CN112749378A - Development kit verification method and device, storage medium and electronic device - Google Patents
Development kit verification method and device, storage medium and electronic device Download PDFInfo
- Publication number
- CN112749378A CN112749378A CN202110075793.3A CN202110075793A CN112749378A CN 112749378 A CN112749378 A CN 112749378A CN 202110075793 A CN202110075793 A CN 202110075793A CN 112749378 A CN112749378 A CN 112749378A
- Authority
- CN
- China
- Prior art keywords
- certificate
- verification
- signature
- signature certificate
- fingerprint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 167
- 238000011161 development Methods 0.000 title claims abstract description 107
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000015654 memory Effects 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 4
- 238000012545 processing Methods 0.000 claims description 4
- 230000004044 response Effects 0.000 claims description 3
- 230000000977 initiatory effect Effects 0.000 claims 2
- 238000005516 engineering process Methods 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 9
- 230000005540 biological transmission Effects 0.000 description 5
- 230000000694 effects Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a verification method and device of a development kit, a storage medium and an electronic device. The method comprises the following steps: generating a verification message under the condition of receiving a starting request, wherein the starting request is used for requesting to start the service system, the verification message carries a certificate fingerprint of a first signature certificate in a development tool package, and the development tool package is a tool package depended on when the service system runs; sending the verification message to a server, and acquiring a verification result returned by the server, wherein the verification result is determined by the server by comparing the certificate fingerprint of the first signature certificate with the certificate fingerprint of a prestored second signature certificate, the second signature certificate is the signature certificate of a target account, and the target account has the use authority of a development kit; and responding to the starting request according to the verification result. The application solves the technical problem that potential safety hazards exist in an SDK using mode in the related technology.
Description
Technical Field
The present application relates to the field, and in particular, to a method and an apparatus for verifying a development kit, a storage medium, and an electronic apparatus.
Background
SDK (Software Development Kit) refers to a collection of Development tools used by a Software engineer to build application Software for a particular Software package, Software framework, hardware platform, operating system, etc. In the field of mobile terminals, content developers can develop corresponding mobile terminal programs based on the SDKs provided by the channel providers and upload the programs to the channel providers for promotion and distribution.
The current distribution mode is that the SDK is directly distributed after being packaged according to the interface requirement, and a user can directly use the distributed SDK locally, so that certain potential safety hazard exists.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the application provides a verification method and device for a development kit, a storage medium and an electronic device, and aims to at least solve the technical problem that potential safety hazards exist in an SDK (software development kit) using mode in the related technology.
According to an aspect of an embodiment of the present application, there is provided a method for verifying a development kit, including: generating a verification message under the condition of receiving a starting request, wherein the starting request is used for requesting to start a service system, the verification message carries a certificate fingerprint of a first signature certificate in a development kit, and the development kit is a kit on which the service system depends when in operation; sending the verification message to a server, and acquiring a verification result returned by the server, wherein the verification result is determined by the server by comparing the certificate fingerprint of the first signature certificate with the certificate fingerprint of a prestored second signature certificate, the second signature certificate is the signature certificate of a target account, and the target account has the use authority of the development kit; and responding to the starting request according to the verification result.
According to an aspect of the embodiments of the present application, there is also provided a method for verifying a development kit, including: receiving a verification message of a terminal, wherein the verification message carries a certificate fingerprint of a first signature certificate in a development tool package, and the development tool package is a tool package on which a service system depends when in operation; generating a verification result by comparing the certificate fingerprint of the first signature certificate with a pre-stored certificate fingerprint of a second signature certificate, wherein the second signature certificate is a signature certificate of a target account, and the target account has the use authority of the development kit; and returning the verification result to the terminal.
According to another aspect of the embodiments of the present application, there is also provided a verification apparatus for a development kit, including: the system comprises a generating unit, a verification unit and a verification unit, wherein the generating unit is used for generating a verification message under the condition of receiving a starting request, the starting request is used for requesting to start a service system, the verification message carries a certificate fingerprint of a first signature certificate in a development tool package, and the development tool package is a tool package which is depended by the service system when the service system operates; the first verification unit is used for sending the verification message to a server and acquiring a verification result returned by the server, wherein the verification result is determined by the server through comparing a certificate fingerprint of the first signature certificate with a certificate fingerprint of a pre-stored second signature certificate, the second signature certificate is a signature certificate of a target account, and the target account has the use permission of the development kit; and the response unit is used for responding to the starting request according to the verification result.
According to another aspect of the embodiments of the present application, there is also provided a verification apparatus for a development kit, including: the system comprises a receiving unit, a verification unit and a verification unit, wherein the verification unit is used for receiving a verification message of a terminal, the verification message carries a certificate fingerprint of a first signature certificate in a development tool package, and the development tool package is a tool package which is depended on when a service system operates; the second verification unit is used for generating a verification result by comparing the certificate fingerprint of the first signature certificate with the prestored certificate fingerprint of a second signature certificate, wherein the second signature certificate is the signature certificate of a target account, and the target account has the use authority of the development kit; and the return unit is used for returning the verification result to the terminal.
According to another aspect of the embodiments of the present application, there is also provided a storage medium including a stored program which, when executed, performs the above-described method.
According to another aspect of the embodiments of the present application, there is also provided an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the above method through the computer program.
In the embodiment of the application, when the terminal uses the development tool of the target account, the verification result is generated by comparing the certificate fingerprint of the first signature certificate of the terminal with the certificate fingerprint of the second signature certificate of the target account, and the start request is responded according to the verification result, so that the identity of the user can be verified, an illegal user is prevented from using the SDK, the technical problem that potential safety hazards exist in the SDK using mode in the related technology can be solved, and the technical effect of improving the use safety of the SDK is achieved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a schematic diagram of a hardware environment for a validation method of a development kit according to an embodiment of the present application;
FIG. 2 is a flow diagram of an alternative method of validating a development kit in accordance with an embodiment of the present application;
FIG. 3 is a flow diagram of an alternative method of validating a development kit in accordance with an embodiment of the present application;
FIG. 4 is a flow diagram of an alternative method of validating a development kit in accordance with an embodiment of the present application;
FIG. 5 is a schematic diagram of an alternative development kit validation apparatus according to an embodiment of the present application; and the number of the first and second groups,
fig. 6 is a block diagram of a terminal according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In the related technology, certain potential safety hazards exist due to the fact that the identity of an SDK user cannot be verified, the running environment of the SDK cannot be controlled, and the application range of the SDK cannot be limited. To overcome this problem, according to an aspect of embodiments of the present application, there is provided a method embodiment of a verification method of a development kit.
Alternatively, in this embodiment, the verification method of the development kit described above may be applied to a hardware environment formed by the terminal 101 and the server 103 as shown in fig. 1. As shown in fig. 1, a server 103 is connected to a terminal 101 through a network, which may be used to provide SDKs for terminals or clients installed on terminals, and a database 105 may be provided on or independent of the server for providing data storage services for the server 103, and the network includes but is not limited to: the terminal 101 is not limited to a PC, a mobile phone, a tablet computer, and the like.
The verification method of the development kit according to the embodiment of the present application may be executed by the terminal 101, and the terminal 101 executing the verification method of the development kit according to the embodiment of the present application may also be executed by a client installed thereon. Fig. 2 is a flowchart of an alternative method for verifying a development kit according to an embodiment of the present application, and as shown in fig. 2, the method may include the following steps:
step S202, under the condition that a starting request is received, a terminal generates a verification message, the starting request is used for requesting to start the service system, the verification message carries a certificate fingerprint of a first signature certificate in a development tool package, and the development tool package is a tool package depended on when the service system runs.
A signature certificate (signature certificate) is a certificate that contains information such as a public key that is used to authenticate a digital signature. A certificate fingerprint is information used to uniquely identify a signed certificate, such as a certificate number, certificate characteristics, and the like.
Step S204, the terminal sends the verification message to the server and obtains a verification result returned by the server, wherein the verification result is determined by the server through comparing the certificate fingerprint of the first signature certificate with the certificate fingerprint of a prestored second signature certificate, the second signature certificate is the signature certificate of a target account, and the target account has the use authority of a development kit;
and step S206, the terminal responds to the starting request according to the verification result.
The verification method of the development kit according to the embodiment of the present application may be further executed by the server 103, and the method includes the following steps:
step 1, a server receives a verification message sent by a terminal, wherein the verification message carries a certificate fingerprint of a first signature certificate in a development kit, and the development kit is a kit on which a service system depends when in operation;
step 2, the server generates a verification result by comparing the certificate fingerprint of the first signature certificate with the certificate fingerprint of a pre-stored second signature certificate, wherein the second signature certificate is the signature certificate of a target account, and the target account has the use authority of a development kit;
and step 3, returning a verification result to the terminal.
Through the steps, when the terminal uses the development tool of the target account, the verification result is generated by comparing the certificate fingerprint of the first signature certificate of the terminal with the certificate fingerprint of the second signature certificate of the target account, and the starting request is responded according to the verification result, so that the identity of the user can be verified, the condition that an illegal user uses the SDK is avoided, the technical problem that potential safety hazards exist in the SDK using mode in the related technology can be solved, and the technical effect of improving the using safety of the SDK is achieved.
In the scheme, the user identity of the SDK can be verified, the trusted safe operation environment can be detected, and the SDK is limited to operate in one or more specific applications. The technical scheme of the application is detailed in the following by combining specific embodiments:
and step 1, binding the SDK with the user.
And 11, the terminal receives a service request of the target account, wherein the service request is used for requesting to use a development kit.
And step 12, the terminal generates a key pair (including a public key and a private key) of the target account and collects second operation environment information.
And step 13, the terminal generates a request message carrying a certificate request file and second operating environment information, wherein the certificate request file carries a public key of the target account.
And step 14, sending a request message to the server.
And step 15, the server receives a request message of the target account.
And step 16, generating a second signature certificate by using the certificate request file.
And step 17, the server extracts and stores the certificate fingerprint of the second signature certificate, generates a development kit, carries the second signature certificate, the hash value of the second operating environment information and the hash value of the kit information in the development kit, and sends the second signature certificate, the hash value of the second operating environment information and the hash value of the kit information to the target account.
And step 18, the terminal acquires the development kit carrying the second signature certificate.
And 2, generating a verification message by the terminal under the condition of receiving the starting request.
Step 21, the terminal acquires the first operating environment information, the tool kit information and the first signature certificate of the development tool kit.
Step 22, the terminal generates a first hash value of the first operating environment information and a second hash value of the toolkit information.
And step 23, the terminal signs the first hash value and the second hash value by using the public key in the first signature certificate to obtain signature information.
And step 24, generating a verification message carrying the signature information and the certificate fingerprint of the first signature certificate under the condition that the signature information passes the verification of the private key of the target account.
And step 25, prompting that the service system fails to start under the condition that the signature information does not pass the verification of the private key of the target account.
And step 3, the terminal sends the verification message to the server.
And 4, the server receives a verification message of the terminal, wherein the verification message carries the certificate fingerprint of the first signature certificate in the development tool package, and the development tool package is a tool package on which the service system depends during operation.
And 5, the server generates a verification result by comparing the certificate fingerprint of the first signature certificate with the prestored certificate fingerprint of the second signature certificate, and returns the verification result to the terminal. The second signing certificate is a signing certificate of a target account, and the target account has the use authority of the development kit.
And 6, the terminal acquires the verification result returned by the server and responds to the starting request according to the verification result.
Under the condition that the verification result shows that the certificate fingerprint of the first signature certificate is matched with the certificate fingerprint of the second signature certificate, starting a service system;
and prompting that the service system fails to start under the condition that the verification result shows that the certificate fingerprint of the first signature certificate is not matched with the certificate fingerprint of the second signature certificate.
As an alternative embodiment, the user first logs in the system, and after the real-name authentication, the "certificate SDK" is obtained, and the specific flow is as shown in fig. 3.
In step S31, the user generates an RSA private key using the open source tool opennssl or by himself.
Step S32, a csr certificate signing request file is generated using a private key.
Step S33, using the SDK auxiliary tool provided by the evidence storage platform to automatically collect SDK running environment information (i.e. machine environment information), such as CPU serialization, hard disk serial number, etc.
And step S34, packaging the machine environment information and the CSR file together to generate a message, and sending the message to the server through the SDK download interface to obtain the SDK program package.
And step S35, the server analyzes the message to obtain the CSR file and the machine environment information.
Step S36, the CSR file is signed with a CA certificate signature to generate a signed certificate. The CA is the issuing authority of certificates, which is the core of the Public Key Infrastructure (PKI).
Step S37, extracting the certificate fingerprint from the signature certificate, and saving the record.
And step S38, compiling and generating the SDK by using the characteristic hash, the signature certificate and the SDK source code extracted and generated from the machine environment information.
After the SDK is obtained, the SDK may be self-loaded when integrated into an application environment. The method of the security environment detection flow during the SDK integration is shown in fig. 4:
in step S41, signature information is generated.
Reading current computing environment information, reading a file packet of the SDK built-in method and reading built-in signature certificate information. With the basic information, the environment information can be calculated to generate the characteristic information hash, the self file content is used to generate the program package hash, and the characteristic hash and the program package hash are signed by using the fingerprint public key in the certificate information to generate the signature information.
And step S42, locally verifying the signature to realize rapid detection of the identity information.
And the SDK reads a private key configured by the system, verifies the generated signature information, and prompts a user that initialization fails if the generated signature information fails, and the system prohibits starting. If the verification is successful, the signature information and the certificate fingerprint are sent to the server side together, and then secondary verification is carried out.
And step S43, the server side carries out verification.
And after receiving the verification request, the server side extracts the fingerprint information from the record, regenerates a signature message, verifies the signature message and returns the result to the SDK. And the SDK judges whether the initialization is successful or not after receiving the information.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present application.
According to another aspect of the embodiments of the present application, there is also provided a verification apparatus for a development kit, which is used for implementing the verification method for a development kit. Fig. 5 is a schematic diagram of an alternative development kit verification apparatus according to an embodiment of the present application, and as shown in fig. 5, the apparatus may include:
a generating unit 501, configured to generate a verification packet when a start request is received, where the start request is used to request to start a service system, the verification packet carries a certificate fingerprint of a first signature certificate in a development kit, and the development kit is a kit on which the service system depends when the service system operates;
a first verification unit 503, configured to send the verification packet to a server, and obtain a verification result returned by the server, where the verification result is determined by the server by comparing a certificate fingerprint of the first signature certificate with a certificate fingerprint of a prestored second signature certificate, the second signature certificate is a signature certificate of a target account, and the target account has a usage right of the development kit;
a responding unit 505, configured to respond to the start request according to the verification result.
It should be noted that the generating unit 501 in this embodiment may be configured to execute step S202 in this embodiment, the first verifying unit 503 in this embodiment may be configured to execute step S204 in this embodiment, and the responding unit 505 in this embodiment may be configured to execute step S206 in this embodiment.
It should be noted here that the modules described above are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to the disclosure of the above embodiments. It should be noted that the modules described above as a part of the apparatus may operate in a hardware environment as shown in fig. 1, and may be implemented by software or hardware.
Through the module, when the terminal uses a development tool of a target account, a verification result is generated by comparing the certificate fingerprint of the first signature certificate of the terminal with the certificate fingerprint of the second signature certificate of the target account, and the starting request is responded according to the verification result, so that the identity of a user can be verified, an illegal user is prevented from using the SDK, the technical problem that potential safety hazards exist in the SDK using mode in the related technology can be solved, and the technical effect of improving the using safety of the SDK is achieved.
Optionally, when responding to the start request according to the verification result, the response unit is further configured to: under the condition that the verification result shows that the certificate fingerprint of the first signature certificate is matched with the certificate fingerprint of the second signature certificate, starting the business system; and prompting that the service system fails to start under the condition that the verification result shows that the certificate fingerprint of the first signature certificate is not matched with the certificate fingerprint of the second signature certificate.
Optionally, when the generating unit generates the verification packet, the generating unit is further configured to: acquiring first operating environment information, tool kit information and the first signature certificate of the development tool kit; generating a first hash value of the first runtime environment information and a second hash value of the toolkit information; signing the first hash value and the second hash value by using a public key in the first signature certificate to obtain signature information; generating the verification message carrying the signature information and the certificate fingerprint of the first signature certificate under the condition that the signature information passes the verification of the private key of the target account; after the public key in the first signature certificate is used for signing the first hash value and the second hash value to obtain signature information, under the condition that the signature information does not pass the verification of the private key of the target account, the service system is prompted to fail to start.
Optionally, the apparatus of the present application may further comprise: the first configuration unit is used for receiving a service request of a target account before receiving a starting request, wherein the service request is used for requesting to use the development toolkit; generating a public key of the target account and collecting second operation environment information; generating a request message carrying a certificate request file and the second operating environment information, wherein the certificate request file carries a public key of the target account; and sending the request message to a server to request to acquire the development kit carrying the second signature certificate, wherein the second signature certificate is obtained by processing the certificate request file by the server.
According to another aspect of the embodiments of the present application, there is also provided a development kit verification apparatus for implementing the development kit verification method, including: the system comprises a receiving unit, a verification unit and a verification unit, wherein the verification unit is used for receiving a verification message of a terminal, the verification message carries a certificate fingerprint of a first signature certificate in a development tool package, and the development tool package is a tool package which is depended on when a service system operates; the second verification unit is used for generating a verification result by comparing the certificate fingerprint of the first signature certificate with the prestored certificate fingerprint of a second signature certificate, wherein the second signature certificate is the signature certificate of a target account, and the target account has the use authority of the development kit; and the return unit is used for returning the verification result to the terminal.
Optionally, the apparatus of the present application may further comprise: the second configuration unit is used for receiving a request message of the target account before receiving a verification message of a terminal, wherein the request message comprises a certificate request file and second operating environment information; generating a second signed certificate using the certificate request file; and extracting and storing the certificate fingerprint of the second signature certificate, generating the development toolkit, carrying the second signature certificate, the hash value of the second operating environment information and the hash value of the toolkit information in the development toolkit, and sending the second signature certificate, the hash value of the second operating environment information and the hash value of the toolkit information to the target account.
It should be noted here that the modules described above are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to the disclosure of the above embodiments. It should be noted that the modules described above as a part of the apparatus may be operated in a hardware environment as shown in fig. 1, and may be implemented by software, or may be implemented by hardware, where the hardware environment includes a network environment.
According to another aspect of the embodiment of the present application, there is also provided a server or a terminal for implementing the verification method of the development kit.
Fig. 6 is a block diagram of a terminal according to an embodiment of the present application, and as shown in fig. 6, the terminal may include: one or more processors 601 (only one shown), a memory 603, and a transmitting device 605, as shown in fig. 6, the terminal may also include an input-output device 607.
The memory 603 may be configured to store software programs and modules, such as program instructions/modules corresponding to the method and apparatus for verifying a development kit in the embodiment of the present application, and the processor 601 executes various functional applications and data processing by running the software programs and modules stored in the memory 603, that is, implements the method for verifying a development kit. The memory 603 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 603 may further include memory located remotely from the processor 601, which may be connected to the terminal through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The above-mentioned transmission device 605 is used for receiving or sending data via a network, and may also be used for data transmission between a processor and a memory. Examples of the network may include a wired network and a wireless network. In one example, the transmission device 605 includes a Network adapter (NIC) that can be connected to a router via a Network cable and other Network devices to communicate with the internet or a local area Network. In one example, the transmission device 605 is a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
Among them, the memory 603 is used to store an application program, in particular.
The processor 601 may call the application stored in the memory 603 through the transmission device 605 to perform the following steps:
generating a verification message under the condition of receiving a starting request, wherein the starting request is used for requesting to start a service system, the verification message carries a certificate fingerprint of a first signature certificate in a development kit, and the development kit is a kit on which the service system depends when in operation;
sending the verification message to a server, and acquiring a verification result returned by the server, wherein the verification result is determined by the server by comparing the certificate fingerprint of the first signature certificate with the certificate fingerprint of a prestored second signature certificate, the second signature certificate is the signature certificate of a target account, and the target account has the use authority of the development kit;
and responding to the starting request according to the verification result.
The processor 601 is further configured to perform the following steps:
receiving a verification message of a terminal, wherein the verification message carries a certificate fingerprint of a first signature certificate in a development tool package, and the development tool package is a tool package on which a service system depends when in operation;
generating a verification result by comparing the certificate fingerprint of the first signature certificate with a pre-stored certificate fingerprint of a second signature certificate, wherein the second signature certificate is a signature certificate of a target account, and the target account has the use authority of the development kit;
and returning the verification result to the terminal.
By adopting the embodiment of the application, when the terminal uses the development tool of the target account, the verification result is generated by comparing the certificate fingerprint of the first signature certificate of the terminal with the certificate fingerprint of the second signature certificate of the target account, and the starting request is responded according to the verification result, so that the identity of the user can be verified, the condition that an illegal user uses the SDK is avoided, the technical problem that potential safety hazards exist in the SDK using mode in the related technology can be solved, and the technical effect of improving the use safety of the SDK is further achieved.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments, and this embodiment is not described herein again.
It can be understood by those skilled in the art that the structure shown in fig. 6 is only an illustration, and the terminal may be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palm computer, and a Mobile Internet Device (MID), a PAD, etc. Fig. 6 is a diagram illustrating a structure of the electronic device. For example, the terminal may also include more or fewer components (e.g., network interfaces, display devices, etc.) than shown in FIG. 6, or have a different configuration than shown in FIG. 6.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
Embodiments of the present application also provide a storage medium. Alternatively, in this embodiment, the storage medium may be a program code for executing a verification method of a development kit.
Optionally, in this embodiment, the storage medium may be located on at least one of a plurality of network devices in a network shown in the above embodiment.
Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps:
generating a verification message under the condition of receiving a starting request, wherein the starting request is used for requesting to start a service system, the verification message carries a certificate fingerprint of a first signature certificate in a development kit, and the development kit is a kit on which the service system depends when in operation;
sending the verification message to a server, and acquiring a verification result returned by the server, wherein the verification result is determined by the server by comparing the certificate fingerprint of the first signature certificate with the certificate fingerprint of a prestored second signature certificate, the second signature certificate is the signature certificate of a target account, and the target account has the use authority of the development kit;
and responding to the starting request according to the verification result.
Optionally, the storage medium is further arranged to store program code for performing the steps of:
receiving a verification message of a terminal, wherein the verification message carries a certificate fingerprint of a first signature certificate in a development tool package, and the development tool package is a tool package on which a service system depends when in operation;
generating a verification result by comparing the certificate fingerprint of the first signature certificate with a pre-stored certificate fingerprint of a second signature certificate, wherein the second signature certificate is a signature certificate of a target account, and the target account has the use authority of the development kit;
and returning the verification result to the terminal.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments, and this embodiment is not described herein again.
Optionally, in this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
The integrated unit in the above embodiments, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in the above computer-readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or a part of or all or part of the technical solution contributing to the prior art may be embodied in the form of a software product stored in a storage medium, and including instructions for causing one or more computer devices (which may be personal computers, servers, network devices, or the like) to execute all or part of the steps of the method described in the embodiments of the present application.
In the above embodiments of the present application, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The foregoing is only a preferred embodiment of the present application and it should be noted that those skilled in the art can make several improvements and modifications without departing from the principle of the present application, and these improvements and modifications should also be considered as the protection scope of the present application.
Claims (11)
1. A verification method for a development kit, comprising:
generating a verification message under the condition of receiving a starting request, wherein the starting request is used for requesting to start a service system, the verification message carries a certificate fingerprint of a first signature certificate in a development kit, and the development kit is a kit on which the service system depends when in operation;
sending the verification message to a server, and acquiring a verification result returned by the server, wherein the verification result is determined by the server by comparing the certificate fingerprint of the first signature certificate with the certificate fingerprint of a prestored second signature certificate, the second signature certificate is the signature certificate of a target account, and the target account has the use authority of the development kit;
and responding to the starting request according to the verification result.
2. The method of claim 1, wherein responding to the initiation request based on the verification comprises:
under the condition that the verification result shows that the certificate fingerprint of the first signature certificate is matched with the certificate fingerprint of the second signature certificate, starting the business system;
and prompting that the service system fails to start under the condition that the verification result shows that the certificate fingerprint of the first signature certificate is not matched with the certificate fingerprint of the second signature certificate.
3. The method of claim 1, wherein generating the verification message comprises:
acquiring first operating environment information, tool kit information and the first signature certificate of the development tool kit;
generating a first hash value of the first runtime environment information and a second hash value of the toolkit information;
signing the first hash value and the second hash value by using a public key in the first signature certificate to obtain signature information;
and generating the verification message carrying the signature information and the certificate fingerprint of the first signature certificate under the condition that the signature information passes the verification of the private key of the target account.
4. The method of claim 3, wherein after signing the first and second hash values using the public key in the first signing certificate to obtain signing information, the method further comprises:
and prompting that the service system fails to start under the condition that the signature information fails to pass the verification of the private key of the target account.
5. The method of claim 1, wherein prior to receiving the initiation request, the method further comprises:
receiving a service request of a target account, wherein the service request is used for requesting to use the development toolkit;
generating a public key of the target account and collecting second operation environment information;
generating a request message carrying a certificate request file and the second operating environment information, wherein the certificate request file carries a public key of the target account;
and sending the request message to a server to request to acquire the development kit carrying the second signature certificate, wherein the second signature certificate is obtained by processing the certificate request file by the server.
6. A verification method for a development kit, comprising:
receiving a verification message of a terminal, wherein the verification message carries a certificate fingerprint of a first signature certificate in a development tool package, and the development tool package is a tool package on which a service system depends when in operation;
generating a verification result by comparing the certificate fingerprint of the first signature certificate with a pre-stored certificate fingerprint of a second signature certificate, wherein the second signature certificate is a signature certificate of a target account, and the target account has the use authority of the development kit;
and returning the verification result to the terminal.
7. The method of claim 6, wherein prior to receiving the authentication message from the terminal, the method further comprises:
receiving a request message of the target account, wherein the request message comprises a certificate request file and second operation environment information;
generating a second signed certificate using the certificate request file;
and extracting and storing the certificate fingerprint of the second signature certificate, generating the development toolkit, carrying the second signature certificate, the hash value of the second operating environment information and the hash value of the toolkit information in the development toolkit, and sending the second signature certificate, the hash value of the second operating environment information and the hash value of the toolkit information to the target account.
8. A verification apparatus for a development kit, comprising:
the system comprises a generating unit, a verification unit and a verification unit, wherein the generating unit is used for generating a verification message under the condition of receiving a starting request, the starting request is used for requesting to start a service system, the verification message carries a certificate fingerprint of a first signature certificate in a development tool package, and the development tool package is a tool package which is depended by the service system when the service system operates;
the first verification unit is used for sending the verification message to a server and acquiring a verification result returned by the server, wherein the verification result is determined by the server through comparing a certificate fingerprint of the first signature certificate with a certificate fingerprint of a pre-stored second signature certificate, the second signature certificate is a signature certificate of a target account, and the target account has the use permission of the development kit;
and the response unit is used for responding to the starting request according to the verification result.
9. A verification apparatus for a development kit, comprising:
the system comprises a receiving unit, a verification unit and a verification unit, wherein the verification unit is used for receiving a verification message of a terminal, the verification message carries a certificate fingerprint of a first signature certificate in a development tool package, and the development tool package is a tool package which is depended on when a service system operates;
the second verification unit is used for generating a verification result by comparing the certificate fingerprint of the first signature certificate with the prestored certificate fingerprint of a second signature certificate, wherein the second signature certificate is the signature certificate of a target account, and the target account has the use authority of the development kit;
and the return unit is used for returning the verification result to the terminal.
10. A storage medium, characterized in that the storage medium comprises a stored program, wherein the program when executed performs the method of any of the preceding claims 1 to 7.
11. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the method of any of the preceding claims 1 to 7 by means of the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110075793.3A CN112749378A (en) | 2021-01-20 | 2021-01-20 | Development kit verification method and device, storage medium and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110075793.3A CN112749378A (en) | 2021-01-20 | 2021-01-20 | Development kit verification method and device, storage medium and electronic device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112749378A true CN112749378A (en) | 2021-05-04 |
Family
ID=75652605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110075793.3A Pending CN112749378A (en) | 2021-01-20 | 2021-01-20 | Development kit verification method and device, storage medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112749378A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106709280A (en) * | 2016-12-08 | 2017-05-24 | 北京旷视科技有限公司 | Method, client and server for processing information |
| US20190132309A1 (en) * | 2017-10-30 | 2019-05-02 | Alibaba Group Holding Limited | Digital certificate management |
| CN110162936A (en) * | 2019-05-31 | 2019-08-23 | 北京比特安索信息技术有限公司 | A kind of use authorization method of software content |
| CN111625781A (en) * | 2020-08-03 | 2020-09-04 | 腾讯科技(深圳)有限公司 | SDK authorization authentication method, device, equipment and storage medium |
| CN111767559A (en) * | 2020-06-23 | 2020-10-13 | 江苏荣泽信息科技股份有限公司 | Field level encryption blockchain data |
-
2021
- 2021-01-20 CN CN202110075793.3A patent/CN112749378A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106709280A (en) * | 2016-12-08 | 2017-05-24 | 北京旷视科技有限公司 | Method, client and server for processing information |
| US20190132309A1 (en) * | 2017-10-30 | 2019-05-02 | Alibaba Group Holding Limited | Digital certificate management |
| CN110162936A (en) * | 2019-05-31 | 2019-08-23 | 北京比特安索信息技术有限公司 | A kind of use authorization method of software content |
| CN111767559A (en) * | 2020-06-23 | 2020-10-13 | 江苏荣泽信息科技股份有限公司 | Field level encryption blockchain data |
| CN111625781A (en) * | 2020-08-03 | 2020-09-04 | 腾讯科技(深圳)有限公司 | SDK authorization authentication method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108768970B (en) | Binding method of intelligent equipment, identity authentication platform and storage medium | |
| CN108241517B (en) | Software upgrading method, client and electronic equipment | |
| CN111010372A (en) | Block chain network identity authentication system, data processing method and gateway equipment | |
| CN111131416B (en) | Service providing method and device, storage medium and electronic device | |
| CN108848496B (en) | TEE-based virtual eSIM card authentication method, TEE terminal and management platform | |
| EP3433994B1 (en) | Methods and apparatus for sim-based authentication of non-sim devices | |
| CN109194625B (en) | Client application protection method and device based on cloud server and storage medium | |
| CN103401880B (en) | The system and method that a kind of industrial control network logs in automatically | |
| CN110417797A (en) | Authenticate the method and device of user | |
| CN104753674B (en) | A kind of verification method and equipment of application identity | |
| CN112559993B (en) | Identity authentication method, device and system and electronic equipment | |
| CN110198296B (en) | Authentication method and device, storage medium and electronic device | |
| CN110381075B (en) | Block chain-based equipment identity authentication method and device | |
| CN101216915B (en) | A secured mobile payment method | |
| CN111815321A (en) | Transaction proposal processing method, device, system, storage medium and electronic device | |
| CN103905194A (en) | Identity traceability authentication method and system | |
| CN107682376B (en) | Wind control data interaction method and device | |
| CN105376059A (en) | Method and system for performing application signature based on electronic key | |
| CN111901304B (en) | Registration method and device of mobile security equipment, storage medium and electronic device | |
| CN111461720A (en) | Identity verification method and device based on block chain, storage medium and electronic equipment | |
| CN105743651B (en) | The card in chip secure domain is using method, apparatus and application terminal | |
| CN111901303A (en) | Device authentication method and apparatus, storage medium, and electronic apparatus | |
| CN108574658B (en) | Application login method and device | |
| CN112583594B (en) | Data processing method, acquisition device, gateway, trusted platform and storage medium | |
| JP2021100227A (en) | IoT KEY MANAGEMENT SYSTEM, SECURE DEVICE, IoT DEVICE, DEVICE MANAGEMENT APPARATUS, AND METHOD FOR CREATING PUBLIC KEY CERTIFICATE OF SECURE ELEMENT |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 601, 6 / F, building 2, No. 18, Kechuang 11th Street, Daxing District, Beijing, 100176 Applicant after: Jingdong Technology Information Technology Co.,Ltd. Applicant after: Jingdong Technology Holding Co., Ltd Address before: 601, 6 / F, building 2, No. 18, Kechuang 11th Street, Daxing District, Beijing, 100176 Applicant before: Jingdong Shuke Haiyi Information Technology Co., Ltd Applicant before: Jingdong Digital Technology Holding Co., Ltd |