CN108111622B - Method, device and system for downloading white box library file - Google Patents
Method, device and system for downloading white box library file Download PDFInfo
- Publication number
- CN108111622B CN108111622B CN201711484191.3A CN201711484191A CN108111622B CN 108111622 B CN108111622 B CN 108111622B CN 201711484191 A CN201711484191 A CN 201711484191A CN 108111622 B CN108111622 B CN 108111622B
- Authority
- CN
- China
- Prior art keywords
- library file
- lookup table
- white
- lookup
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to the technical field of terminal safety protection, in particular to a method and a device for downloading a white box library file, which are used for solving the problem that a secret key in the prior art is unsafe. This application mainly includes: submitting a library file generation request to a server; the white box library file fed back by the server according to the library file generation request is received, so that encryption and decryption operations can be performed subsequently according to the white box library file and the received key file. And furthermore, the safety of the user in decrypting the ciphertext and encrypting the plaintext is improved.
Description
Technical Field
The application relates to the technical field of terminal safety protection, in particular to a method, a device and a system for downloading a white box library file.
Background
With the development of terminal technology, more and more applications are installed in the terminal. The user may generate some data that the attacker does not want to steal in the process of using the application programs, or the user does not want the execution logic of the application program itself to be cracked reversely by the attacker. In order to secure the application and the data generated during the operation of the application, it is often necessary to encrypt the data.
The conventional encryption technology is a black-box encryption technology, which generally refers to a technology for encrypting plaintext data by using an encryption algorithm in a black-box (black-box) environment to obtain ciphertext data and a key. The black box environment is a safe and reliable operating environment invisible to an attacker, and under the environment, the attacker can only obtain input or output of an encryption algorithm but cannot obtain a secret key.
In recent years, intelligent terminals are widely popularized, and as the operating environment of the intelligent terminals is relatively open, that is, the operating environment of the intelligent terminals is visible to attackers (commonly known as white-box environment), the black-box encryption technology is no longer applicable, and the white-box encryption technology is correspondingly proposed. White-box cryptography refers to cryptography that can resist attacks in a white-box environment. The key idea is to confuse the cryptographic algorithm, so that an attacker cannot know the specific algorithm flow, thereby achieving the purpose of protecting key information, preventing the attacker from extracting the key in a white box environment, and ensuring the safety of protected data.
In the existing white-box encryption technology, a key is usually selected first, then scrambling coding is performed on the mapping from a plaintext to a ciphertext, and the coding result is expressed in a lookup table (also called a white-box library file) manner, so that an attacker cannot analyze the key from the lookup table. Such as the white-box AES algorithm designed by Chow et al. But the existing white-box AES algorithm has been broken down so that there is still a security threat to the data in the white-box environment.
Disclosure of Invention
The embodiment of the application provides a method, a device and a system for downloading a white box library file, which are used for solving the problem of unsafe secret key in the prior art.
In order to solve the technical problem, the embodiment of the application adopts the following technical scheme:
a method of downloading a white-box library file, comprising:
the client side submits a library file generation request to the server;
the server determines a code block matched with the library file generation request; running the code block and randomly generating a lookup table source file; compiling the lookup table source file, and sending the generated white box library file to a client;
and the client receives the white-box library file fed back by the server so as to perform encryption and decryption operations subsequently according to the white-box library file and the received key file.
A method of downloading a white-box library file, comprising:
submitting a library file generation request to a server;
and receiving the white-box library file which is generated by the server according to the library file and requested to be fed back so as to carry out encryption and decryption operation subsequently according to the white-box library file and the received key file.
A system for downloading a white-box library file, comprising: a client and a server;
the client is used for submitting a library file generation request to a server and receiving a white box library file fed back by the server so as to carry out encryption and decryption operations according to the white box library file and a received key file in a follow-up manner;
the server is used for determining a code block matched with the library file generation request; running the code block and randomly generating a lookup table source file; and compiling the lookup table source file, and sending the generated white box library file to a client.
An apparatus for downloading a white-box library file, comprising:
the sending module is used for submitting a library file generation request to the server;
and the receiving module is used for receiving the white-box library file which is generated by the server according to the library file and requested to be fed back so as to carry out encryption and decryption operations according to the white-box library file and the received key file.
The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects:
through the technical scheme, the key is convenient to update, and the white box library file does not need to be updated when the key is updated, so that the dynamic white box encryption process can be simplified, and the security of the key is improved. And furthermore, the safety of the user in decrypting the ciphertext and encrypting the plaintext is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1(a) is a schematic flow chart of a method for generating a white-box library file provided in the present application;
fig. 1(b) is a second schematic flowchart of a method for generating a white-box library file provided in the present application;
fig. 2 is a schematic flowchart of a downloading method of a white box library file provided in the present application;
fig. 3(a) is a schematic flowchart of a downloading method of a white-box library file provided in the present application;
fig. 3(b) is a second schematic flowchart of a method for downloading a white-box library file provided in the present application;
fig. 4(a) is a schematic structural diagram of a white box library file generation device provided in the present application;
fig. 4(b) is a schematic structural diagram of a downloading apparatus for a white box library file provided in the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
In the present application, a dynamic white-box solution is mainly introduced. The dynamic white box is that the white box library file is not required to be updated after being generated, and the original key is subjected to key conversion through a specific white box key generation tool to obtain a white box key; after the white-box key and the corresponding file transmit the matched white-box library file, the plaintext can be encrypted in a table look-up mode or the ciphertext can be decrypted. In the encryption and decryption scheme of the dynamic white box, the white box key is safe, and an attacker cannot obtain any information about the original key by analyzing the white box key, so that the cracking difficulty of the original key can be enhanced, and the security of the encryption and decryption operation can be guaranteed.
Referring to fig. 1(a), which is a schematic flow chart of the white-box library file generation method provided in the present application, it should be noted that an execution main body of the white-box library file generation scheme may be a server, where the server may be a white-box system server specially used for processing the white-box file, or may be a sub-server integrated in a developer server. The generation method mainly comprises the following steps:
step 11: according to the determined first parameter combination, a first code block matching the first parameter combination is determined.
Optionally, in this application, when determining, according to the determined first parameter combination, a first code block matching with the first parameter combination, referring to fig. 1(b), step 11 is specifically performed as:
step 111: a first combination of parameters is determined from the received library file generation request.
Specifically, in the present application, the library file generation request may be generated and submitted by the client. The library file generation request carries a first parameter combination, and the first parameter combination at least comprises: algorithm identification, applicable platform identification and target function.
-the algorithm identifier refers to one algorithm identifier or a combination of algorithm identifiers in the encryption algorithm. Currently supported encryption algorithms include: advanced Encryption Standard (AES) algorithm, Data Encryption Standard (DES), Triple Data Encryption Standard (TDES) and block cipher algorithm SM 4.
-said applicable platform identification refers to the terminal operating system to which the dynamic white-box technique is applicable. The supported operating systems include at least: the Android operating system or the iOS operating system, which is not limited thereto, may also support compatibility with the Android operating system and the iOS operating system. The Android operating system can support generation of a static white box library file and a dynamic white box library file; the iOS operating system may support the generation of static white-box library files.
-the target function means that the white-box library file to be generated is used for encryption, decryption or encryption and decryption. The target function can be used for single selection or multiple selection of the user when the client is opened to the user.
In fact, in the present application, the first parameter combination may include, in addition to the above three types of parameters: a device binding function; the method specifically comprises the following steps: add a device binding function or not. Specifically, the identifier of the client may be added to the first parameter combination. Thus, the processing side of the dynamic white-box technique is enabled to perform white-box key services for a particular user.
Step 112: and selecting a first code block corresponding to the matched code base according to the first parameter combination.
The method includes the steps of analyzing a first parameter combination carried by a library file generation request received from a client, and then selecting a matched code library from encryption libraries corresponding to an encryption algorithm according to the first parameter combination, wherein the number of the encryption libraries is matched with the encryption algorithm, and can be 4 or 8, and the like, and the application is not limited. And determining the corresponding first code block according to the selected code base. Wherein each code base comprises a plurality of first code blocks.
Step 12: and running the first code block and randomly generating a lookup table source file.
In particular, in the present application, a lookup table source file may be a set of codes that contains a lookup table. The lookup table source file can be dynamically and randomly generated according to a preset generation rule, so that the lookup table source files generated by the library file generation request initiated each time are different, the white box library files generated by the key request each time are different, and the encryption and decryption safety is improved.
Optionally, in this application, step 12 is specifically executed as: and operating the first code block, and dynamically and randomly generating at least one lookup table and a fixed code corresponding to each lookup table, wherein the fixed code records a lookup rule when a lookup operation is performed on the at least one lookup table. The lookup rule is used to indicate how to lookup a table and how to lookup. In fact, the lookup table exists in a mapping relationship, and the process of lookup table is the process of inputting plaintext-outputting ciphertext, or the process of inputting ciphertext-outputting plaintext.
Step 13: and compiling the lookup table source file to obtain a white box library file.
In the present application, step 13 specifically includes: combining the at least one lookup table with a fixed code corresponding to each lookup table; compiling the combined at least one lookup table and the fixed codes corresponding to each lookup table to obtain a white box library file.
The lookup table in the white-box library file is used for encrypting subsequently input plaintext or decrypting subsequently input ciphertext.
Through the technical scheme, the dynamic white box technology is adopted, the corresponding first code block is determined according to the first parameter combination carried in the received library file generation request, the corresponding lookup table and the corresponding fixed code are dynamically and randomly generated after the first code block is operated, the lookup table and the corresponding fixed code are compiled to obtain the white box library file in the dynamic white box technology, and when the key is updated, the white box library file does not need to be updated, so that the dynamic white box encryption process can be simplified, and the security of the key is improved.
In addition, in the application, it is considered that compiling the lookup table source file to obtain the white box library file is not limited to compiling only the lookup table and the corresponding fixed code, and corresponding package codes can be added for interfacing with corresponding operating systems according to different operation types. For example, for an Android operating system, a JNI code may be added as an interface packaging code, and the JNI code, a lookup table and a fixed code are combined together and then compiled to obtain a white box library file, so that the white box library file is suitable for the corresponding Android operating system. For another example, for the iOS operating system, other similar codes (codes that are aligned to interface with the iOS operating system) may be added as interface package codes, and the interface package codes are combined with the lookup table and the fixed codes together and then compiled to obtain a white box library file, so that the white box library file is suitable for the corresponding iOS operating system. The design can be conveniently butted with a white box standard algorithm, and the integration level is high.
Referring to fig. 2, a schematic flow chart of a downloading method of a white box library file provided in the present application is shown, where the downloading method is mainly introduced from the perspective of a system including a client and a white box key server, and the downloading method mainly includes the following steps:
step 21: the client side submits a library file generation request to the server.
Specifically, a client receives a selection instruction triggered by a selection operation of a user, and determines a first parameter combination selected by the user; then, the first parameter combination is added to the library file generation request, and the library file generation request is submitted to the server, where the submission is understood to be sending. The library file generation request carries a first parameter combination. The first parameter combination at least comprises: algorithm identification, applicable platform identification and target function.
The above generation scheme of the white box library file is already described, and is not described herein again.
In fact, in the present application, the first parameter combination may include, in addition to the above three types of parameters: a device binding function; the method specifically comprises the following steps: add a device binding function or not. Specifically, the identifier of the client may be added to the first parameter combination. Thus, the processing side of the dynamic white-box technique is enabled to perform white-box key services for a particular user.
Step 22: the server determining a first code block that matches the library file generation request; running the first code block, and randomly generating a lookup table source file; and compiling the lookup table source file, and sending the generated white box library file to a client.
Specifically, the server analyzes a first parameter combination carried by the library file according to the received library file generation request, then selects a matched code library from an encryption library corresponding to the encryption algorithm according to the first parameter combination, and determines a corresponding first code block according to the selected code library. The lookup table source file may be a collection of code containing a lookup table. The lookup table source file can be dynamically and randomly generated according to a preset generation rule, so that the lookup table source files generated by the library file generation request initiated each time are different, the white box library files generated by the key request each time are different, and the encryption and decryption safety is improved.
And operating the first code block, and dynamically and randomly generating at least one lookup table and a fixed code corresponding to each lookup table, wherein the fixed code records a lookup rule when a lookup operation is performed on the at least one lookup table. The lookup rule is used to indicate how to lookup a table and how to lookup. In fact, the lookup table exists in a mapping relationship, and the process of lookup table is the process of inputting plaintext-outputting ciphertext, or the process of inputting ciphertext-outputting plaintext.
Combining the at least one lookup table with a fixed code corresponding to each lookup table; compiling the combined at least one lookup table and the fixed codes corresponding to each lookup table to obtain a white box library file. The lookup table in the white-box library file is used for encrypting subsequently input plaintext or decrypting subsequently input ciphertext.
And finally, sending the obtained white box library file to a client.
Step 23: and the client receives the white-box library file fed back by the server so as to perform encryption and decryption operations subsequently according to the white-box library file and the received key file.
And the client receives and stores the white-box library file fed back by the server so as to process the plaintext or the ciphertext input by the user according to the white-box library file. And finishing the downloading operation of the white box library file.
In fact, in the present application, there may be a case where multiple clients initiate a white box library file generation request at the same time, at this time, different white box library file generation operations need to be performed according to the identifier of each client, and then the white box library files are sent to the clients corresponding to the client identifiers, respectively.
Referring to fig. 3(a), a schematic flowchart of a downloading method of a white box library file provided by the present application is shown, where the downloading method is mainly introduced by a client side, and the downloading method mainly includes the following steps:
step 31: and submitting a library file generation request to the server.
Step 32: and the receiving server generates a white-box library file requested to be fed back according to the library file so as to carry out encryption and decryption operation subsequently according to the white-box library file and the received key file.
Optionally, as shown in fig. 3(b), before submitting the library file generation request to the server, the method further includes:
step 33: determining a parameter combination selected by a user, wherein the parameter combination at least comprises: encryption algorithm identification, applicable platform identification, and target function.
Step 34: and generating a library file generation request carrying the parameter combination.
Optionally, step 32 specifically includes: and receiving the white-box library file fed back by the server according to the parameter combination carried in the library file generation request.
Optionally, in this application, the white box library file is determined by: determining a code block matched with the parameter combination according to the determined parameter combination; running the code block and randomly generating a lookup table source file; and compiling the lookup table source file to obtain a white box library file.
Referring to fig. 4(a), a schematic structural diagram of a white box library file generation device provided by the present application is shown, where the device mainly includes the following functional modules:
a determining module 41a, configured to determine, according to the determined first parameter combination, a code block matching the first parameter combination.
A generating module 42a, configured to run the first code block, randomly generate a lookup table source file.
And the compiling module 43a is configured to compile the lookup table source file to obtain a white box library file.
The determining module is specifically configured to determine a first parameter combination from the received library file generation request; and selecting a first code block corresponding to the matched code base according to the parameter combination.
Optionally, the generating module 42a is specifically configured to run the first code block, and dynamically and randomly generate at least one lookup table and a fixed code corresponding to each lookup table, where the fixed code records a lookup rule when performing a table lookup operation on the at least one lookup table.
Optionally, the compiling module 43a is specifically configured to combine the at least one lookup table with a fixed code corresponding to each lookup table; compiling the combined at least one lookup table and the fixed codes corresponding to each lookup table to obtain a white box library file.
Referring to fig. 4(b), a schematic structural diagram of a downloading device for white box library files provided by the present application is shown, where the device mainly includes the following functional modules:
a sending module 41b, configured to submit a library file generation request to a server;
the receiving module 42b is configured to receive the white-box library file that is generated by the server according to the library file and requested to be fed back, so as to perform encryption and decryption operations subsequently according to the white-box library file and the received key file.
Optionally, still referring to fig. 4(b), the apparatus further comprises:
a determining module 43b, configured to determine a parameter combination selected by the user before submitting the library file generation request to the server; generating a library file generation request carrying the parameter combination; wherein the parameter combination at least comprises: encryption algorithm identification, applicable platform identification, and target function.
Optionally, the receiving module 42b is specifically configured to receive the white-box library file fed back by the server according to the parameter combination carried in the library file generation request.
In fact, in this application, the downloading device of the white box library file can be regarded as a system for downloading the white box library file, including: a client and a server;
the client is used for submitting a library file generation request to a server and receiving a white box library file fed back by the server so as to carry out encryption and decryption operations according to the white box library file and a received key file in a follow-up manner;
the server is used for determining a code block matched with the library file generation request; running the code block and randomly generating a lookup table source file; and compiling the lookup table source file, and sending the generated white box library file to a client.
The embodiment of the present invention further provides a mobile terminal, which includes a processor, a memory, and a computer program stored in the memory and capable of running on the processor, and when being executed by the processor, the computer program implements each process of the foregoing white box library file downloading method embodiment, and can achieve the same technical effect, and is not described herein again to avoid repetition.
The embodiment of the present invention further provides a server device, which includes a processor, a memory, and a computer program stored in the memory and capable of running on the processor, and when being executed by the processor, the computer program implements each process of the above-mentioned white box library file generation method, and can achieve the same technical effect, and is not described herein again to avoid repetition.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements the downloading method of the white box library file and/or the processes of the embodiment of the method for generating the white box library file, and can achieve the same technical effects, and in order to avoid repetition, the details are not repeated here. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include transitory computer readable media (transmyedia) such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (6)
1. A method of downloading a white-box library file, comprising:
a client side submits a library file generation request to a server, wherein the library file generation request carries a first parameter combination; wherein the first combination of parameters includes at least: algorithm identification, applicable platform identification and client identification;
the server selects a first code block corresponding to the matched code base according to the first parameter combination; running the first code block, and dynamically and randomly generating a lookup table source file according to a preset generation rule, wherein the lookup table source file comprises at least one lookup table and a fixed code corresponding to each lookup table, the fixed code records a lookup rule when performing a lookup operation on the at least one lookup table, and the lookup rule is used for indicating how to lookup the table and a lookup manner;
the server combines the at least one lookup table with the fixed code corresponding to each lookup table; compiling the combined at least one lookup table and the fixed codes corresponding to each lookup table to generate a white box library file, and sending the generated white box library file to a client corresponding to the identifier of the client;
and the client receives the white-box library file fed back by the server so as to perform encryption and decryption operations subsequently according to the white-box library file and the received key file.
2. A method of downloading a white-box library file, comprising:
determining a first parameter combination selected by a user, wherein the first parameter combination at least comprises: algorithm identification, applicable platform identification and client identification;
generating a library file generation request carrying the first parameter combination;
submitting a library file generation request to a server;
receiving a white-box library file fed back by the server according to a first parameter combination carried in the library file generation request, so as to perform encryption and decryption operations subsequently according to the white-box library file and the received key file;
wherein the white-box library file is determined by:
determining a code block matched with the first parameter combination according to the determined first parameter combination;
running the code block, and dynamically and randomly generating a lookup table source file according to a preset generation rule, wherein the lookup table source file comprises at least one lookup table and a fixed code corresponding to each lookup table, the fixed code records a lookup rule when performing a lookup operation on the at least one lookup table, and the lookup rule is used for indicating how to lookup the table and a lookup manner;
combining the at least one lookup table with a fixed code corresponding to each lookup table; compiling the combined at least one lookup table and the fixed codes corresponding to each lookup table to generate a white box library file.
3. A system for downloading a white-box library file, comprising: a client and a server;
the client is used for submitting a library file generation request to a server and receiving a white box library file fed back by the server so as to carry out encryption and decryption operations according to the white box library file and a received key file in a follow-up manner; the library file generation request carries a first parameter combination; wherein the first combination of parameters includes at least: algorithm identification, applicable platform identification and client identification;
the server is used for selecting a first code block corresponding to the matched code base according to the first parameter combination; running the first code block, and dynamically and randomly generating a lookup table source file according to a preset generation rule, wherein the lookup table source file comprises at least one lookup table and a fixed code corresponding to each lookup table, the fixed code records a lookup rule when performing a lookup operation on the at least one lookup table, and the lookup rule is used for indicating how to lookup the table and a lookup manner;
the server is further configured to combine the at least one lookup table with a fixed code corresponding to each lookup table; compiling the combined at least one lookup table and the fixed codes corresponding to each lookup table to generate a white box library file, and sending the generated white box library file to a client corresponding to the identification of the client.
4. An apparatus for downloading a white-box library file, comprising:
the determining module is used for determining a first parameter combination selected by a user; generating a library file generation request carrying the first parameter combination; wherein the first combination of parameters includes at least: algorithm identification, applicable platform identification and client identification;
the sending module is used for submitting a library file generation request to the server;
a receiving module, configured to receive a white-box library file fed back by the server according to a first parameter combination carried in the library file generation request, so as to perform subsequent encryption and decryption operations according to the white-box library file and a received key file;
wherein the white-box library file is determined by:
determining a code block matched with the first parameter combination according to the determined first parameter combination;
running the code block, and dynamically and randomly generating a lookup table source file according to a preset generation rule, wherein the lookup table source file comprises at least one lookup table and a fixed code corresponding to each lookup table, the fixed code records a lookup rule when performing a lookup operation on the at least one lookup table, and the lookup rule is used for indicating how to lookup the table and a lookup manner;
combining the at least one lookup table with a fixed code corresponding to each lookup table; compiling the combined at least one lookup table and the fixed codes corresponding to each lookup table to generate a white box library file.
5. An apparatus for downloading a white-box library file, comprising: memory, processor and computer program stored on the memory and executable on the processor, which computer program, when executed by the processor, carries out the steps of the method as claimed in claim 2.
6. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the method as claimed in claim 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711484191.3A CN108111622B (en) | 2017-12-29 | 2017-12-29 | Method, device and system for downloading white box library file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711484191.3A CN108111622B (en) | 2017-12-29 | 2017-12-29 | Method, device and system for downloading white box library file |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108111622A CN108111622A (en) | 2018-06-01 |
| CN108111622B true CN108111622B (en) | 2021-10-29 |
Family
ID=62215021
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711484191.3A Active CN108111622B (en) | 2017-12-29 | 2017-12-29 | Method, device and system for downloading white box library file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108111622B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109728914B (en) * | 2019-01-23 | 2022-04-08 | 北京奇艺世纪科技有限公司 | Digital signature verification method, system, device and computer readable storage medium |
| CN110166425B (en) * | 2019-04-09 | 2021-08-20 | 北京奇艺世纪科技有限公司 | Data processing method, device, system and computer readable storage medium |
| CN110149312B (en) * | 2019-04-09 | 2021-10-15 | 北京奇艺世纪科技有限公司 | Data processing method, device, system and computer readable storage medium |
| CN110177073B (en) * | 2019-04-09 | 2021-11-09 | 北京奇艺世纪科技有限公司 | Data processing method, device, system and computer readable storage medium |
| CN112632542B (en) * | 2020-12-29 | 2022-07-05 | 五八有限公司 | Application program detection file dynamic adjustment method and device, electronic equipment and medium |
| CN112765566B (en) * | 2021-01-06 | 2024-06-14 | 航天信息股份有限公司 | Security generation method and device for authorization file |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102047220A (en) * | 2008-05-23 | 2011-05-04 | 爱迪德加拿大公司 | System and method for generating white-box implementations of software applications |
| WO2013139380A1 (en) * | 2012-03-20 | 2013-09-26 | Irdeto Bv | Updating key information |
| CN106059752A (en) * | 2016-07-04 | 2016-10-26 | 中国科学院信息工程研究所 | White-box cryptography encryption-decryption method based on expansion ciphertext |
| CN106411518A (en) * | 2016-09-26 | 2017-02-15 | 北京洋浦伟业科技发展有限公司 | Symmetric white box encryption method with unfixed key and apparatus |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101744748B1 (en) * | 2011-01-05 | 2017-06-09 | 한국전자통신연구원 | Contents protection, encryption and decryption apparatus using white-box cryptography |
| EP2669791A1 (en) * | 2012-06-01 | 2013-12-04 | QNX Software Systems Limited | System and method for tracking compliance information for a build-system product |
| KR20150090438A (en) * | 2014-01-29 | 2015-08-06 | 한국전자통신연구원 | White box encryption apparatus and encryption method |
| KR20150129459A (en) * | 2014-05-12 | 2015-11-20 | 한국전자통신연구원 | White-box cryptographic device and method thereof |
| US20160105276A1 (en) * | 2014-10-10 | 2016-04-14 | Qualcomm Incorporated | Rotation-based cipher |
| CN105099666A (en) * | 2015-06-26 | 2015-11-25 | 中国科学院信息工程研究所 | White-box cryptography system for confusing wheel boundary and method |
| JP6877889B2 (en) * | 2016-04-08 | 2021-05-26 | ソニーグループ株式会社 | Cryptographic device, encryption method, decryption device, and decryption method |
| KR101933649B1 (en) * | 2016-05-27 | 2018-12-28 | 삼성에스디에스 주식회사 | Apparatus and method for public key cryptography using white-box cryptographic alrgorithm |
| CN106612182B (en) * | 2016-12-22 | 2020-04-03 | 中国电子科技集团公司第三十研究所 | SM2 white-box digital signature implementation method based on remainder system |
-
2017
- 2017-12-29 CN CN201711484191.3A patent/CN108111622B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102047220A (en) * | 2008-05-23 | 2011-05-04 | 爱迪德加拿大公司 | System and method for generating white-box implementations of software applications |
| WO2013139380A1 (en) * | 2012-03-20 | 2013-09-26 | Irdeto Bv | Updating key information |
| CN106059752A (en) * | 2016-07-04 | 2016-10-26 | 中国科学院信息工程研究所 | White-box cryptography encryption-decryption method based on expansion ciphertext |
| CN106411518A (en) * | 2016-09-26 | 2017-02-15 | 北京洋浦伟业科技发展有限公司 | Symmetric white box encryption method with unfixed key and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108111622A (en) | 2018-06-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108111622B (en) | Method, device and system for downloading white box library file | |
| CN108134673B (en) | Method and device for generating white box library file | |
| CN110650010B (en) | Method, device and equipment for generating and using private key in asymmetric key | |
| CN108183796A (en) | The method and device of encryption and decryption is carried out using whitepack library file and whitepack key file | |
| CN105577379B (en) | Information processing method and device | |
| CN109728914B (en) | Digital signature verification method, system, device and computer readable storage medium | |
| CN111181720A (en) | Service processing method and device based on trusted execution environment | |
| CN104298932B (en) | A kind of call method and device of SO files | |
| CN106650482A (en) | Electronic file encryption method and device, electronic file decryption method and device and electronic file encryption and decryption system | |
| CN105450620A (en) | Information processing method and device | |
| CN109450620B (en) | Method for sharing security application in mobile terminal and mobile terminal | |
| CN113010856A (en) | Dynamic asymmetric encryption and decryption JavaScript code obfuscation method and system | |
| CN110855433B (en) | Data encryption method and device based on encryption algorithm and computer equipment | |
| US20230325516A1 (en) | Method for file encryption, terminal, electronic device and computer-readable storage medium | |
| CN110149312B (en) | Data processing method, device, system and computer readable storage medium | |
| CN108965278B (en) | Transaction request processing method and device | |
| CN106911628A (en) | A kind of user registers the method and device of application software on the client | |
| CN112579112B (en) | Mirror image security processing and deploying method, device and storage medium | |
| CN113326518B (en) | Data processing method and device | |
| CN107968793B (en) | Method, device and storage medium for downloading white box key | |
| US8862893B2 (en) | Techniques for performing symmetric cryptography | |
| RU2710670C2 (en) | Cryptographic system and method | |
| CN116346341A (en) | Private key protection and server access method, system, equipment and storage medium | |
| CN115001744B (en) | Cloud platform data integrity verification method and system | |
| CN111639358B (en) | Method and device for encrypting instruction and decrypting encrypted instruction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |