CN110362990A - Using the security processing of installation, apparatus and system - Google Patents
Using the security processing of installation, apparatus and system Download PDFInfo
- Publication number
- CN110362990A CN110362990A CN201910471749.7A CN201910471749A CN110362990A CN 110362990 A CN110362990 A CN 110362990A CN 201910471749 A CN201910471749 A CN 201910471749A CN 110362990 A CN110362990 A CN 110362990A
- Authority
- CN
- China
- Prior art keywords
- certificate
- root certificate
- application installation
- application
- root
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
This application discloses a kind of security processings of application installation, apparatus and system, belong to using security fields, can reinforce equipment to the safety detection of application installation, equipment safety can more be effectively ensured.Wherein method includes: the signature file obtained in application installation package, includes signing messages, the first root certificate and work certificate in the signature file;Certificate chain verifying is carried out according to first root certificate and the second root certificate being preset in equipment;If verifying by certificate chain, sign test is carried out to the signing messages using the work certificate;If sign test passes through, installation instruction of the application installation package in the equipment is triggered.
Description
Technical field
This application involves technical field of information processing, security processing, dress particularly with regard to a kind of application installation
It sets and system.
Background technique
With the development of development of Mobile Internet technology, mobile device using very common.User can be on the mobile apparatus
(Application, APP) is applied in installation, to meet the various demands of user.As mobile device can be by loading application installation package
(AndroidPackage, APK) carries out the installation of application program.
Malicious application is installed in order to prevent, mode traditional at present is the white name that write-in application can be mounted in a device
It is single, by comparing whether in white list before application installation, determine whether application can be mounted.
However white list mechanism needs real-time update dependent on network etc., will lead to equipment installation not in time most if updated
New malicious application, causes security risk.In addition, white list version is more and more as equipment is more and more, need to rely on mutually
The access of networking is to update white list, and high labor cost, maintenance cost is big, is unfavorable for managing.
Summary of the invention
In view of this, this application provides a kind of security processing of application installation, apparatus and system, main purpose exists
If in turn resulting in peace in solving to will lead to the newest malicious application of equipment installation not in time by white list mechanism update at present
Full hidden danger, and the problem of safeguard white list also and will increase corresponding cost.
According to the one aspect of the application, a kind of security processing of application installation is provided, can be applied to client
Side, this method comprises:
The signature file in application installation package is obtained, includes signing messages, the first root certificate and work in the signature file
Certificate;
Certificate chain verifying is carried out according to first root certificate and the second root certificate being preset in equipment;
If verifying by certificate chain, sign test is carried out to the signing messages using the work certificate;
If sign test passes through, installation instruction of the application installation package in the equipment is triggered.
Optionally, described to be tested according to first root certificate and the second root certificate being preset in equipment progress certificate chain
Card, specifically includes:
Obtain the corresponding manufacturer's root certificate of the equipment;
Second root certificate is verified using manufacturer's root certificate;
If second root certificate compares the public key that second root certificate and the first root certificate include by verifying;
If the public key is identical, it is determined that verified by certificate chain.
Optionally, described that sign test is carried out to the signing messages using the work certificate, it specifically includes:
Obtain the corresponding authentication signature value of the application installation package;
The signing messages is decrypted using the public key of the work certificate, and obtained signature value is recognized with described
Signed certificate name value is compared;
If the signature value is consistent with the authentication signature value, it is determined that sign test passes through.
Optionally, second root certificate is the corresponding CSR demand file generated when generating first root certificate, is passed through
What manufacturer's root certificate was signed and issued.
Optionally, the work certificate is that work certificate CSR request is signed and issued by the corresponding private key of first root certificate
What file generated obtained.
Optionally, the signature file obtained in application installation package, specifically includes:
The application installation package is decompressed, the signature file in the application installation package after obtaining decompression under predetermined directory;
Installation instruction of the triggering application installation package in the equipment, specifically includes:
The signature file is deleted from the application installation package after the decompression, and repacks the application after the decompression
Installation kit;
Trigger installation instruction of the application installation package after repacking in the equipment.
According to the another aspect of the application, the security processing of another application installation is provided, can be applied to service
End side, this method comprises:
It is signed using work certificate is corresponding with installation bag data, obtains signing messages;
The signing messages, the work certificate and the first root certificate are combined, signature file is generated;
The signature file is added in application installation package;
The application installation package is issued, so as to before device downloads install the application installation package, according to the signature
Information, the work certificate, first root certificate and the second root certificate being preset in the equipment carry out safety check.
Optionally, the method also includes:
Generate the first root certificate, CSR demand file and the corresponding private key of first root certificate;
The CSR demand file is sent to the equipment, so that manufacturer's root certificate is passed through in the CSR demand file
It signs and issues to obtain second root certificate.
Optionally, it is signed using work certificate is corresponding with installation bag data described, before obtaining signing messages, institute
State method further include:
The CSR demand file of work certificate is obtained by code key management infrastructure KMI system;
Using the corresponding private key of first root certificate, the work certificate demand file is signed and issued, the employee's card is obtained
Book.
Optionally, the method also includes:
The certificate upgrade package of customization is sent to the equipment, so as to after passing through using old root certificate signature verification, to institute
The second root certificate is stated to be updated.
Optionally, described to be signed using work certificate is corresponding with installation bag data, signing messages is obtained, it is specific to wrap
It includes:
The corresponding application installation package data are generated by SHA-256 algorithm to the application installation package;
Using the private key of the work certificate, signs to the application installation package data of generation, obtain A.L.S.
Breath.
Optionally, described that the signature file is added in application installation package, it specifically includes:
The application installation package is decompressed, the signature file is stored under the predetermined directory of source file;
Encapsulation compiles the source file, generates the application installation package by signature processing.
According to the another aspect of the application, a kind of secure processing device of application installation is provided, can be applied to client
Side, the device include:
First obtains module, includes A.L.S. in the signature file for obtaining the signature file in application installation package
Breath, the first root certificate and work certificate;
First authentication module, for carrying out certificate according to first root certificate and the second root certificate being preset in equipment
Chain verifying;
Second authentication module, if being verified for the first authentication module by certificate chain, using the work certificate to institute
It states signing messages and carries out sign test;
Module is installed and triggers installation instruction of the application installation package in the equipment if passing through for sign test.
Optionally, first authentication module further include:
First acquisition submodule, for obtaining the corresponding manufacturer's root certificate of the equipment;
First verifying submodule, for being verified using manufacturer's root certificate to second root certificate;
Second verifying submodule, if comparing second root certificate and the by verifying for second root certificate
The public key that one root certificate includes;
First determines submodule, if identical for the public key, it is determined that verified by certificate chain.
Optionally, second authentication module further include:
Second acquisition submodule, for obtaining the corresponding authentication signature value of the application installation package;
Submodule is compared, for the signing messages to be decrypted using the public key of the work certificate, and will be obtained
Signature value be compared with the authentication signature value;
Second determines submodule, if consistent with the authentication signature value for the signature value, it is determined that sign test passes through.
Optionally, second root certificate is the corresponding CSR demand file generated when generating first root certificate, is passed through
What manufacturer's root certificate was signed and issued.
Optionally, the work certificate is that work certificate CSR request is signed and issued by the corresponding private key of first root certificate
What file generated obtained.
Optionally, described first module is obtained, is specifically also used to decompress the application installation package, the application after obtaining decompression
The signature file in installation kit under predetermined directory;
The installation module is specifically also used to delete the signature file from the application installation package after the decompression, and
Application installation package after repacking the decompression;
Trigger installation instruction of the application installation package after repacking in the equipment.
According to the application's in another aspect, providing the secure processing device of another application installation, can be applied to service
End side, the device include:
Signature blocks obtain signing messages for being signed using work certificate is corresponding with installation bag data;
Composite module generates signature for the signing messages, the work certificate and the first root certificate to be combined
File;
Adding module, for the signature file to be added in application installation package;
Release module, for issuing the application installation package, so as to before device downloads install the application installation package,
According to the signing messages, the work certificate, first root certificate and the second root certificate for being preset in the equipment into
Row safety check.
Optionally, described device further include:
Generation module, for generating the first root certificate, CSR demand file and the corresponding private key of first root certificate;
Sending module, for the CSR demand file to be sent to the equipment, so that the CSR demand file passes through
Manufacturer's root certificate is crossed to sign and issue to obtain second root certificate.
Optionally, described device further include:
Second obtains module, for obtaining the CSR demand file of work certificate by code key management infrastructure KMI system;
Processing module, for signing and issuing the work certificate demand file, obtaining using the corresponding private key of first root certificate
To the work certificate.
Optionally, described device further include:
Update module, for sending the certificate upgrade package of customization to the equipment, to be tested using old root certificate signature
After card passes through, second root certificate is updated.
Optionally, the signature blocks are specific further include:
Submodule is encrypted, is installed for generating the corresponding application by SHA-256 algorithm to the application installation package
Bag data;
Submodule of signing carries out the application installation package data of generation for the private key using the work certificate
Signature, obtains signing messages.
Optionally, the adding module is specifically used for decompressing the application installation package, the signature file is stored in source
Under the predetermined directory of file;
Encapsulation compiles the source file, generates the application installation package by signature processing.
According to the application another aspect, a kind of storage medium is provided, computer program, described program are stored thereon with
The security processing of the above-mentioned application installation that can be applied to client-side is realized when being executed by processor.
According to the application another aspect, a kind of client device is provided, including storage medium, processor and be stored in
On storage medium and the computer program that can run on a processor, the processor realize above-mentioned answer when executing described program
The security processing of application installation for client-side.
According to the application another aspect, a kind of storage medium is provided, computer program, described program are stored thereon with
The security processing of the above-mentioned application installation that can be applied to service end side is realized when being executed by processor.
According to the application another aspect, a kind of server apparatus is provided, including storage medium, processor and be stored in
On storage medium and the computer program that can run on a processor, the processor realize above-mentioned answer when executing described program
For servicing the security processing of the application installation of end side.
According to the application another aspect, a kind of safe processing system of application installation, including above-mentioned client are provided
Equipment and server apparatus.
By above-mentioned technical proposal, a kind of security processing, the apparatus and system of application installation provided by the present application, with
Currently available technology is compared, and the application client can be when needing to install application installation package, according to signature file packet in installation kit
The root certificate that contains, work certificate, signing messages, and the root certificate being preset in equipment is combined to carry out certificate chain and sign test etc. one
The safety verification of series.This safety verification is not only tested since the self-signed certificate of installation kit since both direction
Card, but also verified with the starting point that client is verifying.The benefit verified in this way is while verifying self-signed certificate
Verifying equipment, whether safety more comprehensively compared to traditional verification method more can effectively solve application now and be mounted on secure side
The problem of face encounters.In terms of server-side, the main distinction compared to traditional preset white list in a device is preset white name
It singly needs to safeguard, updates and depend on network, it is exactly that certificate has and can not support that the installation maximum benefit of permission is controlled by certificate
Lai Xing is sufficiently combined the safe handling of application program and certificate, is provided strong safety for client device and is protected
Barrier.
Above description is only the general introduction of technical scheme, in order to better understand the technological means of the application,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects, features and advantages of the application can
It is clearer and more comprehensible, below the special specific embodiment for lifting the application.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present application, constitutes part of this application, this Shen
Illustrative embodiments and their description please are not constituted an undue limitation on the present application for explaining the application.In the accompanying drawings:
Fig. 1 shows a kind of flow diagram of the security processing of application installation provided by the embodiments of the present application;
Fig. 2 shows the flow diagrams of the security processing of another application installation provided by the embodiments of the present application;
Fig. 3 shows the flow diagram of the security processing of another application installation provided by the embodiments of the present application;
Fig. 4 shows the flow diagram of the security processing of another application installation provided by the embodiments of the present application;
Fig. 5 shows a kind of structural representation of the processing unit of the safe handling of application installation provided by the embodiments of the present application
Figure;
The structure that Fig. 6 shows the processing unit of the safe handling of another application installation provided by the embodiments of the present application is shown
It is intended to;
Fig. 7 shows the flow diagram of the safe handling of a kind of application installation provided by the embodiments of the present application endorsed;
Fig. 8 shows a kind of System Framework figure of the sign test of the safe handling of application installation provided by the embodiments of the present application;
Fig. 9 shows a kind of flow diagram of the work certificate of application installation provided by the embodiments of the present application;
Figure 10 shows a kind of certification hierarchy relationship signal of the safe handling of application installation provided by the embodiments of the present application
Figure;
Figure 11 shows a kind of safe processing system structural schematic diagram of application installation provided by the embodiments of the present application.
Specific embodiment
The application is described in detail below with reference to attached drawing and in conjunction with the embodiments.It should be noted that not conflicting
In the case of, the features in the embodiments and the embodiments of the present application can be combined with each other.
It carries out relying on the real-time update of network using the processing method of installation by existing manner at present and need preset
White list verifies the installation of application, but not can guarantee the real-time connection of network in special circumstances, and maintenance white list mentions
The high time cost of application installation.In order to solve this problem, a kind of safe handling side of application installation is present embodiments provided
Method, as shown in Figure 1, this method comprises:
101, client obtains the signature file in application installation package.
Wherein, signature file includes signing messages, the first root certificate and work certificate (App Signer Cert).For example,
Signing messages can be the 256 octet signature values etc. signed using work certificate and private key to installation bag data.First
Certificate can be the root certificate (App Provider CA) of official's certification, be asked by the corresponding private key of the root certificate to work certificate
It asks file to sign, and then generates the work certificate.Here signature is referred to using private key to the content handled
Abstract is encrypted, and obtained ciphertext is thus referred to as signed.
It can be the client terminal device for carrying out Installation Validation processing before application installation for the executing subject of the present embodiment
Or equipment, businessman's management equipment side or other terminal sides are configurable on, multi-functional terminal end (the point of for such as user being assisted to order
Sale, POS) etc..
In the present embodiment, application installation package can be obtained from application shop, or be acquired from other approach.It answers at this
Before with installation kit needing that (such as receiving corresponding installation instruction) is installed, or downloads to the application installation package and carry out safe test
When card, security processes shown in execution step 101 to 104, to guarantee the safety using installation.
102, certificate chain verifying is carried out according to the first root certificate and the second root certificate being preset in equipment.
Wherein, the root certificate demand file that the second root certificate can be authenticated according to official, and signed by device manufacturer
Generation obtains, and is then preset in equipment.Equipment in this present embodiment can be set for businessman's management equipment or other terminals
It is standby etc..
In the present embodiment, the specific verifying logic of certificate chain is preset according to actual needs.For example, obtaining life first
Business men root certificate verifies the second root certificate by manufacturer's root certificate, secondly the public key of preset the first root certificate of comparison and the
The public key of two root certificates is verified etc..
If 103, verifying by certificate chain, sign test is carried out to signing messages using work certificate.
Wherein, after sign test refers to that data receiver receives the content handled, need to confirm the content
Whether it is tampered.Therefore recipient signature is decrypted using the public key that oneself is held, compare acquisition digest calculations value and
The value obtained after decryption, the completely the same explanation of the two are not tampered with.
For example, POS terminal before installing application installation package P, obtains the signature file in application installation package P, signature text
It include long character string information S, root certificate A in part, work certificate B.Certificate A is carried out according to root certificate C preset in POS terminal
Verifying carries out sign test to long character string information S using work certificate B if being verified, if sign test passes through, triggering installation kit P exists
Installation instruction in POS terminal.
For the present embodiment, sign test logic is carried out to signing messages using work certificate and is set in advance according to actual needs
It is fixed.For example, be decrypted by the public key of work certificate, obtained result is compared with authentication signature value and is determined with this
Whether verification passes through.
If 104, sign test passes through, installation instruction of the application installation package in the equipment is triggered.
Wherein, installation instruction includes the instruction of starting installation kit installation procedure, for installing installation kit after being verified.
For method provided in this embodiment, client carries out safe handling before installing application program, at present it is existing
Technology is compared, and can accomplish the real-time update white list for not depending on internet, is demonstrate,proved by the root that signature file in installation kit includes
Book, work certificate, signing messages, and the root certificate being preset in equipment is combined to carry out a series of peace such as certificate chain and sign test
Full verifying, reduces the cost of maintenance white list, and the double authentication of device manufacturer's certificate and client's root certificate is organically incorporated in
Together, it is verified from equipment and installation kit both direction, largely improves client in terms of verifying installation kit
Safety.
Further, as the refinement and extension of above-described embodiment specific embodiment, in order to completely illustrate the present embodiment
Specific implementation process, the security processing of another application installation is present embodiments provided, as shown in Fig. 2, this method packet
It includes:
201, application installation package is decompressed, the signature file in the application installation package after obtaining decompression under predetermined directory.
For example, including the subfile under META-INF file or META-INF catalogue in installation package file.From META-INF
Signature file is obtained in subfile under file or META-INF catalogue.
It may include signing messages, the first root certificate and work certificate in signature file.In the present embodiment, work certificate is
Sign and issue what work certificate CSR demand file generated by the corresponding private key of first root certificate.
For the present embodiment, signature file is prepositioned the subfile under META-INF file or META-INF catalogue
In, in order to search signing messages, the first root certificate and work certificate after decompressing.In the present embodiment the first root certificate can be by
The certificate that the consigner of manufacturer signs and issues.The certificate that works in the present embodiment can be manufacturer and sign and issue work certificate demand file life
At certificate.Signature file determined by the above method more can be effectively carried out entirely compared to the signature file that conventional method determines
Orientation verifying, can not only verify installation kit, can also carry out to the superior certificates of work certificate used in verifying
Verifying.By this double verification, the risk by malicious application by verifying is reduced.
202, the corresponding manufacturer's root certificate of the equipment is obtained.
For the present embodiment, manufacturer's root certificate can be signed and issued by manufacturer and it is preset in a device, in order to carry out
Certificate chain verifying.Manufacturer's root certificate belongs to the superior certificates of the first root certificate and the second root certificate in rank, is second
The immediate superior certificate of certificate.This certificate chain pattern includes two independent certificate chains, is manufacturer's root certificate respectively to the
Two root certificates, the first root certificate is to work certificate, then passes through the first root certificate and the identical certificate request file of the second root certificate
It dexterously associates, in order to be verified respectively from two angles in subsequent verifying, it is ensured that device security
While, complete the verifying to installation kit.
203, second root certificate is verified using manufacturer's root certificate.
For the present embodiment, the second root certificate is the corresponding CSR demand file generated, warp when generating first root certificate
Cross what manufacturer's root certificate was signed and issued.The safety of equipment is to ensure that the main purpose of the verifying of the second root certificate,
Even if usurp equipment is assembled into terminal device, such as POS terminal privately, in the case where no preset second root certificate still without
Method passes through verifying.Aforesaid way can effectively ensure equipment safety.
If 204, the second root certificate compares the public key that second root certificate and the first root certificate include by verifying.
For the present embodiment, it is to verify that whether verify the first root certificate and the second root certificate, which include identical public key,
The legitimacy of one root certificate, there are two the purposes for verifying the legitimacy of the first root certificate, passes through the first root certificate of verifying first
Legitimacy directly verifies installation kit, and the legitimacy of work certificate is judged secondly by the legitimacy of the first root certificate of verifying,
Because the certificate that works is generated according to the first root certificate.The verifying of certificate chain is completed by comparing public key.Above method verifying
It can agree in structure between client and installation kit, the user of the above method can distribute the first root certificate by control
Mode carry out priority assignation, complete the limitation to installation kit installation permission.
If the public key that 205, the second root certificate and the first root certificate include is identical, it is determined that verified, obtained by certificate chain
The corresponding authentication signature value of application installation package.
For the present embodiment, the corresponding authentication signature value of application installation package is obtained, the authentication signature value is pre- for verifying
The signature value set, to judge the legitimacy of work certificate.
In the present embodiment, the certificate request of this standard CSR format is generated while servicing end side and generating root certificate,
The root public key information and main information of service end side are contained in the demand file.Manufacturer uses after taking this this certificate request
The CA certificate of manufacturer signs and issues it, generates user's root certificate B (manufacturer's signature), and be preset in the safety zone of equipment,
When equipment starts, firmware carries out legitimacy verifies to it by manufacturer's CA certificate, it is ensured that the correctness of root public key information.Into
When row APK application installation, equipment first obtains the root certificate A (oneself signature) in APK packet, takes out public key value therein, and is stored in
The public key value in root certificate B (manufacturer's signature) in equipment is compared, if the two is consistent, determines that root certificate A is legal, then
Legitimacy verifies are carried out to the work certificate in installation kit using it.
206, signing messages is decrypted using the public key of work certificate, and obtained signature value and the certification is signed
Name value is compared.
If 207, signature value is consistent with the authentication signature value, it is determined that sign test passes through, from the application peace after the decompression
The signature file is deleted in dress packet, and repacks the application installation package after the decompression.
For the present embodiment, the application installation package after repacking the decompression can effectively pacify with existing application program
Dress mode combines, and does not need carry out additional exploitation again after whether verifying installation kit can be installed, reduces coupling, increase
The utilization rate of existing code.
208, installation instruction of the application installation package in the equipment after triggering is repacked.
Further, work as application terminal, such as POS terminal is assembled privately, do not pass through the authorization of manufacturer, do not install
Second root certificate, then in verification process can not by step 203, the above method carry out verifying be it is comprehensive, be from
Initiate that there is reliability inside equipment.
In another case, third party has maliciously stolen work certificate, then the oneself signature verifying for the certificate that works is
By, traditional method is only limitted to this, although the verifying of work certificate has non repudiation, step 204 can negate
The legitimacy of work certificate, multi-angle carry out safety check.
For example, decompression application installation package P, obtains META-INF file or META-INF mesh in the application installation package after decompressing
Record lower signature file includes long character string information S, certificate A, certificate B in signature file.Obtain manufacturer's root of POS terminal
Certificate.Preset certificate C is verified using manufacturer's root certificate.If certificate C compares the certificate by verifying
The public key that C and certificate A include.If public key is identical, the corresponding authentication signature value of application installation package P is obtained.The public affairs of certificate of utility B
Signing messages is decrypted in key, and obtained signature value is compared with the authentication signature value.If signature value with it is described
Authentication signature value is consistent, deletes the signature file from the application installation package P after the decompression, and repack the decompression
Application installation package P afterwards.Installation instruction of the application installation package after repacking in the equipment is triggered, is completed to installation kit
The installation of P.
Method provided in this embodiment is established a set of perfect application distribution mechanisms, is limited the installation of application, phase
Application is built into when limiting this installation when applying in the restocking of application market backstage in a set of effective scheme
Itself verifies the installation limitation of application by the special system reform, if application is installed in operation by verifying,
Do not allow, does not allow apply and install successfully.Compared with currently available technology, guarantee the flexibility of machine installation application, in addition to certain
Other than stationary applications installation, the application of also mountable some officials is extended according to follow-up business demand.
It should be noted that the security processing of the above-mentioned application installation that can be applied to client-side, is in client
The side description security processes that specifically application is installed, and in order to completely illustrate the specific embodiment of the present embodiment, it provides
The security processing of another application installation that can be applied to service end side, to illustrate the application installation in service end side
Security processes, as shown in figure 3, this method comprises:
301, server-side is signed using work certificate is corresponding with installation bag data, obtains signing messages.
Wherein, being corresponded to sign with installation bag data using work certificate can be;Installation kit is carried out first
SHA256 algorithm process is generated installation bag data, is then signed using the private key of work certificate to the summary data of installation kit
Name processing.
For the present embodiment, installation kit is carried out abstract processing and signed to be preliminarily to carry out verifying preparation.
302, signing messages, the work certificate and the first root certificate are combined, generate signature file.
For example, the signature file generated can be SIGNINFO file, by the signing messages, the work certificate and the
One root certificate, which is combined, is convenient for repacking for information management and installation kit.
303, signature file is added in application installation package.
For the present embodiment, the signature file is added in application installation package in order to which client obtains after decompression
Signature file carries out safety verification.
304, the application installation package is issued.
Further, in order to before device downloads install the application installation package, according to the signing messages, described
Work certificate, first root certificate and the second root certificate being preset in the equipment carry out safety check.For example, can will answer
Application shop or other downloadings are published to using channel etc. with installation kit.
Method provided in this embodiment can reduce the cost of maintenance white list, device manufacturer compared with currently available technology
The double authentication of certificate and client's root certificate is organically combined together, and is verified from equipment and installation kit both direction, pole
Safety of the client in terms of verifying installation kit is improved in big degree.
Further, as the refinement and extension of above-described embodiment specific embodiment, in order to completely illustrate the present embodiment
Specific implementation process, the security processing of another application installation is present embodiments provided, as shown in figure 4, this method packet
It includes:
401, the first root certificate, CSR demand file and the corresponding private key of first root certificate are generated;
Wherein, CSR demand file: i.e. certificate request file, that is, certificate Requestor is in application digital certificate Shi Youjia
Close ISP also generates certificate request file while generating private key, as long as certificate Requestor submits to CSR file
After certification authority, certification authority just generates CertPubKey file using its root certificate private key signature, that is, issues
Issue the certificate of user.
402, the CSR demand file is sent to equipment.
Further, so that the CSR demand file signs and issues to obtain second root certificate by manufacturer's root certificate.
Second root certificate is subsequent to be preset at equipment side.
In the present embodiment, the root certificate of generation is self-signed certificate, needs to design related mechanism after being preset in equipment
To ensure the legitimacy of root certificate and can not replace.
Further, in order to meet certificate update demand, the present embodiment method, which may also include that send to the equipment, to be customized
Certificate upgrade package, to be updated to second root certificate after being passed through using old root certificate signature verification.For example,
Root certificate preset in equipment is updated by the certificate upgrade package of customization.Upgrade package must use old root certificate signature to test
Card can be just successfully installed in equipment after passing through, so that it is authenticated to realize that the newest root certificate of equipment utilization carries out certificate chain
Journey improves corresponding safety.
403, the CSR demand file of work certificate is obtained by KMI system.
Wherein, code key management infrastructure (Key Management Infrastructure, KMI) system is configurable on
Service end side.
404, using the corresponding private key of first root certificate, the work certificate demand file is signed and issued, the work is obtained
Certificate.
In the present embodiment, the first root certificate and application signature work certificate, can be generated and be managed by server-side, wherein public
The corresponding private key of key certificate need to encrypt storage, and public key certificate is externally issued, the public key that the root certificate demand file of CSR format includes
Information is distributed to manufacturer together, is protected in the certificate chain for being included in each manufacturer.It should be noted that work certificate is not necessarily to
Be preset in equipment but be packaged in the APK of application program and download together, legitimacy by root public key preset in equipment into
Row verifying.
405, corresponding application installation package data are generated by SHA-256 algorithm to application installation package.
406, it using the private key of the work certificate, signs, is signed to the application installation package data of generation
Name information.
For example, signing using work certificate and private key to original APK bag data, the signature value of 256 bytes is obtained.
In the present embodiment, the asymmetric arithmetic RSA2048 for meeting PCI safety requirements, Message Digest 5 can be used
SHA256, certificate format follow X509 specification.
407, signing messages, the work certificate and the first root certificate are combined, generate signature file.
Specifically, can be by signature value and root certificate, work certificate and some additional informations (such as signature description information, card
Book domain, accessory information domain, signature file head etc.) it is combined, generate signature file SIGNINFO.
408, the application installation package is decompressed, the signature file is stored under the predetermined directory of source file.
409, encapsulation compiles the source file, generates the application installation package by signature processing.
For example, signature file SIGNINFO is imported under the META-INF catalogue of APK file, thus primary not destroying
Under the premise of APK packet format, signing messages is embedded into APK, integrality is carried out to APK file using it when downloading and installing
And authenticity verification.
410, publication is by signature treated application installation package.
Further, in order to before device downloads install the application installation package, according to the signing messages, the work
Certificate, first root certificate and the second root certificate being preset in the equipment carry out safety check.For example, in equipment side
Decompress APK packet first, acquisition signature file SIGNINFO, and after deleting SIGNINFO, restore original APK file;Then basis
SIGNINFO obtains root certificate, and work certificate, the information such as signature value;Certificate chain is carried out according to the root certificate being preset in equipment to test
Card;After through certificate chain, the legitimacy of the signature value of the original APK packet of work certification authentication is used;If sign test passes through, call
Android primary process normally executes the installation of original APK file, no longer carries out stringent sign test to the data in original APK.
For example, generating the corresponding private key of certificate A, certificate request file F1 and certificate A, F1 is sent to POS terminal, so that
F1, which is signed and issued, by preset certificate C generates certificate C.Work certificate demand file F2 is obtained by KMI system, certificate of utility A's
Private key signs and issues F2, obtains certificate B.Installation kit P1 is carried out to carry out informative abstract processing generation character string by SHA256 algorithm
S1 signs and issues S1 using the private key of certificate B, obtains S2.S2, certificate B and certificate A are combined into SIGNINFO file.Decompression installation
P1 is wrapped, SIGNINFO file is stored under META-INF file or META-INF catalogue and repacks to obtain installation kit P2.
Installation kit P2 is to application shop for publication, right in order to which client downloads to installation kit P2 from application shop, and before installing P2
S2, certificate B and certificate A carry out safety check.
Method provided in this embodiment manufacturer CA can be used to endorse server-side root certificate, will not destroy certificate body
The independence of system.Application signature publication can be carried out by the certificate of oneself;Root public key certificate request be can provide to manufacturer, and
Will not reveal the sensitive informations such as private key, each manufacturer can the corresponding protection mechanism of designed, designed guarantee the legitimacy of root public key, and
Complete certificate chain is included in APK installation procedure, each manufacturer is also convenient for and is realized by standard openssl order to APK peace
Fill the sign test of program, good compatibility;Can also be in such a way that manufacturer CA to endorse, the root certificate allowed is included in the certificate chain of each manufacturer
It is protected, so that storage of the root public key information in equipment is safer compared with currently available technology, the white name of maintenance can be reduced
The double authentication of single cost, device manufacturer's certificate and client's root certificate is organically combined together, from equipment and installation kit two
A direction is verified, and safety of the client in terms of verifying installation kit is largely improved.
Further, the specific implementation as method shown in Fig. 1 and Fig. 2, the embodiment of the present application provide one kind and can apply
In the secure processing device of the application installation of client-side, as shown in figure 5, the device includes: the first acquisition module 501, first
Authentication module 502, the second authentication module 503 and installation module 504.
First obtains module 501, for obtaining the signature file in application installation package, includes signature in the signature file
Information, the first root certificate and work certificate;
First authentication module 502, for being carried out according to first root certificate and the second root certificate being preset in equipment
Certificate chain verifying;
Second authentication module 503 utilizes the work certificate pair if verifying for the first authentication module by certificate chain
The signing messages carries out sign test;
Module 504 is installed and triggers the application installation package in the equipment if passing through for the second authentication module sign test
Interior installation instruction.
In specific application scenarios, first authentication module 502 further include: the first acquisition submodule 5021, first
It verifies submodule 5022, second and verifies the determining submodule 5024 of submodule 5023, first;
First acquisition submodule 5021, for obtaining the corresponding manufacturer's root certificate of the equipment;
First verifying submodule 5022, for being verified using manufacturer's root certificate to second root certificate;
Second verifying submodule 5023, if comparing second root certificate by verifying for second root certificate
The public key for including with the first root certificate;
First determines submodule 5024, if identical for the public key, it is determined that verified by certificate chain.
In specific application scenarios, second authentication module 503 further include: the second acquisition submodule 5031 compares
Submodule 5032, second determines submodule 5033;
Second acquisition submodule 5031, for obtaining the corresponding authentication signature value of the application installation package;
Submodule 5032 is compared, for the signing messages to be decrypted using the public key of the work certificate, and will
Obtained signature value is compared with the authentication signature value;
Second determines submodule 5033, if consistent with the authentication signature value for the signature value, it is determined that sign test is logical
It crosses.
In specific application scenarios, optionally, second root certificate is corresponding life when generating first root certificate
At CSR demand file, signed and issued by manufacturer's root certificate.
In specific application scenarios, optionally, the work certificate is by the corresponding private key of first root certificate
Sign and issue what work certificate CSR demand file generated.
In specific application scenarios, described first obtains module 501, is specifically also used to decompress the application installation package,
The signature file in application installation package after obtaining decompression under predetermined directory;
The installation module 504, is specifically also used to delete the signature file from the application installation package after the decompression,
And repack the application installation package after the decompression;Trigger installation of the application installation package after repacking in the equipment
Instruction.
It should be noted that a kind of safe handling dress of application installation that can be applied to client-side provided in this embodiment
Other corresponding descriptions of involved each functional unit are set, can be with reference to the corresponding description in Fig. 1 and Fig. 2, details are not described herein.
Further, the specific implementation as method shown in Fig. 3 and Fig. 4, the embodiment of the present application provide one kind and can apply
In the secure processing device of the application installation of service end side, as shown in fig. 6, the device includes: signature blocks 601, composite module
602, adding module 603, release module 604.
Signature blocks 601 obtain signing messages for being signed using work certificate is corresponding with installation bag data;
Composite module 602 is generated for the signing messages, the work certificate and the first root certificate to be combined
Signature file;
Adding module 603, for the signature file to be added in application installation package;
Release module 604, for issuing the application installation package.
Further, in order to before device downloads install the application installation package, according to the signing messages, described
Work certificate, first root certificate and the second root certificate being preset in the equipment carry out safety check.
In specific application scenarios, the present apparatus further include: generation module 605 and sending module 606;
Generation module 605, for generating the first root certificate, CSR demand file and the corresponding private key of first root certificate;
Sending module 606, for the CSR demand file to be sent to the equipment, so that the CSR demand file
It signs and issues to obtain second root certificate by manufacturer's root certificate.
In specific application scenarios, the present apparatus further include:
Second obtains module 607, for obtaining work certificate CSR request text by code key management infrastructure KMI system
Part;
Processing module 608, for signing and issuing the work certificate request text using the corresponding private key of first root certificate
Part obtains the work certificate.
In specific application scenarios, the present apparatus further include: update module 609;
Update module 609, for sending the certificate upgrade package of customization to the equipment, to sign using old root certificate
After being verified, second root certificate is updated.
In specific application scenarios, the signature blocks 601 are specific further include:
Submodule 6011 is encrypted, for generating the corresponding application by SHA-256 algorithm to the application installation package
Bag data is installed;
Signature submodule 6012, for the private key using the work certificate, to the application installation package data of generation
It signs, obtains signing messages.
In specific application scenarios, the adding module 603 is specifically used for decompressing the application installation package, will be described
Signature file is stored under the predetermined directory of source file;Encapsulation compiles the source file, generates the application peace by signature processing
Dress packet.
It should be noted that a kind of safe handling dress of application installation that can be applied to service end side provided in this embodiment
Other corresponding descriptions of involved each functional unit are set, can be with reference to the corresponding description in Fig. 3 and Fig. 4, details are not described herein.
In this specification one or more embodiment, the flow instance for carrying out signature processing to installation kit can be such as Fig. 7 institute
Show:
It is encrypted using SHA algorithm, is signed using the private key of work certificate to data, by signature value, two
Grade certificate and work certificate are combined to SIGNINFO file, decompress the META-INFO catalogue of APK, repack.
In this specification one or more embodiment, the flow instance of sign test can be as shown in Figure 8.
Preset second root certificate " root certificate B " in client i.e. target terminal equipment as shown in the figure uses root first
Certificate B verifies the first root certificate, and whether " root certificate A " as shown in the figure be secondly legal using work certification authentication signature value.
In this specification one or more embodiment, the generating mode example for the certificate that works can be as shown in Figure 9.
Firstly, by server-side provide certificate request file, manufacturer according to certificate request file using oneself private key into
Row is signed and issued, and the certificate signed and issued, that is, the second root certificate are preset in equipment.
Pass in this specification one or more embodiment, between the first root certificate, the second root certificate and work certificate
It is that example can be as shown in Figure 10.
In conclusion certificate chain has two altogether as shown in Figure 10, with the first root certificate and the identical public key of the second root certificate
As tie.
First root certificate and the second root certificate are different what private key signed and issued identical certificate request file,
Second root certificate is preset is used to calibration equipment safety in a device, and the private key of the first root certificate, which is signed and issued, generates work certificate, uses
To guarantee that installation kit is reliable.
Based on examples detailed above and method as depicted in figs. 1 and 2, correspondingly, the embodiment of the present application also provides a kind of storages
Medium is stored thereon with computer program, which realizes above-mentioned method as depicted in figs. 1 and 2 when being executed by processor.Base
In above-mentioned method as shown in Figure 3 and Figure 4, the embodiment of the present application also provides another storage mediums, are stored thereon with computer
Program, the program realize above-mentioned method as shown in Figure 3 and Figure 4 when being executed by processor.
Based on this understanding, the technical solution of the application can be embodied in the form of software products, which produces
Product can store in a non-volatile memory medium (can be CD-ROM, USB flash disk, mobile hard disk etc.), including some instructions
With so that computer equipment (can be personal computer, server or the network equipment an etc.) execution the application is each
The method of implement scene.
It is above-mentioned in order to realize based on above-mentioned method as depicted in figs. 1 and 2 and virtual bench embodiment shown in fig. 5
Purpose, the embodiment of the present application also provides a kind of client devices, are specifically as follows personal computer, tablet computer, intelligent hand
Machine, smartwatch, Intelligent bracelet, POS terminal or other network equipments etc., which includes storage medium and processor;Storage
Medium, for storing computer program;Processor realizes above-mentioned side as depicted in figs. 1 and 2 for executing computer program
Method.
It is above-mentioned in order to realize based on above-mentioned method as shown in Figure 3 to Figure 4 and virtual bench embodiment shown in fig. 6
Purpose, the embodiment of the present application also provides a kind of server apparatus, are specifically as follows personal computer, server, the network equipment
Deng the server apparatus includes storage medium and processor;Storage medium, for storing computer program;Processor, for holding
Row computer program is above-mentioned such as Fig. 7 to method shown in Fig. 8 to realize.
Optionally, above two entity device all can also include user interface, network interface, camera, radio frequency
(Radio Frequency, RF) circuit, sensor, voicefrequency circuit, WI-FI module etc..User interface may include display screen
(Display), input unit such as keyboard (Keyboard) etc., optional user interface can also connect including USB interface, card reader
Mouthful etc..Network interface optionally may include standard wireline interface and wireless interface (such as WI-FI interface).
It will be understood by those skilled in the art that the entity of a kind of client device and server apparatus provided in this embodiment
Device structure does not constitute the restriction to both entity devices, may include more or fewer components, or combination is certain
Component or different component layouts.
It can also include operating system, network communication module in storage medium.Operating system is the above-mentioned two entity of management
The program of device hardware and software resource supports the operation of message handling program and other softwares and/or program.Network communication
Module for realizing the communication between each component in storage medium inside, and with other hardware in information processing entities equipment and soft
It is communicated between part.
Based on above content, further, the embodiment of the present application also provides a kind of application installation safe processing system,
As shown in figure 11, which includes client device 71, server apparatus 72;
Wherein, client device 71 can be used for executing method as depicted in figs. 1 and 2, and server apparatus 72 can be used for holding
Row method as shown in Figure 3 and Figure 4.
Specifically, server apparatus 72, can be used for being signed using work certificate is corresponding with installation bag data, be signed
Signing messages, the work certificate and the first root certificate, are then combined by name information, generate signature file, by signature text
Part is added in application installation package, issues the application installation package, so as to before device downloads install the application installation package,
According to the signing messages, the work certificate, first root certificate and the second root certificate for being preset in the equipment into
Row safety check.
Client device 71 can be used for downloading to the application installation package of the publication of server apparatus 72 and installing it at it
Before, the signature file in application installation package is obtained, is demonstrate,proved according to the first root certificate and the second root certificate being preset in equipment
If the verifying of book chain is verified by certificate chain, if verifying by certificate chain, sign test is carried out to signing messages using work certificate, if
Sign test passes through, then triggers installation instruction of the application installation package in the equipment.
Through the above description of the embodiments, those skilled in the art can be understood that the application can borrow
It helps software that the mode of necessary general hardware platform is added to realize, hardware realization can also be passed through.Pass through the skill of application the application
Art scheme, compared with current existing way, disposably equipment end be pre-configured with official's certificate reach verifying application put things right once and for all;
It networks preset with white list, application and equipment is invaded less, maintenance is simple without equipment on-line;Application is added in application installation
The process of signature verification so that equipment can only install the application in official's application shop, and then guarantees the safety of application installation.
It will be appreciated by those skilled in the art that the accompanying drawings are only schematic diagrams of a preferred implementation scenario, module in attached drawing or
Process is not necessarily implemented necessary to the application.It will be appreciated by those skilled in the art that the mould in device in implement scene
Block can according to implement scene describe be distributed in the device of implement scene, can also carry out corresponding change be located at be different from
In one or more devices of this implement scene.The module of above-mentioned implement scene can be merged into a module, can also be into one
Step splits into multiple submodule.
Above-mentioned the application serial number is for illustration only, does not represent the superiority and inferiority of implement scene.Disclosed above is only the application
Several specific implementation scenes, still, the application is not limited to this, and the changes that any person skilled in the art can think of is all
The protection scope of the application should be fallen into.
Claims (10)
1. a kind of security processing of application installation characterized by comprising
The signature file in application installation package is obtained, includes signing messages, the first root certificate and employee's card in the signature file
Book;
Certificate chain verifying is carried out according to first root certificate and the second root certificate being preset in equipment;
If verifying by certificate chain, sign test is carried out to the signing messages using the work certificate;
If sign test passes through, installation instruction of the application installation package in the equipment is triggered.
2. the method according to claim 1, wherein described according to first root certificate and being preset in equipment
The second root certificate carry out certificate chain verifying, specifically include:
Obtain the corresponding manufacturer's root certificate of the equipment;
Second root certificate is verified using manufacturer's root certificate;
If second root certificate compares the public key that second root certificate and the first root certificate include by verifying;
If the public key is identical, it is determined that verified by certificate chain.
3. a kind of security processing of application installation characterized by comprising
It is signed using work certificate is corresponding with installation bag data, obtains signing messages;
The signing messages, the work certificate and the first root certificate are combined, signature file is generated;
The signature file is added in application installation package;
Issue the application installation package, so as to before device downloads install the application installation package, according to the signing messages,
The work certificate, first root certificate and the second root certificate being preset in the equipment carry out safety check.
4. a kind of secure processing device of application installation characterized by comprising
First obtains module, and for obtaining the signature file in application installation package, signing messages, the are included in the signature file
One root certificate and work certificate;
First authentication module is tested for carrying out certificate chain according to first root certificate and the second root certificate being preset in equipment
Card;
Second authentication module, if being verified for the first authentication module by certificate chain, using the work certificate to the label
Name information carries out sign test;
Module is installed and triggers peace of the application installation package in the equipment if passing through for the second authentication module sign test
Dress instruction.
5. a kind of secure processing device of application installation characterized by comprising
Signature blocks obtain signing messages for being signed using work certificate is corresponding with installation bag data;
Composite module generates signature text for the signing messages, the work certificate and the first root certificate to be combined
Part;
Adding module, for the signature file to be added in application installation package;
Release module, for issuing the application installation package, so as to before device downloads install the application installation package, according to
The signing messages, the work certificate, first root certificate and the second root certificate being preset in the equipment are pacified
Whole school tests.
6. a kind of storage medium, is stored thereon with computer program, which is characterized in that realization when described program is executed by processor
The security processing of application installation described in any one of claims 1 to 2.
7. a kind of client device, including storage medium, processor and storage can be run on a storage medium and on a processor
Computer program, which is characterized in that the processor is realized described in any one of claims 1 to 2 when executing described program
Application installation security processing.
8. a kind of storage medium, is stored thereon with computer program, which is characterized in that realization when described program is executed by processor
The security processing of application installation as claimed in claim 3.
9. a kind of server apparatus, including storage medium, processor and storage can be run on a storage medium and on a processor
Computer program, which is characterized in that the processor realizes application installation as claimed in claim 3 when executing described program
Security processing.
10. a kind of safe processing system of application installation characterized by comprising client device as claimed in claim 7
With server apparatus as claimed in claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910471749.7A CN110362990A (en) | 2019-05-31 | 2019-05-31 | Using the security processing of installation, apparatus and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910471749.7A CN110362990A (en) | 2019-05-31 | 2019-05-31 | Using the security processing of installation, apparatus and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110362990A true CN110362990A (en) | 2019-10-22 |
Family
ID=68215001
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910471749.7A Pending CN110362990A (en) | 2019-05-31 | 2019-05-31 | Using the security processing of installation, apparatus and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110362990A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111291369A (en) * | 2020-01-20 | 2020-06-16 | 北京无限光场科技有限公司 | Information detection method and electronic equipment |
| CN111324887A (en) * | 2020-02-25 | 2020-06-23 | 广东天波信息技术股份有限公司 | Installation control method and device for application program |
| CN111723365A (en) * | 2020-06-30 | 2020-09-29 | 湖北亿咖通科技有限公司 | Method and equipment for installing application program in vehicle-mounted information entertainment system |
| CN112134711A (en) * | 2020-09-24 | 2020-12-25 | 深圳市捷诚技术服务有限公司 | Safety verification method and device for APK signature information and POS machine |
| CN112328279A (en) * | 2020-11-02 | 2021-02-05 | 宁波和利时信息安全研究院有限公司 | System firmware file upgrading method, device and system |
| CN112929871A (en) * | 2019-12-05 | 2021-06-08 | 上海艾拉比智能科技有限公司 | OTA upgrade package acquisition method, electronic device and storage medium |
| CN113721965A (en) * | 2021-08-02 | 2021-11-30 | 国创移动能源创新中心(江苏)有限公司 | Charging pile upgrading method based on safety firmware |
| CN114499891A (en) * | 2022-03-21 | 2022-05-13 | 宁夏凯信特信息科技有限公司 | Signature server system and signature verification method |
| WO2023142852A1 (en) * | 2022-01-27 | 2023-08-03 | 上海商米科技集团股份有限公司 | Method for controlling application program installation permissions in device, and control system |
| CN117633906A (en) * | 2023-11-14 | 2024-03-01 | 国网上海能源互联网研究院有限公司 | Credibility verification method for validity of intelligent fusion terminal of transformer area |
| CN113721965B (en) * | 2021-08-02 | 2024-05-03 | 国创移动能源创新中心(江苏)有限公司 | Upgrading method of charging pile based on safety firmware |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130227688A1 (en) * | 2012-02-24 | 2013-08-29 | Samsung Electronics Co. Ltd. | Method and apparatus for detecting tampered application |
| CN106355081A (en) * | 2016-09-07 | 2017-01-25 | 深圳市新国都支付技术有限公司 | Android program start verification method and device |
| CN107241688A (en) * | 2017-06-14 | 2017-10-10 | 北京小米移动软件有限公司 | Signature, verification method, device and the storage medium of application installation package |
| CN107615292A (en) * | 2015-11-06 | 2018-01-19 | 华为国际有限公司 | For the system and method for the installation for managing the application package for needing excessive risk authority to access |
| CN107769924A (en) * | 2017-09-11 | 2018-03-06 | 福建新大陆支付技术有限公司 | Verify the method and system of POS APK signatures |
-
2019
- 2019-05-31 CN CN201910471749.7A patent/CN110362990A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130227688A1 (en) * | 2012-02-24 | 2013-08-29 | Samsung Electronics Co. Ltd. | Method and apparatus for detecting tampered application |
| CN107615292A (en) * | 2015-11-06 | 2018-01-19 | 华为国际有限公司 | For the system and method for the installation for managing the application package for needing excessive risk authority to access |
| CN106355081A (en) * | 2016-09-07 | 2017-01-25 | 深圳市新国都支付技术有限公司 | Android program start verification method and device |
| CN107241688A (en) * | 2017-06-14 | 2017-10-10 | 北京小米移动软件有限公司 | Signature, verification method, device and the storage medium of application installation package |
| CN107769924A (en) * | 2017-09-11 | 2018-03-06 | 福建新大陆支付技术有限公司 | Verify the method and system of POS APK signatures |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112929871A (en) * | 2019-12-05 | 2021-06-08 | 上海艾拉比智能科技有限公司 | OTA upgrade package acquisition method, electronic device and storage medium |
| CN111291369B (en) * | 2020-01-20 | 2022-05-20 | 北京无限光场科技有限公司 | Information detection method and electronic equipment |
| CN111291369A (en) * | 2020-01-20 | 2020-06-16 | 北京无限光场科技有限公司 | Information detection method and electronic equipment |
| CN111324887A (en) * | 2020-02-25 | 2020-06-23 | 广东天波信息技术股份有限公司 | Installation control method and device for application program |
| CN111723365A (en) * | 2020-06-30 | 2020-09-29 | 湖北亿咖通科技有限公司 | Method and equipment for installing application program in vehicle-mounted information entertainment system |
| CN112134711A (en) * | 2020-09-24 | 2020-12-25 | 深圳市捷诚技术服务有限公司 | Safety verification method and device for APK signature information and POS machine |
| CN112134711B (en) * | 2020-09-24 | 2021-05-07 | 深圳市捷诚技术服务有限公司 | Safety verification method and device for APK signature information and POS machine |
| CN112328279A (en) * | 2020-11-02 | 2021-02-05 | 宁波和利时信息安全研究院有限公司 | System firmware file upgrading method, device and system |
| CN113721965A (en) * | 2021-08-02 | 2021-11-30 | 国创移动能源创新中心(江苏)有限公司 | Charging pile upgrading method based on safety firmware |
| CN113721965B (en) * | 2021-08-02 | 2024-05-03 | 国创移动能源创新中心(江苏)有限公司 | Upgrading method of charging pile based on safety firmware |
| WO2023142852A1 (en) * | 2022-01-27 | 2023-08-03 | 上海商米科技集团股份有限公司 | Method for controlling application program installation permissions in device, and control system |
| CN114499891A (en) * | 2022-03-21 | 2022-05-13 | 宁夏凯信特信息科技有限公司 | Signature server system and signature verification method |
| CN117633906A (en) * | 2023-11-14 | 2024-03-01 | 国网上海能源互联网研究院有限公司 | Credibility verification method for validity of intelligent fusion terminal of transformer area |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110362990A (en) | Using the security processing of installation, apparatus and system | |
| US10164963B2 (en) | Enforcing server authentication based on a hardware token | |
| WO2017177383A1 (en) | Remote management method and device | |
| US8495383B2 (en) | Method for the secure storing of program state data in an electronic device | |
| CN107743067B (en) | Method, system, terminal and storage medium for issuing digital certificate | |
| US20100332848A1 (en) | System and method for code signing | |
| US9559737B2 (en) | Telecommunications chip card | |
| CN103503366A (en) | Managing data for authentication devices | |
| US9954900B2 (en) | Automating the creation and maintenance of policy compliant environments | |
| JP7235930B2 (en) | Methods and apparatus, electronic devices, storage media and computer programs for processing data requests | |
| CN108710500A (en) | Resource issuing method, update method and device | |
| JP2004280284A (en) | Control processor, electronic equipment, and program starting method for electronic equipment, and system module updating method for electronic equipment | |
| CN110381075B (en) | Block chain-based equipment identity authentication method and device | |
| CN104426658A (en) | Method and device for performing identity authentication on application on mobile terminal | |
| CN109982150B (en) | Trust chain establishing method of intelligent television terminal and intelligent television terminal | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| WO2014206171A1 (en) | Public key cryptography processing method, device and system | |
| CN102594568A (en) | Method for ensuring safety of mobile equipment software mirror image based on multilevel digital certificate | |
| CN111669434A (en) | Method, system, device and equipment for establishing communication group | |
| CN115130075A (en) | Digital signature method and device, electronic equipment and storage medium | |
| CN115296807B (en) | Key generation method, device and equipment for preventing industrial control network viruses | |
| CN110825815A (en) | Cloud note system information processing method, equipment and medium based on block chain | |
| CN109995534B (en) | Method and device for carrying out security authentication on application program | |
| CN115801281A (en) | Authorization method, electronic device, and computer-readable storage medium | |
| KR101581663B1 (en) | Authentication and non-repudiation method and system using trusted third party |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191022 |