CN111970122B - Official APP identification method, mobile terminal and application server - Google Patents

Official APP identification method, mobile terminal and application server Download PDF

Info

Publication number
CN111970122B
CN111970122B CN202010783827.XA CN202010783827A CN111970122B CN 111970122 B CN111970122 B CN 111970122B CN 202010783827 A CN202010783827 A CN 202010783827A CN 111970122 B CN111970122 B CN 111970122B
Authority
CN
China
Prior art keywords
app
mobile terminal
application server
stored
abstract
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010783827.XA
Other languages
Chinese (zh)
Other versions
CN111970122A (en
Inventor
仇剑书
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202010783827.XA priority Critical patent/CN111970122B/en
Publication of CN111970122A publication Critical patent/CN111970122A/en
Application granted granted Critical
Publication of CN111970122B publication Critical patent/CN111970122B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)

Abstract

The embodiment of the disclosure provides a method for identifying an official APP, a mobile terminal, an application server, computer equipment and a computer readable storage medium, wherein the method comprises the following steps: after the APP is installed, the mobile terminal sends the APP code abstract in the APP installation package stored in the mobile terminal to the application server, so that the application server compares the APP code abstract stored in the mobile terminal with the APP code abstract from the mobile terminal, and if the comparison result is consistent, the installed APP is determined to be an official APP; the APP installation package comprises an APP code abstract, and the APP code abstract stored in the application server comes from an APP developer. The embodiment of the disclosure can effectively identify the official APP, avoid counterfeiting the APP to impersonate the official APP to access the mobile internet application server, and improve the information security.

Description

Official APP identification method, mobile terminal and application server
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method for identifying an official APP, a mobile terminal, an application server, a computer device, and a computer-readable storage medium.
Background
A mobile internet Application is generally composed of two parts, an Application server and a client APP (abbreviation of Application), wherein the client APP is installed in a mobile terminal (e.g., a smart phone) of a user.
APPs provided by application developers themselves are called official APPs, but counterfeit APPs provided by third parties often appear on the market. The fake APP can simulate the communication process between the official APP and the server, so that the fake APP can be used as the official APP to access the server, and damage is brought to normal operation of mobile internet application. If the user uses the fake APP, a large information security risk is brought.
In order to prevent the fake APP from impersonating the official APP to access the mobile internet application server, the mobile internet application server needs to identify whether the APP used by the user is the official APP. At present, the conventional identification method is: a password is preset in the official APP, and when the official APP communicates with the server, the password is used for validity verification. However, the preset password in the official APP is easily extracted by lawless persons, although the existing official APP generally adopts the technologies such as code confusion, the password extraction from the official APP installation file by a third party still cannot be effectively prevented, and once the password is obtained by the lawless persons, the behavior of the official APP can be simulated by counterfeiting the APP, so that great potential safety hazard is brought.
Therefore, it is an urgent problem to provide a scheme capable of effectively identifying official APP.
Disclosure of Invention
The present disclosure has been made to solve, at least in part, the technical problems occurring in the prior art.
According to an aspect of an embodiment of the present disclosure, there is provided a method of identifying an official APP, including:
after the APP is installed, the mobile terminal sends the APP code abstract in the APP installation package stored in the mobile terminal to the application server, so that the application server compares the APP code abstract stored in the mobile terminal with the APP code abstract from the mobile terminal, and if the comparison result is consistent, the installed APP is determined to be an official APP;
the APP installation package comprises an APP code abstract, and the APP code abstract stored in the application server is from an APP developer.
According to another aspect of the embodiments of the present disclosure, there is provided a method of identifying an official APP, including:
the method comprises the steps that an application server receives an APP code abstract in an APP installation package stored in the mobile terminal and sent after the mobile terminal completes the installation of an application program APP; and the number of the first and second groups,
the application server compares the APP code abstract stored in the application server with the APP code abstract from the mobile terminal, and if the comparison result is consistent, the APP installed in the mobile terminal is determined to be an official APP;
the APP installation package stored in the mobile terminal comprises an APP code abstract, and the APP code abstract stored in the application server is from an APP developer.
According to still another aspect of an embodiment of the present disclosure, there is provided a mobile terminal including:
the operating system comprises a first storage module, a second storage module and a third storage module, wherein the first storage module is used for storing an application program APP installation package, and the APP installation package comprises an APP code abstract; and (c) a second step of,
the SIM card is internally provided with an auxiliary verification card application, the auxiliary verification card application is set to send the APP code abstract stored in the first storage module to an application server after the APP is installed by the operating system, so that the application server compares the APP code abstract stored in the first storage module with the APP code abstract from the mobile terminal, and if the comparison result is consistent, the installed APP is determined to be an official APP;
the APP code abstract stored in the application server comes from an APP developer.
According to still another aspect of the embodiments of the present disclosure, there is provided an application server including:
the mobile terminal comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for receiving an APP code abstract in an APP installation package stored in the mobile terminal and sent after the mobile terminal completes the installation of an APP, and the APP installation package comprises the APP code abstract;
a second storage module configured to store an APP code digest, wherein the APP code digest stored in the second storage module is from an APP developer; and the number of the first and second groups,
and the second comparison module is set to compare the APP code abstract stored in the second storage module with the APP code abstract received by the receiving module, and if the comparison result is consistent, the APP installed in the mobile terminal is determined to be an official APP.
According to a further aspect of the embodiments of the present disclosure, there is provided a computer device comprising a memory and a processor, wherein the memory stores a computer program, and when the processor runs the computer program stored in the memory, the processor executes the aforementioned method for identifying an official APP.
According to a further aspect of embodiments of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the aforementioned method of identifying an official APP.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
the method for identifying the official APP provided by the embodiment of the disclosure judges whether the installed APP of the mobile terminal is the official APP or not by using the comparison result of the APP code abstract stored in the application server and the APP code abstract from the mobile terminal, thereby effectively identifying the official APP, avoiding counterfeiting the APP to impersonate the official APP to access the mobile internet application server, and improving the information security.
Additional features and advantages of the disclosure will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the disclosure. The objectives and other advantages of the disclosure may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the disclosed embodiments and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the example serve to explain the principles of the disclosure and not to limit the disclosure.
Fig. 1 is a schematic flow chart of a method for identifying official APP according to an embodiment of the present disclosure;
fig. 2 is a schematic flow chart of another method for identifying an official APP according to an embodiment of the disclosure;
fig. 3 is a schematic structural diagram of a mobile terminal according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of an application server provided in an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a system for identifying an official APP provided in an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of a computer device provided in an embodiment of the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, specific embodiments of the present disclosure are described below in detail with reference to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
Fig. 1 is a schematic flowchart of a method for identifying an official APP according to an embodiment of the present disclosure. As shown in fig. 1, the method includes the following steps S101:
s101, after the APP installation is completed, the mobile terminal sends the APP code abstract in the APP installation package stored in the mobile terminal to the application server, so that the application server compares the APP code abstract stored in the application server with the APP code abstract from the mobile terminal, if the comparison result is consistent, the installed APP is determined to be an official APP, and otherwise, the installed APP is determined to be a fake APP.
The APP installation package comprises an APP code abstract, and the APP code abstract stored in the application server comes from an APP developer.
When the APP is installed in a mobile terminal (such as a smart phone, a tablet computer, etc.), the identity of the APP needs to be indicated to an operating system of the mobile terminal through the APP code abstract. The APP code abstract is generated by an APP developer, and the generation method comprises the following steps: performing hash operation (namely hash operation) on the key file in the APP installation package, for example, using the existing SHA1 algorithm to obtain a code abstract plaintext; then, based on the asymmetric key algorithm, for example, the existing ECC algorithm may be adopted, and the private key of the asymmetric key is adopted to encrypt the code digest plaintext to obtain a ciphertext, which is the APP code digest. The private key of the asymmetric key is safely stored by the APP developer and is not exposed to the outside; and the public key of the asymmetric key is used to generate a public key digital certificate, as will be applied hereinafter.
In the embodiment of the disclosure, whether the installed APP of the mobile terminal is the official APP is judged by using the comparison result of the APP code abstract stored in the application server and the APP code abstract from the mobile terminal, so that the official APP can be effectively identified, the phenomenon that the forged APP falsely serves as the official APP to access the mobile internet application server is avoided, and the information security is improved.
In one embodiment, before completing the APP installation in step S101, the following steps S102 to S107 are further included.
S102, the mobile terminal extracts a public key digital certificate and an APP code abstract from an APP installation package stored in the mobile terminal;
s103, the mobile terminal decrypts the APP code abstract based on the public key digital certificate to obtain a first abstract plaintext;
s104, the mobile terminal performs hash operation on the key files in the APP installation package to obtain a second summary plaintext;
s105, the mobile terminal compares the first abstract plaintext with the second abstract plaintext, if the comparison result is consistent, the step S106 is executed, and if the comparison result is inconsistent, the step S107 is executed;
s106, installing the APP based on the APP installation package;
s107, the APP is not installed.
The APP installation package also comprises key files and public key digital certificates. The key files may be set by those skilled in the art according to actual situations. The public key digital certificate is generated by a public key of the asymmetric key, so that the APP code digest can be decrypted based on the public key digital certificate.
In the embodiment of the disclosure, when an operating system of a mobile terminal installs an APP, a public key digital certificate and an APP code abstract are extracted from an APP installation package, then the public key is used for decrypting the APP code abstract to obtain a first abstract plaintext, then hash operation is performed on key files in the APP installation package by self to obtain a second abstract plaintext, and if the first abstract plaintext is consistent with the second abstract plaintext, the APP is allowed to be installed.
After the APP is installed, the operating system of the mobile terminal stores the APP code abstract, and the application server also stores the APP code abstract so as to compare the APP code abstract with the APP code abstract, and whether the installed APP is the official APP is judged according to the comparison result.
In one embodiment, after the mobile terminal completes the APP installation in step S101 and before the mobile terminal sends the APP code digest in the APP installation package stored therein to the application server, the following steps S108 and S109 are further included.
S108, the mobile terminal sends an access message to the application server, so that the application server generates an authentication ID (IDentity identification number, abbreviation of IDentity) based on the access message and feeds the authentication ID back to the mobile terminal;
and S109, the mobile terminal establishes a secure connection with the application server based on the verification ID.
Specifically, when the mobile terminal has installed an APP to access the application server, the application server generates a verification ID to return to the APP, and then the SIM card of the mobile terminal establishes a secure connection with the application server based on the verification ID. The verification ID is used to identify each verification operation, and the generation method may be various, for example, a timestamp is used as the identifier; as another example, a random number is used as the identifier; alternatively, an incremental counter is maintained, identified by the counter value. In addition, other information, such as account information of the current user of the installed APP of the mobile terminal, may also be included in the authentication ID.
It should be noted that, the method for identifying an official APP according to the embodiment of the present disclosure and the relevant features of the mobile terminal in the third embodiment may be referred to each other, and details are not described herein, and specific contents may refer to the third embodiment.
The method for identifying the official APP comprises the steps that firstly, when the APP is installed on the mobile terminal, a public key digital certificate and an APP code abstract are extracted from an APP installation package, the public key is used for decrypting the APP code abstract to obtain a first abstract plaintext, then hash operation is carried out on a key file in the APP installation package to obtain a second abstract plaintext, and if the first abstract plaintext is consistent with the second abstract plaintext, the APP is allowed to be installed; then, the mobile terminal and the application server establish a secure connection based on the verification ID; and finally, judging whether the installed APP of the mobile terminal is the official APP or not by utilizing the comparison result of the APP code abstract stored in the application server and the APP code abstract from the mobile terminal, thereby effectively identifying the official APP, avoiding counterfeiting the APP to impersonate the official APP to access the mobile internet application server, and improving the information security.
Fig. 2 is a schematic flow chart of another method for identifying an official APP according to an embodiment of the present disclosure. As shown in fig. 2, the method includes the following steps S201 to S204.
S201, an application server receives an APP code abstract in an APP installation package stored in the application server and sent by the mobile terminal after the APP installation is finished;
s202, the application server compares the APP code abstract stored in the application server with the APP code abstract from the mobile terminal, if the comparison result is consistent, the step S203 is executed, and if the comparison result is inconsistent, the step S204 is executed;
s203, determining the APP installed on the mobile terminal as an official APP;
and S204, determining the APP installed in the mobile terminal as a fake APP.
The APP installation package stored in the mobile terminal comprises an APP code abstract, and the APP code abstract stored in the application server comes from an APP developer.
In the embodiment of the disclosure, the application server judges whether the installed APP of the mobile terminal is the official APP or not according to the comparison result of the APP code abstract stored in the application server and the APP code abstract from the mobile terminal, so that the official APP can be effectively identified, the phenomenon that the forged APP pretends to be the official APP to access the mobile internet application server is avoided, and the information security is improved.
In one embodiment, before step S201, the following steps S205 to S206 are further included.
S205, the application server receives an access message sent by the mobile terminal;
s206, the application server generates a verification ID based on the access message and feeds the verification ID back to the mobile terminal, so that the mobile terminal establishes a secure connection with the application server based on the verification ID.
Specifically, after receiving an access message sent by an installed APP of the mobile terminal, the application server generates a verification ID based on the access message and feeds the verification ID back to the APP, and then the SIM card of the mobile terminal establishes a secure connection with the application server based on the verification ID. Wherein the authentication ID is used to identify each authentication operation.
It should be noted that, the method for identifying an official APP according to the embodiment of the present disclosure and the related features of the related application server in the fourth embodiment may be referred to each other, and details are not described herein, and specific contents may refer to the fourth embodiment.
The method for identifying the official APP comprises the steps that firstly, the application server and the mobile terminal establish safe connection based on the verification ID; then, the application server judges whether the installed APP of the mobile terminal is the official APP or not according to the comparison result of the APP code abstract stored in the application server and the APP code abstract from the mobile terminal, so that the official APP can be effectively identified, the phenomenon that the fake APP serves as the official APP to access the mobile internet application server is avoided, and the information safety is improved.
Fig. 3 is a schematic structural diagram of a mobile terminal according to an embodiment of the present disclosure. As shown in fig. 3, the mobile terminal 3 includes: an operating system 31 and a SIM (Subscriber Identity Module) card 32. The operating system 31 includes a first storage module 311; a secondary verification card application 321 is installed within the SIM card 32.
The first storage module 311 is configured to store an APP installation package, where the APP installation package includes an APP code abstract; the auxiliary verification card application 321 is set to send the APP code abstract stored in the first storage module 311 to the application server after the operating system 31 completes APP installation, so that the application server compares the APP code abstract stored in the application server with the APP code abstract from the mobile terminal, if the comparison result is consistent, the installed APP is determined to be an official APP, otherwise, the installed APP is determined to be a fake APP. The APP code abstract stored in the application server comes from an APP developer.
When the operating system installs the APP, the identity of the operating system of the mobile terminal needs to be indicated to the operating system of the mobile terminal through the APP code abstract. The APP code abstract is generated by an APP developer, and the generation method comprises the following steps: performing hash operation (namely hash operation) on the key file in the APP installation package, for example, using the existing SHA1 algorithm to obtain a code abstract plaintext; then, based on the asymmetric key algorithm, for example, the existing ECC algorithm may be adopted, and the private key of the asymmetric key is adopted to encrypt the code digest plaintext to obtain a ciphertext, which is the APP code digest. The private key of the asymmetric key is safely stored by the APP developer and is not exposed to the outside; and the public key of the asymmetric key is used to generate a public key digital certificate, as will be applied hereinafter.
In the embodiment of the disclosure, whether the installed APP of the mobile terminal is the official APP is judged by using the comparison result of the APP code abstract stored in the application server and the APP code abstract from the SIM card of the mobile terminal, namely, the SIM card is used for assisting in identifying the official APP, so that the official APP can be effectively identified, the phenomenon that the forged APP pretends to be the official APP to access the mobile internet application server is avoided, and the information security is improved.
In one embodiment, the APP installation package stored in the first storage module 311 further contains key files and public key digital certificates. The key files may be set by those skilled in the art according to actual situations. The public key digital certificate is generated by the public key of the asymmetric key, so that the APP code digest can be decrypted based on the public key digital certificate.
As shown in fig. 3, the operating system 31 further includes: an extraction module 312, a decryption module 313, an operation module 314, a first comparison module 315, and an installation module 316.
The extracting module 312 is configured to extract a public key digital certificate and an APP code digest from the APP installation package stored in the first storage module 311; the decryption module 313 is configured to decrypt the APP code digest to obtain a first digest plaintext based on the public key digital certificate; the operation module 314 is configured to perform a hash operation on the key file in the APP installation package stored in the first storage module 311 to obtain a second digest plaintext; the first comparing module 315 is configured to compare the first digest plaintext obtained by the decrypting module 313 with the second digest plaintext obtained by the calculating module 314; the installation module 316 is configured to install the APP based on the APP installation package to form the client APP33 when the comparison result of the first comparison module 314 is consistent.
In the embodiment of the disclosure, after the operating system determines that the installation of the APP is allowed, the APP is installed in the mobile terminal to form a client APP, and the client APP and the application server form a mobile internet application together. Furthermore, the auxiliary authentication card application installed in the SIM card is used in cooperation with the client APP, as will be described in detail below.
In one embodiment, the client APP33 is arranged to send an access message to the application server, so that the application server generates a verification ID based on the access message and feeds back the verification ID to the client APP33 of the mobile terminal; the client APP33 is further arranged to send a verification ID to the auxiliary verification card application 321; the auxiliary authentication card application 321 is further arranged to establish a secure connection with an application server based on the authentication ID.
In the embodiment of the disclosure, when the client APP accesses the application server, the application server generates a verification ID and returns the verification ID to the APP, and then the auxiliary verification card application in the SIM card establishes a secure connection with the application server based on the verification ID. Wherein the authentication ID is used to identify each authentication operation.
The auxiliary verification Card Application may establish a Secure connection with the Application server through a BIP Protocol (Bearer Independent Protocol), such as a CAT _ TP Protocol (Card Application Toolkit Transport Protocol), an HTTPS Protocol (Hyper Text Transfer Protocol over Secure Socket Layer), and the like.
When the auxiliary verification card application and the application server establish the secure connection, the bidirectional authentication can be performed through modes of pre-shared keys or digital certificates and the like, so that the access from the SIM card is ensured to be secure and reliable. And after the auxiliary verification card application establishes a secure connection with the application server, the auxiliary verification card application sends the APP code abstract to the application server.
In one embodiment, as shown in fig. 3, the operating system 31 further includes: a card access module 317 configured to receive the authentication ID sent by the client APP33, and forward the authentication ID to the auxiliary authentication card application 321 that allows the APP to access according to the access policy file of the SIM card 32. In other words, the process of sending the authentication ID to the secondary authentication card application at the client APP is controlled by the card access module in the operating system.
In the embodiment of the disclosure, the auxiliary verification card application matched with the APP is installed in the SIM card, the auxiliary verification card installed in the SIM card is applied to the application server to establish a safety channel, the APP and the auxiliary verification card application are matched to verify the legality of the installed APP, if the verification result is that the APP is legal, the APP is determined to be an official APP, and if the verification result is that the APP is illegal, the APP is determined to be a counterfeit APP.
In addition, when the auxiliary verification card application is installed in the SIM card, the card configuration server may be used to configure the access policy file of the SIM card, so as to add the following policies: allowing the APP to access the auxiliary verification card application; of course, there may be many auxiliary authentication card applications installed in the SIM card, and different APPs may be set to be allowed to access different auxiliary authentication card applications. The card access module in the operating system then controls which APPs can access which secondary authentication card applications in the SIM card based on the access policy file of the SIM card. For example, in a mobile phone supporting a GPAC (General Purpose Analog Computer) technology, an access policy in the SIM card may include an APP code digest and a corresponding auxiliary verification card application ID, when a card access module receives a message that a client APP needs to send to an auxiliary verification card application, the card access module may automatically query the APP code digest from its own code digest database, compare the queried APP code digest with the APP code digest in the access policy in the SIM card, and if a matching policy is found, that is, if the same APP code digest is found, send the message to the auxiliary verification card application specified by the corresponding auxiliary verification card application ID in the access policy.
It should be noted that the mobile terminal 3 further includes a mobile communication module, and the mobile terminal sends data to the application server, and the mobile terminal receives data from the application server, which are all completed through the mobile communication module. Since the mobile communication module belongs to the prior art, it is not described herein again.
The mobile terminal provided by the embodiment of the disclosure firstly extracts a public key digital certificate and an APP code abstract from an APP installation package when an APP is installed, decrypts the APP code abstract by using the public key to obtain a first abstract plaintext, performs hash operation on a key file in the APP installation package by itself to obtain a second abstract plaintext, and allows the APP to be installed if the first abstract plaintext is consistent with the second abstract plaintext; then, establishing a secure connection with the application server based on the authentication ID; finally, whether the APP installed in the mobile terminal is the official APP is judged by using a comparison result of the APP code abstract stored in the application server and the APP code abstract from the SIM card, namely the official APP is identified in an auxiliary manner by using the security of the SIM card, so that the official APP can be effectively identified, the phenomenon that the APP is faked as the official APP to access the mobile internet application server is avoided, and the information security is improved.
Fig. 4 is a schematic structural diagram of an application server according to an embodiment of the present disclosure. As shown in fig. 4, the application server 4 includes: a receiving module 41, a second storage module 42 and a second comparing module 43.
The receiving module 41 is configured to receive an APP code abstract in an APP installation package stored in the mobile terminal, where the APP installation package includes the APP code abstract; the second storage module 42 is configured to store an APP code digest, where the APP code digest stored in the second storage module 42 comes from an APP developer; the second comparing module 43 is configured to compare the APP code digests stored in the second storage module 42 with the APP code digests received by the receiving module 41, and if the comparison result is consistent, determine that the APP is an official APP, otherwise determine that the APP is a fake APP.
In the embodiment of the disclosure, the application server judges whether the installed APP of the mobile terminal is the official APP or not according to the comparison result of the APP code abstract stored in the application server and the APP code abstract from the mobile terminal, so that the official APP can be effectively identified, the phenomenon that the forged APP pretends to be the official APP to access the mobile internet application server is avoided, and the information security is improved.
In one embodiment, the receiving module 41 is further configured to receive an access message sent by the mobile terminal.
As shown in fig. 4, the application server 4 further includes: a generating module 44 configured to generate an authentication ID based on the access message received by the receiving module 41 and feed back the authentication ID to the mobile terminal, so that the mobile terminal establishes a secure connection with the application server based on the authentication ID.
Specifically, after receiving an access message sent by an installed APP of the mobile terminal, the application server generates a verification ID based on the access message and feeds the verification ID back to the APP, and then the SIM card of the mobile terminal establishes a secure connection with the application server based on the verification ID. Wherein the authentication ID is used to identify each authentication operation.
The application server provided by the embodiment of the disclosure firstly establishes a secure connection with the mobile terminal based on the verification ID; then, whether the APP installed in the mobile terminal is the official APP is judged according to the comparison result of the APP code abstract stored in the mobile terminal and the APP code abstract from the SIM card of the mobile terminal, namely, the official APP is identified in an auxiliary mode through the safety of the SIM card, so that the official APP can be effectively identified, the phenomenon that the forged APP pretends to be the official APP to access the mobile internet application server is avoided, and the information safety is improved.
Fig. 5 is a schematic structural diagram of a system for identifying an official APP provided in an embodiment of the present disclosure. As shown in fig. 5, the system includes: a card configuration server 2, a mobile terminal 3 and an application server 4. Since the card configuration server 2, the mobile terminal 3, and the application server 4 have been described in detail in the foregoing, no further description is given here.
Based on the same technical concept, the embodiment of the present disclosure correspondingly provides a computer device, as shown in fig. 6, where the computer device 6 includes a memory 61 and a processor 62, the memory 61 stores a computer program, and when the processor 62 runs the computer program stored in the memory 61, the processor 62 executes the foregoing method for identifying the official APP.
Based on the same technical concept, the embodiment of the present disclosure also provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the processor executes the foregoing method for identifying an official APP.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present disclosure, and not for limiting the same; while the present disclosure has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present disclosure.

Claims (13)

1. A method of identifying official APPs, comprising:
after the APP is installed, the mobile terminal sends the APP code abstract in the APP installation package stored in the mobile terminal to the application server, so that the application server compares the APP code abstract stored in the mobile terminal with the APP code abstract from the mobile terminal, and if the comparison result is consistent, the installed APP is determined to be an official APP;
the APP installation package comprises an APP code abstract; the APP code abstract stored in the application server comes from an APP developer, and the mode for the APP developer to generate the APP code abstract is as follows: carrying out hash operation on key files in the APP installation package to obtain a code summary plaintext, then encrypting the code summary plaintext by using a private key of an asymmetric key stored by an APP developer based on an asymmetric key algorithm to obtain a ciphertext, wherein the ciphertext is the APP code summary stored in the application server.
2. The method of claim 1, prior to completing the APP installation, further comprising:
the mobile terminal extracts a public key digital certificate and an APP code abstract from an APP installation package stored in the mobile terminal;
the mobile terminal decrypts the APP code abstract based on the public key digital certificate to obtain a first abstract plaintext;
the mobile terminal performs hash operation on the key file in the APP installation package to obtain a second summary plaintext; and the number of the first and second groups,
the mobile terminal compares the first abstract plaintext with the second abstract plaintext, and if the comparison result is consistent, the APP is installed based on an APP installation package;
the APP installation package also comprises key files and public key digital certificates.
3. The method of claim 1, after completing the installation of the APP of the application program and before the mobile terminal sends the APP code digest in the APP installation package stored in the mobile terminal to the application server, further comprising:
the mobile terminal sends an access message to the application server, so that the application server generates a verification identity identification number (ID) based on the access message and feeds the ID back to the mobile terminal; and the number of the first and second groups,
and the mobile terminal establishes a secure connection with the application server based on the verification ID.
4. A method of identifying official APPs, comprising:
the method comprises the steps that an application server receives an APP code abstract in an APP installation package stored in the mobile terminal and sent after the mobile terminal completes the installation of an application program APP; and (c) a second step of,
the application server compares the APP code abstract stored in the application server with the APP code abstract from the mobile terminal, and if the comparison result is consistent, the APP installed in the mobile terminal is determined to be an official APP;
the APP installation package stored in the mobile terminal comprises an APP code abstract; the APP code abstract stored in the application server comes from an APP developer, and the mode for the APP developer to generate the APP code abstract is as follows: carrying out hash operation on key files in the APP installation package to obtain a code summary plaintext, then encrypting the code summary plaintext by using a private key of an asymmetric key stored by an APP developer based on an asymmetric key algorithm to obtain a ciphertext, wherein the ciphertext is the APP code summary stored in the application server.
5. The method of claim 4, before the application server receives the APP code digest in the APP installation package stored in the application server and sent by the mobile terminal, further comprising:
the application server receives an access message sent by the mobile terminal; and the number of the first and second groups,
and the application server generates a verification identity identification number (ID) based on the access message and feeds the ID back to the mobile terminal so that the mobile terminal establishes safe connection with the application server based on the verification ID.
6. A mobile terminal, comprising:
the operating system comprises a first storage module, a second storage module and a third storage module, wherein the first storage module is used for storing an application program APP installation package, and the APP installation package comprises an APP code abstract; and the number of the first and second groups,
the SIM card is internally provided with an auxiliary verification card application, the auxiliary verification card application is set to send the APP code abstract stored in the first storage module to an application server after the APP is installed by the operating system, so that the application server compares the APP code abstract stored in the first storage module with the APP code abstract from the mobile terminal, and if the comparison result is consistent, the installed APP is determined to be an official APP;
the APP code abstract stored in the application server comes from an APP developer, and the mode for the APP developer to generate the APP code abstract is as follows: carrying out hash operation on key files in the APP installation package to obtain a code summary plaintext, then encrypting the code summary plaintext by using a private key of an asymmetric key stored by an APP developer based on an asymmetric key algorithm to obtain a ciphertext, wherein the ciphertext is the APP code summary stored in the application server.
7. The mobile terminal of claim 6, wherein the APP installation package stored in the first storage module further contains a key file and a public key digital certificate;
the operating system further comprises:
the extraction module is configured to extract a public key digital certificate and an APP code abstract from an APP installation package stored in the first storage module;
the decryption module is used for decrypting the APP code abstract based on the public key digital certificate to obtain a first abstract plaintext;
the operation module is configured to perform hash operation on the key file in the APP installation package stored in the first storage module to obtain a second abstract plaintext;
the first comparison module is used for comparing the first abstract plaintext obtained by the decryption module with the second abstract plaintext obtained by the operation module; and the number of the first and second groups,
and the installation module is arranged to install the APP based on the APP installation package when the comparison result of the first comparison module is consistent, so as to form a client APP.
8. The mobile terminal according to claim 7, wherein the client APP is configured to send an access message to the application server, so that the application server generates a verification identification number ID based on the access message and feeds back the verification identification number ID to the client APP of the mobile terminal;
the client APP is also configured to send a verification ID to the auxiliary verification card application;
the auxiliary verification card application is further configured to establish a secure connection with an application server based on the verification ID.
9. The mobile terminal of claim 8, wherein the operating system further comprises: and the card access module is configured to receive the verification ID sent by the client APP and forward the verification ID to an auxiliary verification card application allowing the APP to access according to the access policy file of the SIM card.
10. An application server, comprising:
the mobile terminal comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for receiving an APP code abstract in an APP installation package stored in the mobile terminal and sent after the mobile terminal completes the installation of an APP, and the APP installation package comprises the APP code abstract;
the second storage module is set to store the APP code abstract, wherein the APP code abstract stored in the second storage module is from an APP developer, and the mode of the APP developer generating the APP code abstract is as follows: carrying out hash operation on a key file in the APP installation package to obtain a code summary plaintext, then encrypting the code summary plaintext by using a private key of an asymmetric key stored by an APP developer based on an asymmetric key algorithm to obtain a ciphertext, wherein the ciphertext is the APP code summary stored in an application server; and the number of the first and second groups,
and the second comparison module is set to compare the APP code abstract stored in the second storage module with the APP code abstract received by the receiving module, and if the comparison result is consistent, the APP installed in the mobile terminal is determined to be an official APP.
11. The application server of claim 10, wherein the receiving module is further configured to receive an access message sent by the mobile terminal;
the application server further comprises: and the generating module is arranged to generate a verification identity identification number ID based on the access message received by the receiving module and feed the verification identity identification number ID back to the mobile terminal so that the mobile terminal establishes a secure connection with the application server based on the verification ID.
12. Computer arrangement comprising a memory and a processor, wherein the memory has stored therein a computer program, and wherein the processor, when executing the computer program stored by the memory, executes a method of identifying an official APP as claimed in any one of the claims 1 to 5.
13. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, performs a method of identifying an official APP as claimed in any one of claims 1 to 5.
CN202010783827.XA 2020-08-06 2020-08-06 Official APP identification method, mobile terminal and application server Active CN111970122B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010783827.XA CN111970122B (en) 2020-08-06 2020-08-06 Official APP identification method, mobile terminal and application server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010783827.XA CN111970122B (en) 2020-08-06 2020-08-06 Official APP identification method, mobile terminal and application server

Publications (2)

Publication Number Publication Date
CN111970122A CN111970122A (en) 2020-11-20
CN111970122B true CN111970122B (en) 2023-01-10

Family

ID=73365161

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010783827.XA Active CN111970122B (en) 2020-08-06 2020-08-06 Official APP identification method, mobile terminal and application server

Country Status (1)

Country Link
CN (1) CN111970122B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112948807A (en) * 2021-02-04 2021-06-11 中国联合网络通信集团有限公司 Application program validity verification method and device
CN116136901B (en) * 2023-04-19 2023-07-14 杭州美创科技股份有限公司 Application program anti-counterfeiting method and device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103914658A (en) * 2013-01-05 2014-07-09 展讯通信(上海)有限公司 Safe starting method of terminal equipment, and terminal equipment
CN104123493A (en) * 2014-07-31 2014-10-29 百度在线网络技术(北京)有限公司 Method and device for detecting safety performance of application program
CN107220547A (en) * 2016-03-21 2017-09-29 展讯通信(上海)有限公司 Terminal device and its startup method
CN107257282A (en) * 2017-05-18 2017-10-17 柚子(北京)移动技术有限公司 A kind of full bag encryption method of code based on RC4 algorithms

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103914658A (en) * 2013-01-05 2014-07-09 展讯通信(上海)有限公司 Safe starting method of terminal equipment, and terminal equipment
CN104123493A (en) * 2014-07-31 2014-10-29 百度在线网络技术(北京)有限公司 Method and device for detecting safety performance of application program
CN107220547A (en) * 2016-03-21 2017-09-29 展讯通信(上海)有限公司 Terminal device and its startup method
CN107257282A (en) * 2017-05-18 2017-10-17 柚子(北京)移动技术有限公司 A kind of full bag encryption method of code based on RC4 algorithms

Also Published As

Publication number Publication date
CN111970122A (en) 2020-11-20

Similar Documents

Publication Publication Date Title
US11076295B2 (en) Remote management method, and device
EP3905078A1 (en) Identity verification method and system therefor
CN107483419B (en) Method, device and system for authenticating access terminal by server, server and computer readable storage medium
US11070542B2 (en) Systems and methods for certificate chain validation of secure elements
US10038998B2 (en) Profile deletion codes in subscription management systems
CN111814132B (en) Security authentication method and device, security authentication chip and storage medium
CN104753674A (en) Application identity authentication method and device
US20130159719A1 (en) Apparatus and method for signing application
CN113269642B (en) Transaction processing method, device, equipment and storage medium based on block chain
CN111970122B (en) Official APP identification method, mobile terminal and application server
CN112862481B (en) Block chain digital asset key management method and system based on SIM card
CN112765626A (en) Authorization signature method, device and system based on escrow key and storage medium
CN114040401B (en) Terminal authentication method and system
CN110401531B (en) Cooperative signature and decryption system based on SM9 algorithm
CN113868713B (en) Data verification method and device, electronic equipment and storage medium
CN114239072B (en) Block chain node management method and block chain network
CN111371555A (en) Signature authentication method and system
CN114143198B (en) Firmware upgrading method
CN109189450A (en) A kind of method and device of server firmware upgrading
CN112637855B (en) Machine-card binding method based on block chain and server
CN112469035A (en) Security activation and control method and communication system for remote equipment of Internet of things
CN111311412A (en) Decentralized transaction confirmation method and device and server
CN111061495A (en) Application installation method, terminal device and storage medium
CN113239410B (en) Terminal certificate updating method, terminal and computer readable storage medium
CN115022819B (en) 5G message transmission method, terminal and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant