CN110581833A - Service security protection method and device - Google Patents

Service security protection method and device Download PDF

Info

Publication number
CN110581833A
CN110581833A CN201810595894.1A CN201810595894A CN110581833A CN 110581833 A CN110581833 A CN 110581833A CN 201810595894 A CN201810595894 A CN 201810595894A CN 110581833 A CN110581833 A CN 110581833A
Authority
CN
China
Prior art keywords
application
application program
cloud server
authentication
integrity verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810595894.1A
Other languages
Chinese (zh)
Other versions
CN110581833B (en
Inventor
曹鹏
赵自超
王姗姗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongchang (hangzhou) Information Technology Co Ltd
China Mobile Communications Group Co Ltd
Original Assignee
Zhongchang (hangzhou) Information Technology Co Ltd
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongchang (hangzhou) Information Technology Co Ltd, China Mobile Communications Group Co Ltd filed Critical Zhongchang (hangzhou) Information Technology Co Ltd
Priority to CN201810595894.1A priority Critical patent/CN110581833B/en
Publication of CN110581833A publication Critical patent/CN110581833A/en
Application granted granted Critical
Publication of CN110581833B publication Critical patent/CN110581833B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

the invention relates to the technical field of mobile internet service security, in particular to a service security protection method and device. The method comprises the following steps: receiving a service request initiated by an application program, and initiating an identity authentication request to the application program, wherein a security code is embedded in the application program; receiving an authentication certificate sent by an application program, performing identity authentication on the application program, and initiating a corresponding application integrity verification request to the application program based on the application environment of the application program when the identity authentication is determined to pass, wherein the authentication certificate is generated by the application program based on a terminal identifier for deploying the application program, and a plurality of application integrity verification strategies of different security levels associated with the application environment of any application program are set for any application program; performing integrity verification on the application program based on the application fingerprint sent by the application program according to the application integrity verification request; and the cloud server performs business interaction with the application program when the integrity verification is determined to pass.

Description

service security protection method and device
Technical Field
the invention relates to the technical field of mobile internet service security, in particular to a service security protection method and device.
background
with the rapid development of the mobile internet technology and the rapid popularization of intelligent terminals, mobile internet services are emerging, and mobile internet services have penetrated into various industries, which greatly promotes the development of national economy. While the mobile internet has grown in size in terms of networks, customers, and services, it is necessary to ensure security protection of mobile internet services.
in the prior art, a security protection scheme for a mobile internet service is as follows: in the Development stage of the application, a security Software Development Kit (SDK) is embedded into the application, the security SDK is used to implement corresponding functions such as identity authentication, and an application fingerprint is verified by using an application fingerprint preset for the whole application package or a designated code, so as to ensure the security of the application and ensure the security of the mobile internet service.
However, by locally performing corresponding security authentication on the application at the mobile terminal, there is a risk of being cracked and decompiled and tampered, the preset application fingerprint verification policy cannot be adjusted, and the security protection policy of the corresponding security authentication is implemented by embedding a security SDK in the application development process, for a developer, the size, development period, and development cost of the security SDK need to be considered.
disclosure of Invention
The embodiment of the invention aims to provide a service security protection method and a service security protection device, which are used for solving the problems that in the prior art, an application program is easy to crack and decompiled and falsified, and an application fingerprint verification strategy cannot be flexibly adjusted.
the specific technical scheme provided in the embodiment of the invention is as follows:
In a first aspect, the present invention provides a service security protection method, which is applied to a cloud server side, and the service security protection method includes:
The method comprises the steps that a cloud server receives a service request initiated by an application program, and initiates an identity authentication request to the application program based on the service request, wherein the application program is embedded with a security code after code reinforcement processing;
the cloud server receives an authentication certificate which is sent by the application program and generated based on the identity authentication request, performs identity authentication on the application program based on the authentication certificate, and initiates a corresponding application integrity verification request to the application program based on the application environment of the application program when the identity authentication is determined to pass, wherein the authentication certificate is generated by the application program based on a terminal identifier for deploying the application program, and a plurality of application integrity verification strategies with different security levels which are associated with the application environment of any application program are set for any application program;
the cloud server carries out application integrity verification on the application program based on the application fingerprint sent by the application program according to the application integrity verification request;
and the cloud server performs service interaction with the application program when determining that the application integrity passes the verification.
optionally, the code reinforcement is performed on the application program, and the step of embedding the security code includes:
Submitting the developed target application program to a reinforcement platform to trigger the reinforcement platform to embed a security code into the target application program, wherein the reinforcement platform is a third-party platform, or the reinforcement platform is integrated in the cloud server.
Optionally, the step of embedding the security code into the target application includes:
performing decompiling processing on the installation package of the target application program to obtain a corresponding application configuration file and an application starting file;
determining a target position of an application starting file, into which a safety code is injected, based on the application configuration file, and injecting a preset safety code into the target position, wherein the target position is an application activity which is displayed first when the target application program is started;
And packaging the application starting file and the application configuration file which are injected with the security codes.
optionally, the step of setting a plurality of application integrity verification policies of different security levels associated with the application environment of any application program for any application program in advance includes:
Setting a corresponding application fingerprint aiming at the key code of any application program, and setting a verification strategy for verifying the application fingerprint corresponding to the key code of any application program as an application integrity verification strategy with a low security level;
Setting corresponding application fingerprints aiming at the key codes and the whole application packages of any application program, and setting a verification strategy for verifying the key codes and the whole application packages of any application program to be an application integrity verification strategy of a middle security level;
and aiming at the key codes of any application program, setting corresponding application fingerprints by applying the whole package and the signature of the developer, and setting a verification strategy for verifying the key codes of any application program, the application fingerprint corresponding to the whole package and the signature of the developer as an application integrity verification strategy with high security level.
In a second aspect, the present invention provides a service security protection method, which is applied to a terminal side, and the service aversion protection method includes:
An application program initiates a service request to a cloud server, wherein the application program is embedded with a security code after code reinforcement processing;
The method comprises the steps that an application program receives an identity authentication request initiated by a cloud server based on a service request, generates a corresponding authentication certificate based on the identity authentication request, and sends the authentication certificate to the cloud server so as to trigger the cloud server to perform identity authentication on the application program based on the authentication certificate, and initiates a corresponding application integrity verification request to the application program based on an application environment of the application program when the identity authentication is determined to pass, wherein the authentication certificate is generated by the application program based on a terminal identifier for deploying the application program;
When the application program determines that the identity authentication is passed and receives an application integrity verification request sent by the cloud server based on the application environment of the application program, the application program sends a corresponding application fingerprint to the cloud server to trigger the cloud server to perform application integrity verification on the application program based on the application fingerprint, wherein a plurality of application integrity verification strategies with different security levels associated with the application environment of any application program are set for any application program;
And when the application program determines that the application integrity passes the verification, the application program performs service interaction with the cloud server.
optionally, the step of generating a corresponding authentication credential based on the identity authentication request, and sending the authentication credential to the cloud server to trigger the cloud server to perform identity authentication on the application program based on the authentication credential includes:
The method comprises the steps that a security component of an application program obtains corresponding authentication parameters from a cloud server;
The security component of the application program generates a corresponding authentication certificate by adopting a related algorithm based on the authentication parameter and a terminal identifier for uniquely identifying the terminal for deploying the application program;
The security component of the application sends the authentication credentials to the cloud server to trigger the cloud server to: and verifying the authentication certificate according to the related algorithm so as to authenticate the identity of the application program.
in a third aspect, the present invention provides a service security protection device, including:
The system comprises a first receiving unit, a second receiving unit and a third receiving unit, wherein the first receiving unit is used for receiving a service request initiated by an application program and initiating an identity authentication request to the application program based on the service request, and the application program is embedded with a security code after code reinforcement processing;
a second receiving unit, configured to receive an authentication credential sent by the application program and generated based on the authentication request, perform authentication on the application program based on the authentication credential, and initiate a corresponding application integrity verification request to the application program based on an application environment of the application program when it is determined that the authentication passes, where the authentication credential is generated by the application program based on a terminal identifier that deploys the application program, and a plurality of application integrity verification policies of different security levels associated with the application environment of any application program are set for any application program;
The verification unit is used for carrying out application integrity verification on the application program based on the application fingerprint sent by the application program according to the application integrity verification request;
and the service interaction unit is used for performing service interaction with the application program when the application integrity verification is determined to pass.
optionally, the code reinforcement is performed on the application program, and the step of embedding the security code includes:
submitting the developed target application program to a reinforcement platform to trigger the reinforcement platform to embed a security code into the target application program, wherein the reinforcement platform is a third-party platform, or the reinforcement platform is integrated in the cloud server.
Optionally, the step of embedding the security code into the target application includes:
Performing decompiling processing on the installation package of the target application program to obtain a corresponding application configuration file and an application starting file;
determining a target position of an application starting file, into which a safety code is injected, based on the application configuration file, and injecting a preset safety code into the target position, wherein the target position is an application activity which is displayed first when the target application program is started;
and packaging the application starting file and the application configuration file which are injected with the security codes.
optionally, the step of setting a plurality of application integrity verification policies of different security levels associated with the application environment of any application program for any application program in advance includes:
Setting a corresponding application fingerprint aiming at the key code of any application program, and setting a verification strategy for verifying the application fingerprint corresponding to the key code of any application program as an application integrity verification strategy with a low security level;
setting corresponding application fingerprints aiming at the key codes and the whole application packages of any application program, and setting a verification strategy for verifying the key codes and the whole application packages of any application program to be an application integrity verification strategy of a middle security level;
And aiming at the key codes of any application program, setting corresponding application fingerprints by applying the whole package and the signature of the developer, and setting a verification strategy for verifying the key codes of any application program, the application fingerprint corresponding to the whole package and the signature of the developer as an application integrity verification strategy with high security level.
in a fourth aspect, the present invention provides a service security protection device, including:
The system comprises an initiating unit, a processing unit and a processing unit, wherein the initiating unit is used for initiating a service request to a cloud server, and the application program is embedded with a security code after code reinforcement processing;
a first receiving unit, configured to receive an identity authentication request initiated by the cloud server based on the service request, generate a corresponding authentication credential based on the identity authentication request, and send the authentication credential to the cloud server, so as to trigger the cloud server to perform identity authentication on the application program based on the authentication credential, and initiate a corresponding application integrity verification request to the application program based on an application environment of the application program when it is determined that the identity authentication passes, where the authentication credential is generated by the application program based on a terminal identifier for deploying the application program;
The second receiving unit is used for sending corresponding application fingerprints to the cloud server to trigger the cloud server to perform application integrity verification on the application programs based on the application fingerprints when the identity authentication is determined to be passed and an application integrity verification request sent by the cloud server based on the application environments of the application programs is received, wherein a plurality of application integrity verification strategies with different safety levels associated with the application environments of any application program are set for any application program;
And the service interaction unit is used for performing service interaction with the cloud server when the application integrity verification is determined to pass.
Optionally, the step of generating a corresponding authentication credential based on the identity authentication request, and sending the authentication credential to the cloud server to trigger the cloud server to perform identity authentication on the application program based on the authentication credential includes:
The method comprises the steps that a security component of an application program obtains corresponding authentication parameters from a cloud server;
the security component of the application program generates a corresponding authentication certificate by adopting a related algorithm based on the authentication parameter and a terminal identifier for uniquely identifying the terminal for deploying the application program;
the security component of the application sends the authentication credentials to the cloud server to trigger the cloud server to: and verifying the authentication certificate according to the related algorithm so as to authenticate the identity of the application program.
in a fifth aspect, the present invention provides a computing device comprising:
A memory for storing program instructions;
and a processor, configured to call the program instructions stored in the memory, and execute any one of the methods according to the first aspect according to the obtained program.
In a sixth aspect, the present invention provides a computer storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of any one of the first aspects.
In a seventh aspect, the present invention provides a computing device comprising:
a memory for storing program instructions;
And the processor is used for calling the program instructions stored in the memory and executing any method in the second aspect according to the obtained program.
In an eighth aspect, the present invention provides a computer storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of any of the second aspects.
the invention has the following beneficial effects:
in summary, in the embodiment of the present invention, a cloud server receives a service request initiated by an application program, and initiates an identity authentication request to the application program based on the service request, where the application program is an application program embedded with a security code after code reinforcement processing; the cloud server receives an authentication certificate which is sent by the application program and generated based on the identity authentication request, performs identity authentication on the application program based on the authentication certificate, and initiates a corresponding application integrity verification request to the application program based on the application environment of the application program when the identity authentication is determined to pass, wherein the authentication certificate is generated by the application program based on a terminal identifier for deploying the application program, and a plurality of application integrity verification strategies with different security levels which are associated with the application environment of any application program are set for any application program; the cloud server carries out application integrity verification on the application program based on the application fingerprint sent by the application program according to the application integrity verification request; and the cloud server performs service interaction with the application program when determining that the application integrity passes the verification.
by adopting the service safety protection method, the safety code is embedded into the application in a code reinforcement mode without perception, and linkage verification is carried out on the cloud server, so that the service safety protection level is improved, the risk that an illegal user which is falsified/decompiled accesses the cloud server is reduced, application integrity verification strategies with different safety levels are set for the application, the requirements of the application in different application environments are met, and a developer can conveniently realize the service safety protection strategy.
drawings
fig. 1 is a detailed flowchart of a service security protection method according to an embodiment of the present invention;
FIG. 2 is a detailed flowchart of code hardening processing performed on an application according to an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating a method for injecting a security code into an application startup file according to an embodiment of the present invention;
FIG. 4 is a diagram illustrating an application integrity verification policy for different security levels in an embodiment of the present invention;
Fig. 5 is a schematic flowchart illustrating an identity authentication process between an application and a cloud server according to an embodiment of the present invention;
Fig. 6 is a detailed flowchart of another service security protection method in the embodiment of the present invention;
Fig. 7 is a schematic flowchart illustrating data interaction between an application and a cloud server according to an embodiment of the present invention;
Fig. 8 is a schematic structural diagram of a service security protection device in an embodiment of the present invention;
Fig. 9 is a schematic structural diagram of another service security protection device in the embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
first, the term "and" in the embodiment of the present invention is only one kind of association relationship describing an associated object, and indicates that three relationships may exist, for example, a and B may indicate: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
when the invention is referred to as "first", "second", "third" or "fourth", etc., ordinal terms, it should be understood that they are used for distinguishing only if they are actually used to express the order in context.
the scheme of the present invention will be described in detail by way of specific examples, but the present invention is not limited to the following examples.
Exemplarily, referring to fig. 1, a detailed flow of a service security protection method in an embodiment of the present invention is as follows:
step 100: the cloud server receives a service request initiated by an application program, and initiates an identity authentication request to the application program based on the service request, wherein the application program is based on an application program embedded with a security code after code reinforcement processing.
in the embodiment of the invention, after the application program is developed and before the application program is tested and released, code reinforcement is required to be carried out on the application program, wherein the code reinforcement means that a code embedding technology is utilized to inject a security code into a source code of the application program. In the embodiment of the invention, the code reinforcement is carried out on the application program, and the step of embedding the security code comprises the following steps: and submitting the developed target application program to a reinforcement platform so as to trigger the reinforcement platform to embed the security code into the target application program, wherein the reinforcement platform is a third-party platform, or the reinforcement platform is integrated in the cloud server.
illustratively, referring to fig. 2, a detailed flow of the code hardening process for the application program is shown. Firstly, a developer submits a developed application to a reinforced platform; then, the reinforcing platform embeds the security code into the application; finally, the developer obtains the application program embedded with the safety code, and can perform subsequent test release.
Specifically, in the embodiment of the present invention, the step of embedding the security code into the target application includes: performing decompiling processing on the installation package of the target application program to obtain a corresponding application configuration file and an application starting file; determining a target position for injecting a safety code into the application starting file based on the application configuration file, and injecting a preset safety code into the target position, wherein the target position is an application activity which is displayed firstly when the target application program is started; and packaging the application starting file injected with the security code and the application configuration file.
in practical application, the reinforcement platform performs code reinforcement on the application program to be reinforced, and the step of embedding the security code may include the following steps:
the first step is as follows: and performing decompiling processing on the application program to be reinforced to obtain a corresponding application configuration file and an application starting file.
Optionally, the application to be consolidated is provided by a developer, and the consolidation platform performs decompiling processing on the installation package of the application to be consolidated by using a decompiling tool Apltool or a bakamali tool to obtain a corresponding application configuration file (e.g., android manifest. xml) and an application startup file (smali folder). And the smali is a format code compiled by the Dalvik code of the android virtual machine.
the second step is that: and determining the injection position of the safety code from the application starting file according to the application configuration file.
Optionally, since the usage scenario of the secure SDK is generally a security check scenario (e.g., application identity authentication, application fingerprint check, data acquisition, etc.), the earlier these functions are invoked, the more beneficial the user can be to discriminate whether the application program is legal, and protect the safe use of the service. Then, the desired information can be obtained from the application configuration file android manifest. Acquiring first Activity started from Launcher from an application configuration file android manifest.xml; the feature value < action > < category > in the code < intent-filter > determines the only Activity in android manifest.
The third step: and integrating the SDK capability, and outputting the SDK file into a dex format by using a dx tool.
for example, a dx-dex-output ═ xxx.dex xxxx.jar/xxx.dex output file xxxx.jar SDK file; and then decompiling the dex file into a needed smal file (wherein bakmali is needed).
for example, Baksamli. jar-o out xxx. dex/out is the smali output path.
The above two steps result in a smali file decompiled by the SDK. These files are integrated into the xml folder of the source package decompilation, and the integration capability is prepared.
security code injection is performed from the entry class file (e.g., demoactivity. smal) obtained in the second step. The Activity lifecycle has an onCreate method, and conversion of the smali grammar is carried out aiming at the SDK interface method.
general calling method calls such as: Lpackage/name/ObjectName; - > MethodName (III) Z, Lpackage/name/ObjectName; indicating the type, MethodName is the name of the method. III is a parameter (here 3 integer parameters) and Z is a return type (pool type). Or performing decompiling on the SDK interface as demo to obtain a key smali calling statement. Authentication, fingerprint verification as in this example may be injected from the onCreate method. If there is no onCreate method, the following injection code is used to implement the onCreate method that inherits the parent class, as shown, for example, in FIG. 3. The LPAccageName/app/BaseActivity is expressed as a parent class of the Activity, and an SDK interface method smali statement is also inserted below local. The SDK method is not limited to the onCreate method, and other execution flows may be implemented as long as the SDK method is combined with the relevant SDK execution flow to inject the relevant location. The lib and assets and other files included in the SDK can be updated in this section.
And after the steps are executed, packing again by using Apktool.
For example, java-jar apktool. jar b demo/demo decompilated folder.
the repackaged application can be subjected to security authentication, so that a developer can have the SDK capability and the shell protection without any work.
further, in the embodiment of the present invention, the step of setting, in advance, a plurality of application integrity verification policies of different security levels associated with the application environment of any application program for the application program includes: setting a corresponding application fingerprint aiming at the key code of any application program, and setting a verification strategy for verifying the application fingerprint corresponding to the key code of any application program as an application integrity verification strategy with a low security level; setting corresponding application fingerprints aiming at the key codes and the whole application packages of any application program, and setting a verification strategy for verifying the key codes and the whole application packages of any application program to be an application integrity verification strategy with a medium security level; and aiming at the key codes of any application program, setting corresponding application fingerprints by applying the whole package and the signature of the developer, and setting a verification strategy for verifying the key codes of any application program, the application fingerprint corresponding to the whole package and the signature of the developer as an application integrity verification strategy with high security level.
in practical application, after the cloud server performs identity authentication on an application program and passes the identity authentication, the cloud server also needs to verify the integrity of the application, that is, perform application fingerprint verification. The application integrity protection aims to prevent the application from being illegally tampered by an attacker, and the main principle is based on a fingerprint verification mechanism, namely the application fingerprint is stored when the application is online, the application fingerprint is extracted during the operation of the application to perform integrity verification, and the application is confirmed to be not tampered. Based on an application integrity verification mechanism, the embodiment of the invention provides application integrity verification strategies with different security levels aiming at developers and channel parties with different credit levels, and provides corresponding flexibility for users on the premise of ensuring security. And in the application use stage, the security module performs corresponding integrity check and configuration according to the application integrity verification strategy of the corresponding security level. Preferably, as described with reference to fig. 4, in the embodiment of the present invention, the application integrity verification policy is provided at three levels, i.e., high, medium, and low, according to different practical application environments of the application.
step 110: the cloud server receives an authentication certificate which is sent by the application program and generated based on the identity authentication request, performs identity authentication on the application program based on the authentication certificate, and initiates a corresponding application integrity verification request to the application program based on the application environment of the application program when the identity authentication is determined to pass, wherein the authentication certificate is generated by the application program based on a terminal identifier for deploying the application program, and a plurality of application integrity verification strategies with different security levels which are associated with the application environment of any application program are set for any application program.
in particular, the application in which the security code is embedded may include a security component that, when first used, applying for an authentication parameter (Seed) from a cloud server through an initialization process, wherein the authentication parameter is generated by a security module of the cloud server, a security component of an application program binds the acquired authentication parameter with a terminal identifier for deploying the application program, before the security component performs service interaction with the cloud server, the security component of the application program samples a related algorithm according to the authentication parameter and the terminal identifier to generate a required authentication certificate (Token) and sends the required authentication certificate to the cloud server, the cloud server verifies the received authentication certificate according to the same authentication parameter and algorithm, only after the authentication certificate is confirmed to pass verification, and determining that the identity authentication of the application program passes, and only a legal application program can access the cloud server. Therefore, the authentication parameters of the same application program deployed on different terminals are ensured to be different, and even if the authentication parameters of the application program on one terminal are cracked, other terminals deployed with the application program cannot be influenced to use the application program. In addition, the authentication credential can be set to be valid for single verification, so that the risk that an illegal application program accesses the cloud server by using the authentication credential because the authentication credential is intercepted by an attacker in network transmission can be prevented. For example, referring to fig. 5, in the embodiment of the present invention, a schematic flowchart of an identity authentication performed by an application program is shown.
step 120: and the cloud server performs application integrity verification on the application program based on the application fingerprint sent by the application program according to the application integrity verification request.
since the application integrity verification policies of different security levels are set for the application program, the application integrity verification required by the application integrity verification of the application program can be completed according to the currently set application integrity policy, and corresponding application integrity verification is executed.
For example, if an application integrity verification policy 1 with a lower security level (the policy 1 only needs to verify the fingerprint of the key code of the application), an application integrity verification policy 2 with a middle security level (the policy 2 needs to verify the key code of the application and the fingerprint of the whole application package) and an application integrity verification policy 3 with a higher security level (the policy 3 needs to verify the key code of the application, the whole application package and the fingerprint signed by the developer) are set in advance for the application program 1, then if the integrity policy currently set for the application program 1 is the application integrity verification policy 1, the cloud server initiates application integrity verification that the verification strategy is an application integrity verification strategy 1 to the application program, the application program sends the application fingerprint 1 corresponding to the key code to the cloud server, and the cloud server performs integrity verification on the application program according to the received application fingerprint 1; if the integrity policy set for the application program 1 is the application integrity verification policy 3, the cloud server initiates application integrity verification that the verification policy is the application integrity verification policy 3 to the application program, the application program sends the key code, the application package and the application fingerprint 2 corresponding to the developer signature to the cloud server, and the cloud server performs integrity verification on the application program according to the received application fingerprint 2.
step 130: and the cloud server performs service interaction with the application program when determining that the application integrity passes the verification.
That is to say, after determining that the application passes the identity authentication and the application integrity verification, the cloud server can determine the validity of the application and can perform service interaction with the valid application.
exemplarily, referring to fig. 6, a detailed flow of a service security protection method according to an embodiment of the present invention is as follows:
step 600: and the application program initiates a service request to the cloud server, wherein the application program is the application program embedded with the security code after the code reinforcement processing.
step 610: the method comprises the steps that an application program receives an identity authentication request initiated by the cloud server based on the service request, generates a corresponding authentication certificate based on the identity authentication request, and sends the authentication certificate to the cloud server to trigger the cloud server to perform identity authentication on the application program based on the authentication certificate, and initiates a corresponding application integrity verification request to the application program based on an application environment of the application program when the identity authentication is determined to pass, wherein the authentication certificate is generated by the application program based on a terminal identifier for deploying the application program.
step 620: when the application program determines that the identity authentication is passed and receives an application integrity verification request sent by the cloud server based on the application environment of the application program, the application program sends corresponding application fingerprints to the cloud server to trigger the cloud server to perform application integrity verification on the application program based on the application fingerprints, wherein a plurality of application integrity verification strategies of different security levels associated with the application environment of any application program are set for any application program.
Step 630: and when the application program determines that the application integrity passes the verification, the application program performs service interaction with the cloud server.
in the embodiment of the present invention, as shown in fig. 7, an application (hereinafter, referred to as an application) embedded with a security code includes an application identity authentication module, an application integrity check module and a business function module, and a cloud service (hereinafter, referred to as a cloud server) includes a business service module and a security service module, so that a detailed flow of a method for performing interaction between an application program and the cloud service is as follows: the method comprises the steps that a business function module of an application embedded with a security code initiates a business request to a business service module of a cloud server, the business service module of the cloud server initiates a security confirmation request to the security service module of the cloud server, the security service module of the cloud server sends an identity authentication request to an application identity authentication module of the application, the application identity authentication module of the application sends identity authentication information to the security service module of the cloud server, the security server module of the cloud server confirms the identity information, if the security service module of the cloud server determines that the identity authentication does not pass, a message that the authentication does not pass is sent to the business service module of the cloud server, and the business service module of the cloud server rejects the business request initiated by the business function module of the application; if the security service module of the cloud server determines that the identity authentication is passed, an application integrity verification request is initiated to the application integrity verification module of the application, the application integrity verification module of the application sends verification fingerprint information to the security service module of the cloud server, the security service module of the cloud server compares the fingerprint information, if the security service module of the cloud server determines that the integrity verification is not passed, a message that the authentication is not passed is sent to the business service module of the cloud server, and the business service module of the cloud server rejects the business request initiated by the business function module of the application; and if the security service module of the cloud server determines that the integrity verification is passed, sending a message that the authentication is passed to a business service module of the cloud server, and performing subsequent business interaction between the business service module of the cloud server and the business function module of the application.
based on the above embodiments, referring to fig. 8, in an embodiment of the present invention, a service security protection device (e.g., a cloud server) includes at least a first receiving unit 80, a second receiving unit 81, an authenticating unit 82, and a service interacting unit 83, wherein,
a first receiving unit 80, configured to receive a service request initiated by an application program, and initiate an identity authentication request to the application program based on the service request, where the application program is an application program that is embedded with a security code after being subjected to code hardening processing;
A second receiving unit 81, configured to receive an authentication credential sent by the application program and generated based on the authentication request, perform authentication on the application program based on the authentication credential, and initiate a corresponding application integrity verification request to the application program based on an application environment of the application program when it is determined that the authentication passes, where the authentication credential is generated by the application program based on a terminal identifier for deploying the application program, and a plurality of application integrity verification policies of different security levels associated with the application environment of any application program are set for any application program;
a verification unit 82, configured to perform application integrity verification on the application program based on the application fingerprint sent by the application program according to the application integrity verification request;
And the service interaction unit 83 is configured to perform service interaction with the application program when it is determined that the application integrity verification passes.
optionally, the code reinforcement is performed on the application program, and the step of embedding the security code includes:
Submitting the developed target application program to a reinforcement platform to trigger the reinforcement platform to embed a security code into the target application program, wherein the reinforcement platform is a third-party platform, or the reinforcement platform is integrated in the cloud server.
Optionally, the step of embedding the security code into the target application includes:
performing decompiling processing on the installation package of the target application program to obtain a corresponding application configuration file and an application starting file;
Determining a target position of an application starting file, into which a safety code is injected, based on the application configuration file, and injecting a preset safety code into the target position, wherein the target position is an application activity which is displayed first when the target application program is started;
And packaging the application starting file and the application configuration file which are injected with the security codes.
Optionally, the step of setting a plurality of application integrity verification policies of different security levels associated with the application environment of any application program for any application program in advance includes:
Setting a corresponding application fingerprint aiming at the key code of any application program, and setting a verification strategy for verifying the application fingerprint corresponding to the key code of any application program as an application integrity verification strategy with a low security level;
Setting corresponding application fingerprints aiming at the key codes and the whole application packages of any application program, and setting a verification strategy for verifying the key codes and the whole application packages of any application program to be an application integrity verification strategy of a middle security level;
and aiming at the key codes of any application program, setting corresponding application fingerprints by applying the whole package and the signature of the developer, and setting a verification strategy for verifying the key codes of any application program, the application fingerprint corresponding to the whole package and the signature of the developer as an application integrity verification strategy with high security level.
Based on the foregoing embodiments, referring to fig. 9, in an embodiment of the present invention, a service security protection device (e.g., a terminal) includes at least an initiating unit 90, a first receiving unit 91, a second receiving unit 92, and a service interacting unit 93, where,
the initiating unit 90 is configured to initiate a service request to a cloud server, where the application is an application embedded with a security code after code reinforcement processing;
A first receiving unit 91, configured to receive an identity authentication request initiated by the cloud server based on the service request, generate a corresponding authentication credential based on the identity authentication request, and send the authentication credential to the cloud server, so as to trigger the cloud server to perform identity authentication on the application program based on the authentication credential, and initiate a corresponding application integrity verification request to the application program based on an application environment of the application program when it is determined that the identity authentication passes, where the authentication credential is generated by the application program based on a terminal identifier for deploying the application program;
a second receiving unit 92, configured to, when it is determined that the identity authentication is passed and an application integrity verification request sent by the cloud server based on an application environment of the application program is received, send a corresponding application fingerprint to the cloud server to trigger the cloud server to perform application integrity verification on the application program based on the application fingerprint, where a plurality of application integrity verification policies of different security levels associated with the application environment of any application program are set for any application program;
and the service interaction unit 93 is configured to perform service interaction with the cloud server when it is determined that the application integrity verification passes.
Optionally, the step of generating a corresponding authentication credential based on the identity authentication request, and sending the authentication credential to the cloud server to trigger the cloud server to perform identity authentication on the application program based on the authentication credential includes:
The method comprises the steps that a security component of an application program obtains corresponding authentication parameters from a cloud server;
The security component of the application program generates a corresponding authentication certificate by adopting a related algorithm based on the authentication parameter and a terminal identifier for uniquely identifying the terminal for deploying the application program;
the security component of the application sends the authentication credentials to the cloud server to trigger the cloud server to: and verifying the authentication certificate according to the related algorithm so as to authenticate the identity of the application program.
in summary, in the embodiment of the present invention, a cloud server receives a service request initiated by an application program, and initiates an identity authentication request to the application program based on the service request, where the application program is an application program embedded with a security code after code reinforcement processing; the cloud server receives an authentication certificate which is sent by the application program and generated based on the identity authentication request, performs identity authentication on the application program based on the authentication certificate, and initiates a corresponding application integrity verification request to the application program based on the application environment of the application program when the identity authentication is determined to pass, wherein the authentication certificate is generated by the application program based on a terminal identifier for deploying the application program, and a plurality of application integrity verification strategies with different security levels which are associated with the application environment of any application program are set for any application program; the cloud server carries out application integrity verification on the application program based on the application fingerprint sent by the application program according to the application integrity verification request; and the cloud server performs service interaction with the application program when determining that the application integrity passes the verification.
by adopting the service safety protection method, the safety code is embedded into the application in a code reinforcement mode without perception, and linkage verification is carried out on the cloud server, so that the service safety protection level is improved, the risk that an illegal user which is falsified/decompiled accesses the cloud server is reduced, application integrity verification strategies with different safety levels are set for the application, the requirements of the application in different application environments are met, and a developer can conveniently realize the service safety protection strategy.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
the present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
these computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made in the embodiments of the present invention without departing from the spirit or scope of the embodiments of the invention. Thus, if such modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to encompass such modifications and variations.

Claims (12)

1. a service security protection method is applied to a cloud server side, and is characterized by comprising the following steps:
The method comprises the steps that a cloud server receives a service request initiated by an application program, and initiates an identity authentication request to the application program based on the service request, wherein the application program is embedded with a security code after code reinforcement processing;
The cloud server receives an authentication certificate which is sent by the application program and generated based on the identity authentication request, performs identity authentication on the application program based on the authentication certificate, and initiates a corresponding application integrity verification request to the application program based on the application environment of the application program when the identity authentication is determined to pass, wherein the authentication certificate is generated by the application program based on a terminal identifier for deploying the application program, and a plurality of application integrity verification strategies with different security levels which are associated with the application environment of any application program are set for any application program;
The cloud server carries out application integrity verification on the application program based on the application fingerprint sent by the application program according to the application integrity verification request;
and the cloud server performs service interaction with the application program when determining that the application integrity passes the verification.
2. The method of claim 1, wherein the application is code hardened, and the step of embedding the security code comprises:
submitting the developed target application program to a reinforcement platform to trigger the reinforcement platform to embed a security code into the target application program, wherein the reinforcement platform is a third-party platform, or the reinforcement platform is integrated in the cloud server.
3. The method of claim 2, wherein the step of embedding a security code into the target application comprises:
Performing decompiling processing on the installation package of the target application program to obtain a corresponding application configuration file and an application starting file;
determining a target position of an application starting file, into which a safety code is injected, based on the application configuration file, and injecting a preset safety code into the target position, wherein the target position is an application activity which is displayed first when the target application program is started;
And packaging the application starting file and the application configuration file which are injected with the security codes.
4. The method of claim 1, wherein the step of setting a plurality of application integrity verification policies of different security levels associated with an application environment of any one application for the any one application in advance comprises:
setting a corresponding application fingerprint aiming at the key code of any application program, and setting a verification strategy for verifying the application fingerprint corresponding to the key code of any application program as an application integrity verification strategy with a low security level;
setting corresponding application fingerprints aiming at the key codes and the whole application packages of any application program, and setting a verification strategy for verifying the key codes and the whole application packages of any application program to be an application integrity verification strategy of a middle security level;
and aiming at the key codes of any application program, setting corresponding application fingerprints by applying the whole package and the signature of the developer, and setting a verification strategy for verifying the key codes of any application program, the application fingerprint corresponding to the whole package and the signature of the developer as an application integrity verification strategy with high security level.
5. a service security protection method is applied to a terminal side, and is characterized by comprising the following steps:
an application program initiates a service request to a cloud server, wherein the application program is embedded with a security code after code reinforcement processing;
The method comprises the steps that an application program receives an identity authentication request initiated by a cloud server based on a service request, generates a corresponding authentication certificate based on the identity authentication request, and sends the authentication certificate to the cloud server so as to trigger the cloud server to perform identity authentication on the application program based on the authentication certificate, and initiates a corresponding application integrity verification request to the application program based on an application environment of the application program when the identity authentication is determined to pass, wherein the authentication certificate is generated by the application program based on a terminal identifier for deploying the application program;
When the application program determines that the identity authentication is passed and receives an application integrity verification request sent by the cloud server based on the application environment of the application program, the application program sends a corresponding application fingerprint to the cloud server to trigger the cloud server to perform application integrity verification on the application program based on the application fingerprint, wherein a plurality of application integrity verification strategies with different security levels associated with the application environment of any application program are set for any application program;
And when the application program determines that the application integrity passes the verification, the application program performs service interaction with the cloud server.
6. The method of claim 5, wherein generating a corresponding authentication credential based on the authentication request, and sending the authentication credential to the cloud server to trigger the cloud server to authenticate the application based on the authentication credential comprises:
The method comprises the steps that a security component of an application program obtains corresponding authentication parameters from a cloud server;
the security component of the application program generates a corresponding authentication certificate by adopting a related algorithm based on the authentication parameter and a terminal identifier for uniquely identifying the terminal for deploying the application program;
The security component of the application sends the authentication credentials to the cloud server to trigger the cloud server to: and verifying the authentication certificate according to the related algorithm so as to authenticate the identity of the application program.
7. A service security protection device, comprising:
the system comprises a first receiving unit, a second receiving unit and a third receiving unit, wherein the first receiving unit is used for receiving a service request initiated by an application program and initiating an identity authentication request to the application program based on the service request, and the application program is embedded with a security code after code reinforcement processing;
A second receiving unit, configured to receive an authentication credential sent by the application program and generated based on the authentication request, perform authentication on the application program based on the authentication credential, and initiate a corresponding application integrity verification request to the application program based on an application environment of the application program when it is determined that the authentication passes, where the authentication credential is generated by the application program based on a terminal identifier that deploys the application program, and a plurality of application integrity verification policies of different security levels associated with the application environment of any application program are set for any application program;
The verification unit is used for carrying out application integrity verification on the application program based on the application fingerprint sent by the application program according to the application integrity verification request;
and the service interaction unit is used for performing service interaction with the application program when the application integrity verification is determined to pass.
8. A service security protection device, comprising:
The system comprises an initiating unit, a processing unit and a processing unit, wherein the initiating unit is used for initiating a service request to a cloud server, and the application program is embedded with a security code after code reinforcement processing;
A first receiving unit, configured to receive an identity authentication request initiated by the cloud server based on the service request, generate a corresponding authentication credential based on the identity authentication request, and send the authentication credential to the cloud server, so as to trigger the cloud server to perform identity authentication on the application program based on the authentication credential, and initiate a corresponding application integrity verification request to the application program based on an application environment of the application program when it is determined that the identity authentication passes, where the authentication credential is generated by the application program based on a terminal identifier for deploying the application program;
the second receiving unit is used for sending corresponding application fingerprints to the cloud server to trigger the cloud server to perform application integrity verification on the application programs based on the application fingerprints when the identity authentication is determined to be passed and an application integrity verification request sent by the cloud server based on the application environments of the application programs is received, wherein a plurality of application integrity verification strategies with different safety levels associated with the application environments of any application program are set for any application program;
And the service interaction unit is used for performing service interaction with the cloud server when the application integrity verification is determined to pass.
9. a computing device, comprising:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory to execute the method of any one of claims 1 to 4 in accordance with the obtained program.
10. A computer storage medium having computer-executable instructions stored thereon for causing a computer to perform the method of any one of claims 1 to 4.
11. A computing device, comprising:
a memory for storing program instructions;
A processor for calling program instructions stored in said memory to execute the method of any of claims 5 to 6 in accordance with the obtained program.
12. a computer storage medium having computer-executable instructions stored thereon for causing a computer to perform the method of any one of claims 5 to 6.
CN201810595894.1A 2018-06-11 2018-06-11 Service security protection method and device Active CN110581833B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810595894.1A CN110581833B (en) 2018-06-11 2018-06-11 Service security protection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810595894.1A CN110581833B (en) 2018-06-11 2018-06-11 Service security protection method and device

Publications (2)

Publication Number Publication Date
CN110581833A true CN110581833A (en) 2019-12-17
CN110581833B CN110581833B (en) 2022-08-23

Family

ID=68809305

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810595894.1A Active CN110581833B (en) 2018-06-11 2018-06-11 Service security protection method and device

Country Status (1)

Country Link
CN (1) CN110581833B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111400690A (en) * 2020-03-25 2020-07-10 支付宝(杭州)信息技术有限公司 Biological verification method and device
WO2022042454A1 (en) * 2020-08-26 2022-03-03 华为技术有限公司 Method for certifying application and electronic device

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101520832A (en) * 2008-12-22 2009-09-02 康佳集团股份有限公司 System and method for verifying file code signature
CN102571693A (en) * 2010-12-07 2012-07-11 中国移动通信集团公司 Capability safety calling method, device and system
KR20130134790A (en) * 2012-05-31 2013-12-10 네이버비즈니스플랫폼 주식회사 Method and system for storing the integrity information of application, method and system for checking the integrity of application
US20140173761A1 (en) * 2012-12-14 2014-06-19 Samsung Electronics Co., Ltd. Method and apparatus for protecting an application program
US8818897B1 (en) * 2005-12-15 2014-08-26 Rockstar Consortium Us Lp System and method for validation and enforcement of application security
CN104484585A (en) * 2014-11-26 2015-04-01 北京奇虎科技有限公司 Application program installation package processing method and device, and mobile apparatus
CN104753674A (en) * 2013-12-31 2015-07-01 中国移动通信集团公司 Application identity authentication method and device
CN105659211A (en) * 2013-09-17 2016-06-08 微软技术许可有限责任公司 Virtual machine manager facilitated selective code integrity enforcement
CN105740703A (en) * 2016-01-29 2016-07-06 北京奇虎科技有限公司 Application reinforcement method and apparatus
CN106355081A (en) * 2016-09-07 2017-01-25 深圳市新国都支付技术有限公司 Android program start verification method and device
CN106850519A (en) * 2016-01-08 2017-06-13 北京万维星辰科技有限公司 Application security authentication method and device

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8818897B1 (en) * 2005-12-15 2014-08-26 Rockstar Consortium Us Lp System and method for validation and enforcement of application security
CN101520832A (en) * 2008-12-22 2009-09-02 康佳集团股份有限公司 System and method for verifying file code signature
CN102571693A (en) * 2010-12-07 2012-07-11 中国移动通信集团公司 Capability safety calling method, device and system
KR20130134790A (en) * 2012-05-31 2013-12-10 네이버비즈니스플랫폼 주식회사 Method and system for storing the integrity information of application, method and system for checking the integrity of application
US20140173761A1 (en) * 2012-12-14 2014-06-19 Samsung Electronics Co., Ltd. Method and apparatus for protecting an application program
CN105659211A (en) * 2013-09-17 2016-06-08 微软技术许可有限责任公司 Virtual machine manager facilitated selective code integrity enforcement
CN104753674A (en) * 2013-12-31 2015-07-01 中国移动通信集团公司 Application identity authentication method and device
CN104484585A (en) * 2014-11-26 2015-04-01 北京奇虎科技有限公司 Application program installation package processing method and device, and mobile apparatus
CN106850519A (en) * 2016-01-08 2017-06-13 北京万维星辰科技有限公司 Application security authentication method and device
CN105740703A (en) * 2016-01-29 2016-07-06 北京奇虎科技有限公司 Application reinforcement method and apparatus
CN106355081A (en) * 2016-09-07 2017-01-25 深圳市新国都支付技术有限公司 Android program start verification method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111400690A (en) * 2020-03-25 2020-07-10 支付宝(杭州)信息技术有限公司 Biological verification method and device
CN111400690B (en) * 2020-03-25 2022-03-29 支付宝(杭州)信息技术有限公司 Biological verification method and device
WO2022042454A1 (en) * 2020-08-26 2022-03-03 华为技术有限公司 Method for certifying application and electronic device

Also Published As

Publication number Publication date
CN110581833B (en) 2022-08-23

Similar Documents

Publication Publication Date Title
US11637707B2 (en) System and method for managing installation of an application package requiring high-risk permission access
CN108399329B (en) Method for improving security of trusted application program
JP3753885B2 (en) Host system elements of the international cryptosystem
CN106506494A (en) Application access method of open platform
CN103473498B (en) Application security verification method and terminal
CN108259479B (en) Business data processing method, client and computer readable storage medium
CN103677892A (en) Authorization scheme to enable special privilege mode in secure electronic control unit
CN108496323B (en) Certificate importing method and terminal
CN106357694B (en) Access request processing method and device
WO2018040972A1 (en) Method and system for improving application security of payment terminal
CN110581833B (en) Service security protection method and device
CN105243311B (en) Fingerprint information safe calling method, fingerprint information safe calling device and mobile terminal
KR101642267B1 (en) System for preventing forgery of application and method therefor
CN116707758A (en) Authentication method, equipment and server of trusted computing equipment
CN109428869B (en) Phishing attack defense method and authorization server
CN107689934B (en) Method, server and client for guaranteeing information security
KR20160109241A (en) Method and apparatus for secure accecss to resources
CN114629658A (en) Application signature method, device, equipment and storage medium
CN113079023B (en) File distribution management method and device and related equipment
EP2374084A1 (en) Midlet signing and revocation
KR102201218B1 (en) Access control system and method to security engine of mobile terminal
CN109672526B (en) Method and system for managing executable program
CN109117647B (en) Authority control management method and management system of mobile application SDK
DONG et al. Sesoa: Security enhancement system with online authentication for android apk
CN105120460A (en) Mobile application data processing method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant