Step , when the version of the legal terminal application is updated, the security plug-in the terminal obtains the reconstructed operation algorithm by the same method as the steps S010 and S020.
, the step S260 includes the steps of:
s261, the service server compares the dynamic verification code with the dynamic authentication code to see if is true, if yes, step S300 is executed, otherwise step S262 is executed;
s262, the service server sends a request for generating an old version dynamic check code to the authentication server;
s263, the security plug-in of the authentication server takes the challenge code and the pre-stored feature information of the old legal terminal application as calculation factors, calculates by using an old algorithm before reconstruction to obtain an old dynamic check code, and returns the old dynamic check code to the service server;
s264, the service server compares the obtained old version dynamic verification code with the dynamic authentication code to see if is true, if yes, step S265 is executed, otherwise, step S400 is executed;
s265, judging that the terminal application is an old edition.
After the terminal application is updated, the authentication server end also correspondingly stores the updated characteristic information of the terminal application, so that the security plug-in of the authentication server end is also correspondingly updated, and if the terminal application at the terminal is not updated in time, the terminal application is possibly misjudged as pirate. Therefore, the temperature of the molten metal is controlled,
further , the characteristic information of the terminal application includes a digest of a program file of the terminal application, a digest of a resource file of the terminal application, a package name of the terminal application, or a signature of the terminal application.
In addition, , the invention also provides a authentication system of terminal application originals, which comprises a terminal, a service server and an authentication server, wherein the terminal is provided with a terminal application, and the service server is respectively in communication connection with the terminal and the authentication server, wherein the terminal application comprises a information transceiver module, the service server comprises a second information transceiver module and an information verification module connected with the second information transceiver module, and the authentication system comprises:
th information transceiver module of the terminal application sends access request to the service server;
after a second information transceiver module of the service server receives the access request, the information verification module authenticates the terminal application through the authentication server; if the authentication is passed, judging that the terminal application is a legal version, and responding to an access request of the terminal application; otherwise, judging the terminal application to be pirated, and refusing the access request of the terminal application.
And an authentication mechanism is added in the terminal application access server, and whether the terminal application is the legal version or not is judged according to an authentication result, so that the benefit of the legal terminal application is maintained.
, storing security plug-ins associated with the terminal application in the terminal and the authentication server, wherein the security plug-ins in the terminal and the authentication server include an operation algorithm associated with the terminal application;
the safety plug-in the terminal is connected with the terminal application, and the safety plug-in comprises: the system comprises an acquisition module and a dynamic authentication code generation module connected with the acquisition module;
the service server also comprises an extraction module which is respectively connected with the information verification module and the second information transceiving module;
the authentication server includes: the safety plug-in is respectively connected with the third information transceiving module and the storage module; the security plug-in comprises an acquisition module and a dynamic check code generation module connected with the acquisition module;
wherein: the service server authenticating the terminal application through the authentication server comprises:
an acquisition module of a security plug-in the terminal acquires the characteristic information of the terminal application;
a dynamic authentication code generation module of a security plug-in the terminal takes a challenge code issued by the authentication server and the characteristic information of the terminal application acquired by the acquisition module as calculation factors, uses an operation algorithm to perform operation to generate a dynamic authentication code, and returns the dynamic authentication code to the terminal application;
the th information transceiver module of the terminal application sends the authentication request containing the dynamic authentication code to a service server;
the service server extraction module extracts the dynamic authentication code from the authentication request, and the second information transceiver module sends a dynamic check code generation request to a third information transceiver module of the authentication server;
the acquiring module of the security plug-in the authentication server acquires the characteristic information of the legal terminal application from the storage module of the authentication server, and the dynamic check code generating module of the security plug-in the authentication server takes the characteristic information of the legal terminal application and the challenge code as calculation factors, uses an operation algorithm to perform operation to generate a dynamic check code, and returns the dynamic check code to the service server;
and the information verification module of the service server compares whether the dynamic verification code and the dynamic authentication code are , judges that the terminal application is legal if the dynamic verification code and the dynamic authentication code are , responds to the access request of the terminal application, and judges that the terminal application is pirated if the dynamic verification code and the dynamic authentication code are not , and rejects the access request of the terminal application.
The characteristic data of the terminal application is substituted in the calculation process of the dynamic authentication code, so that the authentication can be passed only if the characteristic data of the mobile phone application sending the request is completely the same as the 'legal mobile phone application characteristic data' configured by the server, and the 'dynamic authentication code' has the characteristic of failure after times of authentication, so that the authentication request message of the legal terminal application cannot be replayed.
, the security plug-in the authentication server further includes a random number generation module and an algorithm reconstruction module, the random number generation module is respectively connected to the algorithm reconstruction module and the acquisition module, wherein:
after the version of the legal terminal application is updated, the operation algorithm obtained by the security plug-in the authentication server according to the new characteristic information of the terminal application stored in the storage module comprises the following steps:
the random number generation module generates a random number according to the new characteristic information of the terminal application acquired from the storage module by the acquisition module, and sets the random number as a key parameter;
the algorithm reconstruction module reconstructs an operation algorithm through preset reconstruction mechanism according to the key parameters;
the reconstructing the operation algorithm through the preset reconstruction mechanism comprises the steps of obtaining the operation algorithm by changing the operation sequence of the preset algorithm according to the key parameter, and/or obtaining the operation algorithm by changing the structure of the grouped data blocks of the preset algorithm and the operation sequence of the corresponding grouped data blocks according to the key parameter, and/or obtaining the operation algorithm by changing the fixed parameter of the preset algorithm according to the key parameter.
, the security plug-in the terminal also includes a random number generation module and an algorithm reconstruction module, the random number generation module is respectively connected with the algorithm reconstruction module and the acquisition module, wherein:
after the version of the legal terminal application is updated, the operation algorithm obtained by the security plug-in the terminal according to the new characteristic information of the terminal application comprises the following steps:
the random number generation module generates a random number according to the new characteristic information of the terminal application acquired by the acquisition module and sets the random number as a key parameter;
the algorithm reconstruction module reconstructs an operation algorithm through preset reconstruction mechanism according to the key parameters;
the reconstructing the operation algorithm through the preset reconstruction mechanism comprises the steps of obtaining the operation algorithm by changing the operation sequence of the preset algorithm according to the key parameter, and/or obtaining the operation algorithm by changing the structure of the grouped data blocks of the preset algorithm and the operation sequence of the corresponding grouped data blocks according to the key parameter, and/or obtaining the operation algorithm by changing the fixed parameter of the preset algorithm according to the key parameter.
, the authentication server further comprises a plug-in update module, which is connected to the security plug-in, the storage module, and the third information transceiver module, respectively, wherein:
the plug-in updating module updates the security plug-in by using the new characteristic information of the terminal application stored in the storage module and the operation algorithm reconstructed by the algorithm reconstruction module in the security plug-in, and sends the updated security plug-in to the terminal through the third information receiving and sending module.
Further , the characteristic information of the terminal application includes a digest of a program file of the terminal application, a digest of a resource file of the terminal application, a package name of the terminal application, or a signature of the terminal application.
The invention has the following beneficial effects:
in the authentication process, the authentication server generates random numbers as challenge codes to be issued to the terminal application, the terminal application generates dynamic authentication codes by taking the challenge codes and actively acquired terminal application characteristic information as calculation factors through a challenge response mode, and the service request message of legal mobile phone application cannot be replayed because the dynamic authentication codes have the characteristic of failure after times of use, besides, the characteristic information of the terminal application is actively and silently acquired by a security plug-in, so pirated terminal application cannot forge characteristic data.
Or, the algorithm in the security plug-in can be reconstructed according to the MAC address of the terminal where the terminal application is located, so that the security plug-in of each terminal has algorithms unique to , and even if the operation algorithm in the security plug-in installed in a certain terminal is cracked, the security performance of other terminals cannot be influenced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
FIG. 1 is a flowchart of an embodiment of the authentication method for the kinds of terminal application originals according to the present invention;
fig. 2 is a flowchart of a method for authenticating a terminal application by a service server through an authentication server according to another embodiment of the present invention;
FIG. 3 is a flowchart of a method for verifying an authentication code by a service server according to another embodiment of the present invention;
FIG. 4 is a diagram of another embodiments of the present invention for a method for authenticating genuine terminal applications;
FIG. 5 is a schematic diagram of authentication systems for authenticating the end application copyright according to the present invention;
fig. 6 is a schematic diagram of another embodiments of the authentication system for terminal application copyright according to the invention.
The reference numbers illustrate:
100-terminal, 110-terminal application, 120-security plug-in, 111- th information transceiver module, 121-acquisition module, 122-dynamic authentication code generation module, 200-service server, 210-second information transceiver module, 220-information verification module, 230-extraction module, 300-authentication server, 310-third information transceiver module, 320-security plug-in, 330-storage module, 321-acquisition module and 322-dynamic verification code generation module.
Detailed Description
For purposes of clarity, technical solutions and advantages of the present invention, the present invention will be described in further detail with reference to the accompanying drawings , and it is to be understood that the described embodiments are only a partial embodiment, rather than a complete embodiment, .
, the invention provides a method for authenticating the copyright of terminal applications, as shown in fig. 1, comprising the following steps:
s100, the terminal application sends an access request to a service server;
s200, the service server receives the access request, authenticates the terminal application through an authentication server, and executes the step S300 if the authentication is passed; otherwise, executing step S400;
s300, judging that the terminal application is a legal version, and responding to an access request of the terminal application;
s400, judging that the terminal application is pirated, and rejecting the access request of the terminal application.
In a specific embodiment, the terminal application is an application program of a mobile phone or a computer, and in the prior art, after knowing an access method and a communication protocol of the mobile phone application, a pirate application is easily disguised as a genuine application to obtain a service of a server, however, the security authentication step is added in the embodiment, and the service server authenticates the accessed mobile phone application in combination with the authentication server, so that the genuine and pirate applications are distinguished, and the legal rights and interests of official applications are maintained.
Preferably, on the basis of the above embodiment , a security plug associated with the terminal application is stored in each of the terminal and the authentication server, so as to implement the legal authentication of the terminal application by the authentication server, and the security plug includes an operation algorithm associated with the terminal application, more specifically, as shown in fig. 2, in step S200, the step of the service server authenticating the terminal application through the authentication server specifically includes:
s210, a security plug-in the terminal acquires the characteristic information of the terminal application;
s220, the security plug-in the terminal takes the challenge code issued by the authentication server and the acquired characteristic information of the terminal application as calculation factors, uses an operation algorithm to perform operation to generate a dynamic authentication code, and returns the dynamic authentication code to the terminal application;
s230, the terminal application sends an authentication request containing the dynamic authentication code to a service server;
s240, the service server extracts the dynamic authentication code in the authentication request and initiates a dynamic check code generation request to the authentication server;
s250, the security plug-in the authentication server takes the challenge code and the pre-stored feature information of the legal terminal application as calculation factors, uses an operation algorithm to perform operation to generate a dynamic check code, and returns the dynamic check code to the service server;
s260 the service server compares the dynamic verification code with the dynamic authentication code to see if is true, if yes, step S300 is executed, otherwise, step S400 is executed.
S300, judging that the terminal application is a legal version, and responding to an access request of the terminal application;
s400, judging that the terminal application is pirated, and rejecting the access request of the terminal application.
In the process, the generation of the dynamic authentication code by the security plug-in of the terminal according to the challenge code specifically comprises the steps that after the service server receives an access request of the terminal application, the service server informs the authentication server, the authentication server generates random numbers serving as the challenge code and sends the challenge code to the terminal application, the terminal application calls the security plug-in, the security plug-in actively acquires characteristic information of the terminal application, generates a dynamic authentication code by using a built-in operation algorithm in combination with the terminal application sent by the authentication server and returns the dynamic authentication code to the terminal application, the terminal application sends an authentication request to the service server, the service server generates the dynamic authentication code by using the same algorithm according to the challenge code and characteristic information of the legal terminal application prestored in the authentication server, after receiving the dynamic authentication code, compares the extracted dynamic authentication code with the received dynamic authentication code to determine whether the pirated dynamic authentication code meets the received dynamic authentication code , if the extracted dynamic authentication code meets the characteristic information of the legal terminal application is , the extracted dynamic authentication code is considered as a pirated version of a pirated application, and the pirated application is a security certificate message, so that the pirated mobile phone application cannot be a security certificate.
In a specific embodiment, the security plug-in is a software package providing a terminal cryptosystem service, and a computing algorithm and application information associated with terminal application are built in the security plug-in, and specifically, if the terminal is an android system, the security plug-in exists in a so library form; if the terminal is an ios system, the terminal exists in a zip compressed packet form. According to the method, before the safety plug-in generates the dynamic authentication code, firstly, the running environment of the terminal is detected, including whether the safety plug-in is ROOT or not, the integrity of the application APP is detected, the integrity of the safety plug-in is detected, the hardware information of the detection equipment is detected, and only if the running environment meets the conditions, the subsequent steps are entered, otherwise, the user is prompted to check the running environment.
In order to increase the security coefficient, the algorithm in the security plug-in may be reconfigured, and specifically, if the version of our terminal application is updated, the feature information of the terminal application is also updated accordingly, the security plug-in the authentication server obtains a new operation algorithm according to the stored new feature information of the terminal application, first, generates a random number according to the obtained new terminal application feature information, sets the random number as a key parameter, and then reconstructs the operation algorithm through a preset reconstruction mechanism according to the key parameter, thereby obtaining a new algorithm.
And the updating of the security plug-in on the terminal can also be realized by actively acquiring new characteristic information of the terminal application, generating a random number according to the acquired new characteristic information of the new terminal application, setting the random number as a key parameter, and reconstructing an operation algorithm according to the key parameter and a same preset reconstruction mechanism to acquire a new algorithm.
Certainly, there are updating modes for the security plug-in of the terminal, that is, after the plug-in of the authentication server is updated and reconstructed, the authentication server sends the updated security plug-in to the terminal, so that the terminal obtains the updated security plug-in.
Therefore, the algorithm of the security plug-in is not every time the terminal application updates versions, so that the security is greatly enhanced, and a pirate is more difficult to crack.
Preferably, the service server searches whether the MAC address is authenticated before, if not, informs the authentication server, reconstructs a preset algorithm according to the submitted MAC address and compiles the algorithm into a security plug-in, specifically, first generates a random number according to the received MAC address information of the terminal application, sets the random number as a key parameter, then reconstructs the preset algorithm through a preset reconstruction mechanism according to the key parameter, and finally compiles the received application information and the reconstructed operational algorithm to obtain the security plug-in and sends the security plug-in to the terminal application, so that the algorithm in the security plug-in of each terminal application is not .
The updating or the generation of the security plug-in needs to be performed through preset reconstruction mechanism, specifically, the obtaining of the reconstructed operation algorithm through preset reconstruction mechanism at least includes determining the operation sequence of the reconstructed operation algorithm according to the key parameter, and/or determining the structure of the packet data block of the reconstructed operation algorithm and the operation sequence of the packet data block according to the key parameter, and/or determining the fixed parameter in the reconstructed operation algorithm according to the key parameter.
The specific embodiment for generating the new operation algorithm by changing the operation priority of the preset algorithm is that 8-bit random keys are randomly generated according to the digest of a new program file of the terminal application APP, the operation priorities of the steps of the budget algorithm are rearranged according to the generated random keys, at this time, if the preset algorithm comprises 8 steps and the generated random key is 81265734, the generated operation algorithm only comprises the 3 rd step of the old algorithm with priority operation, then the 1 st step, the 2 nd step, the 4 th step, the 5 th step, the 7 th step, the 6 th step and the 8 th step are sequentially performed, the operation sequence of the original preset algorithm is changed by changing the operation sequence, the generated new operation algorithm is generated, naturally, according to the random key, the change of the preset rule can be performed according to the actual situation, corresponding change can be performed according to the actual situation, if the 3 rd step of the preset algorithm in the random key is performed as the original operation sequence of the 1 st step, the original random key can be adjusted according to the original preset algorithm, the original algorithm can be obtained by using the original random key as the original operation rule, the original algorithm is changed, the original algorithm can be used as the original algorithm, the original operation sequence of which the original operation sequence of the original operation of the 2 th step is changed, the operation of the original preset algorithm, the original operation sequence of the step 8, the step 3, the step of the step 8, the step of.
After the terminal application version is updated, specific embodiments of the new operation algorithm obtained by changing the packet structure of the preset algorithm and the operation priority of the packet structure are that if the information to be operated is divided into n data blocks according to the packet structure rule of the preset algorithm, and each data block includes 8 small blocks (a1, a2, a3, a4, a5, a6, a7 and a8), at this time, if the random key randomly generated according to the program file digest of the terminal application APP is 81265734, and the 1 st bit in the 8-bit random key represents the operation order, and the 2 nd bit represents the corresponding block, then in the operation process, the 3-bit block a3 located at the 2 nd bit is exchanged with the block a1 to change the packet structure, and the 7-bit block a7 located at the 1 st bit is preferentially operated, so that we give specific implementation manners, in other embodiments, the operation can be performed according to the number of the corresponding block (such as the number of bits) in each packet structure), and the actual cases (such as the number of the corresponding block of the random key) can be set.
According to different terminal MAC addresses, specific embodiments of obtaining a new operation algorithm by changing operation parameters of the preset algorithm are that if the preset algorithm comprises two constants, namely 1 and 2, and unknown number items X, and a random key randomly obtained according to terminal MAC address information is 73124568, specifically, if the 3 rd bit in the random key represents the fixed parameter, X in the preset algorithm is 1, so as to form the new operation algorithm, naturally, in another specific embodiment, the existing constant items in the preset algorithm can also be changed according to 1 in the 3 rd bit, for example, the existing second constant 2 is changed to 1 in the 3 rd bit, namely, both constants in the generated operation algorithm are 1.
At this time, if the generated random key is 35781246, a5 and a1 in the packet block are adjusted to change the packet structure, and a3 is preferentially operated, and meanwhile, a constant in the operation algorithm is changed to 7, so that the operation algorithm associated with the MAC address of the terminal is generated.
As another embodiments, the terminal application is a mobile phone APP, when the mobile phone APP applies for accessing the service server , the access application carries the mobile phone MAC serial number of the mobile phone APP, the service server informs the authentication server, generates a security plug-in the authentication server, and returns the security plug-in to the terminal for storage.
In another embodiments of the method, on the basis of the foregoing embodiments, when the dynamic verification code generated by the authentication server and the dynamic authentication code generated by the security plug-in the terminal are not , it needs to consider whether the terminal application is not upgraded or updated, and therefore a step is required to determine, specifically, as shown in fig. 3, the method includes the steps of:
s261, the service server compares the dynamic verification code with the dynamic authentication code to see if is true, if yes, step S300 is executed, otherwise step S262 is executed;
s262, the service server sends a request for generating an old version dynamic check code to the authentication server;
s263, the security plug-in of the authentication server takes the challenge code and the pre-stored feature information of the old legal terminal application as calculation factors, calculates by using an old algorithm before reconstruction to obtain an old dynamic check code, and returns the old dynamic check code to the service server;
s264, the service server compares the obtained old version dynamic verification code with the dynamic authentication code to see if is true, if yes, step S265 is executed, otherwise, step S400 is executed;
s265, judging that the terminal application is an old edition.
If the service server judges that the terminal application is an old edition, the service server can continuously provide service for the old edition terminal application, and simultaneously reminds a user that the terminal application needs to be upgraded, or dates are given, after the dates, the old edition cannot be accessed, the service server also can not continuously provide service, and returns upgrade addresses to the terminal application to inform that the terminal application needs to be upgraded and can be accessed.
Preferably, the feature information of the terminal application in all the embodiments includes: a program file digest of the terminal application, a resource file digest of the terminal application, a package name of the terminal application, or a signature of the terminal application.
The last embodiments of the method are that an SOTP challenge password code authentication mechanism is added in the process of service protocol access of the terminal application, the client must add the SOTP password code generated in real time when the client carries out an authentication request to the server, and the SOTP password code of the client is generated by a plug-in SOTP functional module.
The SOTP plug-in component can take the characteristic information of the current APP actively when generating the password code. These characteristic information include: the method comprises the steps of program file abstract of APP, resource file abstract of APP, package name of APP and signature of APP. And bringing the characteristic information and the challenge issued by the authentication server into the calculation process of the password code to generate the password code.
After receiving the authentication request of the client, the server takes the feature information of the legal APP configured in the background and the challenge code, generates a password code in the same way, compares the password code with the password code of the client, and only if the comparison is passed, the server gives a service response, otherwise, the server refuses the service.
SOTP Super One Time Password, a generic name for enhanced Time Password code technology.
An SOTP plug-in unit: the SOTP function module realized at the mobile phone end (Android/IOS) has the functions of actively collecting mobile phone environment information (system environment/APP), calculating SOTP password codes and realizing encryption and decryption.
mobile phone APPs are formed by packaging program files and resource files, and the program file digests are digests of program files of all control logics in the mobile phone APP.
mobile phone APPs are formed by packaging program files and resource files, and the resource file summary is the summary of a large package of all resource files in the mobile phone APP.
The specific authentication process is shown in fig. 4.
Firstly, data items of ' passwords' are added to the original business protocol of the enterprise, namely all the mobile phone applications are required to contain ' passwords' when sending authentication requests.
The client calls the SOTP plug-in before sending the authentication request to generate times password code, when the SOTP plug-in is called, the characteristic information of the caller APP is actively obtained, the challenge code issued by the authentication server is substituted into the calculation of times password code, and the times password code is returned to the APP.
The APP adds the -time password code into the authentication request message, and sends the authentication request to the service server.
After receiving the authentication request, the service server firstly takes out the -time password code generated by the client, and simultaneously requests the -time password code from the authentication server, when the authentication server generates the password code, the authentication server acquires the configured legal APP characteristic information stored in the database, substitutes the legal APP characteristic information into the calculation of the -time password code in combination with the challenge code, and finally returns the -time password code to the service server.
The service server compares the time password code from the client with the time password code from the server to see if is the result, because the feature information of APP is substituted in the calculation of the time password code, only the feature information of the client is completely the same as the legal APP feature information of the server, and the time password code can be compared with .
If the comparison of ' time password code' indicates that the client is legal, the service server gives a subsequent service response, and if the comparison is not indicates that the client is illegal, the service server refuses to give the service response.
, based on the same technical concept, the present invention further provides a terminal application genuine authentication system capable of executing the above method embodiments, as shown in fig. 5, the authentication system provided by the present invention includes a terminal 100, a service server 200, an authentication server 330, and a terminal application 110 located on the terminal, wherein the service server 200 is in communication connection with the terminal 100 and the authentication server 330, respectively, wherein the terminal application 110 includes a th information transceiver module 111, the service server 200 includes a second information transceiver module 210, and an information verification module 220 connected to the second information transceiver module 210, and the operation of the authentication system includes, first, sending an access request to the service server 200 by the th information transceiver module 111 of the terminal application 110, then, after the second information transceiver module 210 of the service server 200 receives the access request, authenticating the terminal application 110 by the information verification module 220 through the authentication server 330, if the authentication is passed, determining that the terminal application 110 is genuine, responding to the access request of the terminal application 110, and, otherwise, determining that the terminal application 110 is pirated.
By adding a dynamic authentication mechanism, the pirated terminal application cannot be accessed, and the legal rights and interests of the legal terminal application are protected.
In another embodiment of the authentication system of the present invention, as shown in fig. 6, on the basis of the above embodiment, the terminal and the authentication server 300 both store a security plug-in associated with the terminal application 110, and the terminal security plug-in 120 and the security plug-in 320 in the authentication server 300 both include an operation algorithm associated with the terminal application 110;
the security plug-in 120 in the terminal is connected to the terminal application 110, and the security plug-in 120 includes: an acquisition module 121 and a dynamic authentication code generation module 122 connected to the acquisition module 121;
the service server 200 further comprises an extraction module 230, wherein the extraction module 230 is respectively connected with the information verification module 220 and the second information transceiver module 210;
the authentication server 300 includes: the system comprises a third information transceiver module 310, a storage module 330 and a security plug-in 320, wherein the security plug-in 320 is respectively connected with the third information transceiver module 310 and the storage module 330; the security plug-in 320 comprises an obtaining module 321 and a dynamic check code generating module 322 connected with the obtaining module 321;
wherein: the authentication of the terminal application 110 by the service server 200 through the authentication server 300 includes:
the obtaining module 121 of the security plug-in 120 in the terminal 100 obtains the feature information of the terminal application 110;
the dynamic authentication code generation module 122 of the security plug-in 120 of the terminal 100 uses the challenge code issued by the authentication server 300 and the feature information of the terminal application 110 acquired by the acquisition module 121 as calculation factors, performs calculation by using a calculation algorithm to generate a dynamic authentication code, and returns the dynamic authentication code to the terminal application 110;
the th information transceiver module 111 of the terminal application 110 sends the authentication request containing the dynamic authentication code to the service server 200;
the extracting module 230 of the service server 200 extracts the dynamic authentication code from the authentication request, and the second information transceiver module 210 sends a dynamic verification code generation request to the third information transceiver module 310 of the authentication server 300;
the obtaining module 321 of the security plug-in 320 in the authentication server 300 obtains the feature information of the legal terminal application from the storage module 330 of the authentication server 300, and the dynamic check code generating module 322 of the security plug-in 320 in the authentication server 300 uses the feature information of the legal terminal application and the challenge code as calculation factors, performs operation by using an operation algorithm to generate a dynamic check code, and returns the dynamic check code to the service server 200;
the information verification module 220 of the service server 200 compares the dynamic verification code with the dynamic authentication code to determine whether is satisfied, if so, the terminal application 110 is judged to be legal and an access request of the terminal application 110 is responded, otherwise, the terminal application 110 is judged to be pirated and the access request of the terminal application 110 is rejected.
The security plug-in of the terminal can actively and silently acquire the characteristic information of the terminal application, the terminal application characteristic information and the received challenge code are used as calculation factors, an operation algorithm is used for performing operation to acquire a dynamic authentication code, the dynamic authentication code is added into a message of an authentication request, so that the characteristic data of the terminal application cannot be forged by pirated terminal application.
The algorithm of the authentication system of the present invention can be reconstructed through a reconstruction mechanism, and specifically, on the basis of the above authentication system embodiment, the security plug-in the authentication server further includes a random number generation module and an algorithm reconstruction module, the random number generation module is respectively connected to the algorithm reconstruction module and the acquisition module, wherein:
after the version of the legal terminal application is updated, the operation algorithm obtained by the security plug-in the authentication server according to the new characteristic information of the terminal application stored in the storage module comprises the following steps:
the random number generation module generates a random number according to the new characteristic information of the terminal application acquired from the storage module by the acquisition module, and sets the random number as a key parameter;
the algorithm reconstruction module reconstructs an operation algorithm through preset reconstruction mechanism according to the key parameters;
reconstructing the operation algorithm through the predetermined reconstruction mechanism includes obtaining the operation algorithm by changing the operation sequence of the predetermined algorithm according to the key parameter, and/or obtaining the operation algorithm by changing the structure of the packet data block of the predetermined algorithm and the operation sequence of the corresponding packet data block according to the key parameter, and/or obtaining the operation algorithm by changing the fixed parameter of the predetermined algorithm according to the key parameter.
The method can also reconstruct the old algorithm before updating according to the key parameters by the preset reconstruction mechanism, so as to obtain a new algorithm, but the method requires updating timely, if the updated version of the server is from V1, V2 to the V3 of the latest version, and if is not updated, the terminal application selects times to directly change from V1 to V3 until the V3 version comes out, if the algorithm reconstruction mechanism is based on the algorithm of the first version, the algorithm of the terminal and the algorithm of the server end are obvious, and thus, even if the algorithm is applied in the positive version, errors can be judged.
Preferably, the security plug-in the terminal also includes a random number generation module and an algorithm reconstruction module, the random number generation module is respectively connected with the algorithm reconstruction module and the acquisition module, wherein:
when the version of the legal terminal application is updated, the operation algorithm obtained by the security plug-in the terminal according to the new characteristic information of the terminal application comprises the following steps:
the random number generation module generates a random number according to the new characteristic information of the terminal application acquired by the acquisition module and sets the random number as a key parameter;
the algorithm reconstruction module reconstructs an operation algorithm through preset reconstruction mechanism according to the key parameters;
reconstructing the operation algorithm through the predetermined reconstruction mechanism includes obtaining the operation algorithm by changing the operation sequence of the predetermined algorithm according to the key parameter, and/or obtaining the operation algorithm by changing the structure of the packet data block of the predetermined algorithm and the operation sequence of the corresponding packet data block according to the key parameter, and/or obtaining the operation algorithm by changing the fixed parameter of the predetermined algorithm according to the key parameter.
After the terminal application on the terminal is updated, the security plug-in of the terminal can perform reconstruction update on the algorithm by a method similar to that of the server .
Or, the authentication server may also issue the updated security plug-in to the terminal, specifically, the authentication server further includes a plug-in update module, and the plug-in update module is respectively connected to the security plug-in, the storage module, and the third information transceiver module, where:
the plug-in updating module updates the safety plug-in by using the new characteristic information of the terminal application stored by the storage module and the operation algorithm reconstructed by the algorithm reconstruction module in the safety plug-in, and sends the updated safety plug-in to the terminal through the third information receiving and sending module.
Preferably, the characteristic information of the terminal application in all the embodiments includes: a digest of a program file for the terminal application, a digest of a resource file for the terminal application, a package name for the terminal application, or a signature for the terminal application.
Having described preferred embodiments of the invention, further alterations and modifications may be effected to these embodiments by those skilled in the art having the benefit of the basic inventive concepts .
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (12)

  1. The authentication method of the terminal application copyright is characterized in that a terminal and an authentication server are respectively stored with a security plug-in related to the terminal application for realizing the copyright authentication of the terminal application by the authentication server, and the security plug-in comprises an operation algorithm related to the terminal application, and the authentication method comprises the following steps:
    s100, the terminal application sends an access request to a service server;
    s200, the service server receives the access request, authenticates the terminal application through an authentication server, and executes the step S300 if the authentication is passed; otherwise, executing step S400;
    s300, judging that the terminal application is a legal version, and responding to an access request of the terminal application;
    s400, judging that the terminal application is pirated, and rejecting an access request of the terminal application;
    in step S200, the step of authenticating, by the service server, the terminal application through the authentication server specifically includes:
    s210, a security plug-in the terminal acquires the characteristic information of the terminal application;
    s220, the security plug-in the terminal takes the challenge code issued by the authentication server and the acquired characteristic information of the terminal application as calculation factors, uses an operation algorithm to perform operation to generate a dynamic authentication code, and returns the dynamic authentication code to the terminal application;
    s230, the terminal application sends an authentication request containing the dynamic authentication code to a service server;
    s240, the service server extracts the dynamic authentication code in the authentication request and initiates a dynamic check code generation request to the authentication server;
    s250, the security plug-in the authentication server takes the challenge code and the pre-stored feature information of the legal terminal application as calculation factors, uses an operation algorithm to perform operation to generate a dynamic check code, and returns the dynamic check code to the service server;
    s260 the service server compares the dynamic verification code with the dynamic authentication code to see if is true, if yes, step S300 is executed, otherwise, step S400 is executed.
  2. 2. The method for authenticating legal terminal application copyright according to claim 1, wherein the operation algorithm contained in the security plug-in is related to the feature information of the terminal application, and when the version of the legal terminal application is updated, the step of the security plug-in the authentication server obtaining the operation algorithm according to the stored new feature information of the terminal application comprises:
    s010 generates a random number according to the obtained new terminal application characteristic information, and sets the random number as a key parameter;
    and S020 reconstructing an operation algorithm through preset reconstruction mechanism according to the key parameter.
  3. 3. The method for authenticating legal edition of terminal applications according to claim 1, wherein in step S100, the access request sent by the terminal application includes information about a terminal MAC address where the terminal application is located;
    in step S200, before the service server authenticates the terminal application through the authentication server, the method further includes a step in which the authentication server obtains an operation algorithm according to the terminal MAC address information of the terminal application submitted by the service server and compiles the operation algorithm into a security plug-in, and specifically includes:
    s030 generates a random number according to the received terminal MAC address information of the terminal application, and sets the random number as a key parameter;
    s040 reconstructs a preset algorithm through a preset reconstruction mechanism according to the key parameter;
    and S050, compiling the received application information and the reconstructed operation algorithm to obtain a security plug-in and sending the security plug-in to the terminal application.
  4. 4. The method for authenticating the genuine terminal application according to claim 2, wherein the step S020, reconstructing the algorithm by the preset reconstruction mechanism comprises at least steps of:
    031 determining an operation sequence of the reconstructed operation algorithm according to the key parameter;
    032 determining a structure of a packet data block of the reconstructed arithmetic algorithm and an arithmetic sequence of the packet data block according to the key parameter;
    033 determining a fixed parameter in the reconstructed arithmetic algorithm according to the key parameter.
  5. 5. The method for authenticating the legal version of terminal applications according to claim 2, wherein after the version of the legal terminal application is updated, the security plug-in the terminal obtains the reconstructed algorithm by the same method as that in steps S010 and S020.
  6. 6. The method for authenticating the copyright of terminal applications as claimed in any one of claims 2, 3 or 5 to , wherein the step S260 comprises the steps of:
    s261, the service server compares the dynamic verification code with the dynamic authentication code to see if is true, if yes, step S300 is executed, otherwise step S262 is executed;
    s262, the service server sends a request for generating an old version dynamic check code to the authentication server;
    s263, the security plug-in of the authentication server takes the challenge code and the pre-stored feature information of the old legal terminal application as calculation factors, calculates by using an old algorithm before reconstruction to obtain an old dynamic check code, and returns the old dynamic check code to the service server;
    s264, the service server compares the obtained old version dynamic verification code with the dynamic authentication code to see if is true, if yes, step S265 is executed, otherwise, step S400 is executed;
    s265, judging that the terminal application is an old edition.
  7. 7. The method for authenticating the copyright of the terminal application, wherein the characteristic information of the terminal application comprises a program file digest of the terminal application, a resource file digest of the terminal application, a package name of the terminal application, or a signature of the terminal application.
  8. 8, authentication system of terminal application copyright, which is characterized in that the system comprises a terminal, a service server and an authentication server, wherein the terminal is provided with a terminal application, and the service server is respectively in communication connection with the terminal and the authentication server, wherein the terminal application comprises a information transceiver module, the service server comprises a second information transceiver module and an information verification module connected with the second information transceiver module, wherein:
    th information transceiver module of the terminal application sends access request to the service server;
    after a second information transceiver module of the service server receives the access request, the information verification module authenticates the terminal application through the authentication server; if the authentication is passed, judging that the terminal application is a legal version, and responding to an access request of the terminal application; otherwise, judging the terminal application to be pirated and rejecting the access request of the terminal application;
    and: the terminal and the authentication server both store a security plug-in associated with a terminal application, and the security plug-in the terminal and the security plug-in the authentication server both contain an operation algorithm associated with the terminal application;
    the safety plug-in the terminal is connected with the terminal application, and the safety plug-in comprises: the system comprises an acquisition module and a dynamic authentication code generation module connected with the acquisition module;
    the service server also comprises an extraction module which is respectively connected with the information verification module and the second information transceiving module;
    the authentication server includes: the safety plug-in is respectively connected with the third information transceiving module and the storage module; the security plug-in comprises an acquisition module and a dynamic check code generation module connected with the acquisition module;
    wherein: the service server authenticating the terminal application through the authentication server comprises:
    an acquisition module of a security plug-in the terminal acquires the characteristic information of the terminal application;
    a dynamic authentication code generation module of a security plug-in the terminal takes a challenge code issued by the authentication server and the characteristic information of the terminal application acquired by the acquisition module as calculation factors, uses an operation algorithm to perform operation to generate a dynamic authentication code, and returns the dynamic authentication code to the terminal application;
    the th information transceiver module of the terminal application sends the authentication request containing the dynamic authentication code to a service server;
    the service server extraction module extracts the dynamic authentication code from the authentication request, and the second information transceiver module sends a dynamic check code generation request to a third information transceiver module of the authentication server;
    the acquiring module of the security plug-in the authentication server acquires the characteristic information of the legal terminal application from the storage module of the authentication server, and the dynamic check code generating module of the security plug-in the authentication server takes the characteristic information of the legal terminal application and the challenge code as calculation factors, uses an operation algorithm to perform operation to generate a dynamic check code, and returns the dynamic check code to the service server;
    and the information verification module of the service server compares whether the dynamic verification code and the dynamic authentication code are , judges that the terminal application is legal if the dynamic verification code and the dynamic authentication code are , responds to the access request of the terminal application, and judges that the terminal application is pirated if the dynamic verification code and the dynamic authentication code are not , and rejects the access request of the terminal application.
  9. 9. The certification system for the copyright of terminal applications according to claim 8, wherein the security plug-in the certification server further includes a random number generation module and an algorithm reconstruction module, the random number generation module is respectively connected to the algorithm reconstruction module and the acquisition module, and wherein:
    after the version of the legal terminal application is updated, the operation algorithm obtained by the security plug-in the authentication server according to the new characteristic information of the terminal application stored in the storage module comprises the following steps:
    the random number generation module generates a random number according to the new characteristic information of the terminal application acquired from the storage module by the acquisition module, and sets the random number as a key parameter;
    the algorithm reconstruction module reconstructs an operation algorithm through preset reconstruction mechanism according to the key parameters;
    the reconstructing the operation algorithm through the preset reconstruction mechanism comprises the steps of obtaining the operation algorithm by changing the operation sequence of the preset algorithm according to the key parameter, and/or obtaining the operation algorithm by changing the structure of the grouped data blocks of the preset algorithm and the operation sequence of the corresponding grouped data blocks according to the key parameter, and/or obtaining the operation algorithm by changing the fixed parameter of the preset algorithm according to the key parameter.
  10. 10. The certification system for the copyright of the terminal application according to claim 9, wherein the security plug-in the terminal also includes a random number generation module and an algorithm reconstruction module, the random number generation module is respectively connected to the algorithm reconstruction module and the acquisition module, and wherein:
    after the version of the legal terminal application is updated, the operation algorithm obtained by the security plug-in the terminal according to the new characteristic information of the terminal application comprises the following steps:
    the random number generation module generates a random number according to the new characteristic information of the terminal application acquired by the acquisition module and sets the random number as a key parameter;
    the algorithm reconstruction module reconstructs an operation algorithm through preset reconstruction mechanism according to the key parameters;
    the reconstructing the operation algorithm through the preset reconstruction mechanism comprises the steps of obtaining the operation algorithm by changing the operation sequence of the preset algorithm according to the key parameter, and/or obtaining the operation algorithm by changing the structure of the grouped data blocks of the preset algorithm and the operation sequence of the corresponding grouped data blocks according to the key parameter, and/or obtaining the operation algorithm by changing the fixed parameter of the preset algorithm according to the key parameter.
  11. 11. The certification system for the copyright of terminal application, wherein the certification server further comprises a plug-in update module respectively connected to the security plug-in, the storage module, and the third information transceiver module, wherein:
    the plug-in updating module updates the security plug-in by using the new characteristic information of the terminal application stored in the storage module and the operation algorithm reconstructed by the algorithm reconstruction module in the security plug-in, and sends the updated security plug-in to the terminal through the third information receiving and sending module.
  12. 12. The terminal application copyright authentication system according to claim 8, wherein the characteristic information of the terminal application includes a program file digest of the terminal application, a resource file digest of the terminal application, a package name of the terminal application, or a signature of the terminal application.
CN201610946981.8A 2016-10-26 2016-10-26 terminal application copyright authentication method and system Active CN106549957B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610946981.8A CN106549957B (en) 2016-10-26 2016-10-26 terminal application copyright authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610946981.8A CN106549957B (en) 2016-10-26 2016-10-26 terminal application copyright authentication method and system

Publications (2)

Publication Number Publication Date
CN106549957A CN106549957A (en) 2017-03-29
CN106549957B true CN106549957B (en) 2020-01-31

Family

ID=58393857

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610946981.8A Active CN106549957B (en) 2016-10-26 2016-10-26 terminal application copyright authentication method and system

Country Status (1)

Country Link
CN (1) CN106549957B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107330128B (en) * 2017-07-24 2020-12-08 上海众人网络安全技术有限公司 Authentication abnormity judgment method and device
CN107483419B (en) * 2017-07-28 2020-06-09 深圳市优克联新技术有限公司 Method, device and system for authenticating access terminal by server, server and computer readable storage medium
CN107704295B (en) * 2017-10-31 2021-07-23 北京小米移动软件有限公司 Method, device and storage medium for setting self-starting authority
CN107919960A (en) * 2017-12-04 2018-04-17 北京深思数盾科技股份有限公司 The authentication method and system of a kind of application program
CN108875319A (en) * 2018-05-29 2018-11-23 广西中烟工业有限责任公司 Based on the software management system for improving SVM under a kind of Windows environment
CN111988314A (en) * 2020-08-19 2020-11-24 杭州铂钰信息科技有限公司 System architecture and method for dynamically deploying network security service

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104753674A (en) * 2013-12-31 2015-07-01 中国移动通信集团公司 Application identity authentication method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8601553B1 (en) * 2010-06-29 2013-12-03 Emc Corporation Techniques of imposing access control policies

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104753674A (en) * 2013-12-31 2015-07-01 中国移动通信集团公司 Application identity authentication method and device

Also Published As

Publication number Publication date
CN106549957A (en) 2017-03-29

Similar Documents

Publication Publication Date Title
CN106549957B (en) terminal application copyright authentication method and system
KR100823738B1 (en) Method for integrity attestation of a computing platform hiding its configuration information
CN107483509A (en) A kind of auth method, server and readable storage medium storing program for executing
TWI503690B (en) Method, device and server for verifying id validity
CN109522726A (en) Method for authenticating, server and the computer readable storage medium of small routine
CN112671720B (en) Token construction method, device and equipment for cloud platform resource access control
CN106878250B (en) Cross-application single-state login method and device
CN112000951A (en) Access method, device, system, electronic equipment and storage medium
CN109474600B (en) Account binding method, system, device and equipment
CN111814132B (en) Security authentication method and device, security authentication chip and storage medium
CN111460400A (en) Data processing method and device and computer readable storage medium
CN111953634B (en) Access control method and device for terminal equipment, computer equipment and storage medium
CN113312674B (en) Access security method and system based on multi-factor environment perception digital certificate
CN112699404A (en) Method, device and equipment for verifying authority and storage medium
CN111182010B (en) Local service providing method and device
CN115563588A (en) Software offline authentication method and device, electronic equipment and storage medium
CN115086090A (en) Network login authentication method and device based on UKey
KR20160109241A (en) Method and apparatus for secure accecss to resources
CN115514492A (en) BIOS firmware verification method, device, server, storage medium and program product
CN114520724A (en) Signature verification method of open API (application program interface)
CN112637167A (en) System login method and device, computer equipment and storage medium
CN113360868A (en) Application program login method and device, computer equipment and storage medium
CN107172106B (en) Security information interaction method and system
CN113271306B (en) Data request and transmission method, device and system
KR102534012B1 (en) System and method for authenticating security level of content provider

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 201203 Room 01, 1-4 storey, 9 Zuchong Road, China (Shanghai) Free Trade Pilot Area, Pudong New Area, Shanghai

Applicant after: Shanghai PeopleNet Security Technology Co., Ltd.

Address before: 201821 room 4, building 1411, No. 211, Yecheng Road, Shanghai, Jiading District

Applicant before: Shanghai PeopleNet Security Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant