CN112805702A - Counterfeit APP identification method and device - Google Patents
Counterfeit APP identification method and device Download PDFInfo
- Publication number
- CN112805702A CN112805702A CN201980066172.XA CN201980066172A CN112805702A CN 112805702 A CN112805702 A CN 112805702A CN 201980066172 A CN201980066172 A CN 201980066172A CN 112805702 A CN112805702 A CN 112805702A
- Authority
- CN
- China
- Prior art keywords
- certificate
- app
- service
- server
- identified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 100
- 238000003860 storage Methods 0.000 claims description 14
- 238000013475 authorization Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 12
- 238000012795 verification Methods 0.000 claims description 8
- 208000033748 Device issues Diseases 0.000 claims description 3
- 230000003993 interaction Effects 0.000 abstract description 11
- 230000006870 function Effects 0.000 description 21
- 238000010586 diagram Methods 0.000 description 17
- 238000007726 management method Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 11
- 238000013461 design Methods 0.000 description 10
- 102100038359 Xaa-Pro aminopeptidase 3 Human genes 0.000 description 6
- 101710081949 Xaa-Pro aminopeptidase 3 Proteins 0.000 description 6
- 101100055496 Arabidopsis thaliana APP2 gene Proteins 0.000 description 5
- 101100016250 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) GYL1 gene Proteins 0.000 description 5
- 238000009434 installation Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000012827 research and development Methods 0.000 description 5
- 101150053844 APP1 gene Proteins 0.000 description 4
- 101100189105 Homo sapiens PABPC4 gene Proteins 0.000 description 4
- 102100039424 Polyadenylate-binding protein 4 Human genes 0.000 description 4
- 238000004891 communication Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000005192 partition Methods 0.000 description 3
- 239000003795 chemical substances by application Substances 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 101100264195 Caenorhabditis elegans app-1 gene Proteins 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 239000007943 implant Substances 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the application provides a counterfeit APP identification method, a server and terminal equipment, wherein the method comprises the following steps: after the APP to be identified on the terminal equipment is started, before business interaction is carried out with the business server, the certificate chain and the signature data are sent to the business server, the business server checks that each certificate in the certificate chain is legal, and the business certificate is after the business certificate of the APP to be identified, whether the signature certificate fingerprint corresponding to the packet name in the contrast business certificate is the same as the signature certificate fingerprint corresponding to the pre-stored packet name or not, thereby identifying whether the APP to be identified is a counterfeit APP or not, avoiding the business server providing service for the counterfeit APP, and improving the business safety. In addition, if the service server can only provide service for a certain number of users at the same time, through the application, the method and the system, the illegal user can be prevented from accessing the service server through the counterfeit APP, and the service of the legal user can be guaranteed.
Description
The embodiment of the application relates to the technical field of security, in particular to a counterfeit APP identification method and device.
With the continuous development of technology, various Applications (APP) are emerging. An attacker implants malicious codes or advertisement information into a legal APP by decompiling the legal APP in a third-party application store, so that the legal APP is falsified into a counterfeit APP, or a bad party develops the counterfeit APP and uploads the counterfeit APP to the third-party application store. Because the ordinary user does not have the ability of discerning the counterfeit APP, consequently can download and use these counterfeit APPs, cause the potential safety hazard to the user.
To prevent counterfeit APPs from occurring in third party APP stores, counterfeit APPs are currently identified by a server of the third party APP store, such as a server corresponding to an APP store (store). In the identification process, the server identifies the APP based on an Android Package (APK) file of the APP by extracting a feature vector of the APK file or adding monitoring features and the like in the APK file.
The method for identifying the counterfeit APP is suitable for identifying the counterfeit APP by the third-party application store. However, in some scenarios, the service server only provides services for a specific APP, and does not want to be accessed by other APPs, for example, a server corresponding to the hua share APP only provides services for the hua share APP. If the server of the third-party application store identifies that an APP is a legal APP, but the APP is illegal for the service server, potential safety hazards are caused when the APP is downloaded to the terminal equipment and accesses the service server; or, if an APP is a counterfeit APP, but the server of the third-party APP store does not recognize that the APP is the counterfeit APP, the APP is downloaded to the terminal device and accesses the service server, which also causes a potential safety hazard.
Disclosure of Invention
The embodiment of the application provides a counterfeit APP identification method and device, after a user downloads an APP from a terminal device, when the user uses the APP to interact with a service server, the APP is counterfeit-identified by the service server, the service server is prevented from providing service for the counterfeit APP, and the safety of the service server is guaranteed.
In a first aspect, an embodiment of the present application provides a counterfeit APP identification method, which may be applied to a server or a chip of the server. The method is described below by taking the application to a server as an example, and the method comprises the following steps: the server sends a first random number to the terminal equipment; the server receives a certificate chain and signature data sent by the terminal equipment, wherein the certificate in the certificate chain comprises a service certificate of an application program APP to be identified, the service certificate carries a packet name of the APP to be identified and a first signature certificate fingerprint of the APP to be identified, and the signature data is obtained by encrypting a first random number by the terminal equipment by using a private key corresponding to the service certificate; the server judges whether the business certificate is the business certificate of the APP to be identified or not according to the certificate chain and the signature data; if the business certificate is the business certificate of the APP to be identified, the server judges whether the APP to be identified is a counterfeit APP or not according to the packet name and the first signature certificate fingerprint. By adopting the method, after the APP to be identified on the terminal equipment is started and before business interaction is carried out with the business server, the certificate chain and the signature data are sent to the business server, the business server checks that each certificate in the certificate chain is legal, and after the business certificate is the business certificate of the APP to be identified, whether the signature certificate fingerprint corresponding to the packet name in the business certificate is the same as the signature certificate fingerprint corresponding to the pre-stored packet name is compared, so that whether the APP to be identified is a counterfeit APP is identified, the business server is prevented from providing service for the counterfeit APP, and the business safety is improved. In addition, if the service server can only provide service for a certain number of users at the same time, through the application, the method and the system, the illegal user can be prevented from accessing the service server through the counterfeit APP, and the service of the legal user can be guaranteed.
In a feasible design, the server determines whether the service certificate is the service certificate of the APP to be identified according to the certificate chain and the signature data, including: the server decrypts the signature data by using the public key of the service certificate to obtain a random number, which is called as a second random number in the following, and then compares whether the first random number is the same as the second random number, if so, the server determines that the service certificate is the service certificate of the APP to be identified; and if the first random number is different from the second random number, the server determines that the service certificate is not the service certificate of the APP to be identified. By adopting the method, the purpose that whether the service certificate is the APP service certificate or not is achieved.
In a feasible design, the certificate in the certificate chain further includes a root certificate of the terminal device and a device authentication authorization CA certificate, the trusted certificate on the server is the root certificate, and the server determines whether the certificate in the certificate chain is legal, including: whether the root certificate is legal or not is judged, whether the equipment certificate is legal or not is judged, and whether the service certificate is legal or not is judged. In the certificate chain validity checking process, the server judges whether a root certificate in a certificate chain exists in a trustable root certificate set stored locally, if the root certificate in the certificate chain is contained in the trustable root certificate set, the server considers that the root certificate is credible, otherwise, the server considers that the root certificate in the certificate chain is incredible; then, the server decrypts the CA certificate of the equipment by using the public key of the root certificate to obtain a hash value, the hash algorithm carried by the CA certificate of the equipment is used for carrying out hash operation on the content of the CA certificate of the equipment to obtain another hash value, if the two hash values are the same, the server considers that the CA certificate of the equipment is legal, otherwise, the server considers that the CA certificate of the equipment is illegal; then, the server decrypts the service certificate by using the public key of the CA certificate of the equipment to obtain a hash value, hash operation is carried out on the content of the service certificate by using a hash algorithm carried by the service certificate to obtain another hash value, and if the two hash values are the same, the server considers that the service certificate is legal; conversely, the server considers the service certificate to be illegal. By adopting the scheme, the aim of carrying out validity check on the certificate in the certificate chain when the trusted certificate level on the service server is the root certificate is fulfilled.
In one possible design, the certificate in the certificate chain further includes a device authorization, CA, certificate of the terminal device, the trusted certificate level on the server is the device CA certificate, and the server determines whether the certificate in the certificate chain is legal, including: the server determines whether a device CA certificate in a certificate chain exists in a pre-deployed trusted CA certificate set; if the CA certificate set has the equipment CA certificate in the certificate chain, the server decrypts the service certificate by using the public key of the equipment CA certificate to obtain a hash value, performs hash operation on the content of the service certificate by using a hash algorithm carried by the service certificate to obtain another hash value, and if the two hash values are the same, the server considers that the service certificate is legal; conversely, the server considers the service certificate to be illegal. By adopting the scheme, the aim of carrying out validity check on the certificate in the certificate chain is fulfilled when the credible certificate level on the service server is the equipment CA certificate.
In a feasible design, if the service certificate is the service certificate of the APP to be identified, the server determines whether the APP to be identified is a counterfeit APP according to the package name and the first signature certificate fingerprint, including: if the service certificate is the service certificate of the APP to be identified, the server compares a first signature certificate fingerprint corresponding to a packet name in a certificate chain with a second signature certificate fingerprint stored when the legal APP corresponding to the packet name is registered on the server; and if the first signature certificate fingerprint is different from the second signature certificate fingerprint, the server determines that the APP to be identified is a counterfeit APP. By adopting the scheme, the aim of counterfeit identification of the APP to be identified is fulfilled by the server according to the package name and the signature certificate fingerprint.
In a second aspect, an embodiment of the present application provides a method for identifying a counterfeit application APP, where the method may be applied to a terminal device and may also be applied to a chip in the terminal device. The method is described below by taking the application to the terminal device as an example, and the method includes: the method comprises the steps that terminal equipment sends a request message for establishing a link between an application program APP to be identified and a server to the server; the method comprises the steps that a terminal receives a verification message for verifying an APP to be identified, wherein the verification message comprises a first random number; the terminal equipment sends a certificate chain and signature data to the server, wherein the signature data is obtained by encrypting a first random number through a private key corresponding to the APP to be identified; and the terminal receiving server verifies whether the APP to be identified is a result of counterfeiting the APP according to the certificate chain and the signature data. By adopting the method, after the APP to be identified on the terminal equipment is started and before business interaction is carried out with the business server, the certificate chain and the signature data are sent to the business server, the business server checks that each certificate in the certificate chain is legal, and after the business certificate is the business certificate of the APP to be identified, whether the signature certificate fingerprint corresponding to the packet name in the business certificate is the same as the signature certificate fingerprint corresponding to the pre-stored packet name is compared, so that whether the APP to be identified is a counterfeit APP is identified, the business server is prevented from providing service for the counterfeit APP, and the business safety is improved. In addition, if the service server can only provide service for a certain number of users at the same time, through the application, the method and the system, the illegal user can be prevented from accessing the service server through the counterfeit APP, and the service of the legal user can be guaranteed.
In one feasible design, the certificate chain comprises a service certificate of an APP to be identified, and the service certificate carries a package name of the APP to be identified and a first signature certificate fingerprint of the APP to be identified; the terminal receiving server verifies whether the APP to be identified is a result of counterfeit APP according to the certificate chain and the signature data, and the method comprises the following steps: the terminal equipment receives a counterfeit identification result obtained by matching a second visa certificate fingerprint corresponding to the registration of the package name of the APP with the first signature certificate fingerprint by the server; if the matching is successful, the counterfeit result indicates that the APP is not a counterfeit APP, or if the matching is failed, the counterfeit identification result indicates that the APP is a counterfeit APP. By adopting the scheme, whether the APP to be identified is the counterfeit APP is identified, the service server is prevented from providing service for the counterfeit APP, and the service safety is improved. In addition, if the service server can only provide service for a certain number of users at the same time, through the application, the illegal user can be prevented from accessing the service server through the counterfeit APP, and the service of the legal user can be ensured
In a possible design, before the terminal device sends the certificate chain and the signature data to the server, the method further includes: the terminal equipment signs and issues a service certificate for the APP to be identified by using the CA certificate, and the content of the service certificate comprises the package name of the APP to be identified and the first signature certificate fingerprint of the APP to be identified. By adopting the scheme, the purpose that the terminal equipment signs and issues the service certificate for the APP to be identified by utilizing the CA certificate is realized.
In one possible design, the service certificate is generated and managed by a certificate management service of the terminal device, and the certificate management service is located in a Framework layer of a system of the terminal device. By adopting the scheme, the aim of setting the certificate management service on the terminal equipment is fulfilled.
In one possible design, the service certificate further includes a public key of the APP to be identified, and the public key corresponds to a private key that encrypts the first random number. By adopting the scheme, the purpose of checking whether the service certificate is the service certificate of the APP to be identified is achieved.
In one feasible design, an operating system of a terminal device includes a rich execution environment REE operating system and a trusted execution environment TEE operating system, and the terminal device issues a service certificate for an APP to be identified by using a device CA certificate, including: the terminal equipment sends a service certificate application request message to a trusted application TA running on a TEE operating system through a client application CA running on the REE operating system; and the TA controlled by the terminal equipment signs and issues a service certificate for the APP to be identified by utilizing the CA certificate of the equipment. By adopting the scheme, the aim that the TA controlled by the terminal equipment signs and issues the service certificate for the APP to be identified by utilizing the CA certificate of the equipment is fulfilled.
In a third aspect, an embodiment of the present application provides a server, including:
a transmitter for transmitting the first random number to the terminal device;
the receiver is used for receiving a certificate chain and signature data sent by terminal equipment, wherein the certificate in the certificate chain comprises a service certificate of an application program APP to be identified, the service certificate carries a packet name of the APP to be identified and a first signature certificate fingerprint of the APP to be identified, and the signature data is obtained by encrypting the first random number by the terminal equipment by using a private key corresponding to the service certificate;
the processor is used for judging whether the service certificate is the service certificate of the APP to be identified or not according to the certificate chain and the signature data; if the business certificate is the business certificate of the APP to be identified, judging whether the APP to be identified is a counterfeit APP or not according to the package name and the first signature certificate fingerprint.
In a feasible implementation manner, the processor is configured to determine whether a certificate in the certificate chain is legal, and if the certificate in the certificate chain is legal, decrypt the signature data according to a public key carried by a service certificate in the certificate chain to obtain a second random number; judging whether the first random number is the same as the second random number or not, and if the first random number is the same as the second random number, determining that the service certificate is the service certificate of the APP to be identified; and if the first random number is different from the second random number, determining that the service certificate is not the service certificate of the APP to be identified.
In a feasible implementation manner, the certificate in the certificate chain further includes a root certificate of the terminal device and a device authentication authorization CA certificate, and the processor is configured to determine whether a root certificate in the certificate chain exists in a pre-deployed trusted root certificate set, if the root certificate in the certificate chain exists in the root certificate set, decrypt the device CA certificate included in the certificate chain using a public key carried by the root certificate to obtain a first hash value, perform a hash operation on the device CA certificate according to a hash algorithm carried by the device CA certificate to obtain a second hash value, if the first hash value and the second hash value are the same, determine that the device CA certificate is a valid certificate, decrypt the service certificate according to the public key carried by the device CA certificate to obtain a third hash value, and according to the hash algorithm carried by the service certificate, and performing hash operation on the service certificate to obtain a fourth hash value, and if the third hash value is the same as the fourth hash value, determining that the service certificate is a legal certificate.
In a feasible implementation manner, the certificate in the certificate chain further includes an equipment authorization CA certificate of the terminal equipment, and the processor is configured to determine whether an equipment CA certificate in the certificate chain exists in a pre-deployed trusted CA certificate set, decrypt a service certificate by using a public key carried by the trusted equipment CA certificate if the equipment CA certificate in the certificate chain exists in the CA certificate set, obtain a third hash value, perform hash operation on the service certificate according to a hash algorithm carried by the service certificate, obtain a fourth hash value, and determine that the service certificate is a legal certificate if the third hash value is the same as the fourth hash value.
In a feasible implementation manner, the processor is configured to determine whether the APP to be identified is a counterfeit APP according to the package name and the first signature certificate fingerprint if the service certificate is the service certificate of the APP to be identified, including: if the service certificate is the service certificate of the APP to be identified, determining a second signature certificate fingerprint according to the package name, storing the corresponding relation between the package name and the second signature certificate fingerprint, judging whether the first signature certificate fingerprint and the second signature certificate fingerprint are the same, and if the first signature certificate fingerprint and the second signature certificate fingerprint are not the same, determining that the APP to be identified is a counterfeit APP.
In a possible implementation, the server is a service server or a device CA server.
In a fourth aspect, an embodiment of the present application provides a terminal device, including:
the device comprises a transmitter, a server and a client, wherein the transmitter is used for transmitting a request message for establishing a link between an application program APP to be identified and the server to the server;
the receiver is used for receiving a verification message which is sent by the server and used for verifying the APP to be identified, wherein the verification message comprises a first random number;
the sender is further configured to send a certificate chain and signature data to the server, where the signature data is obtained by encrypting the first random number through a private key corresponding to the first APP;
the receiver is further configured to receive a result that the server verifies whether the APP to be identified is a counterfeit APP according to the certificate chain and the signature data.
In a feasible implementation manner, the certificate chain includes a service certificate of the APP to be identified, the service certificate carries a package name of the APP to be identified and a first signature certificate fingerprint of the APP to be identified, and the receiver is configured to receive a counterfeit identification result obtained by matching a corresponding second signature certificate fingerprint with the first signature certificate fingerprint when the server registers the package name of the APP; if the matching is successful, the counterfeit result indicates that the APP is not a counterfeit APP, or if the matching is failed, the counterfeit identification result indicates that the APP is a counterfeit APP.
In a possible implementation manner, the terminal device further includes: and the processor is used for signing and issuing the service certificate for the APP to be identified by utilizing a device CA (certificate authority) certificate before the sender sends the certificate chain and the signature data to the server, wherein the content of the service certificate comprises the package name of the APP to be identified and the first signature certificate fingerprint of the APP to be identified.
In a feasible implementation manner, the service certificate is generated and managed by a certificate management service of the terminal device, and the certificate management service is located in a Framework layer of a system of the terminal device.
In a feasible implementation manner, the service certificate further includes a public key of the APP to be identified, where the public key corresponds to a private key for encrypting the first random number.
In a possible implementation manner, the operating system of the terminal device includes a rich execution environment REE operating system and a trusted execution environment TEE operating system, and the terminal device further includes: a processor;
the sender is used for sending a service certificate application request message to a trusted application TA running on the TEE operating system through a client application CA running on the REE operating system;
and the processor is used for controlling the TA to utilize the equipment CA certificate to issue the service certificate for the APP to be identified.
In a fifth aspect, embodiments of the present application provide a computer program product comprising instructions, which when run on a processor, cause the processor computer to perform the method of the first aspect or the various possible implementations of the first aspect.
In a sixth aspect, embodiments of the present application provide a computer program product comprising instructions, which when run on a processor, cause the processor to perform the method of the second aspect or the various possible implementations of the second aspect.
In a seventh aspect, an embodiment of the present application provides a computer-readable storage medium, which stores instructions that, when executed on a processor, cause the processor to execute the first aspect or the method in the various possible implementation manners of the first aspect.
In an eighth aspect, embodiments of the present application provide a computer-readable storage medium having stored therein instructions, which, when executed on a processor, cause the processor to perform the method of the second aspect or the various possible implementations of the second aspect.
In a ninth aspect, an embodiment of the present application provides a chip, where the chip system includes a processor and may further include a memory, and is configured to implement the first aspect or the method in various possible implementation manners of the first aspect.
In a tenth aspect, an embodiment of the present application provides a chip, where the chip system includes a processor and may further include a memory, and is configured to implement the method in the second aspect or various possible implementations of the second aspect.
In an eleventh aspect, an embodiment of the present application further provides a counterfeit APP identification system, including a server implemented in any one of the possible manners of the third aspect or the third aspect, and a terminal device implemented in any one of the possible manners of the fourth aspect or the fourth aspect.
The counterfeit APP identification method, the server and the terminal device provided by the embodiment of the application, after the APP to be identified on the terminal device is started, before business interaction is carried out with the business server, the certificate chain and the signature data are sent to the business server, the business server checks that each certificate in the certificate chain is legal, and the business certificate is the business certificate of the APP to be identified, whether the signature certificate fingerprint corresponding to the packet name in the business certificate is the same as the signature certificate fingerprint corresponding to the pre-stored packet name is compared, so that whether the APP to be identified is the counterfeit APP is identified, the business server is prevented from providing service for the counterfeit APP, and the business safety is improved. In addition, if the service server can only provide service for a certain number of users at the same time, through the application, the method and the system, the illegal user can be prevented from accessing the service server through the counterfeit APP, and the service of the legal user can be guaranteed.
Fig. 1A is a schematic diagram of a network architecture to which an APP identification method according to an embodiment of the present application is applied;
fig. 1B is a schematic diagram of a network architecture to which another method for identifying a counterfeit APP according to the embodiment of the present application is applied;
fig. 2 is a flowchart of an identification method for counterfeit APP according to an embodiment of the present application;
fig. 3 is a schematic diagram of an architecture to which an APP identification method according to an embodiment of the present application is applied;
FIG. 4 is a flowchart of another method for identifying counterfeit APP information provided by the embodiments of the present application;
FIG. 5 is a flowchart of issuing a certificate used in the method for identifying a counterfeit APP according to the present application;
fig. 6 is a schematic view of a passing scene of counterfeit detection in the counterfeit APP identification method provided in the embodiment of the present application;
fig. 7 is a schematic structural diagram of a server according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a terminal device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of another server provided in the embodiment of the present application;
fig. 10 is a schematic structural diagram of another terminal device provided in an embodiment of the present application;
fig. 11 is a schematic architecture diagram of an aspect APP recognition system according to an embodiment of the present application.
In the process of identifying counterfeit APP at present, the APP is identified by extracting the feature vector of the APK file of the APP or adding monitoring features and the like in the APK file, and the identification method is suitable for application markets to detect counterfeit APPs. However, some traffic servers only serve specific APPs. Taking the APP as the hua APP, for example, the hua share, one function of the hua share is to share photos, and when traveling, the user shares photos with relatives and friends through the hua share. When sharing photos, terminal equipment of a user needs to connect a business server through the Huawei share, and the photos are shared to relatives and friends through the business server, wherein the business server is used for providing services for the Huawei share. In the sharing process, the service server cannot judge whether the Hua is a share on the terminal equipment is counterfeit or not, so that the counterfeit APP illegally uses the service server, namely the service server is easily attacked by the counterfeit APP.
In view of this, an embodiment of the present application provides a counterfeit APP identification method, where after a user downloads an APP (hereinafter referred to as an APP to be identified) from a terminal device, when the user uses the APP to interact with a service server, the service server performs counterfeit identification on the APP, so as to avoid the service server providing a service for the counterfeit APP, and improve security.
In embodiments of the present application, a terminal device is a device that may provide voice and/or data connectivity to a user, a handheld device with wireless connectivity, or other processing device connected to a wireless modem. The terminal devices, which may be mobile terminal devices such as mobile telephones (or "cellular" telephones) and computers having mobile terminal devices, for example, portable, pocket, hand-held, computer-included, or vehicle-mounted mobile devices, may communicate with one or more core networks via a Radio Access Network (RAN). For example, Personal Communication Service (PCS) phone, cordless phone, Session Initiation Protocol (SIP) phone, Wireless Local Loop (WLL) station, Personal Digital Assistant (PDA), handheld device with wireless communication function, computing device or other processing device connected to wireless modem, vehicle-mounted device, wearable device, terminal in future 5G network or terminal device in future evolved Public Land Mobile Network (PLMN), etc., which is not limited by the embodiments of the present application. A terminal device may also be referred to as a system, a subscriber unit (subscriber unit), a subscriber station (subscriber station), a mobile station (mobile), a remote station (remote station), an access point (access point), a remote terminal device (remote terminal), an access terminal device (access terminal), a user terminal device (user terminal), a user agent (user agent), a user device (user device), or a user equipment (user equipment).
The server refers to a business server or a device CA server, the business server refers to an APP for providing service for a certain or some genuine APPs, and the device CA server is a server with a trusted certificate list. When only a service server is deployed in a network architecture, a trusted certificate list is deployed on the service server, a legal APP is registered on the service server, and the service server is responsible for certificate chain validity check, judgment on whether a service certificate is the service certificate of the APP or not and counterfeit APP identification. When a service server and an equipment CA server are deployed in a network architecture at the same time, a legal APP can be registered on the service server, a trusted certificate list is deployed on the service server, the latest trusted certificate list is periodically acquired from the equipment CA server, and the service server is responsible for certificate chain validity check, judgment on whether a service certificate is the service certificate of the APP or not and counterfeit APP identification; or the legal APP can be registered on the service server, but the trusted certificate list is not deployed on the service server, the equipment CA server is responsible for certificate chain validity check and judgment whether the service certificate is the service certificate of the APP, and the service server is responsible for counterfeit identification; or the legal APP is registered on the equipment CA server, the equipment CA server is responsible for certificate chain validity check, judgment on whether the business certificate is the business certificate of the APP or not and identification of the counterfeit APP, and the business server only plays a role in transparent transmission and forwarding. For example, please refer to fig. 1A and 1B.
Fig. 1A is a schematic diagram of a network architecture to which an APP identification method according to an embodiment of the present application is applied. Referring to fig. 1A, the scenario includes a terminal device and a service server, where the terminal device and the service server establish a network connection, the service server is a server for a certain or some genuine APPs, and when a genuine APP is released, a research and development worker needs to register the genuine APP on the service server and store a corresponding relationship between a signature certificate fingerprint of the genuine APP and a package name; meanwhile, a trusted certificate set required for performing validity check on the certificate chain, such as a trusted root certificate set or a trusted device authentication authority (CA) certificate set, is stored on the service server. If the legal version APP is downloaded and installed on the terminal device, the terminal device can use the functions provided by the service server by using the APP. For the user, the user does not know whether the APP downloaded and installed on the terminal device is a counterfeit APP, and therefore, in this embodiment, the terminal device downloads and installs the APP, starts the APP, which is hereinafter referred to as an APP to be identified, and the service server performs counterfeit identification on the APP to be identified according to the certificate chain, the service certificate of the APP to be identified, and the like, where the service certificate of the APP to be identified carries the package name and the signature certificate fingerprint of the APP to be identified. For example, the APP to be identified is a share of a genuine edition, and the user does not know that the share of the genuine edition is the share of the genuine edition or the copy of the genuine edition, so that after the user starts the share of the genuine edition, the service server identifies the APP to be identified, if the APP to be identified is identified as the share of the genuine edition, the APP to be identified uses the functions provided by the service server, such as remotely sharing data such as photos, files and the like to other users, and if the service server identifies that the APP to be identified is the copy APP, the APP to be identified is rejected from using the functions provided by the service server.
In general, in the scenario shown in fig. 1A, the terminal device, the service server, and the original APP are from the same vendor. However, the embodiment of the present application is not limited, for example, the terminal device and the service server are from the same manufacturer, and the legal APP is developed by a third party, and the service server provides an interface for the legal APP developed by the third party to access.
Fig. 1B is a schematic diagram of a network architecture to which another method for identifying a counterfeit APP according to the embodiment of the present application is applied. Referring to fig. 1B, the scenario includes a terminal device, a service server, and an authentication and authorization server, where a network connection is established between the terminal device and the service server, and a network connection is established between the service server and the authentication and authorization server. The business server is a server for a certain or some legal APPs, and when the legal APPs are released, research personnel store the corresponding relation between the signature certificate fingerprint and the package name of the legal APPs on the authentication and authorization server. In addition, the certificate authority server stores a set of trusted certificates required for performing validity check on the certificate chain, such as a set of trusted root certificates (root certificates) or a set of trusted authority (CA) certificates. When the APP to be identified is downloaded and installed on the terminal equipment, the APP to be identified is started, the certificate chain and the like are sent to the service server, then the service server sends the received certificate chain and the like to the authentication and authorization server, and the APP is counterfeited and identified by the authentication and authorization server. Or, the device CA server may only store a trusted certificate set, and the research and development staff stores the signature certificate fingerprint, the package name, and the corresponding relationship between the signature certificate fingerprint and the package name of the genuine APP in the service server, and then after receiving the certificate chain and the signature data, the service server sends the certificate chain and the signature data to the device CA server, and the device CA server verifies whether the certificate chain is legitimate and whether the service certificate in the certificate chain is the certificate of the APP, and only if the certificate in the certificate chain is legitimate and the service certificate is the service certificate of the APP, the service server performs counterfeit identification on the APP according to the package name and the first signature certificate fingerprint in the service certificate.
It should be noted that, in the embodiment of the present application, the counterfeit APP is not limited to the APP implanted with malicious code or advertisement information and an illegal APP developed by a lawbreaker. The counterfeit APPs in the embodiment of the present application are relative, for example, the service server only provides services for APP1, and the legal APPs downloaded and installed on the terminal device include APP1, APP2 and APP3, and since APP2 and APP3 are not APPs corresponding to the service server, for the service server, APP2 and APP3 are also counterfeit APPs.
In the scenario shown in fig. 1B, the terminal device, the service server, and the genuine APP may be from the same vendor or different vendors.
In the embodiment of the application, the terminal device injects a trusted root, such as a root certificate and/or a device CA certificate, when generating, wherein the device CA certificate is issued by the root certificate. After the terminal device leaves the factory, the terminal device can use the device CA certificate to issue a service certificate for the APP to be identified. The certificates described in the embodiments of the present application include root certificates, device CA certificates, service certificates, and the like, each certificate has a key pair, and the key pair includes a public key and a private key, the public key is carried in the certificate, and the private key is stored in the secure storage partition of the terminal device.
Next, the counterfeit APP identification method according to the embodiment of the present application will be described in detail by taking the architecture shown in fig. 1A as an example. For example, refer to fig. 2, fig. 2 is a flowchart of an identification method of a counterfeit APP provided in an embodiment of the present application, and this embodiment explains the identification method of the counterfeit APP described in the present application from the perspective of interaction between a service server and a terminal device. The embodiment comprises the following steps:
101. and the terminal sends a request message for establishing a link between the APP to be identified and the server to the server.
Illustratively, the terminal device downloads and installs an APP, starts the APP, which is referred to as an APP to be identified hereinafter, and sends a link establishment request to the service server for the APP.
102. The server transmits the first random number to the terminal device.
For example, in fig. 1A, a service server is a server for a certain legal version APP, and a user desires that the service server can only provide services for the legal version APP, but does not desire to be provided by other APPs. When the legal version APP is released, research personnel register the legal version APP on the service server and store the corresponding relation between the signature certificate fingerprint and the package name of the legal version APP; meanwhile, a trusted certificate set required for performing validity check on the certificate chain, such as a trusted root certificate set or a trusted device authentication authority (CA) certificate set, is stored on the service server. After receiving the request message, the service server initiates an identity challenge to the terminal device, and issues a first random number, which may also be referred to as challenge (challenge); accordingly, the terminal device receives the first random number.
It should be noted that, if the device CA server is deployed, in step 101 and step 102, the terminal device sends a link establishment request to the service server, and the service server sends the link establishment request to the device CA server, and triggers the device CA server to send the first random number.
103. And the terminal equipment encrypts the first random number by using a private key corresponding to the service certificate of the APP to be identified to obtain signature data.
In this step, the terminal device encrypts the first random number by using a private key corresponding to the service certificate of the APP to be identified, for example, the terminal device encrypts the first random number by using a secure hash algorithm 256 (SHA 256), a secure hash algorithm 384 (SHA 384), a secure hash algorithm 512 (SHA 512), or the like, to obtain signature data.
104. And the terminal equipment sends the signature data and the certificate chain to a server.
The certificate chain carries the business certificate of the APP to be identified, and the business certificate carries the package name of the APP to be identified and the first signature certificate fingerprint of the APP to be identified.
In the step, the terminal equipment sends signature data and a certificate chain to a server; accordingly, the server receives the signature data and the certificate chain.
105. And the server judges whether the service certificate is the service certificate of the APP to be identified or not according to the certificate chain and the signature data.
Taking the server as the service server in fig. 1A as an example, the present step includes two stages: the first stage, the service server checks the certificate in the certificate chain according to the pre-stored trusted certificate, and judges whether each certificate in the certificate chain is legal; if the service server determines that all the certificates in the certificate chain are legal, entering a second stage: the service server decrypts the signature data by using a public key carried by the service certificate in the certificate chain to judge whether the service certificate is the service certificate of the APP to be identified, and if the service certificate is the service certificate of the APP to be identified, step 106 is executed; if the service certificate is not the service certificate of the APP to be identified, step 108 is executed.
Illustratively, in the first phase, taking the trusted certificate level as the root certificate as an example, the certificate chain includes the root certificate, the device CA certificate, and the service certificate. For example, the device CA certificate of the terminal device is signed and issued by using the root certificate of the terminal device, and the service certificate of the APP to be identified is signed and issued by using the device CA certificate of the terminal device, so that when the service server determines whether each certificate in the certificate chain is legal, it first determines whether the root certificate is legal, then determines whether the device certificate is legal, and finally determines whether the service certificate is legal. In the process of verifying the legitimacy of the certificate chain, the service server judges whether a root certificate in the certificate chain exists in a trusty root certificate set stored locally, if the root certificate in the certificate chain is contained in the trusty root certificate set, the service server considers that the root certificate is trusty, otherwise, the service server considers that the root certificate in the certificate chain is untrustworthy; then, the service server decrypts the CA certificate of the equipment by using the public key of the root certificate to obtain a hash value, the hash algorithm carried by the CA certificate of the equipment is used for carrying out hash operation on the content of the CA certificate of the equipment to obtain another hash value, if the two hash values are the same, the service server considers that the CA certificate of the equipment is legal, otherwise, the service server considers that the CA certificate of the equipment is illegal; then, the service server decrypts the service certificate by using the public key of the CA certificate of the equipment to obtain a hash value, hash operation is carried out on the content of the service certificate by using a hash algorithm carried by the service certificate to obtain another hash value, and if the two hash values are the same, the service server considers that the service certificate is legal; conversely, the service server considers the service certificate to be illegal.
In the second stage, when the service server judges whether the service certificate is the service certificate of the APP to be identified, the public key of the service certificate is used for decrypting the signature data to obtain a random number, hereinafter referred to as a second random number, then the service server compares whether the first random number is the same as the second random number, and if the first random number is the same as the second random number, the service server determines that the service certificate is the service certificate of the APP to be identified; and if the first random number is different from the second random number, the service server determines that the service certificate is not the service certificate of the APP to be identified.
106. And the service server judges whether the APP to be identified is a counterfeit APP to be identified or not according to the packet name and the first signature certificate fingerprint.
From the above step 102, it can be seen that: a legal version APP needs to be registered in a service server before being issued, so that the service server stores the corresponding relation between the package name of the legal version APP and the fingerprint of the signature certificate. Therefore, in this step, the service server compares the first signature certificate fingerprint corresponding to the package name in the certificate chain with the second signature certificate fingerprint stored when the legal APP corresponding to the package name is registered on the server, so as to determine whether the APP to be identified is a counterfeit APP, and if the APP to be identified is not a counterfeit APP, step 107 is executed; if the APP to be identified is a counterfeit APP, step 108 is executed.
107. And the service server sends an identification result to the terminal equipment, wherein the identification result is used for indicating that the APP to be identified is the legal APP and carrying out service interaction with the terminal equipment.
108. And the service server identifies a result to the terminal equipment, wherein the identification result is used for indicating that the APP to be identified is a counterfeit APP and refusing to perform service interaction with the terminal equipment aiming at the APP.
It should be noted that, in the embodiment of the present application, the counterfeit APP is relative to the service server, and the counterfeit APP includes a counterfeit APP in a conventional sense and some genuine APPs. For example, there are three APPs: APP1, APP2, and APP3, wherein APP1 and APP2 belong to a counterfeit APP of conventional significance, which refers to all APPs other than the genuine APP, including APPs that cannot be detected by the server of the third-party APP store and that are commercially counterfeited APPs and third-party APPs, but are APPs that are counterfeit APPs in fact; APP3 is a genuine APP, but it is not registered on the service server, so APP3 is also a mock APP to the service server.
The counterfeit APP identification method provided by the embodiment of the application, after the APP to be identified on the terminal equipment is started, before business interaction is carried out with the business server, the certificate chain and the signature data are sent to the business server, the business server checks that each certificate in the certificate chain is legal, and the business certificate is the business certificate of the APP to be identified, whether the signature certificate fingerprint corresponding to the packet name in the contrast business certificate is the same as the signature certificate fingerprint corresponding to the pre-stored packet name, so that whether the APP to be identified is a counterfeit APP is identified, the business server is prevented from providing service for the counterfeit APP, and the business safety is improved. In addition, if the service server can only provide service for a certain number of users at the same time, through the application, the method and the system, the illegal user can be prevented from accessing the service server through the counterfeit APP, and the service of the legal user can be guaranteed.
In this application embodiment, the terminal device may be a terminal device of any operating system, such as a terminal device of an apple operating system, a terminal device of an android operating system, and the like, and after the APP to be identified is installed on the terminal device of any operating system, the terminal device issues a service certificate for the APP to be identified by using a device CA certificate stored on the terminal device. The following describes the above-mentioned counterfeit APP identification method in detail, taking a terminal device as an example of an android operating system.
Fig. 3 is a schematic diagram of an architecture to which an APP identification method according to an embodiment of the present application is applied. Referring to fig. 3, in this embodiment, a terminal device is called an end side, a service server and a device CA server are deployed on a cloud side, an operating system of the terminal device includes a trusted execution environment (trusted execution environment, TEE) and a Rich Execution Environment (REE), the TEE is responsible for processing transactions requiring higher security protection, such as key storage, encryption/decryption, fingerprint identification, and the like, the REE is a common operating system, such as an Android system, an iOS apple system, and the like, a Client Application (CA) providing certificate service for an APP exists in the REE, and a Trusted Application (TA) corresponding to the CA exists in the TEE. The APP includes, but is not limited to, the APP to be identified. In the embodiment of the application, the REE and the TEE respectively include an application layer, a frame layer, a kernel layer and a hardware layer from top to bottom. The REE of the terminal equipment can provide certificate management service, and the certificate management service is located in a framework (Android frame) layer of the REE and used for providing functions related to key and certificate management for the APP to be identified. In order to meet the business requirement of protecting keys based on TEE hardware, key authentication is realized, and the certificate management service can at least realize the following three functions: 1) before the terminal equipment leaves a factory, a certificate management service is utilized to inject production line certificates, namely a root certificate and an equipment CA certificate into the terminal equipment; 2) supporting to generate a service certificate, namely, the terminal equipment signs a service certificate for the APP to be identified by using a CA (certificate authority) certificate; 3) and supporting credible authentication based on a service key, namely when the service server initiates identity challenge, the terminal equipment encrypts a first random number sent by the service server by using a private key corresponding to the service certificate by using a certificate management service to obtain signature data.
For the function 1), in the process of manufacturing the terminal device, the manufacturer presets and stores the root certificate and the device CA certificate in a secure storage partition of the terminal device, such as a playback protection block (RPMB), where data in the RPMB may not be modified, and even if the user restores factory settings to the terminal device, the data in the RPMB may not be deleted.
To above-mentioned function 2), wait to discern APP by download and install on terminal equipment after, when the user clicks in order to start this to wait to discern APP, wait to discern APP and apply for the business certificate to CA, CA obtains waiting to discern APP's package name and waiting to discern APP's first signature certificate fingerprint through the Android system, sends the certificate to the TA and applies for the business certificate in order to wait to discern APP. And after the TA receives the application request, signing and issuing a service certificate for the APP to be identified by using the CA certificate of the equipment, and recording the package name of the APP to be identified and the fingerprint of the first signature certificate into the service certificate. After the service certificate is generated, the service certificate is kept in a secure storage partition of the terminal device, such as a Secure File System (SFS), and data in the SFS may be deleted when the APP to be identified is uninstalled or the terminal device returns to a factory value.
And aiming at the function 3), after the APP to be recognized is started, the terminal equipment initiates an establishment request to the service server aiming at the APP to be recognized, and the service server initiates an identity authentication challenge, so that the service server performs counterfeit recognition on the APP to be recognized. For example, referring to fig. 4, fig. 4 is a flowchart of another counterfeit APP identification method provided in the embodiment of the present application. Referring to fig. 4, in this embodiment, an APP to be identified and a certificate management service are both loaded on a terminal device, a trusted root certificate set is deployed on a service server, and the service server periodically obtains a certificate revocation list from a device CA server to update a locally deployed trusted certificate, which includes:
201. the service server obtains a root certificate of the terminal equipment.
In this step, the service server obtains the root certificate of the terminal device offline, or the service server interacts with the device CA server to obtain the root certificate of the terminal device.
202. The service server sends a certificate revocation list request to the equipment CA server.
203. The equipment CA server sends a response message to the service server, wherein the response message carries the certificate revocation list.
In the above steps 202 and 203, the service server periodically sends a certificate revocation list request to the device CA server to request a latest Certificate Revocation List (CRL), so as to update the locally deployed trusted certificate.
204. And the terminal equipment sends a link establishment request to the service server aiming at the APP to be identified.
In this step, when the APP to be identified is started, the terminal device initiates a link establishment request to the service server for the APP to be identified.
205. The service server initiates identity authentication to the terminal equipment, wherein the identity authentication carries a first random number.
In this step, the service server sends identity authentication to the terminal device for the APP to be identified.
206. And the terminal equipment sends a certificate application request to the TA through the CA to apply for the business certificate for the APP to be identified.
207. And the terminal equipment signs and issues a service certificate for the APP to be identified by using the CA certificate.
In the embodiment of the application, the equipment CA certificate is issued by using the root certificate, and the service certificate is issued by using the equipment CA certificate. For example, refer to fig. 5, and fig. 5 is a flowchart of issuing a certificate used in the counterfeit APP identification method according to the embodiment of the present application.
Referring to fig. 5, in this embodiment, the root certificate and the device CA certificate are also referred to as a terminal device production line preset certificate, and the two certificates are injected into the terminal device before the terminal device leaves the factory, and cannot be deleted because the terminal device recovers the factory value or unloads the APP to be identified. After the terminal equipment leaves the factory, a user loads an APP to be identified on the terminal equipment, and when the APP to be identified is started, the terminal equipment utilizes a CA (certificate authority) certificate to issue a service certificate for the APP to be identified. The following table lists details of the service certificate.
It should be noted that the above table is only an example, and the content of the service certificate in the embodiment of the present application is not limited thereto.
208. And the terminal equipment encrypts the first random number by using a private key corresponding to the service certificate to obtain signature data.
209. The terminal device sends the signature data and certificate chain to the CA via the TA.
210. And the terminal equipment sends the signature data and the certificate chain to the service server.
The certificate chain comprises a root certificate, a device CA certificate and a service certificate.
211. The service server determines whether the certificate in the certificate chain is legal, if all the certificates in the certificate chain are legal, step 212 is executed, and if a certain level of certificate in the certificate chain is illegal, step 215 is executed.
Because the certificate is issued in one level, the service server sequentially judges whether the root certificate, the equipment CA certificate and the service certificate are legal or not in the certificate chain checking process.
Firstly, the service server determines whether a root certificate in the certificate chain exists in a pre-deployed trusted root certificate set, and if the root certificate in the certificate chain exists in the pre-deployed trusted root certificate set, it is indicated that the root certificate in the certificate chain is the trusted root certificate of the service server and is a legal certificate. If the root certificate in the certificate chain does not exist in the pre-deployed trusted root certificate set, it is indicated that the root certificate in the certificate chain is not a trusted root certificate of the service server, and is an illegal certificate.
Secondly, if the root certificate in the certificate chain exists in the root certificate set, the business server decrypts the equipment CA certificate contained in the certificate chain by using the public key of the root certificate to obtain a first hash value, and performs hash operation on the equipment CA certificate according to a hash algorithm carried by the equipment CA certificate to obtain a second hash value. And the business server judges whether the first hash value and the second hash value are the same, if the first hash value and the second hash value are the same, the CA certificate is a legal CA certificate, and if the first hash value and the second hash value are different, the CA certificate is an illegal CA certificate.
And finally, if the equipment CA certificate is a legal equipment CA certificate, the service server decrypts the service certificate according to the public key carried by the equipment CA certificate to obtain a third hash value, and performs hash operation on the service certificate according to a hash algorithm carried by the service certificate to obtain a fourth hash value. And the service server judges whether the third hash value and the fourth hash value are the same, if the third hash value and the fourth hash value are the same, the service certificate is legal, and if the third hash value and the fourth hash value are not the same, the service certificate is illegal.
The hash operation on the certificate refers to a hash operation on one or more pieces of attribute information in the certificate.
212. The service server judges whether the service certificate is the service certificate of the APP to be identified, if the service certificate is the service certificate of the APP to be identified, step 213 is executed; if the service certificate is not the service certificate of the APP to be identified, step 215 is executed.
If the certificate chain is legal, in this step, the service server decrypts the signature data according to the public key carried by the service certificate in the certificate chain to obtain a second random number, then the service server judges whether the second random number is the same as the first random number sent in step 205, and if the first random number is the same as the second random number, the service server determines that the service certificate is the service certificate of the APP to be identified; and if the first random number is different from the second random number, the service server determines that the service certificate is not the service certificate of the APP to be identified.
213. The service server judges whether the APP to be identified is a counterfeit APP or not according to the packet name and the first signature certificate fingerprint, and if the APP to be identified is not a counterfeit APP, step 214 is executed; if the APP to be identified is a counterfeit APP, step 215 is performed.
In the embodiment of the application, each APP has a package name and a signature certificate fingerprint. Taking android APP as an example, after developing APP, research and development personnel can sign an APK file when packing to generate an Android Package (APK), and the legality of the APK file and the uniqueness of the APP are ensured through the signature mechanism, so that the later-stage APP can be upgraded and the like. When the APP is released, research and development personnel register in the service server, and the corresponding relation between the package name and the signature certificate fingerprint is stored in the service server.
If the service server determines that the service certificate is the service certificate signed and issued by the terminal device for the APP to be identified in step 209, in this step, the service server determines a second signature certificate fingerprint according to the package name of the APP to be identified, and determines whether the first signature certificate fingerprint and the second signature certificate fingerprint are the same; if the first signature certificate fingerprint is different from the second signature certificate fingerprint, the business server determines that the APP to be identified is a counterfeit APP; and if the first signature certificate fingerprint is the same as the second signature certificate fingerprint, the business server determines that the APP to be identified is the legal APP.
214. And the service server sends an identification result to the terminal equipment, wherein the identification result is used for indicating that the APP to be identified is the original APP and carrying out service interaction with the terminal equipment aiming at the APP to be identified.
215. And the service server sends an identification result to the terminal equipment, wherein the identification result is used for indicating that the APP to be identified is a counterfeit APP and refusing to perform service interaction with the terminal equipment aiming at the APP to be identified.
It should be noted that, in the embodiment of fig. 4, the above-mentioned counterfeit APP identification method is described in detail by taking an example in which a trusted root certificate set is deployed on a service server, and a certificate in a certificate chain includes a root certificate, an equipment CA certificate, and a service certificate.
The foregoing method for identifying a counterfeit APP will be described in detail below by taking an example in which a service server provides a data forwarding service for a user and a legal APP corresponding to the service server shares data with other users through the service server. For example, see fig. 6.
Fig. 6 is a schematic diagram of a passing scene of counterfeit detection in the counterfeit APP identification method provided in the embodiment of the present application. The embodiment comprises the following steps:
301. and registering the positive APP on the service server.
In this step, when the original APP is released, research and development personnel register the original APP on the service server, and the service server stores the package name, the signature certificate fingerprint and the corresponding relationship between the package name and the signature certificate fingerprint of the original APP. For example, the package name of the genuine APP is com.xxx.app1, and the signature certificate fingerprint is 111111. Wherein, the package name is located in a file of the installation package, such as an android manifest.xml file; the signed certificate fingerprint is stored in the signed certificate of the installation package. Although most APPs are installed on the terminal device, the installation package is deleted, but before the APPs are uninstalled, the terminal device may obtain the package name and the signature certificate from the REE operating system.
302. And the terminal equipment is provided with an APP to be identified.
The packet name of the APP to be identified is the same as that of the legal APP, but the terminal device does not know whether the APP to be identified is the legal APP or the counterfeit APP. When the APP to be identified is the legal APP, the terminal equipment determines that the signature certificate fingerprint of the APP to be identified is 111111; when the APP to be identified is a counterfeit APP, the developer cannot obtain the signature certificate fingerprint of the genuine APP, and therefore the signature certificate fingerprint of the APP to be identified is different from the signature certificate fingerprint of the genuine APP, for example 222222.
303. And the terminal equipment signs and issues a service certificate for the APP to be identified by using the CA certificate.
The service certificate comprises a package name of the APP to be identified and a first signature certificate fingerprint.
304. And the terminal equipment initiates a link establishment request to the service server aiming at the APP to be identified.
305. The service server sends the first random number to the terminal device.
306. And the terminal equipment sends the signature data and the certificate chain to the service server.
In this step, the terminal device encrypts the first random number by using the private key of the service certificate to obtain signature data, and then sends the certificate chain and the signature data to the service server.
307. The service server verifies whether the certificate in the certificate chain is legal or not, if the certificate chain is legal, whether the service certificate is the service certificate of the APP is determined, and if the service certificate is the service certificate of the APP to be identified, whether the APP is a counterfeit APP is judged.
In this step, the service server first verifies whether each certificate in the certificate chain is legal or not and whether the service certificate is the service certificate of the APP itself through the certificate chain. If all the service certificates in the certificate chain are legal and the service certificates are the service certificates of the APPs, the service server acquires the package names and the first signature certificate fingerprints of the APPs to be identified from the service certificates, determines the second signature certificate fingerprints according to the package names, finally verifies whether the first signature certificate fingerprints are the same as the second signature certificate fingerprints stored in advance on the service server, if so, determines that the APPs to be identified are genuine APPs, and if not, considers that the APPs to be identified are counterfeit APPs. For example, if in this step, the second signature certificate fingerprint is 111111, and the first signature certificate fingerprint is the same as the first signature certificate fingerprint obtained by the terminal device from the installation package of the APP to be identified, the service server considers that the APP to be identified is the genuine APP. If the second signature certificate fingerprint is 222222 and the first signature certificate fingerprint is different from the first signature certificate fingerprint acquired by the terminal device from the installation package of the APP to be identified, the service server considers the APP to be identified as a counterfeit APP.
Fig. 7 is a schematic structural diagram of a server according to an embodiment of the present application. The server 100 may include:
a transmitter 11, configured to transmit a first random number to a terminal device;
the receiver 12 is configured to receive a certificate chain and signature data sent by a terminal device, where a certificate in the certificate chain includes a service certificate of an APP to be identified, the service certificate carries a packet name of the APP to be identified and a first signature certificate fingerprint of the APP to be identified, and the signature data is obtained by encrypting, by the terminal device, the first random number by using a private key corresponding to the service certificate;
the processor 13 is configured to determine whether the service certificate is the service certificate of the APP to be identified according to the certificate chain and the signature data; if the business certificate is the business certificate of the APP to be identified, judging whether the APP to be identified is a counterfeit APP or not according to the package name and the first signature certificate fingerprint.
In a feasible implementation manner, the processor 13 is configured to determine whether a certificate in the certificate chain is legal, and if the certificate in the certificate chain is legal, decrypt the signature data according to a public key carried by a service certificate in the certificate chain to obtain a second random number; judging whether the first random number is the same as the second random number or not, and if the first random number is the same as the second random number, determining that the service certificate is the service certificate of the APP to be identified; and if the first random number is different from the second random number, determining that the service certificate is not the service certificate of the APP to be identified.
In a feasible implementation manner, the certificate in the certificate chain further includes a root certificate of the terminal device and a device authentication authorization CA certificate, the processor 13 is configured to determine whether a root certificate in the certificate chain exists in a pre-deployed trusted root certificate set, if the root certificate in the certificate chain exists in the root certificate set, decrypt the device CA certificate included in the certificate chain by using a public key carried by the root certificate to obtain a first hash value, perform a hash operation on the device CA certificate according to a hash algorithm carried by the device CA certificate to obtain a second hash value, if the first hash value and the second hash value are the same, determine that the device CA certificate is a legal certificate, decrypt the service certificate according to the public key carried by the device CA certificate to obtain a third hash value, and according to the hash algorithm carried by the service certificate, and performing hash operation on the service certificate to obtain a fourth hash value, and if the third hash value is the same as the fourth hash value, determining that the service certificate is a legal certificate.
In a feasible implementation manner, the certificate in the certificate chain further includes an equipment authorization CA certificate of the terminal equipment, and the processor 13 is configured to determine whether an equipment CA certificate in the certificate chain exists in a pre-deployed trusted CA certificate set, decrypt a service certificate by using a public key carried by the trusted equipment CA certificate if the equipment CA certificate in the certificate chain exists in the CA certificate set, obtain a third hash value, perform hash operation on the service certificate according to a hash algorithm carried by the service certificate, obtain a fourth hash value, and determine that the service certificate is a legal certificate if the third hash value is the same as the fourth hash value.
In a feasible implementation manner, the processor 13 is configured to determine whether the APP to be identified is a counterfeit APP according to the package name and the first signature certificate fingerprint if the service certificate is the service certificate of the APP to be identified, and includes: if the service certificate is the service certificate of the APP to be identified, determining a second signature certificate fingerprint according to the package name, storing the corresponding relation between the package name and the second signature certificate fingerprint, judging whether the first signature certificate fingerprint and the second signature certificate fingerprint are the same, and if the first signature certificate fingerprint and the second signature certificate fingerprint are not the same, determining that the APP to be identified is a counterfeit APP.
In a possible implementation, the server is a service server or a device CA server.
For the server provided in the embodiment of the present application, reference may be made to the above method embodiment for implementation principles and technical effects, which are not described herein again.
Fig. 8 is a schematic structural diagram of a terminal device according to an embodiment of the present application. The terminal device 200 may include:
a transmitter 21, configured to send a request message for establishing a link between an application APP to be identified and a server to the server;
a receiver 22, configured to receive a verification message sent by the server to verify the APP to be identified, where the verification message includes a first random number;
the sender 21 is further configured to send a certificate chain and signature data to the server, where the signature data is obtained by encrypting the first random number through a private key corresponding to the APP to be identified;
the receiver 22 is further configured to receive a result that the server verifies whether the APP to be identified is a counterfeit APP according to the certificate chain and the signature data.
In a feasible implementation manner, the certificate chain includes a service certificate of the APP to be identified, the service certificate carries a package name of the APP to be identified and a first signature certificate fingerprint of the APP to be identified, and the receiver 22 is configured to receive a counterfeit identification result obtained by matching a corresponding second signature certificate fingerprint with the first signature certificate fingerprint when the server registers the package name of the APP; if the matching is successful, the counterfeit result indicates that the APP is not a counterfeit APP, or if the matching is failed, the counterfeit identification result indicates that the APP is a counterfeit APP.
Referring to fig. 8 again, in a possible implementation manner, the terminal device 100 further includes: and the processor 23 is configured to, before the sender 21 sends the certificate chain and the signature data to the server, sign the service certificate for the APP to be identified by using the device CA certificate, where the content of the service certificate includes a package name of the APP to be identified and a first signature certificate fingerprint of the APP to be identified.
In a feasible implementation manner, the service certificate is generated and managed by a certificate management service of the terminal device, and the certificate management service is located in a Framework layer of a system of the terminal device.
In a feasible implementation manner, the service certificate further includes a public key of the APP to be identified, where the public key corresponds to a private key for encrypting the first random number.
In a possible implementation manner, the operating system of the terminal device includes a rich execution environment REE operating system and a trusted execution environment TEE operating system, and the transmitter 21 is configured to transmit, through a client application CA running on the REE operating system, a service certificate application request message to a trusted application TA running on the TEE operating system;
the processor 23 is configured to control the TA to issue the service certificate for the APP to be identified by using the device CA certificate.
Fig. 9 is a schematic structural diagram of another server according to an embodiment of the present application. The server 300 may include: a processor 31, a transceiver 32, and a memory 33; the transceiver 32 for transmitting and receiving data; the memory 33 is used for storing instructions; the processor 31 is configured to instruct the instructions in the memory 33 to cause the server to execute the counterfeit APP identification method as applied to the server.
Fig. 10 is a schematic structural diagram of another terminal device according to an embodiment of the present application. The terminal device 400 may include: a processor 41, a transceiver 42 and a memory 43; the transceiver 42 for transmitting and receiving data; the memory 43 for storing instructions; the processor 41 is configured to instruct the instructions in the memory 43 to enable the terminal device to execute the counterfeit APP identification method applied to the terminal device as described above.
Fig. 11 is a schematic architecture diagram of an aspect APP recognition system according to an embodiment of the present application. Referring to fig. 9, the counterfeit APP identification system 1000 provided in this embodiment includes the server 100 shown in fig. 7, and at least one terminal device 200 shown in fig. 8.
In addition, on the basis of the counterfeit APP identification method, the embodiment of the present application further provides:
a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs a counterfeit APP identification method as applied to a server.
A computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs a counterfeit APP identification method as applied to a terminal device.
A chip having stored thereon a computer program which, when executed by a processor, performs a counterfeit APP identification method as applied to a server.
A chip on which a computer program is stored which, when executed by a processor, performs a counterfeit APP identification method as applied to a terminal device.
In the embodiments provided by the present application, the method provided by the embodiments of the present application is introduced mainly from the perspective of interaction between the terminal device and the server. It is understood that, in order to implement the functions in the method provided by the embodiments of the present application, the terminal device and the server include hardware structures and/or software modules for performing the functions. Those of skill in the art will readily appreciate that the present application is capable of hardware or a combination of hardware and computer software implementing the various illustrative algorithm steps described in connection with the embodiments disclosed herein. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiment of the present application, the terminal device and the server may be divided into the functional modules according to the above method examples, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, in the embodiment of the present application, the division of the module is schematic, and is only one logic function division, and there may be another division manner in actual implementation.
The term "plurality" herein means two or more. The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship; in the formula, the character "/" indicates that the preceding and following related objects are in a relationship of "division".
It is to be understood that the various numerical references referred to in the embodiments of the present application are merely for descriptive convenience and are not intended to limit the scope of the embodiments of the present application.
It should be understood that, in the embodiment of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiment of the present application.
It is understood that, in the embodiment of the present application, the memory may be a non-volatile memory, such as a Hard Disk Drive (HDD) or a solid-state drive (SSD), and may also be a volatile memory (RAM), for example. The memory is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory in the embodiments of the present application may also be circuitry or any other device capable of performing a storage function for storing program instructions and/or data.
Through the above description of the embodiments, it is clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the device may be divided into different functional modules to complete all or part of the above described functions.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical functional division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another device, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, that is, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The method provided by the embodiment of the present application may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, a server, a terminal, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., Digital Video Disk (DVD)), or a semiconductor medium (e.g., SSD), among others.
The above description is only an embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (18)
- A counterfeit APP identification method is characterized by comprising the following steps:the server sends a first random number to the terminal equipment;the server receives a certificate chain and signature data sent by terminal equipment, wherein the certificate in the certificate chain comprises a service certificate of an application program APP to be identified, the service certificate carries a packet name of the APP to be identified and a first signature certificate fingerprint of the APP to be identified, and the signature data is obtained by encrypting the first random number by the terminal equipment by using a private key corresponding to the service certificate;the server judges whether the business certificate is the business certificate of the APP to be identified or not according to the certificate chain and the signature data;and if the service certificate is the service certificate of the APP to be identified, the server judges whether the APP to be identified is a counterfeit APP or not according to the packet name and the first signature certificate fingerprint.
- The method of claim 1, wherein the step of judging, by the server, whether the service certificate is the service certificate of the APP to be identified according to the certificate chain and the signature data includes:the server judges whether the certificate in the certificate chain is legal or not;if the certificate in the certificate chain is legal, the server decrypts the signature data according to a public key carried by a service certificate in the certificate chain to obtain a second random number;the server judges whether the first random number is the same as the second random number;if the first random number is the same as the second random number, the server determines that the service certificate is the service certificate of the APP to be identified;if the first random number is different from the second random number, the server determines that the service certificate is not the service certificate of the APP to be identified.
- The method according to claim 1 or 2, wherein the certificate in the certificate chain further includes a root certificate of the terminal device and a device authentication authorization, CA, certificate, and the server determines whether the certificate in the certificate chain is legal or not, including:the server determines whether a root certificate in the certificate chain exists in a pre-deployed trusted root certificate set or not;if the root certificate in the certificate chain exists in the root certificate set, the server decrypts the equipment CA certificate contained in the certificate chain by using a public key carried by the root certificate to obtain a first hash value;the server carries out Hash operation on the CA certificate of the equipment according to a Hash algorithm carried by the CA certificate of the equipment to obtain a second Hash value;if the first hash value is the same as the second hash value, the server determines that the equipment CA certificate is a legal certificate, and decrypts the service certificate according to a public key carried by the equipment CA certificate to obtain a third hash value;the server performs hash operation on the service certificate according to a hash algorithm carried by the service certificate to obtain a fourth hash value;and if the third hash value is the same as the fourth hash value, the server determines that the service certificate is a legal certificate.
- The method according to claim 1 or 2, wherein the certificate in the certificate chain further includes a device authorization, CA, certificate of the terminal device, and the server determines whether the certificate in the certificate chain is legal or not, including:the server determines whether a device CA certificate in the certificate chain exists in a pre-deployed trusted CA certificate set;if the CA certificate in the certificate chain exists in the CA certificate set, the server decrypts a service certificate by using a public key carried by the trusted CA certificate to obtain a third hash value;the server performs hash operation on the service certificate according to a hash algorithm carried by the service certificate to obtain a fourth hash value;and if the third hash value is the same as the fourth hash value, the server determines that the service certificate is a legal certificate.
- The method according to any one of claims 1 to 4, wherein if the service certificate is the service certificate of the APP to be identified, the server determines whether the APP to be identified is a counterfeit APP according to the package name and the first signature certificate fingerprint, including:if the service certificate is the service certificate of the APP to be identified, the server determines a second signature certificate fingerprint according to the package name, and the server stores the corresponding relation between the package name and the second signature certificate fingerprint;the server judges whether the first signature certificate fingerprint and the second signature certificate fingerprint are the same;if the first signature certificate fingerprint is different from the second signature certificate fingerprint, the server determines that the APP to be identified is a counterfeit APP.
- A method for identifying a counterfeit application APP, the method comprising:the method comprises the steps that terminal equipment sends a request message for establishing a link between an application program APP to be identified and a server to the server;the terminal receives a verification message which is sent by the server and used for verifying the APP to be identified, wherein the verification message comprises a first random number;the terminal equipment sends a certificate chain and signature data to the server, wherein the signature data is obtained by encrypting the first random number through a private key corresponding to the APP to be identified;and the terminal receives the result that whether the APP to be identified is verified by the server according to the certificate chain and the signature data is a counterfeit APP.
- The method according to claim 6, wherein the certificate chain includes a service certificate of the APP to be identified, and the service certificate carries a package name of the APP to be identified and a first signature certificate fingerprint of the APP to be identified; the terminal receives the result that whether the server verifies the APP to be identified according to the certificate chain and the signature data to be a counterfeit APP or not, and the method comprises the following steps:the terminal equipment receives a counterfeit identification result obtained by matching a corresponding second visa certificate fingerprint with the first signature certificate fingerprint when the server registers the packet name of the APP; if the matching is successful, the counterfeit result indicates that the APP is not a counterfeit APP, or if the matching is failed, the counterfeit identification result indicates that the APP is a counterfeit APP.
- The method according to claim 6 or 7, wherein before the terminal device sends the certificate chain and the signature data to the server, the method further comprises:the terminal equipment signs and issues the business certificate for the APP to be identified by utilizing an equipment CA certificate, and the content of the business certificate comprises the package name of the APP to be identified and the first signature certificate fingerprint of the APP to be identified.
- The method according to claim 8, wherein the service certificate is generated and managed by a certificate management service of the terminal device, and the certificate management service is located in a Framework layer of a system of the terminal device.
- The method according to claim 8 or 9, wherein the service certificate further comprises a public key of the APP to be identified, the public key corresponding to a private key used for encrypting the first random number.
- The method according to any one of claims 8 to 10, wherein the operating systems of the terminal device include a Rich Execution Environment (REE) operating system and a Trusted Execution Environment (TEE) operating system, and the terminal device issues the service certificate for the APP to be identified by using a device CA certificate, including:the terminal equipment sends a service certificate application request message to a trusted application TA running on the TEE operating system through a client application CA running on the REE operating system;and the terminal equipment controls the TA to issue the service certificate for the APP to be identified by utilizing the CA certificate.
- A server, comprising: a processor, a transceiver, and a memory;the transceiver is used for transmitting and receiving data;the memory to store instructions;the processor to instruct the instructions in the memory to cause the server to perform the method of claims 1-5.
- A terminal device, comprising: a processor, a transceiver, and a memory;the transceiver is used for transmitting and receiving data;the memory to store instructions;the processor is configured to instruct the instructions in the memory to cause the terminal device to perform the method according to claims 6 to 11.
- A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, performs a counterfeit APP identification method as claimed in any one of claims 1 to 5.
- A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, performs a counterfeit APP identification method as claimed in any one of claims 6 to 11.
- A chip having stored thereon a computer program which, when executed by a processor, performs a counterfeit APP identification method as claimed in any one of claims 1 to 5.
- A chip having stored thereon a computer program which, when executed by a processor, performs a counterfeit APP identification method as claimed in any one of claims 6 to 11.
- A counterfeit APP identification system comprising a server as claimed in any one of claims 12 to 17 and at least one terminal device as claimed in any one of claims 18 to 23.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2019/077311 WO2020177116A1 (en) | 2019-03-07 | 2019-03-07 | Counterfeit app identification method and apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112805702A true CN112805702A (en) | 2021-05-14 |
Family
ID=72337231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201980066172.XA Pending CN112805702A (en) | 2019-03-07 | 2019-03-07 | Counterfeit APP identification method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112805702A (en) |
| WO (1) | WO2020177116A1 (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685138A (en) * | 2012-08-30 | 2014-03-26 | 卓望数码技术(深圳)有限公司 | Method and system for authenticating application software of Android platform on mobile internet |
| CN108199830A (en) * | 2017-12-22 | 2018-06-22 | 沈阳通用软件有限公司 | Based on the legal method of the stringent management and control Android application programs of certificate |
| US20180181739A1 (en) * | 2015-08-27 | 2018-06-28 | Alibaba Group Holding Limited | Identity authentication using biometrics |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101253341B1 (en) * | 2011-02-08 | 2013-04-10 | (주)바이너리소프트 | System and method for verifying counterfeit or falsification of application for mobile |
| CN104657634B (en) * | 2015-02-28 | 2017-11-14 | 百度在线网络技术(北京)有限公司 | The recognition methods of piracy application and device |
| CN108229131A (en) * | 2016-12-14 | 2018-06-29 | 中国移动通信集团设计院有限公司 | Counterfeit APP recognition methods and device |
| CN107480519A (en) * | 2017-08-04 | 2017-12-15 | 深圳市金立通信设备有限公司 | A kind of method and server for identifying risk application |
-
2019
- 2019-03-07 WO PCT/CN2019/077311 patent/WO2020177116A1/en active Application Filing
- 2019-03-07 CN CN201980066172.XA patent/CN112805702A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685138A (en) * | 2012-08-30 | 2014-03-26 | 卓望数码技术(深圳)有限公司 | Method and system for authenticating application software of Android platform on mobile internet |
| US20180181739A1 (en) * | 2015-08-27 | 2018-06-28 | Alibaba Group Holding Limited | Identity authentication using biometrics |
| CN108199830A (en) * | 2017-12-22 | 2018-06-22 | 沈阳通用软件有限公司 | Based on the legal method of the stringent management and control Android application programs of certificate |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020177116A1 (en) | 2020-09-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11265319B2 (en) | Method and system for associating a unique device identifier with a potential security threat | |
| JP6262278B2 (en) | Method and apparatus for storage and computation of access control client | |
| US9281949B2 (en) | Device using secure processing zone to establish trust for digital rights management | |
| TWI539838B (en) | Method and apparatus for access credential provisioning | |
| US8064598B2 (en) | Apparatus, method and computer program product providing enforcement of operator lock | |
| US9270466B2 (en) | System and method for temporary secure boot of an electronic device | |
| CA2616358C (en) | Secure software updates | |
| US20160226877A1 (en) | Methods and apparatus for large scale distribution of electronic access clients | |
| US20080003980A1 (en) | Subsidy-controlled handset device via a sim card using asymmetric verification and method thereof | |
| EP1712992A1 (en) | Updating of data instructions | |
| RU2685975C2 (en) | Providing communication security with extended multimedia platforms | |
| WO2024139616A1 (en) | Signature authentication method and apparatus | |
| TWI469655B (en) | Methods and apparatus for large scale distribution of electronic access clients | |
| US20110154436A1 (en) | Provider Management Methods and Systems for a Portable Device Running Android Platform | |
| JP2007116641A (en) | Private information transmitting method | |
| CN112805702A (en) | Counterfeit APP identification method and device | |
| JP2008233965A (en) | Portable terminal device and program thetreof, and alternation prevention system and alternation prevention method | |
| CN114391134A (en) | Flashing processing method and related device | |
| KR102534012B1 (en) | System and method for authenticating security level of content provider | |
| CN112468544B (en) | Express data transmission method based on middleware and middleware | |
| AU2011202785B2 (en) | Secure software updates |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |