CN116248291B - Signature verification method and system of consumer - Google Patents
Signature verification method and system of consumer Download PDFInfo
- Publication number
- CN116248291B CN116248291B CN202310045616.XA CN202310045616A CN116248291B CN 116248291 B CN116248291 B CN 116248291B CN 202310045616 A CN202310045616 A CN 202310045616A CN 116248291 B CN116248291 B CN 116248291B
- Authority
- CN
- China
- Prior art keywords
- application program
- hash
- signature
- preset
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims abstract description 61
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000012545 processing Methods 0.000 claims abstract description 18
- 230000000750 progressive effect Effects 0.000 claims abstract description 17
- 230000003044 adaptive effect Effects 0.000 claims abstract description 6
- 238000009434 installation Methods 0.000 claims description 58
- 108091026890 Coding region Proteins 0.000 claims description 20
- 239000011159 matrix material Substances 0.000 claims description 18
- 238000001514 detection method Methods 0.000 claims description 8
- 238000013507 mapping Methods 0.000 claims description 8
- 238000004364 calculation method Methods 0.000 claims description 7
- 230000008859 change Effects 0.000 claims description 6
- 238000007781 pre-processing Methods 0.000 claims description 6
- 238000013524 data verification Methods 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 11
- 239000013598 vector Substances 0.000 description 6
- 238000006243 chemical reaction Methods 0.000 description 4
- 230000026676 system process Effects 0.000 description 4
- 230000006978 adaptation Effects 0.000 description 3
- 238000010276 construction Methods 0.000 description 3
- 239000003795 chemical substances by application Substances 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 238000009827 uniform distribution Methods 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 235000012054 meals Nutrition 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000036316 preload Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000010408 sweeping Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07G—REGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
- G07G1/00—Cash registers
- G07G1/12—Cash registers electronically operated
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Power Engineering (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a signature verification method and a signature verification system for a consumer, which are applied to the field of data verification; the method comprises the steps of carrying out binary bit coding processing on an application program to generate binary bit codes corresponding to the application program, selecting a specific hash signature algorithm with adaptive coding bits from a preset hash signature algorithm set according to coding bits correspondingly arranged on the binary bit codes, carrying out hash operation on the application program by using the specific hash signature algorithm to obtain binary signature values of the application program, carrying out arrangement and combination on the application program according to a progressive sequence with at least one or more binary bit codes in the application program and coding bits corresponding to the binary bit codes, combining to generate public key information of the application program, verifying public key information of the application program according to private key information corresponding to the application program, generating a digital signature after signature verification, and recording the digital signature in the application program to finish signature verification.
Description
Technical Field
The invention relates to the field of data verification, in particular to a signature verification method and a signature verification system for a consumer.
Background
Along with the increasingly important educational informatization construction of country, schools also increase the investment of informatization and intellectualization of campuses and push out intelligent campuses and intelligent canteens, and the use of consumers is just a reduction in the intelligent canteens, and the consumption of taking meals after swiping cards or sweeping codes on consumers can not only improve canteens efficiency and reduce transaction error probability, but also scientifically and accurately count consumption and inventory data and reduce waste, and along with the construction of the campuses informatization, consumers can also be increasingly popularized.
When the consumer leaves the factory, the consumer firstly preloads the limit payment of the merchant agent service provider and lays out the limit payment to the consumer equipment of the merchant, and in order to avoid that some merchants cooperate with other service providers after taking the consumer, the consumer is required to be provided with a signature verification signature for limiting the application program so as to ensure the rights and interests of the merchant agent service provider.
Disclosure of Invention
The invention aims to solve the problem that after some merchants take a consumer, the consumer cooperates with other service providers after installing other application programs, and provides a signature verification method and a signature verification system for the consumer.
The invention adopts the following technical means for solving the technical problems:
The invention provides a signature verification method of a consumer machine, which comprises the following steps:
acquiring an application program to be installed, identifying the installation environment of the application program, receiving an installation environment detection instruction of the application program, inquiring installation requirement information of the application program through a preset server, acquiring the installation environment information of the application program, comparing the installation environment information with the installation requirement information, and judging whether the installation environment of the application program meets the preset installation requirement;
if so, providing the permission of reading the pre-stored data of the blank memory for the application program, pairing the application program by applying preset private key information, decrypting attached files in the application program to generate a decrypted data abstract, performing differential comparison on the decrypted data abstract and a pre-stored data text, and judging whether the decrypted data abstract is identical to the data text or not;
if yes, binary bit coding is carried out on the application program, binary bit codes corresponding to the application program are generated, corresponding hash signature algorithms which are matched with the coding bits are selected from a preset hash signature algorithm set according to the coding bits which are correspondingly arranged on the binary bit codes, hash operation is carried out on the application program by applying the corresponding hash signature algorithms, binary signature values of the application program are obtained through operation, and the application program is arranged and combined according to progressive sequences of at least one binary bit code in the application program, wherein the progressive sequences of at most of the coding bits of the binary bit code are used for generating public key information of the application program;
And verifying the public key information of the application program according to the preset private key information corresponding to the application program, generating a digital signature with the checked signature, and recording the digital signature in the application program to finish the checked signature.
Further, the step of applying preset private key information to pair the application program and decrypting the attached file in the application program includes:
reading the application program, encrypting each file in the application program into a data abstract of a preset type through the hash signature algorithm, storing the data abstract in a base64 data format, signing the data abstract by applying preset private key information, and generating an application program to be checked;
judging whether a preset signature public key can decrypt the application program to be checked;
if yes, generating comparison data based on the preset private key information and public key information in the application program.
The step of verifying the public key information of the application program according to the private key information corresponding to the application program, generating a digital signature after signature verification, and recording the digital signature in the application program to finish the signature verification comprises the following steps:
Calculating the application program based on a preset key component sequence, and generating a signature result based on the application program and the identification information of the application program;
calculating a message digest corresponding to the signature result according to a preset hash operation mode, cutting the message digest into blocks to obtain a plurality of digest sub-blocks, and determining key component indexes corresponding to the digest sub-blocks according to a preset mapping mode;
and calculating an information authentication code corresponding to each abstract sub-block according to the key component index corresponding to each abstract sub-block, and generating a digital signature corresponding to the signature result based on the information authentication codes corresponding to the abstract sub-blocks.
Further, the step of performing binary bit encoding processing on the application program includes:
according to the number of times to be signed preset by the application program, determining a hash public key corresponding to each target coding value in the data to be processed as public key information;
generating a signature set of the public key information;
and acquiring the public key information, determining a target authentication path according to the position based on the position of the signature set, and verifying the signature set.
The step of selecting a corresponding hash signature algorithm with the adaptation code bit from a preset hash signature algorithm set, applying the corresponding hash signature algorithm to perform hash operation on the application program, and obtaining the binary signature value of the application program through operation includes:
processing an application program aiming at each corresponding hash signature algorithm, wherein in hash data points of each position in the application program, characteristic data point pairs correspond to hash code pairs one by one, comparing weights of the hash data points corresponding to each position in the hash code pairs to determine target data hash points with larger weights, and determining binary codes corresponding to the hash codes based on the hash data points corresponding to each position, wherein the weights are used for representing similarity coefficients corresponding to the hash codes by the hash data points;
constructing a corresponding similarity matrix based on binary codes corresponding to each hash code, wherein the similarity matrix has the difference between each hash code and the binary code corresponding to each hash code;
and dynamically updating the change parameters of the signature values based on the similarity matrix.
Further, the step of combining the application programs according to the progressive sequence of the coded bits of the binary bit codes from less to most, and generating the public key information of the application programs by combining comprises the following steps:
encoding the data to be processed based on the hash signature algorithm to obtain a hash encoding sequence to be verified, and constructing a hash characteristic database based on the hash encoding sequence;
preprocessing the hash coding sequence, dividing the hash coding sequence into a plurality of mutually disjoint sub-hash codes in the hash characteristic database, and obtaining each sub-hash code as an index of the hash characteristic database;
and arranging the hash coding sequence based on the sub hash codes in the hash characteristic database to generate an arrangement sequence of each coding bit.
The invention also provides a signature verification system of the consumer machine, which is characterized by comprising the following steps:
the system comprises an acquisition module, a comparison module and a control module, wherein the acquisition module is used for acquiring an application program to be installed, identifying the installation environment of the application program, receiving an installation environment detection instruction of the application program, inquiring installation requirement information of the application program through a preset server, acquiring the installation environment information of the application program, comparing the installation environment information with the installation requirement information, and judging whether the installation environment of the application program meets the preset installation requirement;
The judging module is used for providing authority of reading the blank memory pre-stored data for the application program if the data is met, matching the application program by applying preset private key information, decrypting attached files in the application program to generate a decrypted data abstract, performing differential comparison on the decrypted data abstract and a pre-stored data text, and judging whether the decrypted data abstract is identical to the data text or not;
the execution module is used for carrying out binary bit coding on the application program if so, generating binary bit codes corresponding to the application program, selecting a corresponding hash signature algorithm with the adaptive coding bit from a preset hash signature algorithm set according to coding bits corresponding to the binary bit codes, carrying out hash operation on the application program by applying the corresponding hash signature algorithm, calculating to obtain a binary signature value of the application program, carrying out arrangement and combination on the application program according to a progressive sequence of at least one binary bit code in the application program and at most of coding bits of the binary bit code, and generating public key information of the application program in a combined way;
And the verification module is used for verifying the public key information of the application program according to the private key information corresponding to the application program, generating a digital signature with the checked signature, and inputting the digital signature into the application program to finish the checked signature.
Further, the judging module further includes:
the generation unit is used for reading the application program, encrypting each file in the application program into a data abstract of a preset type through the hash signature algorithm, storing the data abstract in a base64 data format, signing the data abstract by applying preset private key information, and generating the application program to be checked;
the second judging unit is used for judging whether the public key information can decrypt the application program to be checked;
and the second execution unit is used for generating comparison data based on the preset private key information and public key information in the application program if the second execution unit is used for generating the comparison data based on the preset private key information and public key information in the application program.
Further, the judging module further includes:
the computing unit is used for computing the application program based on a preset key component sequence and generating a signature result based on the application program and the identification information of the application program;
The second calculation unit is used for calculating the message digest corresponding to the signature result according to a preset hash operation mode, cutting the message digest into a plurality of digest sub-blocks, and determining key component indexes corresponding to the digest sub-blocks according to a preset mapping mode;
and the second generation unit is used for calculating the information authentication code corresponding to each abstract sub-block according to the key component index corresponding to each abstract sub-block and generating the digital signature corresponding to the signature result based on the information authentication codes corresponding to the abstract sub-blocks.
Further, the execution module further includes:
the processing unit is used for determining hash public keys corresponding to all target coding values in the data to be processed as public key information according to the number of times to be signed preset by the application program;
a third generation unit configured to generate a signature set of the public key information;
and the acquisition unit is used for acquiring the public key information, determining a target authentication path according to the position based on the position of the signature set and verifying the signature set.
The invention provides a signature verification method and a signature verification system for a consumer machine, which have the following beneficial effects:
The method comprises the steps of performing binary bit coding on an application program to generate binary bit codes corresponding to the application program, selecting a specific hash signature algorithm with adaptive coding bits from a preset hash signature algorithm set according to coding bits correspondingly arranged on the binary bit codes, performing hash operation on the application program by using the specific hash signature algorithm to obtain binary signature values of the application program, performing arrangement combination on the application program based on at least one or more binary bit codes existing in the application program and a progressive sequence with at least one binary bit code according to the coding bits of the binary bit codes, combining to generate public key information of the application program, verifying public key information of the application program according to private key information corresponding to the application program, generating a digital signature after signature verification, and recording the digital signature in the application program to finish signature verification; compared with the conventional signature verification process at present, the method and the device not only prevent the merchant from downloading the abnormal application program to bypass the server to perform other cooperation, but also avoid the situation that a large number of different candidate hash signature algorithms are required to be set due to the large value range of each code value, thereby reducing the verification cost of the application program when the corresponding hash signature algorithm is configured.
Drawings
FIG. 1 is a flow chart of one embodiment of a signature verification method of a consumer machine according to the present invention;
fig. 2 is a block diagram illustrating an embodiment of a signature verification system for a consumer device.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present invention, as the achievement, functional features, and advantages of the present invention are further described with reference to the embodiments, with reference to the accompanying drawings.
The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, a signature verification method of a consumer machine according to an embodiment of the present invention includes:
s1: acquiring an application program to be installed, identifying the installation environment of the application program, receiving an installation environment detection instruction of the application program, inquiring installation requirement information of the application program through a preset server, acquiring current environment information of the application program, comparing the current environment information with the installation requirement information, and judging whether the current environment of the application program meets preset installation requirements;
S2: if so, providing the application program with the authority of reading the blank memory data, pairing the application program by using preset private key information, decrypting the attached file in the application program to generate a decrypted data abstract, performing differential comparison on the decrypted data abstract and a pre-stored data text, and judging whether the decrypted data abstract is identical to the data text;
s3: if yes, binary bit coding is carried out on the application program, binary bit codes corresponding to the application program are generated, a specific hash signature algorithm which is suitable for the coding bits is selected from a preset hash signature algorithm set according to the coding bits which are correspondingly arranged on the binary bit codes, the specific hash signature algorithm is applied to carry out hash operation on the application program, binary signature values of the application program are obtained through operation, and the application program is arranged and combined according to a progressive sequence of at least one or more binary bit codes in the application program, wherein the progressive sequence of at least one or more coding bits of the binary bit codes is used for generating public key information of the application program;
S4: and verifying the public key information of the application program according to the private key information corresponding to the application program, generating a digital signature after signature verification, and recording the digital signature in the application program to finish signature verification.
In this embodiment, the system scans an application program to be installed to identify an installation environment and a security problem of the application program, executes a preset installation environment detection instruction, scans the application program, queries installation requirement information (such as an operating system level requirement, a configuration height requirement, etc.) of the application program through a preset server, obtains current environment information of the application program, compares the current environment information with the installation requirement information to determine whether the current environment meets a preset installation requirement, and executes a corresponding step; for example, if the system detects that the current environment can meet the level requirement of the operating system, the system determines that the current environment can meet the preset installation requirement, that is, the system provides other readable blank memory spaces for the application program, so that the application program obtains the permission of entering the system by reading the blank memory data; for example, when the system detects that the current environment cannot meet the configuration requirement level, the system determines that the current environment cannot meet the preset installation requirement, i.e. the system cannot provide any reading rights for the application program, because the application program cannot be monitored by the system of the current configuration or the current operating system, and cannot confirm the security of the application program; the system uses preset private key information to pair the application program, decrypts attached files in the application program through pairing to generate data abstracts of the application program, and compares the data abstracts with data texts pre-recorded by the system in a different mode, so that whether the data abstracts are identical with the data texts (compared with the abstract information of the data abstracts which are stored before, the data abstracts can be checked when the abstract information is identical, cannot be more or not less) can be judged, and corresponding steps are executed; for example, when the data abstract is the same as the prestored data text, the system performs binary bit coding processing on the application program to generate binary bit codes corresponding to the application program, selects a specific hash signature algorithm with adaptive coding bits from a preset hash signature algorithm set according to coding bits correspondingly arranged in the binary bit codes, performs hash operation on the application program by using the specific hash signature algorithm, obtains binary signature values of the application program by operation, and performs arrangement combination on the application program according to progressive sequences of at least one or more binary bit codes in the application program and according to the coding bits of the binary bit codes to generate public key information of the application program; and then the system verifies the public key information of the application program according to the private key information corresponding to the application program to generate a digital signature after signing verification, and the system records the digital signature into the application program at the moment, so that the signature signing verification process of the application program can be completed, namely the system allows the application program to be installed.
In a specific embodiment, the signature verification process is as follows:
1. signature is carried out on apk before installation: executing an instruction: java-jar whtypsokSignTool. Jar-key-alias-key-storepass sanstar-input test. Apk-output test_singed. Apk. The principle is that whtyApkSignTool.jar firstly carries out a base64+ hash operation on each file in apk, and the result is stored in a file META-INF/MANIFEST.MF; then, a base64+hash operation is carried out on the whole MANIFET.MF file, the result is stored in the header attribute of the CERT.SF file, and finally, a base64+hash operation is carried out on each attribute block in the MANIFET.MF file, and the result is stored in the attribute block of the CERT.SF file; signing the CERT.SF by a private key, and storing the signature file and the digital certificate stored with public key information into CERT.RSA; the signing process is completed.
2. And (5) checking the apk: the system end is internally provided with a signature authentication packet TYPackageVerifier.jar, decrypts the digital signature by calling a verification method verifyApk to decrypt a public key contained in a CERT.RSA file in apk, compares a decryption result with a result obtained after a CERT.SF file hash operation, and checks whether the CERT.SF is tampered or not; then checking the MANIFAST.MF by using CERT.SF to check whether the MANIFAST.MF is tampered; finally, checking all files by using MANIFAST.MF, and checking whether all files are tampered or deleted or added with new files; and finishing the label checking process.
In this embodiment, the step of applying preset private key information to pair the application program and decrypting the attached file in the application program includes:
reading the application program, encrypting each file in the application program into a data abstract of a preset type through the hash signature algorithm, storing the data abstract in a base64 data format, signing the data abstract by applying preset private key information, and generating an application program to be checked;
judging whether a preset signature public key can decrypt the application program to be checked;
if yes, generating comparison data based on the preset private key information and public key information in the application program.
In this embodiment, after reading the application program, the system encrypts each file of the application program into a preset corresponding type of data digest by applying a hash signature algorithm, stores the data digests in a base64 data format, and then applies preset private key information to perform one-way signature on the data digests to generate an application program to be checked, and determines whether a preset signature public key can decrypt the application program to be checked, so as to execute a corresponding step; for example, if the system knows that the preset signature public key cannot decrypt the application program to be signed, the system will determine that the message is actually signed and sent by the sender, and possibly someone maliciously impersonates the signature of the sender and sends the application program to the system; for example, if the system knows that the preset signature public key can decrypt the application program to be checked, the system will generate comparison data of the private key information and the public key information at this time.
It should be noted that: the public key and the private key are paired, the file encrypted by the public key can be decrypted only by the corresponding private key, and the file can be encrypted by the private key and decrypted by the corresponding public key, and the signature is that the sender writes a signature for the transmitted file, so that the private key of the sender is needed to be used.
In this embodiment, verifying the public key information of the application program according to the private key information corresponding to the application program, generating a digital signature after signing verification, and recording the digital signature in the application program, where the step of signing verification is completed includes:
calculating the application program based on a preset key component sequence, and generating a signature result based on the application program and the identification information of the application program;
calculating a message digest corresponding to the signature result according to a preset hash operation mode, cutting the message digest into blocks to obtain a plurality of digest sub-blocks, and determining key component indexes corresponding to the digest sub-blocks according to a preset mapping mode;
and calculating an information authentication code corresponding to each abstract sub-block according to the key component index corresponding to each abstract sub-block, and generating a digital signature corresponding to the signature result based on the information authentication codes corresponding to the abstract sub-blocks.
In this embodiment, the system processes the message to be signed according to a preset hash operation mode and obtains a corresponding message digest, for example, the message to be signed is used as input data, the data is processed according to an SM3 algorithm and the message digest is output, (the SM3 algorithm requires that the bit length of the digest is 256 bits, and the SM3 algorithm is a one-way hash operation, and can process the message to be signed into the message digest according to the message to be signed, but cannot reversely derive the message to be signed according to the message digest); the signature party cuts the message digest to obtain a plurality of digest sub-blocks, the bit length of the message digest is 256 bits, the message digest is cut according to the block length of 32 bits, the 256 bits are cut into 8 digest sub-blocks with the length of 32 bits, namely block1 and block2 … block8 respectively, the message digest can be cut into 16 digest sub-blocks with the length of 16 bits, and the length and the number of the digest sub-blocks can be determined according to application requirements; after a plurality of abstract sub-blocks are obtained, key component indexes corresponding to the abstract sub-blocks are determined according to a preset mapping mode, signature key components used by the abstract sub-blocks of the message abstract are calculated through a specified algorithm to participate in signature calculation of the abstract sub-blocks, a signature party calculates message authentication codes corresponding to each abstract sub-block according to the key component indexes corresponding to the abstract sub-blocks, after the key component indexes are determined, key components corresponding to the abstract sub-blocks are determined in advance in a preset key component sequence, one abstract sub-block corresponds to one message authentication code, and 8 blocks correspond to 8 message authentication codes, namely H1 and H2 … H8; determining a digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the plurality of summary sub-blocks is equivalent to performing data processing on the original sequence of key components with fixed ordering, reordering part or all of the key components according to the key component indexes, and finally obtaining the digital signature if some key components appear for multiple times.
In this embodiment, the step of performing binary bit encoding processing on the application program includes:
according to the number of times to be signed preset by the application program, determining a hash public key corresponding to each target coding value in the data to be processed as public key information;
generating a signature set of the public key information;
and acquiring the public key information, determining a target authentication path according to the position based on the position of the signature set, and verifying the signature set.
In this embodiment, the target encoding value is a value in the data to be processed, corresponds to the preset hash public key one by one, and the number of signatures is usually 1, and each time the signature is executed, the number of completed signature operations can be obtained by adding 1 to each time the signature is executed; determining a target signature public key corresponding to each target coding value in the data to be processed from preset hash public keys according to the number of signature times, and converting each target coding value in the data to be processed into a numerical value of a preset system; wherein, the value of the preset system is equal to the number of signature orders in the preset signature set; taking the signature times as a target signature cluster; determining a corresponding target signature public key according to the numerical conversion result of the target coding value; converting each target coding value in the data to be processed into a numerical value of a preset system, so that the signature operation for the message to be signed can be matched with a corresponding preset hash public key, the signature operation for the message to be signed is completed based on the preset hash public key, and further the efficiency of the signature operation is improved; according to the numerical conversion result of the target coding value, a corresponding target signature public key can be determined in a pre-constructed hash public key, so that complex calculation is not needed for signature verification of the application program, and further the efficiency of signing the application program is improved.
In this embodiment, selecting a specific hash signature algorithm with the adaptation bit from a preset hash signature algorithm set, applying the specific hash signature algorithm to perform a hash operation on the application program, and performing the operation to obtain a binary signature value of the application program includes:
processing an application program aiming at each specific hash signature algorithm, determining a target data hash point with larger weight in hash data points of each position in the application program, and determining a binary code corresponding to a hash code based on the hash data points corresponding to each position, wherein the weight is used for representing similarity coefficients corresponding to the hash code for calculating the hash data points;
constructing a corresponding similarity matrix based on binary codes corresponding to each hash code, wherein the similarity matrix has the difference between each hash code and the binary code corresponding to each hash code;
and dynamically updating the change parameters of the signature values based on the similarity matrix.
In this embodiment, the system processes the application program through a specific hash signature algorithm, generates a matrix to be formed corresponding to characteristic data points in the application program, and represents a rectangle composed of a plurality of lattices, each lattice in the rectangle corresponds to data in one dimension, the dimension of the characteristic data point x1 is m1, the dimension of the characteristic data point y1 is m2, m1 and m2 can be equal or unequal, hash code pairs corresponding to the characteristic data point pairs one to one are obtained, the hash codes can be represented as a rectangle composed of a plurality of lattices, and each lattice corresponds to one hash data point, namely data in one dimension; in the hash coding pair, the weight of the hash data point corresponding to each position in the hash coding pair is compared to obtain hash data points with larger weight as target hash data points, the number of the hash data point pairs in the hash coding pair is m3, so that m3 target hash data points can be obtained, binarization processing is carried out on each target hash data point to obtain binarization data points, and the binarization data points are sequentially combined based on the positions of the hash data point pairs corresponding to the target hash data points, namely, a similarity matrix is obtained by combining matrix to be formed; and updating the signature value 1 to obtain a binary code 1, wherein the dimension of the binary code 1 is m3, namely the coding length of the binary code of the hash code pair is the same as the coding length of each hash code in the hash code pair, so that a signature value change parameter with higher accuracy is obtained, and the signature verification efficiency of an application program is improved.
In this embodiment, the step of editing and combining the application program based on at least one or more binary bit codes existing in the application program and according to a progressive sequence of less and more coded bits of the binary bit codes, and generating public key information of the application program by combining includes:
encoding the data to be processed based on the hash signature algorithm to obtain a hash encoding sequence to be verified, and constructing a hash characteristic database based on the hash encoding sequence;
preprocessing the hash coding sequence, dividing the hash coding sequence into a plurality of mutually disjoint sub-hash codes in the hash characteristic database, and obtaining each sub-hash code as an index of the hash characteristic database;
and arranging the hash coding sequence based on the sub hash codes in the hash characteristic database to generate an arrangement sequence of each coding bit.
In this embodiment, the system encodes data to be processed through a hash signature algorithm to obtain a hash coding sequence to be verified, creates a hash feature database based on the hash coding sequence, sets a threshold function in a hash layer and a threshold layer of the hash feature database, converts continuous feature hash vectors into binary hash codes, performs preprocessing on the obtained binary hash codes, continuously divides the preprocessed hash codes into a plurality of mutually disjoint sub-hash codes, performs transformation on original hash code data, enables the transformed data to have linear irrelevancy and ensures the relation between the original data as much as possible, generates projection vectors for training the original hash codes, multiplies the generated projection vectors to obtain hash codes with uniform distribution, continuously divides each of the obtained sub-hash codes into a plurality of mutually disjoint sub-hash codes, can serve as indexes of the hash feature database, inputs signature value information to be queried, searches each hash code, obtains all similar code candidate sets, calculates Hamming bit candidate values, and performs bit candidate sequence ordering on the Hamming bit candidate sets.
Referring to fig. 2, a signature verification system of a consumer machine according to an embodiment of the present invention includes:
the acquiring module 10 is configured to acquire an application program to be installed, identify an installation environment of the application program, receive an installation environment detection instruction of the application program, query installation requirement information of the application program through a preset server, acquire current environment information of the application program, compare the current environment information with the installation requirement information, and determine whether the current environment of the application program meets a preset installation requirement;
the judging module 20 is configured to provide the application program with permission to read the blank memory data if the data is satisfied, apply preset private key information to pair the application program, decrypt an attached file in the application program, generate a decrypted data digest, and compare the decrypted data digest with a pre-stored data text differently, so as to judge whether the decrypted data digest is identical to the data text;
the execution module 30 is configured to perform binary bit encoding processing on the application program if the application program is in the first state, generate a binary bit encoding corresponding to the application program, select a specific hash signature algorithm with an adaptation bit from a preset hash signature algorithm set according to encoding bits corresponding to the binary bit encoding, perform hash operation on the application program by applying the specific hash signature algorithm, calculate a binary signature value of the application program, and perform arrangement and combination on the application program according to a progressive sequence of at least one or more binary bit encoding bits in the application program, where the progressive sequence is less than or equal to the number of encoding bits in the binary bit encoding, so as to generate public key information of the application program;
And the verification module 40 is configured to verify the public key information of the application according to the private key information corresponding to the application, generate a digital signature after the signature verification is completed, and record the digital signature in the application to complete the signature verification.
In this embodiment, the obtaining module 10 scans an application program to be installed to identify an installation environment and a security problem of the application program, executes a preset installation environment detection instruction, scans the application program, queries installation requirement information (such as an operating system level requirement, a configuration height requirement, etc.) of the application program through a preset service end, obtains current environment information of the application program, compares the current environment information with the installation requirement information to determine whether the current environment meets the preset installation requirement, and executes a corresponding step; for example, if the system detects that the current environment can meet the level requirement of the operating system, the system determines that the current environment can meet the preset installation requirement, that is, the system provides other readable blank memory spaces for the application program, so that the application program obtains the permission of entering the system by reading the blank memory data; for example, when the system detects that the current environment cannot meet the configuration requirement level, the system determines that the current environment cannot meet the preset installation requirement, i.e. the system cannot provide any reading rights for the application program, because the application program cannot be monitored by the system of the current configuration or the current operating system, and cannot confirm the security of the application program; the judging module 20 then applies preset private key information to pair the application program, decrypts attached files in the application program through pairing to generate data digests of the application program, and compares the data digests with data texts pre-recorded by the system in a different mode, so that whether the data digests are identical to the data texts can be judged (compared with the data digests stored before, signature verification can be performed when the data digests are identical, cannot be more or not less), and corresponding steps are executed; for example, when the data digest is the same as the prestored data text, the execution module 30 performs binary bit encoding processing on the application program to generate binary bit encoding corresponding to the application program, selects a specific hash signature algorithm with adaptive encoding bits from the preset hash signature algorithm set according to encoding bits correspondingly provided by the binary bit encoding, performs hash operation on the application program by using the specific hash signature algorithm, obtains a binary signature value of the application program by operation, and performs arrangement and combination on the application program according to a progressive sequence of at least one or more binary bit encoding bits existing in the application program, so as to generate public key information of the application program; and the verification module 40 verifies the public key information of the application program according to the private key information corresponding to the application program to generate a digital signature after signature verification, and the system records the digital signature into the application program at the moment, so that the signature verification process of the application program can be completed, namely, the system allows the application program to be installed.
In a specific embodiment, the signature verification process is as follows:
1. signature is carried out on apk before installation: executing an instruction: java-jar whtypsokSignTool. Jar-key-alias-key-storepass sanstar-input test. Apk-output test_singed. Apk. The principle is that whtyApkSignTool.jar firstly carries out a base64+ hash operation on each file in apk, and the result is stored in a file META-INF/MANIFEST.MF; then, a base64+hash operation is carried out on the whole MANIFET.MF file, the result is stored in the header attribute of the CERT.SF file, and finally, a base64+hash operation is carried out on each attribute block in the MANIFET.MF file, and the result is stored in the attribute block of the CERT.SF file; signing the CERT.SF by a private key, and storing the signature file and the digital certificate stored with public key information into CERT.RSA; the signing process is completed.
2. And (5) checking the apk: the system end is internally provided with a signature authentication packet TYPackageVerifier.jar, decrypts the digital signature by calling a verification method verifyApk to decrypt a public key contained in a CERT.RSA file in apk, compares a decryption result with a result obtained after a CERT.SF file hash operation, and checks whether the CERT.SF is tampered or not; then checking the MANIFAST.MF by using CERT.SF to check whether the MANIFAST.MF is tampered; finally, checking all files by using MANIFAST.MF, and checking whether all files are tampered or deleted or added with new files; and finishing the label checking process.
In this embodiment, the judging module further includes:
the generation unit is used for reading the application program, encrypting each file in the application program into a data abstract of a preset type through the hash signature algorithm, storing the data abstract in a base64 data format, signing the data abstract by applying preset private key information, and generating the application program to be checked;
the second judging unit is used for judging whether the preset signature public key can decrypt the application program to be checked;
and the second execution unit is used for generating comparison data based on the preset private key information and public key information in the application program if the second execution unit is used for generating the comparison data based on the preset private key information and public key information in the application program.
In this embodiment, after reading the application program, the system encrypts each file of the application program into a preset corresponding type of data digest by applying a hash signature algorithm, stores the data digests in a base64 data format, and then applies preset private key information to perform one-way signature on the data digests to generate an application program to be checked, and determines whether a preset signature public key can decrypt the application program to be checked, so as to execute a corresponding step; for example, if the system knows that the preset signature public key cannot decrypt the application program to be signed, the system will determine that the message is actually signed and sent by the sender, and possibly someone maliciously impersonates the signature of the sender and sends the application program to the system; for example, if the system knows that the preset signature public key can decrypt the application program to be checked, the system will generate comparison data of the private key information and the public key information at this time.
In this embodiment, the determining module further includes:
the computing unit is used for computing the application program based on a preset key component sequence and generating a signature result based on the application program and the identification information of the application program;
the second calculation unit is used for calculating the message digest corresponding to the signature result according to a preset hash operation mode, cutting the message digest into a plurality of digest sub-blocks, and determining key component indexes corresponding to the digest sub-blocks according to a preset mapping mode;
and the second generation unit is used for calculating the information authentication code corresponding to each abstract sub-block according to the key component index corresponding to each abstract sub-block and generating the digital signature corresponding to the signature result based on the information authentication codes corresponding to the abstract sub-blocks.
In this embodiment, the system processes the message to be signed according to a preset hash operation mode and obtains a corresponding message digest, for example, the message to be signed is used as input data, the data is processed according to an SM3 algorithm and the message digest is output, (the SM3 algorithm requires that the bit length of the digest is 256 bits, and the SM3 algorithm is a one-way hash operation, and can process the message to be signed into the message digest according to the message to be signed, but cannot reversely derive the message to be signed according to the message digest); the signature party cuts the message digest to obtain a plurality of digest sub-blocks, the bit length of the message digest is 256 bits, the message digest is cut according to the block length of 32 bits, the 256 bits are cut into 8 digest sub-blocks with the length of 32 bits, namely block1 and block2 … block8 respectively, the message digest can be cut into 16 digest sub-blocks with the length of 16 bits, and the length and the number of the digest sub-blocks can be determined according to application requirements; after a plurality of abstract sub-blocks are obtained, key component indexes corresponding to the abstract sub-blocks are determined according to a preset mapping mode, signature key components used by the abstract sub-blocks of the message abstract are calculated through a specified algorithm to participate in signature calculation of the abstract sub-blocks, a signature party calculates message authentication codes corresponding to each abstract sub-block according to the key component indexes corresponding to the abstract sub-blocks, after the key component indexes are determined, key components corresponding to the abstract sub-blocks are determined in advance in a preset key component sequence, one abstract sub-block corresponds to one message authentication code, and 8 blocks correspond to 8 message authentication codes, namely H1 and H2 … H8; determining a digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the plurality of summary sub-blocks is equivalent to performing data processing on the original sequence of key components with fixed ordering, reordering part or all of the key components according to the key component indexes, and finally obtaining the digital signature if some key components appear for multiple times.
In this embodiment, the execution module further includes:
the processing unit is used for determining hash public keys corresponding to all target coding values in the data to be processed as public key information according to the number of times to be signed preset by the application program;
a third generation unit configured to generate a signature set of the public key information;
and the acquisition unit is used for acquiring the public key information, determining a target authentication path according to the position based on the position of the signature set and verifying the signature set.
In this embodiment, the target encoding value is a value in the data to be processed, corresponds to the preset hash public key one by one, and the number of signatures is usually 1, and each time the signature is executed, the number of completed signature operations can be obtained by adding 1 to each time the signature is executed; determining a target signature public key corresponding to each target coding value in the data to be processed from preset hash public keys according to the number of signature times, and converting each target coding value in the data to be processed into a numerical value of a preset system; wherein, the value of the preset system is equal to the number of signature orders in the preset signature set; taking the signature times as a target signature cluster; determining a corresponding target signature public key according to the numerical conversion result of the target coding value; converting each target coding value in the data to be processed into a numerical value of a preset system, so that the signature operation for the message to be signed can be matched with a corresponding preset hash public key, the signature operation for the message to be signed is completed based on the preset hash public key, and further the efficiency of the signature operation is improved; according to the numerical conversion result of the target coding value, a corresponding target signature public key can be determined in a pre-constructed hash public key, so that complex calculation is not needed for signature verification of the application program, and further the efficiency of signing the application program is improved.
In this embodiment, the execution module further includes:
the second processing unit is used for processing an application program aiming at each specific hash signature algorithm, determining a target data hash point with larger weight in hash data points of each position in the application program, and determining a binary code corresponding to a hash code based on the hash data points corresponding to each position, wherein the weight is used for representing similarity coefficients corresponding to the hash code by the hash data points;
a construction unit, configured to construct a corresponding similarity matrix based on a binary code corresponding to each hash code, where the similarity matrix has a difference between each hash code and the binary code corresponding to each hash code;
and the updating unit is used for dynamically updating the change parameters of the signature value based on the similarity matrix.
In this embodiment, the system processes the application program through a specific hash signature algorithm, generates a matrix to be formed corresponding to characteristic data points in the application program, and represents a rectangle composed of a plurality of lattices, each lattice in the rectangle corresponds to data in one dimension, the dimension of the characteristic data point x1 is m1, the dimension of the characteristic data point y1 is m2, m1 and m2 can be equal or unequal, hash code pairs corresponding to the characteristic data point pairs one to one are obtained, the hash codes can be represented as a rectangle composed of a plurality of lattices, and each lattice corresponds to one hash data point, namely data in one dimension; in the hash coding pair, the weight of the hash data point corresponding to each position in the hash coding pair is compared to obtain hash data points with larger weight as target hash data points, the number of the hash data point pairs in the hash coding pair is m3, so that m3 target hash data points can be obtained, binarization processing is carried out on each target hash data point to obtain binarization data points, and the binarization data points are sequentially combined based on the positions of the hash data point pairs corresponding to the target hash data points, namely, a similarity matrix is obtained by combining matrix to be formed; and updating the signature value 1 to obtain a binary code 1, wherein the dimension of the binary code 1 is m3, namely the coding length of the binary code of the hash code pair is the same as the coding length of each hash code in the hash code pair, so that a signature value change parameter with higher accuracy is obtained, and the signature verification efficiency of an application program is improved.
In this embodiment, the execution module further includes:
the coding unit is used for coding the data to be processed based on the hash signature algorithm to obtain a hash coding sequence to be verified, and constructing a hash characteristic database based on the hash coding sequence;
the division unit is used for preprocessing the hash coding sequence, dividing the hash coding sequence into a plurality of mutually-disjoint sub-hash codes in the hash characteristic database, and obtaining each sub-hash code as an index of the hash characteristic database;
and the arrangement unit is used for arranging the hash coding sequence based on the sub hash codes in the hash characteristic database and generating an arrangement sequence of each coding bit.
In this embodiment, the system encodes data to be processed through a hash signature algorithm to obtain a hash coding sequence to be verified, creates a hash feature database based on the hash coding sequence, sets a threshold function in a hash layer and a threshold layer of the hash feature database, converts continuous feature hash vectors into binary hash codes, performs preprocessing on the obtained binary hash codes, continuously divides the preprocessed hash codes into a plurality of mutually disjoint sub-hash codes, performs transformation on original hash code data, enables the transformed data to have linear irrelevancy and ensures the relation between the original data as much as possible, generates projection vectors for training the original hash codes, multiplies the generated projection vectors to obtain hash codes with uniform distribution, continuously divides each of the obtained sub-hash codes into a plurality of mutually disjoint sub-hash codes, can serve as indexes of the hash feature database, inputs signature value information to be queried, searches each hash code, obtains all similar code candidate sets, calculates Hamming bit candidate values, and performs bit candidate sequence ordering on the Hamming bit candidate sets.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. The signature verification method of the consumer is characterized by comprising the following steps of:
acquiring an application program to be installed, identifying the installation environment of the application program, receiving an installation environment detection instruction of the application program, inquiring installation requirement information of the application program through a preset server, acquiring the installation environment information of the application program, comparing the installation environment information with the installation requirement information, and judging whether the installation environment of the application program meets the preset installation requirement;
if so, providing the authority of reading the memory pre-stored data for the application program, pairing the application program by applying preset private key information, decrypting the attached file in the application program to generate a decrypted data abstract, performing differential comparison on the decrypted data abstract and a pre-stored data text, and judging whether the decrypted data abstract is identical to the data text;
If yes, binary bit coding is carried out on the application program, binary bit codes corresponding to the application program are generated, corresponding hash signature algorithms which are matched with the coding bits are selected from a preset hash signature algorithm set according to the coding bits which are correspondingly arranged on the binary bit codes, hash operation is carried out on the application program by applying the corresponding hash signature algorithms, binary signature values of the application program are obtained through operation, and the application program is arranged and combined according to progressive sequences of at least one binary bit code in the application program, wherein the progressive sequences of at most of the coding bits of the binary bit code are used for generating public key information of the application program;
and verifying the public key information of the application program according to the preset private key information corresponding to the application program, generating a digital signature with the checked signature, and recording the digital signature in the application program to finish the checked signature.
2. The method for signature verification of a consumer machine according to claim 1, wherein the step of applying preset private key information to pair the application program and decrypting the attached file in the application program comprises:
Reading the application program, encrypting each file in the application program into a data abstract of a preset type through the hash signature algorithm, storing the data abstract in a base64 data format, signing the data abstract by applying preset private key information, and generating an application program to be checked;
judging whether the public key information can decrypt the application program to be checked;
if yes, generating comparison data based on the preset private key information and public key information in the application program.
3. The signature verification method of claim 1, wherein verifying public key information of the application according to preset private key information corresponding to the application, generating a digital signature after verification, and recording the digital signature in the application, wherein the step of finishing verification comprises:
calculating the application program based on a preset key component sequence, and generating a signature result based on the application program and the identification information of the application program;
calculating a message digest corresponding to the signature result according to a preset hash operation mode, cutting the message digest into blocks to obtain a plurality of digest sub-blocks, and determining key component indexes corresponding to the digest sub-blocks according to a preset mapping mode;
And calculating an information authentication code corresponding to each abstract sub-block according to the key component index corresponding to each abstract sub-block, and generating a digital signature corresponding to the signature result based on the information authentication codes corresponding to the abstract sub-blocks.
4. The method for signature verification of a consumer machine according to claim 1, wherein the step of subjecting the application program to binary encoding comprises:
according to the number of times to be signed preset by the application program, determining a hash public key corresponding to each target coding value in the data to be processed as public key information;
generating a signature set of the public key information;
and acquiring the public key information, determining a target authentication path according to the position based on the position of the signature set, and verifying the signature set.
5. The signature verification method of claim 1, wherein the step of selecting a corresponding hash signature algorithm having the matching code bits from a preset hash signature algorithm set, applying the corresponding hash signature algorithm to perform a hash operation on the application program, and obtaining the binary signature value of the application program by the operation includes:
Processing an application program aiming at each corresponding hash signature algorithm, wherein in hash data points of each position in the application program, characteristic data point pairs correspond to hash code pairs one by one, comparing weights of the hash data points corresponding to each position in the hash code pairs to determine a target hash data point with larger weights, and determining binary codes corresponding to the hash codes based on the hash data points corresponding to each position, wherein the weights are used for representing similarity coefficients corresponding to the hash codes by the hash data points;
constructing a corresponding similarity matrix based on binary codes corresponding to each hash code, wherein the similarity matrix has the difference between each hash code and the binary code corresponding to each hash code;
and dynamically updating the change parameters of the signature values based on the similarity matrix.
6. The method according to claim 1, wherein the step of generating public key information of the application program by combining the application program according to a progressive sequence of at least one binary bit code existing in the application program and according to the binary bit code, comprises:
Encoding the data to be processed based on the hash signature algorithm to obtain a hash coding sequence to be verified, and constructing a hash characteristic database based on the hash coding sequence;
preprocessing the hash coding sequence, dividing the hash coding sequence into a plurality of mutually disjoint sub-hash codes in the hash characteristic database, and obtaining each sub-hash code as an index of the hash characteristic database;
and arranging the hash coding sequence based on the sub hash codes in the hash characteristic database to generate an arrangement sequence of each coding bit.
7. A signature verification system for a consumer machine, comprising:
the system comprises an acquisition module, a comparison module and a control module, wherein the acquisition module is used for acquiring an application program to be installed, identifying the installation environment of the application program, receiving an installation environment detection instruction of the application program, inquiring installation requirement information of the application program through a preset server, acquiring the installation environment information of the application program, comparing the installation environment information with the installation requirement information, and judging whether the installation environment of the application program meets the preset installation requirement;
the judging module is used for providing the authority of reading the stored data of the memory for the application program if the data is met, applying preset private key information to pair the application program, decrypting the attached files in the application program to generate a decrypted data abstract, performing differential comparison on the decrypted data abstract and a pre-stored data text, and judging whether the decrypted data abstract is identical to the data text or not;
The execution module is used for carrying out binary bit coding on the application program if so, generating binary bit codes corresponding to the application program, selecting a corresponding hash signature algorithm with the adaptive coding bit from a preset hash signature algorithm set according to coding bits corresponding to the binary bit codes, carrying out hash operation on the application program by applying the corresponding hash signature algorithm, calculating to obtain a binary signature value of the application program, carrying out arrangement and combination on the application program according to a progressive sequence of at least one binary bit code in the application program and at most of coding bits of the binary bit code, and generating public key information of the application program in a combined way;
and the verification module is used for verifying the public key information of the application program according to the preset private key information corresponding to the application program, generating a digital signature after signature verification, and inputting the digital signature into the application program to finish signature verification.
8. The consumer signature verification system as recited in claim 7 wherein the determination module further comprises:
The generation unit is used for reading the application program, encrypting each file in the application program into a data abstract of a preset type through the hash signature algorithm, storing the data abstract in a base64 data format, signing the data abstract by applying preset private key information, and generating the application program to be checked;
the second judging unit is used for judging whether the public key information can decrypt the application program to be checked;
and the second execution unit is used for generating comparison data based on the preset private key information and public key information in the application program if the second execution unit is used for generating the comparison data based on the preset private key information and public key information in the application program.
9. The consumer signature verification system as recited in claim 7 wherein the determination module further comprises:
the computing unit is used for computing the application program based on a preset key component sequence and generating a signature result based on the application program and the identification information of the application program;
the second calculation unit is used for calculating the message digest corresponding to the signature result according to a preset hash operation mode, cutting the message digest into a plurality of digest sub-blocks, and determining key component indexes corresponding to the digest sub-blocks according to a preset mapping mode;
And the second generation unit is used for calculating the information authentication code corresponding to each abstract sub-block according to the key component index corresponding to each abstract sub-block and generating the digital signature corresponding to the signature result based on the information authentication codes corresponding to the abstract sub-blocks.
10. The consumer machine signature verification system as recited in claim 7, wherein the execution module further comprises:
the processing unit is used for determining hash public keys corresponding to all target coding values in the data to be processed as public key information according to the number of times to be signed preset by the application program;
a third generation unit configured to generate a signature set of the public key information;
and the acquisition unit is used for acquiring the public key information, determining a target authentication path according to the position based on the position of the signature set and verifying the signature set.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310045616.XA CN116248291B (en) | 2023-01-30 | 2023-01-30 | Signature verification method and system of consumer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310045616.XA CN116248291B (en) | 2023-01-30 | 2023-01-30 | Signature verification method and system of consumer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116248291A CN116248291A (en) | 2023-06-09 |
| CN116248291B true CN116248291B (en) | 2023-11-17 |
Family
ID=86634294
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310045616.XA Active CN116248291B (en) | 2023-01-30 | 2023-01-30 | Signature verification method and system of consumer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116248291B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105095696A (en) * | 2015-06-25 | 2015-11-25 | 三星电子(中国)研发中心 | Method, system and apparatus for carrying out safety authentication on application programs |
| KR20180105406A (en) * | 2017-03-15 | 2018-09-28 | 주식회사 아이리시스 | biometrics certification by payment method and biometrics certification payment management server |
| US10742420B1 (en) * | 2018-03-09 | 2020-08-11 | Wells Fargo Bank, N.A. | Quantum-resistant double signature system |
| EP3798873A1 (en) * | 2019-09-24 | 2021-03-31 | Siemens Aktiengesellschaft | Method for protecting a computer-implemented application from manipulation |
| CN113761587A (en) * | 2020-09-23 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Method and device for signature verification |
| CN114706772A (en) * | 2022-04-01 | 2022-07-05 | 合众新能源汽车有限公司 | Installation environment detection method, device, equipment and storage medium |
| CN115242402A (en) * | 2022-07-12 | 2022-10-25 | 长春吉大正元信息技术股份有限公司 | Signature method, signature verification method and electronic equipment |
-
2023
- 2023-01-30 CN CN202310045616.XA patent/CN116248291B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105095696A (en) * | 2015-06-25 | 2015-11-25 | 三星电子(中国)研发中心 | Method, system and apparatus for carrying out safety authentication on application programs |
| KR20180105406A (en) * | 2017-03-15 | 2018-09-28 | 주식회사 아이리시스 | biometrics certification by payment method and biometrics certification payment management server |
| US10742420B1 (en) * | 2018-03-09 | 2020-08-11 | Wells Fargo Bank, N.A. | Quantum-resistant double signature system |
| EP3798873A1 (en) * | 2019-09-24 | 2021-03-31 | Siemens Aktiengesellschaft | Method for protecting a computer-implemented application from manipulation |
| CN113761587A (en) * | 2020-09-23 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Method and device for signature verification |
| CN114706772A (en) * | 2022-04-01 | 2022-07-05 | 合众新能源汽车有限公司 | Installation environment detection method, device, equipment and storage medium |
| CN115242402A (en) * | 2022-07-12 | 2022-10-25 | 长春吉大正元信息技术股份有限公司 | Signature method, signature verification method and electronic equipment |
Non-Patent Citations (1)
| Title |
|---|
| 软件安全中的若干关键技术研究;刁俊峰;中国博士学位论文全文数据库(06);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116248291A (en) | 2023-06-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3780543A1 (en) | Blockchain cross-chain authentication method and system, and server and readable storage medium | |
| US10270588B2 (en) | Method and system for additive homomorphic encryption scheme with operation error detection functionality | |
| CN101004805A (en) | Digital document management system, digital document management method, and digital document management program | |
| CN108848064B (en) | Authorization management method and system | |
| CN107948155A (en) | Cryptographic check method, apparatus, computer equipment and computer-readable recording medium | |
| CN102790678B (en) | Authentication method and system | |
| WO2014092183A1 (en) | Bit string matching system, method, and program | |
| US10503915B2 (en) | Encrypted text verification system, method and recording medium | |
| CN110597836B (en) | Information inquiry request response method and device based on block chain network | |
| KR20120053929A (en) | The agent system for digital signature using sign private key with double encryption and method thereof features to store in web storage | |
| CN101060400B (en) | Data generating device, data analysis device, control method and data processing system | |
| CN116451263B (en) | Hard disk data storage method, device, equipment and storage medium | |
| US10484182B2 (en) | Encrypted text verification system, method, and recording medium | |
| CN115208628B (en) | Data integrity verification method based on block chain | |
| CN103400063A (en) | Method and device for executing script file | |
| CN109302286B (en) | Fido equipment key index generation method | |
| EP2286610B1 (en) | Techniques for peforming symmetric cryptography | |
| CN116248291B (en) | Signature verification method and system of consumer | |
| CN117097476A (en) | Data processing method, equipment and medium based on industrial Internet | |
| CN115002141B (en) | File storage method and device based on block chain | |
| CN114760072B (en) | Signature and signature verification method, device and storage medium | |
| CN108376212B (en) | Execution code security protection method and device and electronic device | |
| CN115242534B (en) | Node state security query method, system and device | |
| CN114285581A (en) | Application management method and related product | |
| CN117009933B (en) | Information security approval monitoring system and method based on Internet of things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |