CN117335988A

CN117335988A - APP electronic identification generation, labeling and security verification method and equipment

Info

Publication number: CN117335988A
Application number: CN202311617739.2A
Authority: CN
Inventors: 常雯; 周帅; 李坤; 王卉婷; 刘妍妍
Original assignee: China Academy of Information and Communications Technology CAICT
Current assignee: China Academy of Information and Communications Technology CAICT
Priority date: 2023-11-30
Filing date: 2023-11-30
Publication date: 2024-01-02
Anticipated expiration: 2043-11-30
Also published as: CN117335988B

Abstract

The invention provides a method and equipment for generating, labeling and safety checking electronic identifications of APP, belonging to the technical field of computers, wherein the method comprises the following steps: acquiring characteristic information of a first APP, wherein the characteristic information comprises: APP name, APP package name and signature certificate fingerprint information; generating target abstract information by utilizing a password hash algorithm according to the characteristic information of the first APP; signing the target abstract information by using a digital signature algorithm to obtain an electronic identifier of a first APP; the electronic identifier is used for being marked in an installation package of the first APP. The scheme can effectively confirm the uniqueness of the APP, can achieve one-time registration, has a permanent and effective effect, and greatly reduces the development burden of APP developers. Meanwhile, the validity of the verification electronic identifier can be rapidly checked in various links such as distribution, downloading, installation and use of the APP by using a digital signature verification technology, so that the APP can be more comprehensively and rapidly managed.

Description

APP electronic identification generation, labeling and security verification method and equipment

Technical Field

The invention relates to the technical field of computers, in particular to a method and equipment for generating, labeling and safety checking electronic identifications of APP.

Background

The suspicious or illegal APP has the characteristics of wide propagation channel, high imitation degree, high generation speed, large quantity, short period and the like, so that the monitoring, identification, treatment and other works of the APP face a great challenge. Therefore, it is highly desirable for those skilled in the art to implement an APP detection method with high efficiency and accuracy.

Disclosure of Invention

Aiming at the problems existing in the prior art, the embodiment of the invention provides a method and equipment for generating, labeling and safety checking electronic identifications of APP.

The invention provides a method for generating an electronic identifier of an application program APP, which comprises the following steps:

acquiring characteristic information of a first APP, wherein the characteristic information comprises: APP name, APP package name and signature certificate fingerprint information;

generating target abstract information by utilizing a password hash algorithm according to the characteristic information of the first APP;

signing the target abstract information by using a digital signature algorithm to obtain an electronic identifier of the first APP; the electronic identifier is used for being marked in an installation package of the first APP.

According to the method for generating the electronic identifier of the application program APP provided by the invention, the step of acquiring the characteristic information of the first APP comprises the following steps:

Receiving a request message sent by first equipment, and acquiring characteristic information of a first APP from the request message; the request message is used for requesting the electronic identification of the first APP; the request message includes: characteristic information of the first APP, and developer information and/or enterprise information of the first APP;

before the target abstract information is generated by utilizing a password hash algorithm according to the characteristic information of the first APP, the method further comprises the following steps:

verifying the characteristic information, the developer information and/or the enterprise information by using blacklist data;

if the verification is passed, executing a step of generating target abstract information by utilizing a password hash algorithm according to the characteristic information of the first APP;

after the electronic identifier of the first APP is obtained, the method further includes:

and sending the electronic identification of the first APP to the first equipment.

According to the method for generating the electronic identifier of the application program APP, provided by the invention, the method further comprises the following steps:

receiving a verification request sent by an application server, wherein the verification request is used for requesting verification of a second APP;

extracting the electronic identification of the second APP and the characteristic information of the second APP from the configuration file of the installation package of the second APP;

Performing verification according to the characteristic information and the electronic identifier to obtain a verification result;

and sending the verification result to the application server.

receiving target information, the target information comprising at least one of: an installation package, an installation link and a download link of the third APP;

extracting characteristic information and electronic identification of a third APP from a configuration file of an installation package corresponding to the target information;

and carrying out verification according to the characteristic information and the electronic identifier to obtain a verification result.

According to the method for generating the electronic identifier of the application program APP, which is provided by the invention, verification is carried out according to the characteristic information and the electronic identifier to obtain a verification result, and the method comprises the following steps:

decrypting the electronic identifier by using a digital certificate to obtain first abstract information;

combining the characteristic information according to a preset sequence to obtain plaintext information;

calculating the plaintext information by using a password hash algorithm to obtain second abstract information;

if the first abstract information is consistent with the second abstract information, determining that the verification result is verification passing;

And if the first abstract information and the second abstract information are inconsistent, determining that the verification result is that the verification is not passed.

The invention also provides an electronic identification labeling method of the application program APP, which comprises the following steps:

a request message is sent to a target server and used for requesting the electronic identification of the first APP;

receiving an electronic identifier of the first APP sent by the target server; the electronic identification of the first APP is obtained by signing based on target abstract information generated by utilizing the characteristic information of the first APP;

and marking the electronic identification of the first APP into an installation package of the APP.

The invention also provides a security verification method of the application program APP, which comprises the following steps:

receiving an APP installation request of a user; the APP installation request is used for requesting to install a third APP;

according to the APP installation request, acquiring characteristic information and an electronic identifier in an installation package of the third APP; the electronic identification of the third APP is obtained by signing based on target abstract information generated by utilizing the characteristic information of the third APP;

and generating prompt information according to the verification result, wherein the prompt information is used for prompting the user whether the third APP is the illegal APP or not.

extracting characteristic information and an electronic identifier of a second APP from an installation package of the second APP; the electronic mark is obtained by signing based on target abstract information generated by utilizing the characteristic information of the second APP;

sending a verification request to a target server, wherein the verification request is used for requesting verification of the second APP; the verification request comprises characteristic information and an electronic identifier of the second APP;

and receiving the verification result sent by the target server.

The invention also provides an electronic identification generating device of the application program APP, which comprises the following steps:

the acquisition module is used for acquiring the characteristic information of the first APP, and the characteristic information comprises: APP name, APP package name and signature certificate fingerprint information;

the processing module is used for generating target abstract information by utilizing a password hash algorithm according to the characteristic information of the first APP;

the processing module is further used for signing the target abstract information by using a digital signature algorithm to obtain an electronic identifier of the first APP; the electronic identifier is used for being marked in an installation package of the first APP.

The invention also provides an electronic identification marking device of the application program APP, which comprises:

The sending module is used for sending a request message to the target server and requesting the electronic identifier of the first APP;

the receiving module is used for receiving the electronic identifier of the first APP sent by the target server; the electronic identification of the first APP is obtained by signing based on target abstract information generated by utilizing the characteristic information of the first APP;

and the processing module is used for marking the electronic identification of the first APP into the installation package of the APP.

The invention also provides a safety verification device of the application program APP, which comprises:

the receiving module is used for receiving an APP installation request of a user; the APP installation request is used for requesting to install a third APP;

the acquisition module is used for acquiring characteristic information and electronic identification in the installation package of the third APP according to the APP installation request; the electronic identification of the third APP is obtained by signing based on target abstract information generated by utilizing the characteristic information of the third APP;

the processing module is used for carrying out verification according to the characteristic information and the electronic identifier to obtain a verification result;

the processing module is used for generating prompt information according to the verification result, wherein the prompt information is used for prompting whether the third APP is the illegal APP or not to the user.

the extraction module is used for extracting the characteristic information and the electronic identifier of the second APP from the installation package of the second APP; the electronic mark is obtained by signing based on target abstract information generated by utilizing the characteristic information of the second APP;

the sending module is used for sending a verification request to the target server and requesting to verify the second APP; the verification request comprises characteristic information and an electronic identifier of the second APP;

and the receiving module is used for receiving the verification result sent by the target server.

The invention also provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the electronic identification generation method of the application program APP, the electronic identification marking method of the application program APP or the security verification method of the application program APP when executing the program.

The invention also provides a non-transitory computer readable storage medium, on which a computer program is stored, which when executed by a processor implements any one of the above methods for generating electronic identifiers of application program APP, or the method for labeling electronic identifiers of application program APP, or the method for verifying the security of application program APP.

The invention also provides a computer program product, which comprises a computer program, wherein the computer program realizes the electronic identification generation method of the application program APP, the electronic identification marking method of the application program APP, or the security verification method of the application program APP when being executed by a processor.

The method and the device for generating, labeling and checking the electronic identifier of the APP, provided by the invention, acquire the characteristic information of the first APP, wherein the characteristic information comprises the following steps: APP name, APP package name and signature certificate fingerprint information; generating target abstract information by utilizing a password hash algorithm according to the characteristic information of the first APP; signing the target abstract information by using a digital signature algorithm to obtain an electronic identifier of the first APP; furthermore, can annotate this electronic identification to in the installation package of first APP, through the electronic identification in the installation package, can carry out safety inspection to APP, APP detects efficiency and accuracy are higher.

Drawings

In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.

FIG. 1 is a schematic flow chart of an electronic identifier generating method of an application program APP provided by the invention;

FIG. 2 is a schematic diagram of a system architecture provided by the present invention;

FIG. 3 is a functional schematic of the monitoring management system provided by the present invention;

FIG. 4 is a schematic flow chart of a verification process provided by the present invention;

FIG. 5 is a schematic diagram of an interaction flow provided by the present invention;

FIG. 6 is a flow chart of the electronic identification labeling method of the application program APP provided by the invention;

FIG. 7 is a functional schematic of a first device provided by the present invention;

FIG. 8 is a schematic flow chart of a security verification method of an application APP according to the present invention;

FIG. 9 is a functional schematic of a second device provided by the present invention;

FIG. 10 is a second flowchart of a security verification method for an application APP according to the present invention;

FIG. 11 is a functional schematic of an application server provided by the present invention;

fig. 12 is a schematic structural diagram of an electronic identifier generating device of an application program APP provided by the invention;

fig. 13 is a schematic structural diagram of an electronic identification marking device of an application program APP provided by the invention;

fig. 14 is a schematic structural diagram of a security check device of an APP provided by the present invention;

FIG. 15 is a second schematic diagram of a security verification device for an application APP according to the present invention;

fig. 16 is a schematic structural diagram of an electronic device provided by the present invention.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

First, description is made of a technical background related to an embodiment of the present invention:

1. the suspicious or illegal APP has the characteristics of wide propagation channel, high imitation degree, high generation speed, large quantity, short period and the like, and the monitoring, identification, disposal and other works of the APP face great challenges. The analysis is specifically performed from the following aspects:

(1) The generation speed is high: through analyzing suspicious APP sample, the function complexity of this type APP is lower, and the code is simple relatively, and relevant personnel accessible all kinds of violating the regulations packing platform or batch packing instrument for example, based on same code batch development, the ten thousand version APP of quick generation, the generation speed is extremely fast, leads to the shutoff of APP to handle the work and is difficult to effectively administer from the source.

(2) The propagation channel is wide: different from the regular APP which is downloaded and spread through application shops, the illegal APP is widely spread and downloaded through irregular channels such as instant messaging, short message link, web page search and the like, the on-shelf audit of the application shops is avoided, and the illegal APP and the regular APP fish are mixed in the network, so that the illegal APP is difficult to distinguish rapidly and monitor effectively.

(3) APP imitates degree height: static and dynamic analysis of a large number of suspicious or illegal APP is found, the APP is mostly imitated by forging similar APP icons and product introduction, regular finance, securities and investment financial APP is almost indiscriminate from the original software, only difference exists in part of functional points, and the common user can hardly recognize and is difficult to recognize.

(4) The APP is large in quantity and short in period, and the monitoring and treatment work faces great challenges.

2. The challenge faced by conventional detection techniques is:

(1) The detection period is long, the traditional APP static and dynamic analysis carries out full detection on the found APP, the needed research and judgment resources are more, and the time consumption is long, for example, 6-8 minutes are usually needed; if the regular APP is not effectively filtered, the identification of the suspicious APP is as difficult as the sea fishing of the needle.

(2) The labor investment is large, static and dynamic characteristics of the APP during operation can be obtained through static and dynamic analysis of the APP, but the identification of the illegal APP still requires further research and judgment analysis by relevant technicians or experts, and the labor investment is large.

(3) The model update is slow, and the suspicious or illegal APP update speed and related characteristics update fast, and the related research and judgment model is placed behind the occurrence of the illegal event, so that the model update speed is slow.

3. The common means and the shortcomings are as follows:

common means of APP management mainly include APP docketing, certificate registration or installation package message digest algorithm (Message Digest Algorithm, MD) 5 comparison, where APP docketing requires a developer to submit APP developer information and related basic information to a docketing management platform for application of a unique APP docketing number. After the application is successful, the APP developer needs to mark and display the record number of the APP at an obvious position of the APP, and the record number is provided for a user or a supervisor of the APP to check. The APP certificate registration requires participants such as a supervisor, an application market and the like, registers and approves the APP certificate digest value to form a safe and reliable digest value database, and before the APP is installed, whether the APP installation package is safe and reliable can be determined by querying the digest value database. The installation package MD5 compares the digest value of each APP installation package that needs to be registered and approved, and its principle is similar to certificate information registration. All three schemes have the defects of different degrees.

(1) APP docket disadvantages. The record needs APP developer to design a page or component showing record information, and supervisor or user must install APP, start APP before being able to see APP record information, so as to confirm whether APP is safe, and is unfavorable for APP supervision before installation and operation, and can increase APP developer development and design burden.

(2) APP certificate registration. The certificate used for signing the android APP in the industry does not establish a unified management mechanism, one certificate can be used for signing multiple APPs, only registration by using signature information can only realize management of developers, and fine identification and management of the APPs cannot be realized.

(3) The disadvantage of the installation package MD5 alignment. The APP distribution channels in the market are numerous, the version is updated frequently, and installation packages of different versions and channels are possibly different, so that the abstract value of each installation package is different, and registration and approval are applied for each installation package, so that development and management burden of participants such as APP developers, application markets, supervision parties and the like is necessarily increased.

Therefore, how to solve the outstanding problems of suspicious APP (or illegal APP) monitoring and treatment, how to monitor and identify full life cycle links such as APP loading, downloading, spreading, installation and the like, and simplify the APP safety verification process, thereby efficiently and quickly filtering massive regular APP and delineating the key monitoring range of the illegal APP, and being the problem to be solved by the technicians in the field.

Therefore, the invention provides an electronic identification generating method of an application program APP, which is characterized in that the characteristic information of the APP is extracted, the characteristic information of the APP is processed by utilizing a digital signature technology, a safe and unique electronic identification is generated for the APP, and an APP developer is required to embed the electronic identification into the APP, so that the APP can be monitored and safely checked based on the electronic identification, and whether the APP is illegal or not can be rapidly identified, so that the detection efficiency and accuracy are improved.

The following describes the technical solution of the embodiment of the present invention in detail with reference to fig. 1 to 16. The following embodiments may be combined with each other, and some embodiments may not be repeated for the same or similar concepts or processes.

Fig. 1 is a flow chart of an electronic identifier generating method of an application program APP provided by the invention. As shown in fig. 1, the method provided in this embodiment is applied to a target server, and includes:

step 101, obtaining feature information of a first APP, wherein the feature information comprises: APP name, APP package name and signature certificate fingerprint information;

specifically, the characteristic information of the APPs refers to unique and unchanged data of each APP, including: the method has the advantages that the characteristics of the APP, such as the data integrity and tamper resistance of the digital signature technology are combined, so that a safe and unique electronic identifier can be generated, different version information of the same APP can be prevented from being registered and approved, and APP development and record flow is simplified.

Optionally, the method of the embodiment of the present invention is applied to a system architecture as shown in fig. 2, and optionally, the target server may be a server for deploying the monitoring management system, where the first device is a device of an APP developer, the second device is a device for installing and running the APP, for example, a terminal of a user, and the application server is a third party server corresponding to an application store. As shown in fig. 3, the target server has various functions such as generating an electronic tag and issuing an electronic tag.

102, generating target abstract information by utilizing a password hash algorithm according to the characteristic information of a first APP;

specifically, the target digest information is generated by using a cryptographic hash algorithm based on at least one of the name of the APP, the package name of the APP, and the signature certificate fingerprint information of the APP, for example, digest calculation is performed by using a cryptographic SM3 algorithm, and the target digest information is generated.

Step 103, signing the target abstract information by using a digital signature algorithm to obtain an electronic identifier of the first APP; the electronic identifier is used for being marked in an installation package of the first APP.

Specifically, the digital signature algorithm is used to sign the target summary information, that is, the authenticated digital certificate is used to sign the summary information M1, so as to generate a unique electronic identifier of the APP, for example, the electronic identifier is used to identify whether the APP is a suspicious or illegal APP, where the signature algorithm may use an asymmetric encryption algorithm, for example, the national secret SM2 algorithm.

For example, the generated electronic identifier S1 is as follows:

P6xMO++oN8EFPXW+dsnwTvws4ABZOOm1YWXBC36AJvgK7S4jaxy+Cp63QKFimERQMGqRbD2CDCm1E3z5dGFm+Myk5IxQGvn/CgXwsoTqzqlGXYVBvhtxKNq+xybT+FZoQWHZY5bNFgAnJI+g4Gl8n0RyyZy1TfMH6dED77vHo/OF+VGDOJsQkbdPoUuAhWbyXK0DOhOtOTGNkOT8BotJBHB+GzQhsVQLeUbJacMvNn1psSPdzU+CREk74uUuu4VZLb6ACn6AqEHokJlG6g0joijZeeuOFPg2JBzVONEuP2RTjplt57zIFpktae0QF7b3EIJ1ZLWhx/4LBEryLN7FqQ==。

for example, APP is a counterfeit financial security APP, and by detecting whether the APP has an electronic signature, and whether the electronic signature can pass a security check, it can be determined whether the APP is a offending APP.

The method of the embodiment obtains feature information of the first APP, where the feature information includes: APP name, APP package name and signature certificate fingerprint information; generating target abstract information by utilizing a password hash algorithm according to the characteristic information of the first APP; signing the target abstract information by using a digital signature algorithm to obtain an electronic identifier of the first APP; furthermore, can annotate this electronic identification to in the installation package of first APP, through the electronic identification in the installation package, can carry out safety inspection to APP, APP detects efficiency and accuracy are higher.

Optionally, the method further comprises the steps of:

And sending the verification result to the application server.

Specifically, the verification request may be a request for verification by the application server for the APP that has been or is requested to be put on shelf.

Based on the electronic identification of the second APP, the second APP can be checked to determine whether the second APP is illegal, and the characteristic information and the electronic identification S1 of the second APP are extracted from the installation package of the second APP;

performing verification according to the electronic identification and the characteristic information to obtain a verification result;

sending a verification result to an application server, for example, notification information including the verification result may be sent, for example, in a case where the verification result is verification passing, the notification information that the verification passed is sent to the application server; if the verification result is that the verification fails, sending notification information that the verification fails to pass to the application server; if the verification is not passed, the application server can take the second APP off-shelf or prohibit the on-shelf processing.

Alternatively, as shown in fig. 4, the verification process may be specifically implemented as follows:

decrypting the electronic identifier by using the digital certificate to obtain first abstract information;

Calculating the plaintext information by using the password hash algorithm to obtain second abstract information;

Specifically, the characteristic information of the APP is combined in a specific sequence to generate plaintext information C1;

generating second abstract information M1' by C1;

decrypting the electronic identifier S1 by using the authenticated digital certificate to obtain first abstract information M1;

comparing whether M1 and M1' are consistent; if the verification is consistent, the verification is determined to pass, otherwise, the verification is determined not to pass.

Taking APP release as an example, after an APP developer applies for an electronic identifier from a monitoring management system, the electronic identifier needs to be marked in the APP, when the APP is released, an application store sends an APP installation package to the monitoring management system for online verification, and the APP is allowed to be put on shelf after verification passes.

In the embodiment, the application server can check the on-shelf or on-demand APP, and identify and filter suspicious or illegal APP with higher identification and filtering efficiency.

Alternatively, step 101 may be implemented as follows:

receiving a request message sent by first equipment, and acquiring characteristic information of a first APP from the request message, wherein the request message is used for requesting an electronic identifier of the first APP; the request message includes: characteristic information of the first APP, and developer information and/or enterprise information of the first APP;

step 102 may be preceded by the following operations:

if the verification is passed, executing step 102;

step 103 further comprises:

Specifically, when applying for the electronic identifier, collecting material information required by generating the electronic identifier, including an APP name, an APP package name, signature certificate fingerprint information, and developer information and/or enterprise information.

Before the electronic identifier is generated for the APP, the collected information is required to be compared and checked with preset blacklist data, and only the APP passing the comparison and check can be used for generating the electronic identifier in the next step.

After the electronic identifier is generated, the applicant is notified to receive the electronic identifier, for example, by means of a short message, a mail and the like.

In the above embodiment, the blacklist data may be compared before the APP is released. When the electronic identification is applied, the APP developed by suspicious or illegal enterprises or developers can be filtered, so that the suspicious or illegal APP is prevented from entering the market, and the interests of users are damaged.

Optionally, the method further comprises the steps of:

extracting characteristic information and an electronic identifier of the third APP from a configuration file of an installation package corresponding to the target information;

Alternatively, the target information may be sent by the application server or the second device, for example, the application server sends the target information when an installation event or a download event of the APP is detected, or the second device sends the target information when an installation event or a download event of the APP is detected.

Specifically, extracting characteristic information and an electronic identifier of the third APP from a configuration file of an installation package corresponding to the target information; performing verification according to the characteristic information and the electronic identifier to obtain a verification result; further, the verification result may be sent to the application server or the second device; for example, if the verification result is that the verification is not passed, the application server or the second device may send a prompt message; the prompt information is used for reminding the user that the APP is a suspicious or illegal APP, so that the benefit of the user is prevented from being lost; or the second device and the application server can directly prohibit installation or downloading and send out notification information for notifying the user that the APP is a suspicious or illegal APP.

The specific verification process is referred to the foregoing embodiments, and will not be described in detail herein.

In the embodiment, the downloading and the installation of the APP are monitored, the suspicious or illegal APP is prevented from being put on shelf in an application store or being installed in the terminal equipment of a user, the APP which is put on the shelf or installed can be found in time, and the security is high.

Illustratively, as shown in FIG. 5, the method includes the steps of:

step 1, a first device applies an electronic identifier of an APP to a target server;

step 2, the target server generates an electronic identifier of the APP;

step 3, the target server distributes the electronic identifier of the APP to the first equipment;

step 4, the first equipment marks the electronic identifier of the APP;

step 5, the first equipment sends a request for publishing APP to the application server;

step 6, the application server requests the target server for verifying the electronic identification of the APP;

step 7, the target server returns a verification result to the application server;

and step 8, if the verification result is that verification passes, the application server returns a response message allowing the APP to be put on shelf to the first equipment.

Fig. 6 is a flow chart of the electronic identification labeling method of the application program APP provided by the invention. As shown in fig. 6, the method provided in this embodiment is applied to a first device, and includes:

Step 601, sending a request message to a target server, wherein the request message is used for requesting an electronic identifier of a first APP; the electronic identification of the first APP is obtained by signing based on target abstract information generated by utilizing the characteristic information of the first APP;

step 602, receiving an electronic identifier of a first APP sent by a target server;

and 603, marking the electronic identification of the first APP in an installation package of the APP.

Specifically, the first device may be a device of an APP developer, as shown in fig. 7, where the first device has multiple functions, such as applying for electronic identification, labeling electronic identification, and so on.

Alternatively, step 603 may be implemented as follows:

and adding the electronic identifier under an application program node in the configuration file of the installation package.

Specifically, after receiving an electronic identifier generated by the monitoring management system, the APP developer marks the electronic identifier in a configuration file of the APP installation package.

Taking Android Studio development tools as an example, an APP developer switches to a project view on a software interface.

1. Open configuration file (e.g., android management. Xml);

and finding an application node in the configuration file, and adding an electronic identifier under the node.

2. Anti-fraud electronic identification labeling;

In the application node of the configuration file, for example, a character string AntifraudLabel is used as a custom name, an electronic identifier is used as a value, the electronic identifier is added, and after the APP installation package is regenerated, the labeling of the electronic identifier can be completed. Examples of code in the configuration file are as follows:

<application

andriod：allowBackup=“true”

…

<meta-data

android:name=" AntifraudLabel "

android:value="P6xMO++oN8EFPXW…."/>

</application>

in the embodiment, the APP developer marks the electronic identification in the configuration file of the APP without changing the APP interface, so that the resource consumption of the APP is not increased, the use experience of a user is not influenced, and the electronic identification is conveniently extracted when the APP is subjected to security verification.

Optionally, step 603 may be further performed as follows:

sending an APP putting-on request to an application server; the APP loading request is used for requesting to load the first APP on an application store corresponding to the application server;

and receiving a response message sent by the application server, wherein the response message is used for indicating whether the first APP passes verification or not.

Specifically, after the electronic identifier is marked on the installation package of the first APP, the first equipment sends an APP putting-on-shelf request to the application server, and the request is used for putting the first APP on-shelf in an application store;

the application server can check the first APP by sending a check request to the target server; if the verification is determined to pass, a response message is sent to the first device, the response message is used for indicating that the first APP passes verification, and the first APP is allowed to be put on shelf in an application store;

If the verification is determined to be failed, a response message for indicating that the verification is failed is sent to the first device, wherein the response message is used for indicating that the verification is failed by the first APP and the first APP is not allowed to be put on shelf in the application store.

The implementation principle and technical effects of the method of the embodiment of the present invention are similar to those of the method of the target server side, and are not repeated here.

Fig. 8 is a schematic flow chart of a security verification method of an APP provided by the present invention. As shown in fig. 8, the method provided in this embodiment is applied to a second device of a user, and includes:

step 801, receiving an APP installation request of a user; the APP installation request is used for requesting to install a third APP;

step 802, acquiring characteristic information and an electronic identifier in an installation package of a third APP according to an APP installation request; the electronic mark of the third APP is obtained by signing based on target abstract information generated by utilizing the characteristic information of the third APP;

803, performing verification according to the characteristic information and the electronic identifier to obtain a verification result;

step 804, generating prompt information according to the verification result, wherein the prompt information is used for prompting whether the third APP is the illegal APP or not to the user.

Specifically, the second device is, for example, a terminal of a user, as shown in fig. 9, and the second device has, for example, multiple functions including: checking electronic identification, installing early warning and the like.

Alternatively, the verification process may be implemented by the target server, i.e. the second device sends a verification request to the target server, the target server verifies the APP, and returns a verification result to the second device.

Alternatively, step 803 may be specifically implemented as follows:

Optionally, the method further comprises:

transmitting target information to the target server, wherein the target information comprises at least one of the following: an installation package, an installation link and a download link of the third APP;

and receiving the verification result sent by the target server.

Fig. 10 is a second flowchart of the security verification method of the application APP provided by the present invention. As shown in fig. 10, the method provided in this embodiment is applied to an application server, and includes:

step 1001, extracting feature information and electronic identification of a second APP from an installation package of the second APP; the electronic mark is obtained by signing based on target abstract information generated by utilizing the characteristic information of the second APP;

step 1002, sending a verification request to a target server, wherein the verification request is used for requesting to verify a second APP; the verification request comprises the characteristic information and the electronic identifier of the second APP;

step 1003, receiving a verification result sent by the target server.

Specifically, when an APP on-shelf application is processed, an APP name, an APP package name, signature certificate fingerprint information and an electronic identifier need to be extracted, and the validity of the electronic identifier is detected by utilizing the online verification capability of the monitoring management system. And (5) performing the process of prohibiting the putting on shelf for the APP which fails to pass the verification of the electronic identification. As shown in fig. 11, the application server has, for example, a plurality of functions including: verification of electronic identification (e.g., by sending a verification request to the target server, verification being accomplished by the target server), prohibition of off-shelf, etc.

Optionally, before extracting the feature information and the electronic identifier of the second APP from the installation package of the second APP, the method further includes:

receiving an APP putting-on request sent by first equipment; the APP set-up request is for requesting the second APP set-up at an application store;

after receiving the verification result sent by the target server, the method further comprises the following steps:

and sending a response message to the first device according to the verification result.

Optionally, the method further comprises:

and receiving the verification result sent by the target server.

In summary, the method of the embodiment of the invention converts the APP characteristic information into a safe and unique electronic identifier by utilizing the characteristics of the digital signature technology, such as data integrity, data confidentiality, tamper resistance, denial resistance, and the like, can effectively confirm the uniqueness of the APP and the APP developer, can achieve one-time registration, has a permanent and effective effect, and greatly reduces the development burden of the APP developer. Meanwhile, the validity of the verification electronic identifier can be rapidly checked in various links such as distribution, downloading, installation and use of the APP by using a digital signature verification technology, and more comprehensive and rapid management is provided for a supervision party. Specifically:

1. The filtering capability of the suspicious or illegal APP is improved;

in the traditional scheme, the MD5 value of the APP is used as the unique identifier of the APP, and in reality, installation packages of different versions of the same APP and different channels of the same version have different MD5 values, so that the uniqueness of the APP described by using MD5 cannot meet the rapid comparison requirement under a massive APP monitoring scene. The method comprises the steps that APP names, APP package names and signature certificate fingerprint information (for example SHA256 values) submitted by APP service providers with different MD5 values are spliced in a specific plaintext sequence, digest calculation is carried out by using a password hash algorithm, signature is obtained by using a digital signature algorithm, the electronic identifications of the APPs are uniquely bound with one APP, the identifications are not imitated and tamperproof, only the APP service providers do not change the APP names, the APP package names and the signature certificate fingerprint information, one electronic identification can be used for different versions of the same APP, therefore, the number of the electronic identifications is far smaller than that of the MD5, the order of magnitude of data comparison can be reduced through verification of the electronic identifications, the filtering of massive regular APPs is realized, the key monitoring range of suspicious or illegal APPs is defined, and the suspicious or illegal APP monitoring and finding capacity is improved.

2. The identification capability of the suspicious or illegal APP is improved;

The traditional identification is generally marked on an APP software interface, an APP service provider is required to perform interface optimization or secondary development, the marked positions are different due to different structures adopted by the APP, and the operation is complex, the searching and the verification are difficult. Through the verification of the electronic identification, the key monitoring range of the APP can be defined, and whether the APP belongs to the suspicious or illegal APP can be accurately detected by combining dynamic and static analysis.

The apparatus provided by the present invention will be described below, and the apparatus described below and the method described above may be referred to correspondingly with each other.

Fig. 12 is a schematic structural diagram of an electronic identifier generating device of an application APP provided by the present invention. As shown in fig. 12, the electronic identifier generating device of the application APP provided in this embodiment includes:

the obtaining module 1210 is configured to obtain feature information of the first APP, where the feature information includes: APP name, APP package name and signature certificate fingerprint information;

A processing module 1220, configured to generate target digest information according to the characteristic information of the first APP by using a cryptographic hash algorithm;

the processing module 1220 is further configured to sign the target summary information by using a digital signature algorithm, so as to obtain an electronic identifier of the first APP; the electronic identifier is used for being marked in an installation package of the first APP.

Optionally, the acquiring module 1210 is specifically configured to:

the processing module 1220 is further configured to verify the feature information, and the developer information and/or the enterprise information with blacklist data;

optionally, the apparatus further comprises:

the sending module is used for sending the electronic identifier of the first APP to the first equipment after the electronic identifier of the first APP is obtained.

Optionally, the acquiring module 1210 is further configured to:

receiving a verification request sent by an application server, wherein the verification request is used for requesting verification of the second APP;

the processing module 1220 is further configured to perform verification according to the feature information and the electronic identifier, to obtain a verification result;

and the sending module is also used for sending the verification result to the application server.

Optionally, the acquiring module 1210 is further configured to:

the processing module 1220 is further configured to perform verification according to the feature information and the electronic identifier, to obtain a verification result.

Optionally, the processing module 1220 is specifically configured to:

The device of the embodiment of the present invention is configured to execute the method of any of the foregoing method embodiments on the target server side, and its implementation principle and technical effects are similar, and are not repeated here.

Fig. 13 is a schematic structural diagram of an electronic identification marking device of an application program APP provided by the invention. As shown in fig. 13, the electronic identification labeling device for an application APP provided in this embodiment includes:

a sending module 1310, configured to send a request message to a target server, where the request message is used to request an electronic identifier of a first APP;

a receiving module 1320, configured to receive an electronic identifier of the first APP sent by the target server; the electronic identification of the first APP is obtained by signing based on target abstract information generated by utilizing the characteristic information of the first APP;

and the processing module 1330 is used for marking the electronic identification of the first APP into the installation package of the APP.

Optionally, the processing module 1330 is specifically configured to add the electronic identifier under an application node in the configuration file of the installation package.

Optionally, the sending module 1310 is further configured to send an APP put-on-shelf request to an application server after labeling the electronic identifier of the first APP into the installation package of the APP; the APP loading request is used for requesting to load the first APP on an application store corresponding to the application server;

a receiving module 1320, configured to receive a response message sent by the application server, where the response message is used to indicate whether the first APP passes a verification.

The apparatus of the embodiment of the present invention is configured to perform the method in any one of the method embodiments on the first device side, and its implementation principle and technical effects are similar, which is not described herein again.

Fig. 14 is a schematic structural diagram of a security verification device for an APP provided by the present invention. As shown in fig. 14, the security verification apparatus for an application APP provided in this embodiment includes:

a receiving module 1410, configured to receive an APP installation request of a user; the APP installation request is used for requesting to install a third APP;

an obtaining module 1420, configured to obtain, according to the APP installation request, feature information and an electronic identifier in an installation package of the third APP; the electronic identification of the third APP is obtained by signing based on target abstract information generated by utilizing the characteristic information of the third APP;

A processing module 1430, configured to perform verification according to the feature information and the electronic identifier, to obtain a verification result;

the processing module 1430 is configured to generate prompt information according to the verification result, where the prompt information is configured to prompt the user whether the third APP is an offending APP.

Optionally, the processing module 1430 is specifically configured to:

The apparatus of the embodiment of the present invention is configured to execute the method in any method embodiment on the second device side, and its implementation principle and technical effects are similar, which is not described herein.

Fig. 15 is a second schematic structural diagram of the security verification device for application APP provided by the present invention. As shown in fig. 15, the security verification apparatus for an application APP provided in this embodiment includes:

An extracting module 1510, configured to extract, from an installation package of a second APP, feature information and an electronic identifier of the second APP; the electronic mark is obtained by signing based on target abstract information generated by utilizing the characteristic information of the second APP;

a sending module 1520, configured to send a verification request to a target server, for requesting verification of the second APP; the verification request comprises characteristic information and an electronic identifier of the second APP;

and the receiving module 1530 is configured to receive the verification result sent by the target server.

Optionally, the receiving module 1530 is further configured to:

the sending module 1520 is configured to send a response message to the first device according to the verification result after receiving the verification result sent by the target server.

The device of the embodiment of the present invention is configured to execute the method of any method embodiment on the application server side, and its implementation principle and technical effects are similar, and are not repeated here.

Fig. 16 illustrates a physical structure diagram of an electronic device, as shown in fig. 16, which may include: a processor 1610, a communication interface (Communications Interface) 1620, a memory 1630, and a communication bus 1640, wherein the processor 1610, the communication interface 1620, and the memory 1630 perform communication with each other via the communication bus 1640. Processor 1610 can invoke logic instructions in memory 1630 to perform a method for electronic identification generation of application APP, comprising: acquiring characteristic information of a first APP, wherein the characteristic information comprises: APP name, APP package name and signature certificate fingerprint information;

signing the target abstract information by using a digital signature algorithm to obtain an electronic identifier of the first APP; the electronic identifier is used for being marked in an installation package of the first APP;

or, executing an electronic identification labeling method of the application program APP, wherein the method comprises the following steps:

Or, executing a security verification method of the application program APP, wherein the method comprises the following steps:

generating prompt information according to the verification result, wherein the prompt information is used for prompting the user whether the third APP is a violation APP or not; or alternatively, the first and second heat exchangers may be,

and receiving the verification result sent by the target server.

Further, the logic instructions in memory 1630 described above may be implemented in the form of software functional units and stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

In another aspect, the present invention also provides a computer program product, where the computer program product includes a computer program, where the computer program can be stored on a non-transitory computer readable storage medium, and when the computer program is executed by a processor, the computer can execute a method for generating an electronic identifier of an application program APP provided by the above methods, and the method includes: acquiring characteristic information of a first APP, wherein the characteristic information comprises: APP name, APP package name and signature certificate fingerprint information;

and receiving the verification result sent by the target server.

In yet another aspect, the present invention further provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform a method for generating an electronic identifier of an application APP provided by the above methods, the method comprising: acquiring characteristic information of a first APP, wherein the characteristic information comprises: APP name, APP package name and signature certificate fingerprint information;

and receiving the verification result sent by the target server.

The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.

From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.

Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. The electronic identification generation method of the application program APP is characterized by comprising the following steps:

2. The method for generating the electronic identifier of the application program APP according to claim 1, wherein the obtaining the feature information of the first APP includes:

3. The method for generating the electronic identifier of the application program APP according to claim 1, further comprising:

and sending the verification result to the application server.

4. The method for generating the electronic identifier of the application program APP according to claim 1, further comprising:

5. The method for generating an electronic identifier of an APP according to claim 3 or 4, wherein the verifying according to the feature information and the electronic identifier, to obtain a verification result, includes:

6. The electronic identification labeling method of the application program APP is characterized by comprising the following steps of:

7. The method for labeling the electronic identifier of the application program APP according to claim 6, wherein labeling the electronic identifier of the first APP into the installation package of the APP comprises:

8. The method for labeling electronic identifiers of application programs APP according to claim 6 or 7, further comprising, after labeling the electronic identifier of the first APP into the APP installation package:

9. A method for security verification of an application APP, comprising:

10. The method for security verification of application APP according to claim 9, wherein the verifying according to the feature information and the electronic identifier, to obtain a verification result, includes:

11. A method for security verification of an application APP, comprising:

and receiving the verification result sent by the target server.

12. The method for verifying the security of an APP according to claim 11, further comprising, before extracting the characteristic information and the electronic identifier of the second APP from the installation package of the second APP:

13. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method for generating electronic identification of an application APP according to any one of claims 1 to 5, the method for labeling electronic identification of an application APP according to any one of claims 6 to 8, the method for security verification of an application APP according to any one of claims 9 to 10, or the method for security verification of an application APP according to any one of claims 11 to 12 when executing the program.

14. A non-transitory computer readable storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the method of generating an electronic identity of an application APP according to any one of claims 1 to 5, or the method of labeling an electronic identity of an application APP according to any one of claims 6 to 8, or the method of security verification of an application APP according to any one of claims 9 to 10, or the method of security verification of an application APP according to any one of claims 11 to 12.