CN109657454A - A kind of Android application trust authentication method based on TF crypto module - Google Patents
A kind of Android application trust authentication method based on TF crypto module Download PDFInfo
- Publication number
- CN109657454A CN109657454A CN201811560585.7A CN201811560585A CN109657454A CN 109657454 A CN109657454 A CN 109657454A CN 201811560585 A CN201811560585 A CN 201811560585A CN 109657454 A CN109657454 A CN 109657454A
- Authority
- CN
- China
- Prior art keywords
- credible
- crypto module
- kan
- certificate
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The Android application trust authentication method based on TF crypto module that the invention discloses a kind of, include the following steps S1: third-party application APK file is passed through algorithm calculation of integrity value KAn and signature value SA by baling equipment, then APK file, KAn, SA, signing certificate etc. are packaged into credible installation kit, are put into application server;S2:Andriod terminal downloads are credible installation kit, by parsing to obtain the information such as APK file, KAn, SA, signing certificate with the credible installation and operation module that credible installation kit cooperates;TF crypto module verifies signing certificate validity, while parsing certificate and obtaining public key data;Verify same property of signing certificate;S3:Andriod terminal calls TF crypto module, carries out integrity verification and whether verifying signature value is effective.The present invention externally only provides input/output interface, and transmission uses custom protocol, ensure that safety.TF crypto module stores certificate white list and runs the integrity value KAn of white list, completes completeness check and signature verification function to application.
Description
Technical field
The invention belongs to field of information security technology.The invention patent is based on authentication techniques, proposes in Andriod system
The method of credible installation and credible operation after third-party application downloading.
Background technique
The downloading installation and operation of third-party application in existing Andriod system use the safe machine of linux kernel
System only can simply verify the reasonability of application, such as determine not forbid not instead of directly installing when application is problematic, only carry out
Safety instruction is decided whether to install by user oneself;In addition, malicious application developer is very easy to by forging application signature,
Will using disguising oneself as system trusted application installation in systems, once using in the system of being installed to, using by automatic running
Or operation manually, the operation of illegal application is limited without operation controlling mechanism accordingly, to may be made to user
At the harm and loss that can not be estimated.
Summary of the invention
It is an object of the invention to overcome the deficiencies of the prior art and provide a kind of Android applications based on TF crypto module can
Believe verification method.
The purpose of the present invention is achieved through the following technical solutions:
A kind of Android application trust authentication method based on TF crypto module, includes the following steps:
S1: third-party application APK file is passed through algorithm calculation of integrity value KAn and signature value SA by baling equipment, then
APK file, KAn, SA, signing certificate etc. are packaged into credible installation kit, are put into application server;
S2:Andriod terminal downloads are credible installation kit, passes through the credible installation and operation module solution cooperated with credible installation kit
Analysis obtains the information such as APK file, KAn, SA, signing certificate;
TF crypto module verifies signing certificate validity and terminates installation process if not passing through;It is credible if certificate is effective
Installation and operation module calls TF crypto module to obtain certificate, while parsing certificate and obtaining public key data;
Same property of verifying signing certificate terminates installation process if not passing through, if passing through, carries out next step operation;
S3:Andriod terminal calls TF crypto module, carries out integrity verification and whether verifying signature value is effective;If
Do not pass through, then terminates installation process;If passing through, allow to install.
It is preferred that i.e. S4: after installing successfully, Andriod terminal calls TF password the invention also includes step 4
The validity of credible operation control white list in module verification Andriod terminal disk, controls credible operation by then white
List content is loaded into Andriod terminal memory, and the credible operation otherwise emptied in Andriod terminal memory controls white name
It is single.
It is preferred that the invention also includes step 5, i.e. S5: when there is third-party application APK operation, by credible
Installation and operation module obtains the starting information of application program, TF crypto module calculation of integrity desired value KA1;Compare KA1 and interior
The desired value Kan of the application in the credible operation control white list of load is deposited, comparison is unsuccessfully forbidden running, otherwise allows to transport
Row.
The beneficial effects of the present invention are:
(1) using independent hardware platform TF crypto module as trusted module, TF crypto module is a SOC processing
There are the hardware co-processor for algorithm operation in device, inside, and hardware co-processor uses and the parallel operating mechanism of CPU, efficient reality
Existing crypto-operation function, externally only provides input/output interface, and transmission uses custom protocol, ensure that safety.
(2) it is matched using dedicated baling equipment (general purpose PC or laptop) and TF crypto module, it is common complete
It works at the completeness check of third-party application and certification authentication, wherein dedicated baling equipment only carries out integrality calculating and label
Name;TF crypto module stores certificate white list and runs the integrity value KAn of white list, complete to the completeness check of application and
Signature verification function.
(3) the credible installation and operation software of independent development in Andriod terminal carries out all third-party applications of downloading
Dissection process before installation is completed before installation and operation to the scheduler task of TF crypto module.
Detailed description of the invention
Fig. 1 is present system block diagram.
Specific embodiment
Technical solution of the present invention is described in further detail with reference to the accompanying drawing, but protection scope of the present invention is not limited to
It is as described below.
The technical problem to be solved by the present invention is to prevent installation and fortune of the illegal third-party application in andriod system
Row problem, the application for providing a kind of high security, high reliability is installed and operation method.As shown in Figure 1, a kind of be based on TF password
The Android application trust authentication method of module, includes the following steps:
S1: by third-party application APK file, by algorithm, (such as SM2 is calculated baling equipment (general purpose PC or laptop)
Method calculate the signature value, SM3 calculation of integrity value) calculation of integrity value KAn and signature value SA, then by APK file, KAn, SA,
Signing certificate etc. is packaged into credible installation kit, is put into application server;
S2:Andriod terminal (from application server) downloads credible installation kit, by with credible installation kit cooperate can
Letter installation and operation module parses to obtain the information such as APK file, KAn, SA, signing certificate;
Then the TF crypto module verifying signing certificate validity being arranged in Andriod terminal terminates if not passing through
Installation process;If certificate is effective, credible installation and operation module calls TF crypto module to obtain certificate, while parsing certificate and obtaining public affairs
Key data;
Same property of verifying signing certificate terminates installation process if not passing through, if passing through, carries out next step operation;
S3:Andriod terminal (credible installation and operation module) calls TF crypto module, carries out integrity verification and verifying
Whether signature value is effective;If not passing through, installation process is terminated;If passing through, allow to install.
It is preferred that the invention also includes step 4, i.e. S4: after installing successfully, (the credible installation of Andriod terminal
Operation module) call the credible operation control white list in TF crypto module verifying Andriod terminal disk (mainly to store third
The integrity value of Fang Yingyong APK file and corresponding integrity value KAn, credible operation control white list) validity, by then
By credible operation control whitelisted content be loaded into Andriod terminal memory, otherwise empty in Andriod terminal memory can
Letter operation control white list.
It is preferred that the invention also includes step 5, i.e. S5: when there is third-party application APK operation, by credible
Installation and operation module obtains the starting information of application program, TF crypto module calculation of integrity desired value KA1;Compare KA1 and interior
Deposit credible operation control white list (storage the third-party application APK file, the integrality of third-party application APK file of middle load
Value KAn, it is credible operation control white list integrity value) in the application desired value Kan, comparison unsuccessfully forbid running, otherwise
Allow to run.
The invention patent proposes that one kind carries out certification installation and operation to third-party application APK based on dedicated TF crypto module
Control technology, this method is totally different from existing traditional andriod system to the installation and operation mechanism of third-party application,
Credible installation is realized by the signature mechanism to third-party application, the credible operation of application is realized by white list mechanism.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, it is noted that all
Made any modifications, equivalent replacements, and improvements etc. within the spirit and principles in the present invention should be included in guarantor of the invention
Within the scope of shield.
Claims (3)
1. a kind of Android application trust authentication method based on TF crypto module, which comprises the steps of:
S1: third-party application APK file is passed through algorithm calculation of integrity value KAn and signature value SA by baling equipment, then by APK
File, KAn, SA, signing certificate etc. are packaged into credible installation kit, are put into application server;
S2:Andriod terminal downloads are credible installation kit, by being parsed with the credible installation and operation module that credible installation kit cooperates
To information such as APK file, KAn, SA, signing certificates;
TF crypto module verifies signing certificate validity and terminates installation process if not passing through;If certificate is effective, credible installation
Running module calls TF crypto module to obtain certificate, while parsing certificate and obtaining public key data;
Same property of verifying signing certificate terminates installation process if not passing through, if passing through, carries out next step operation;
S3:Andriod terminal calls TF crypto module, carries out integrity verification and whether verifying signature value is effective;If not leading to
It crosses, then terminates installation process;If passing through, allow to install.
2. a kind of Android application trust authentication method based on TF crypto module according to claim 1, which is characterized in that
It further includes step 4, i.e. S4: after installing successfully, Andriod terminal is called in TF crypto module verifying Andriod terminal disk
Credible operation control white list validity, by then by credible operation control whitelisted content be loaded into Andriod terminal
In memory, the credible operation control white list in Andriod terminal memory is otherwise emptied.
3. a kind of Android application trust authentication method based on TF crypto module according to claim 2, which is characterized in that
It further includes step 5, i.e. S5: when there is third-party application APK operation, obtaining application program by credible installation and operation module
Starting information, TF crypto module calculation of integrity desired value KA1;It is white to compare the credible operation control loaded in KA1 and memory
The desired value Kan of the application in list, comparison are unsuccessfully forbidden running, otherwise allow to run.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811560585.7A CN109657454B (en) | 2018-12-20 | 2018-12-20 | Trusted verification method for android application based on TF (TransFlash) cryptographic module |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811560585.7A CN109657454B (en) | 2018-12-20 | 2018-12-20 | Trusted verification method for android application based on TF (TransFlash) cryptographic module |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109657454A true CN109657454A (en) | 2019-04-19 |
CN109657454B CN109657454B (en) | 2021-08-17 |
Family
ID=66115675
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811560585.7A Active CN109657454B (en) | 2018-12-20 | 2018-12-20 | Trusted verification method for android application based on TF (TransFlash) cryptographic module |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109657454B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110233734A (en) * | 2019-06-13 | 2019-09-13 | Oppo广东移动通信有限公司 | Signature check method and Related product |
CN111324887A (en) * | 2020-02-25 | 2020-06-23 | 广东天波信息技术股份有限公司 | Installation control method and device for application program |
CN111857845A (en) * | 2020-06-19 | 2020-10-30 | 浪潮电子信息产业股份有限公司 | Integrity verification method, device and system for TF card software |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104462898A (en) * | 2014-11-27 | 2015-03-25 | 中国华戎控股有限公司 | Object file protecting method and device based on Android system |
US20160086871A1 (en) * | 2013-02-26 | 2016-03-24 | Intel Corporation | Integrated heat spreader for multi-chip packages |
CN106470201A (en) * | 2015-08-21 | 2017-03-01 | 中兴通讯股份有限公司 | A kind of user authen method and device |
CN107871080A (en) * | 2017-12-04 | 2018-04-03 | 杭州安恒信息技术有限公司 | The hybrid Android malicious code detecting methods of big data and device |
-
2018
- 2018-12-20 CN CN201811560585.7A patent/CN109657454B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160086871A1 (en) * | 2013-02-26 | 2016-03-24 | Intel Corporation | Integrated heat spreader for multi-chip packages |
CN104462898A (en) * | 2014-11-27 | 2015-03-25 | 中国华戎控股有限公司 | Object file protecting method and device based on Android system |
CN106470201A (en) * | 2015-08-21 | 2017-03-01 | 中兴通讯股份有限公司 | A kind of user authen method and device |
CN107871080A (en) * | 2017-12-04 | 2018-04-03 | 杭州安恒信息技术有限公司 | The hybrid Android malicious code detecting methods of big data and device |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110233734A (en) * | 2019-06-13 | 2019-09-13 | Oppo广东移动通信有限公司 | Signature check method and Related product |
CN110233734B (en) * | 2019-06-13 | 2022-03-11 | Oppo广东移动通信有限公司 | Signature verification method and related product |
CN111324887A (en) * | 2020-02-25 | 2020-06-23 | 广东天波信息技术股份有限公司 | Installation control method and device for application program |
CN111857845A (en) * | 2020-06-19 | 2020-10-30 | 浪潮电子信息产业股份有限公司 | Integrity verification method, device and system for TF card software |
CN111857845B (en) * | 2020-06-19 | 2022-04-22 | 浪潮电子信息产业股份有限公司 | Integrity verification method, device and system for TF card software |
Also Published As
Publication number | Publication date |
---|---|
CN109657454B (en) | 2021-08-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9946881B2 (en) | Global platform health management | |
KR101190479B1 (en) | Ticket authorized secure installation and boot | |
EP2748751B1 (en) | System and method for day-zero authentication of activex controls | |
US20060236122A1 (en) | Secure boot | |
US20130031371A1 (en) | Software Run-Time Provenance | |
CN106355081A (en) | Android program start verification method and device | |
WO2013000439A1 (en) | Method, device and security policy system for executing security policy script | |
US20170262658A1 (en) | Method and device for providing verifying application integrity | |
CN109657454A (en) | A kind of Android application trust authentication method based on TF crypto module | |
US11443031B2 (en) | Method for determining a validity of an application code, corresponding device and computer program product | |
CN106709281B (en) | Patch granting and acquisition methods, device | |
US20220207142A1 (en) | Zero Dwell Time Process Library and Script Monitoring | |
CN114329358A (en) | Application signature method and system, transaction terminal and service platform | |
CN116707758A (en) | Authentication method, equipment and server of trusted computing equipment | |
US8775822B2 (en) | Computer-implemented method and system for protecting a software installation after certification | |
Msgna et al. | Secure application execution in mobile devices | |
Athalye et al. | Package manager security | |
CN113966510A (en) | Trusted device and computing system | |
CN116776311A (en) | Hierarchical verification starting method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |