一种多方授权的APK签名方法及系统Multi-party authorized APK signature method and system
技术领域Technical field
本发明涉及The invention relates to
APKAPK
签名认证领域,尤其涉及一种多方授权的The field of signature authentication, especially involving a multi-party authorization
APKAPK
签名方法及系统。Signature method and system.
背景技术Background technique
银行卡(Bank card(
BANK CardBANK Card
)作为支付工具越来越普及,通常的银行卡支付系统包括销售点终端(As a payment tool is becoming more and more popular, the usual bank card payment system includes a point-of-sale terminal (
Point
Of SalePoint
Of Sale
,,
POSPOS
)、),
POSPOS
收单系统(Receipt system
POSPPOSP
)、密码键盘(),password keyboard(
PIN
PADPIN
PAD
)和硬件加密机() and hardware encryption machine (
Hardware and Security ModuleHardware and Security Module
,,
HSMHSM
)。其中). among them
POSPOS
终端能够接受银行卡信息,具有通讯功能,并接受柜员的指令完成金融交易信息和有关信息交换的设备;The terminal can accept the bank card information, has the communication function, and accepts the instructions of the teller to complete the financial transaction information and the related information exchange device;
POSPOS
收单系统对Billing system
POSPOS
终端进行集中管理,包括参数下载,密钥下载,接受、处理或转发Centralized management of terminals, including parameter download, key download, accept, process or forward
POSPOS
终端的交易请求,并向Terminal transaction request, and
POSPOS
终端回送交易结果信息,是集中管理和交易处理的系统;收单系统中的The terminal returns the transaction result information, which is a centralized management and transaction processing system;
POSPOS
上的程序是由收单机构下载和更新。由于The program above is downloaded and updated by the acquirer. due to
AndroidAndroid
系统的通用性,收单机构开始采购The versatility of the system, the acquiring agency began to purchase
AndroidAndroid
系统的systematic
POSPOS
终端设备。Terminal Equipment.
AndroidAndroid
系统安装程序包称为System installation package is called
APKAPK
,,
Android
PackageAndroid
Package
的缩写。abbreviation of.
但由于But because
POSPOS
终端设备厂商很多,每个厂商为提高There are many terminal equipment manufacturers, each manufacturer is improving
POSPOS
终端设备的安全性,都会对下载后需要在The security of the terminal device will be needed after downloading.
POSPOS
中安装运行的程序进行签名验证,只有合法的签名的程序才允许安装或运行。并且由于厂商实现机制不同,造成原本可以下载安装到不同厂商Install and run the program for signature verification, only the legally signed program is allowed to install or run. And because the vendor implementation mechanism is different, it can be downloaded and installed to different vendors.
AndroidAndroid
系统system
POSPOS
终端的Terminal
APKAPK
,签名后的文件格式都不一致,导致收单机构采购不同厂商的The signed file format is inconsistent, resulting in the acquisition of different manufacturers by the acquirer.
AndroidAndroid
系统system
POSPOS
终端设备,需要同时维护不同的签名工具Terminal equipment, need to maintain different signature tools at the same time
AndroidAndroid
系统和和对同一个System and the same
APKAPK
维护不同版本的已签名Maintain different versions of signed
APK APK
文件,给收单机构带来繁琐的维护工作和极大的维护成本,因此有必要提出一种Documents, bringing cumbersome maintenance work and great maintenance costs to the acquiring institution, it is necessary to propose a kind of
APKAPK
签名的方案,降低收单机构的对Signature scheme, reduce the pair of acquiring institutions
APK APK
签名的维护成本。The maintenance cost of the signature.
发明内容Summary of the invention
本发明的目的在于提供一种方便收单机构统一管理不同厂商的The object of the present invention is to provide a convenient acquiring institution to uniformly manage different manufacturers.
AndroidAndroid
系统终端设备的签名,缩减维护成本的一种多方授权的The signature of the system terminal device, a multi-party authorization to reduce maintenance costs
APKAPK
签名方法及系统。Signature method and system.
为实现上述发明目的,本发明采用的一个技术方案是:In order to achieve the above object, one technical solution adopted by the present invention is:
一种多方授权的Multi-party authorized
APKAPK
签名方法,包括:Signature methods, including:
:不同终端设备厂商: Different terminal equipment manufacturers
CACA
服务器各自生成厂商根公私钥对,将厂商根公钥生成厂商根公钥证书;不同终端设备厂商签名服务器各自生成厂商工作公私钥对,将工作公钥分发至各自的厂商Each server generates a vendor root public-private key pair, and generates a vendor root public key certificate from the vendor root public key; each terminal device vendor signature server generates a vendor work public-private key pair, and distributes the work public key to the respective vendor.
CACA
服务器,厂商Server, vendor
CACA
服务器使用厂商根私钥对厂商工作公钥签名生成厂商工作公钥证书;The server uses the vendor root private key to generate a vendor work public key certificate for the vendor work public key signature;
:不同终端设备厂商签名服务器使用各自的厂商工作私钥对包括原始: Different terminal device vendor signature servers use their respective vendor work private key pairs including the original
APKAPK
文件的被签名数据签名生成不同终端设备厂商签名数据,根据不同终端设备厂商的验签机制将各自的厂商工作公钥证书放入各自生成的厂商签名数据中或预装在终端设备中;不同终端设备厂商将各自的厂商根公钥证书预装在各自的终端设备中;The signed data signature of the file generates signature data of different terminal device vendors, and the respective manufacturer work public key certificates are put into the respective manufacturer signature data or pre-installed in the terminal device according to different terminal device vendors' verification mechanisms; different terminals Device vendors pre-install their respective vendor root public key certificates in their respective terminal devices;
:收单机构签名服务器将不同终端设备厂商签名服务器生成的不同厂商签名数据按照签名时间的先后顺序采用The acquirer signature server uses different vendor signature data generated by different terminal device vendor signature servers in the order of signature time.
DERDER
格式组成已签名Format composition signed
APK APK
文件;其中,所述已签名File; wherein the signed
APK APK
文件包括原始File includes original
APKAPK
文件和签名文件头,所述签名文件头包括基础文件和扩展文件,所述基础文件用于标识文件已经过签名操作;所述扩展文件用于标识不同终端设备各自的厂商签名数据的个数及不同终端设备各自的厂商签名数据在已签名a file and a signature file header, the signature file header includes a base file and an extension file, where the basic file is used to identify that the file has been signed, and the extension file is used to identify the number of vendor signature data of different terminal devices and The vendor signature data of each terminal device is signed
APK APK
文件中的具体位置;The specific location in the file;
:终端设备从所述收单机构签名服务器获取已签名: the terminal device obtains the signed signature from the acquirer signature server
APK APK
文件,判断已签名File, judge signed
APK APK
文件中是否有与所述终端设备对应的终端设备厂商生成的厂商签名数据,当判定有对应的厂商签名数据后,终端设备通过所述已签名Whether there is vendor signature data generated by the terminal device manufacturer corresponding to the terminal device in the file, and after determining that there is corresponding vendor signature data, the terminal device passes the signed signature.
APK APK
文件的文件头定位所述厂商签名数据;The file header of the file locates the vendor signature data;
:终端设备获取厂商根公钥证书后使用厂商根公钥证书验证厂商签名数据中厂商工作公钥证书的合法性,验证合法后终端设备提取厂商工作公钥证书中的工作公钥验证签名数据,验证通过后允许安装或运行。After obtaining the vendor root public key certificate, the terminal device uses the vendor root public key certificate to verify the legality of the vendor working public key certificate in the vendor signature data. After verifying the legality, the terminal device extracts the working public key verification signature data in the vendor working public key certificate. Allow installation or operation after verification.
本发明提供的另一种技术方案为:Another technical solution provided by the present invention is:
一种多方授权的Multi-party authorized
APKAPK
签名系统,其特征在于,包括终端设备厂商服务器、收单机构服务器和终端设备服务器;a signature system, comprising: a terminal device manufacturer server, an acquirer server, and a terminal device server;
所述终端设备厂商服务器包括第一生成模块、第二生成模块和第一签名模块;The terminal device manufacturer server includes a first generation module, a second generation module, and a first signature module;
所述第一生成模块,用于不同终端设备厂商The first generation module is used by different terminal equipment vendors
CACA
服务器各自生成厂商根公私钥对,将厂商根公钥生成厂商根公钥证书和使用厂商根私钥对厂商工作公钥签名生成厂商工作公钥证书;Each server generates a vendor root public-private key pair, generates a vendor root public key certificate from the vendor root public key, and generates a vendor work public key certificate by using the vendor root private key to sign the vendor work public key;
所述第二生成模块,用于不同终端设备厂商签名服务器各自生成厂商工作公私钥对,将工作公钥分发至各自的厂商The second generation module is configured to generate a vendor public-private key pair for each terminal device vendor signature server, and distribute the work public key to the respective vendor.
CACA
服务器;server;
所述第一签名模块,用于不同终端设备厂商签名服务器使用各自的厂商工作私钥对包括原始The first signature module is used by different terminal device vendor signature servers to use respective vendor work private key pairs including original
APKAPK
文件的被签名数据签名生成不同终端设备厂商签名数据,根据不同终端设备厂商的验签机制将各自的厂商工作公钥证书放入各自生成的厂商签名数据中或预装在终端设备中;不同终端设备厂商将各自的厂商根公钥证书预装在各自的终端设备中;The signed data signature of the file generates signature data of different terminal device vendors, and the respective manufacturer work public key certificates are put into the respective manufacturer signature data or pre-installed in the terminal device according to different terminal device vendors' verification mechanisms; different terminals Device vendors pre-install their respective vendor root public key certificates in their respective terminal devices;
所述收单机构服务器包括第二签名模块;The acquirer server includes a second signature module;
所述第二签名模块,用于收单机构签名服务器将不同终端设备厂商签名服务器生成的不同厂商签名数据按照签名时间的先后顺序采用The second signature module is used by the acquiring institution signature server to adopt different vendor signature data generated by different terminal device manufacturer signature servers according to the sequence of signature times.
DERDER
格式组成已签名Format composition signed
APK APK
文件;其中,所述已签名File; wherein the signed
APK APK
文件包括原始File includes original
APKAPK
文件和签名文件头,所述签名文件头包括基础文件和扩展文件,所述基础文件用于标识文件已经过签名操作;所述扩展文件用于标识不同终端设备各自的厂商签名数据的个数及不同终端设备各自的厂商签名数据在已签名a file and a signature file header, the signature file header includes a base file and an extension file, where the basic file is used to identify that the file has been signed, and the extension file is used to identify the number of vendor signature data of different terminal devices and The vendor signature data of each terminal device is signed
APK APK
文件中的具体位置;The specific location in the file;
所述终端设备服务器包括第一判断模块、定位模块、第一验证模块和第二验证模块;The terminal device server includes a first determining module, a positioning module, a first verification module, and a second verification module;
所述第一判断模块,用于终端设备从所述收单机构签名服务器获取已签名The first determining module is configured to acquire, by the terminal device, the signed signature from the acquiring institution signature server
APK APK
文件,判断已签名File, judge signed
APK APK
文件中是否有与所述终端设备对应的终端设备厂商生成的厂商签名数据;Whether there is vendor signature data generated by the terminal device manufacturer corresponding to the terminal device in the file;
所述定位模块,用于终端设备判定有对应的厂商签名数据后通过所述已签名The positioning module is configured to: after the terminal device determines that there is corresponding vendor signature data, pass the signed
APK APK
文件的文件头定位所述厂商签名数据;The file header of the file locates the vendor signature data;
所述第一验证模块,用于终端设备使用厂商根公钥证书验证厂商签名数据中厂商工作公钥证书的合法性;The first verification module is configured to verify, by the terminal device, the legality of the vendor working public key certificate in the vendor signature data by using the vendor root public key certificate;
所述第二验证模块,用于终端设备成功验证厂商工作公钥证书的合法性后,终端设备提取厂商工作公钥证书中的工作公钥验证签名数据,验证通过后允许安装或运行。The second verification module is configured to: after the terminal device successfully verifies the legality of the working public key certificate of the manufacturer, the terminal device extracts the working public key verification signature data in the vendor working public key certificate, and allows the installation or operation after the verification is passed.
本发明的有益效果在于:本发明的一种多方授权的The beneficial effects of the present invention are: a multi-party authorized
APKAPK
签名方法及系统,通过不同终端设备的签名服务器对包括Signature method and system, including by signature server pairs of different terminal devices
APKAPK
文件的被签名数据各自进行签名操作生成各自的签名数据后由收单机构按顺序采用The signed data of the file is respectively signed and operated to generate the respective signature data, and then adopted by the acquiring institution in order.
DERDER
格式组成已签名Format composition signed
APK APK
文件,已签名File, signed
APK APK
文件中包括用于识别已接受过签名操作的终端设备和各终端设备厂商签名数据的个数及在已签名The file includes the number of the terminal device and the signature data of each terminal device manufacturer that have been subjected to the signature operation and is signed.
APK APK
文件所在位置的文件头,用于不同终端设备在获取已签名The header of the file where the file is used for different terminal devices to get signed
APK APK
文件后提取自身终端设备需要进行验签的对应签名数据进行验证合法性,验证通过后方可进行After the file is extracted, the corresponding signature data of the terminal device needs to be verified for legality, and the verification can be performed after the verification.
APKAPK
的安装或运行。Install or run.
通过本发明,实现了终端设备在下载所需Through the invention, the terminal device is required to download
APKAPK
的过程中,只需识别有经过自身终端设备签名过的已签名In the process, only need to identify the signed one that has been signed by its own terminal device.
APK APK
文件,并在定位自身终端设备的签名数据后运用自身的验签机制进行验证合法性,验证通过后便可允许File, and after locating the signature data of its own terminal device, use its own verification mechanism to verify the legality. After the verification is passed, it can be allowed.
APKAPK
安装或运行。本发明即保证签名后Install or run. The invention guarantees the signature
APKAPK
在传输过程后的完整性和合法性,又能实现不同厂商的终端设备只需维护自身的签名验签机制,大大缩减了客户的维护成本。After the transmission process, the integrity and legality can realize that the terminal equipment of different manufacturers only need to maintain their own signature verification mechanism, which greatly reduces the maintenance cost of the customer.
附图说明DRAWINGS
图Figure
11
为本发明一种多方授权的Multi-authorized for the present invention
APKAPK
签名方法的流程框图;Flow diagram of the signature method;
图Figure
22
为本发明一种多方授权的Multi-authorized for the present invention
APKAPK
签名方法中步骤Steps in the signature method
55
的具体流程框图;Specific process block diagram;
图Figure
33
为本发明一种多方授权的Multi-authorized for the present invention
APKAPK
签名系统的组成框图;a block diagram of the signature system;
图Figure
44
为本发明一种多方授权的Multi-authorized for the present invention
APKAPK
签名系统中收单机构服务器的组成框图;a block diagram of the composition of the acquirer server in the signature system;
图Figure
55
为本发明一种多方授权的Multi-authorized for the present invention
APKAPK
签名系统中第一验证模块的组成框图;a block diagram of the first verification module in the signature system;
图Figure
66
为本发明一种多方授权的Multi-authorized for the present invention
APKAPK
签名系统中第二验证模块的组成框图。A block diagram of the composition of the second verification module in the signature system.
主要组成符号说明:The main components of the symbol description:
终端设备厂商服务器Terminal equipment manufacturer server
1 1
;;
收单机构服务器Acquirer server
2 2
;;
终端设备服务器Terminal device server
3 3
第一生成模块First generation module
010 010
;;
第二生成模块Second generation module
011 011
;;
第一签名模块First signature module
012 012
;;
第二签名模块Second signature module
020 020
;;
第一判断模块First judgment module
030 030
;;
定位模块Positioning module
031 031
;;
第一验证模块First verification module
032 032
;;
第二验证模块Second verification module
033 033
;;
第三签名模块Third signature module
021021
;;
写入模块Write module
022 022
;;
第二判断模块Second judgment module
023 023
;;
第二判断单元Second judgment unit
0321 0321
;;
第三判断单元Third judgment unit
0322 0322
;;
第一运算单元First arithmetic unit
03310331
;;
第三判断单元Third judgment unit
03320332
。.
具体实施方式detailed description
不同厂商的终端设备对被签名数据各自进行签名操作后生成厂商签名数据,之后将厂商签名数据发给收单机构签名服务器,由收单机构签名服务器采用The terminal equipments of different manufacturers generate signature data of the signatures of the signed data, and then send the vendor signature data to the signing server of the acquiring institution, and the signature server of the acquiring institution adopts
DERDER
格式组成已签名Format composition signed
APK APK
文件,厂商的终端设备安装或运行已签名File, vendor's terminal device installed or running signed
APK APK
文件时,定位获取终端设备对应的厂商签名数据进行验签,验签通过后安装或运行When the file is obtained, the manufacturer obtains the signature data of the vendor corresponding to the terminal device for verification, and the installation or operation is performed after the verification is passed.
APKAPK
文件,本发明采用方便扩展的Document, the invention is convenient to expand
DERDER
格式编码存放不同厂商签名数据,终端设备仅需获取并验签自身对应的厂商签名的数据,实现针对不同厂商验签机制的The format code stores the signature data of different vendors, and the terminal device only needs to obtain and check the data of the manufacturer's signature corresponding to the manufacturer, and implement the verification mechanism for different vendors.
AndroidAndroid
终端设备,只需维护一套签名实现机制,减免收单机构需要同时维护不同终端设备厂商不同的签名验签机制的成本。The terminal device only needs to maintain a set of signature implementation mechanism, and the cost of the different signing mechanism of different terminal equipment manufacturers needs to be maintained at the same time.
为详细说明本发明的技术内容、构造特征、所实现目的及效果,以下结合实施方式并配合附图详予说明。The detailed description of the technical contents, structural features, and the objects and effects of the present invention will be described in detail below with reference to the accompanying drawings.
请参阅图Please refer to the picture
11
为本发明一种多方授权的Multi-authorized for the present invention
APKAPK
签名方法的流程框图。A block diagram of the signature method.
本方案所述一种多方授权的Multi-party authorized
APKAPK
签名方法,包括:Signature methods, including:
:不同终端设备厂商: Different terminal equipment manufacturers
CACA
服务器各自生成厂商根公私钥对,将厂商根公钥生成厂商根公钥证书;不同终端设备厂商签名服务器各自生成厂商工作公私钥对,将工作公钥分发至各自的厂商Each server generates a vendor root public-private key pair, and generates a vendor root public key certificate from the vendor root public key; each terminal device vendor signature server generates a vendor work public-private key pair, and distributes the work public key to the respective vendor.
CACA
服务器,厂商Server, vendor
CACA
服务器使用厂商根私钥对厂商工作公钥签名生成厂商工作公钥证书;The server uses the vendor root private key to generate a vendor work public key certificate for the vendor work public key signature;
:不同终端设备厂商签名服务器使用各自的厂商工作私钥对包括原始: Different terminal device vendor signature servers use their respective vendor work private key pairs including the original
APKAPK
文件的被签名数据签名生成不同终端设备厂商签名数据,根据不同终端设备厂商的验签机制将各自的厂商工作公钥证书放入各自生成的厂商签名数据中或预装在终端设备中;不同终端设备厂商将各自的厂商根公钥证书预装在各自的终端设备中;The signed data signature of the file generates signature data of different terminal device vendors, and the respective manufacturer work public key certificates are put into the respective manufacturer signature data or pre-installed in the terminal device according to different terminal device vendors' verification mechanisms; different terminals Device vendors pre-install their respective vendor root public key certificates in their respective terminal devices;
:收单机构签名服务器将不同终端设备厂商签名服务器生成的不同厂商签名数据按照签名时间的先后顺序采用The acquirer signature server uses different vendor signature data generated by different terminal device vendor signature servers in the order of signature time.
DERDER
格式组成已签名Format composition signed
APK APK
文件;其中,所述已签名File; wherein the signed
APK APK
文件包括原始File includes original
APKAPK
文件和签名文件头,所述签名文件头包括基础文件和扩展文件,所述基础文件用于标识文件已经过签名操作;所述扩展文件用于标识不同终端设备各自的厂商签名数据的个数及不同终端设备各自的厂商签名数据在已签名a file and a signature file header, the signature file header includes a base file and an extension file, where the basic file is used to identify that the file has been signed, and the extension file is used to identify the number of vendor signature data of different terminal devices and The vendor signature data of each terminal device is signed
APK APK
文件中的具体位置;The specific location in the file;
:终端设备从所述收单机构签名服务器获取已签名: the terminal device obtains the signed signature from the acquirer signature server
APK APK
文件,判断已签名File, judge signed
APK APK
文件中是否有与所述终端设备对应的终端设备厂商生成的厂商签名数据,当判定有对应的厂商签名数据后,终端设备通过所述已签名Whether there is vendor signature data generated by the terminal device manufacturer corresponding to the terminal device in the file, and after determining that there is corresponding vendor signature data, the terminal device passes the signed signature.
APK APK
文件的文件头定位所述厂商签名数据;The file header of the file locates the vendor signature data;
:终端设备获取厂商根公钥证书后使用厂商根公钥证书验证厂商签名数据中厂商工作公钥证书的合法性,验证合法后终端设备提取厂商工作公钥证书中的工作公钥验证签名数据,验证通过后允许安装或运行。After obtaining the vendor root public key certificate, the terminal device uses the vendor root public key certificate to verify the legality of the vendor working public key certificate in the vendor signature data. After verifying the legality, the terminal device extracts the working public key verification signature data in the vendor working public key certificate. Allow installation or operation after verification.
本方案采用This program adopts
DERDER
格式编码不同厂商的终端设备进行各自签名操作后的签名数据,并按照签名的时间顺序进行排序,采用The format encodes the signature data of the terminal devices of different manufacturers after the respective signature operations, and sorts according to the time sequence of the signatures, and adopts
DERDER
格式进行编码方便进行扩展,能很好的容纳不同终端设备厂商的厂商签名数据,且各自独立。本方案所述签名文件头标识了已签名The format is easy to be encoded, and it can well accommodate the manufacturer's signature data of different terminal equipment manufacturers, and they are independent. The signature file header described in this scenario identifies the signed
APK APK
文件的类型和经过不同厂商签名后数据的偏移和偏移的长度,用于在下载到不同厂商的终端设备后由判断是否有经过自身终端设备签名操作过的签名数据;签名文件头还用于定位签名数据在已签名The type of the file and the length of the offset and offset of the data after being signed by different vendors are used to determine whether there is signature data that has been signed by the own terminal device after downloading to the terminal device of different vendors; the signature file header is also used. Positioning signature data is signed
APK APK
文件已签名File signed
APK APK
文件中的具体位置,方便不同厂商的终端设备获取各自的签名数据进行各自的验签。在进行不同厂商的终端设备各自的签名操作过程中,不同的厂商会根据自身的需要,将各自的厂商工作公钥证书放入各自生成的厂商签名数据中或预装在终端设备中,在后续终端设备进行验签时,预装在厂商的终端设备中的厂商工作公钥无需再验证合法性,直接用于验签,而存放在终端设备厂商签名数据中的厂商工作公钥证书需要用预装的厂商根公钥证书验证其合法性,通过验证后才能继续后续的验证步骤,否则判定签名数据不合法。The specific location in the file facilitates the terminal devices of different manufacturers to obtain their respective signature data for their respective verifications. In the process of signing the respective terminal devices of different manufacturers, different vendors will put their respective manufacturer's work public key certificates into their respective generated manufacturer's signature data or pre-installed in the terminal device according to their own needs. When the terminal device performs the verification, the manufacturer's work public key pre-installed in the manufacturer's terminal device does not need to verify the legality and is directly used for the verification, and the manufacturer's work public key certificate stored in the terminal device manufacturer's signature data needs to be used. The manufacturer's root public key certificate is used to verify its legality. After verification, the subsequent verification steps can be continued. Otherwise, the signature data is invalid.
本方案实现了终端设备在下载This solution realizes that the terminal device is downloading
APKAPK
文件时,只需在识别到已签名When you file, you only need to recognize the signed
APK APK
文件中有经过自身终端设备签名过的签名数据后定位获取对应签名数据,运用自身的验签机制进行验证合法性,通过验证后便可运行The file has the signature data signed by the own terminal device, locates and obtains the corresponding signature data, and uses its own verification mechanism to verify the legality. After verification, it can run.
APKAPK
安装或运行的方法,通过本方案不仅能快速验证签名后的The method of installation or operation, through this program can not only quickly verify the signature
APKAPK
在经过传输后的完整性和合法性,又能实现购买不同厂商终端设备的客户不再需要同时维护多个不同厂商的终端设备不同的签名验签机制,大大的缩减客户的维护成本。After the transmission is complete and legal, the customer who purchases the terminal equipment of different manufacturers can no longer need to maintain the different signature verification mechanisms of the terminal equipment of different manufacturers at the same time, which greatly reduces the maintenance cost of the customer.
实施方式一:Embodiment 1:
在上述方案的基础上,本实施方式还包括步骤Based on the above solution, the embodiment further includes steps
S1S1
之前包括以下步骤:Previously included the following steps:
收单机构签名服务器将原始The acquirer signature server will be original
APKAPK
文件尾填充File tail padding
0x000x00
四字节补齐,确保原始Four bytes are filled to ensure original
APKAPK
文件尾以End of file
0x000x00
结尾后作为被签名数据;After the end as the signed data;
步骤step
S3S3
还包括:Also includes:
:收单机构签名服务器将被签名数据的标识、版本和原始: The identity, version and original of the signed data will be signed by the acquirer's signature server.
APKAPK
文件的长度及校验值写入所述基础文件中;The length of the file and the check value are written into the base file;
步骤step
S4S4
中所述“判断已签名Said in the judgment
APK APK
文件中是否有与所述终端设备对应的终端设备厂商签名数据”具体为:Whether there is a terminal device manufacturer signature data corresponding to the terminal device in the file is specifically:
根据已签名According to signed
APK APK
文件中签名文件头的基础文件中不同被签名数据的标识、版本判断是否有属于自身终端设备的签名数据。The identifier and version of the different signed data in the basic file of the signature file header in the file determine whether there is signature data belonging to the own terminal device.
本实施方式在实现不同厂商的终端设备各自进行验签获取In this implementation manner, the terminal devices of different vendors are respectively implemented for verification and acquisition.
APKAPK
的同时,具体的执行步骤还包括在步骤At the same time, the specific implementation steps are also included in the steps.
S1S1
之前收单机构的签名服务器将原始The previous signatory server of the acquirer will be original
APKAPK
文件进行四字节对其,不足位用File for four bytes, insufficient
0x000x00
填充,并在末尾补Fill and fill in at the end
44
个One
0x000x00
以确保被原始文件To ensure that the original file is
APKAPK
的末尾为At the end of
0x000x00
,方便后续进行编码。在步骤For subsequent coding. In the steps
S2S2
还包括收单机构签名服务器将被签名数据的标识、版本和原始Also includes the identity, version, and original of the signed data that the acquirer signature server will be signed.
APKAPK
文件的长度及校验值写入所述基础文件中,用于步骤The length of the file and the check value are written into the base file for the step
S3S3
中下载到不同的终端设备中时终端设备通过基础文件中的被签名数据的标识、版本和校验值进行判断是否经过自身终端设备的签名操作。When downloading to a different terminal device, the terminal device determines whether the signature operation of the own terminal device is performed by using the identifier, version, and check value of the signed data in the base file.
实施方式二:Embodiment 2:
在上述方案的基础上,本实施方式还包括步骤Based on the above solution, the embodiment further includes steps
S1S1
中所述“不同终端设备厂商签名服务器使用各自的厂商工作私钥对包括原始The different terminal device vendor signature servers use their respective vendor work private key pairs to include the original
APKAPK
文件的被签名数据签名生成不同终端设备厂商签名数据”具体包括:The signed data signature of the file generates different terminal device vendor signature data" specifically includes:
不同终端设备厂商签名服务器将包括原始Different terminal equipment vendor signature servers will include the original
APKAPK
文件的被签名数据计算哈希得到哈希值The signed data of the file is calculated by hashing to get the hash value.
HASH
1HASH
1
;将哈希值; will hash
HASH 1HASH 1
按照一定签名填充方式进行填充后得到被签名Signed according to a certain signature filling method to get signed
APK APK
文件;将被签名File; will be signed
APK APK
文件使用终端设备厂商签名服务器各自的工作私钥进行签名操作生成不同终端设备厂商签名数据。The file uses the working private key of the terminal device manufacturer's signature server to perform a signature operation to generate signature data of different terminal device vendors.
本实施方式实现不同厂商的终端设备各自进行验签获取This embodiment implements the verification of each terminal device of different manufacturers.
APKAPK
的同时,还包括具体的不同终端设备厂商签名服务器用各自的工作私钥对包括原始At the same time, it also includes specific different terminal device manufacturers' signature servers with their respective working private key pairs including the original
APKAPK
文件的被签名数据进行签名生成不同终端设备厂商签名数据的具体过程,通过对被签名数据进行计算哈希得到哈希值The specific process of signing the signed data of the file to generate signature data of different terminal device vendors, and obtaining a hash value by performing hash calculation on the signed data
HASH
1HASH
1
,并将哈希值And hash value
HASH 1HASH 1
按照according to
PKCS#1-V1.5PKCS#1-V1.5
的签名填充方式进行填充,得到被签名文件,并将被签名文件使用私钥进行签名操作生成终端设备厂商签名数据,加入到采用The signature filling method is filled to obtain the signed file, and the signed file is signed by the private key to generate the terminal device manufacturer signature data, and is added to adopt
DERDER
方式编码的已签名Mode coded signed
APK APK
文件中,同时修改已签名In the file, modify the signed at the same time
APK APK
文件的文件头,将当前新增加的厂商终端设备厂商签名数据的偏移和长度添加进文件头的对应扩展域中。按照该方式将不同的厂商终端设备签名后的签名数据按照The file header of the file adds the offset and length of the currently added vendor terminal device vendor signature data to the corresponding extension field of the file header. According to this method, the signature data signed by different vendor terminal devices is followed.
DERDER
编码格式进行排放,方便扩展数据的同时便于验签时获取不同厂商终端设备相应的签名数据。The coding format is exhausted, which facilitates the expansion of data and facilitates the acquisition of corresponding signature data of terminal devices of different manufacturers during the verification.
请参阅图Please refer to the picture
22
,为本发明一种多方授权的, a multi-party authorization for the invention
APKAPK
签名方法中步骤Steps in the signature method
55
的具体流程框图。The specific process block diagram.
实施方式三:Embodiment 3:
在上述方案的基础上,本实施方式还包括在步骤Based on the above solution, the embodiment is further included in the step
S5S5
中具体包括:Specifically include:
:判断厂商工作公钥证书是否预装在终端设备中,若是,获取厂商工作公钥证书,并进入步骤: Determine whether the vendor work public key certificate is pre-installed in the terminal device, and if so, obtain the vendor work public key certificate, and enter the step
S53S53
;若否,通过所述已签名If not, pass the signed
APK APK
文件的文件头定位并获取设备终端对应的厂商签名数据;The file header of the file is located and obtains the vendor signature data corresponding to the device terminal;
:获取厂商签名数据中的厂商工作公钥证书;终端设备使用预装的厂商根公钥证书验证厂商签名数据中厂商工作公钥证书的合法性,验证通过后进入步骤: Obtain the vendor work public key certificate in the vendor signature data; the terminal device uses the pre-installed vendor root public key certificate to verify the legality of the vendor work public key certificate in the vendor signature data, and enter the step after the verification is passed.
S53S53
;;
:终端设备提取厂商工作公钥证书中的工作公钥验证签名数据并计算哈希,得到哈希值: The terminal device extracts the work public key verification signature data in the vendor work public key certificate and calculates a hash to obtain a hash value.
HASH 2HASH 2
;判断哈希值; judging the hash value
HASH 1HASH 1
和哈希值And hash value
HASH
2HASH
2
是否一致,若是,则判定已签名Is it consistent, if it is, then it is signed
APK APK
文件合法,允许File legal, allowed
APKAPK
安装;若否,则判定已签名Installation; if not, then judged signed
APK APK
文件不合法,不允许File is not legal, not allowed
APKAPK
安装。installation.
本实施方式具体的包括在判断有经过自身终端设备签名操作后的签名文件后进行获取合法工作公钥的步骤,具体的,先判断设备终端中是否有预装的合法工作公钥,若有,便直接获取合法的工作公钥进入定位获取签名数据步骤进行解密签名数据;若否,则从获取的签名数据中提取终端设备工作公钥证书,并使用预装在终端设备的厂商根公钥证书验证终端设备工作公钥证书的合法性,验证通过后再利用工作公钥证书中的公钥解密签名数据。通过再次对获取到的签名数据进行计算哈希得到哈希值The embodiment specifically includes the step of obtaining a legal work public key after determining the signature file after the signature operation of the own terminal device. Specifically, determining whether the device terminal has a pre-installed legal work public key, if any, Obtaining the legal work public key directly into the location to obtain the signature data step to decrypt the signature data; if not, extracting the terminal device work public key certificate from the obtained signature data, and using the vendor root public key certificate pre-installed in the terminal device Verify the validity of the working device public key certificate of the terminal device. After the verification is passed, the signature data is decrypted by using the public key in the working public key certificate. The hash value is obtained by performing a hash on the acquired signature data again.
HASH
2HASH
2
,对比签名数据在进行传输之前的哈希值, comparing the hash value of the signature data before it is transmitted
HASH 1HASH 1
判断签名数据的合法性和完整性,确保签名文件在传输过程中未经篡改。Determine the legality and integrity of the signature data to ensure that the signature file has not been tampered with during transmission.
请参阅图Please refer to the picture
33
为本发明一种多方授权的Multi-authorized for the present invention
APKAPK
签名系统的组成框图。A block diagram of the composition of the signature system.
本发明采用的另一个技术方案为:Another technical solution adopted by the present invention is:
一种多方授权的Multi-party authorized
APKAPK
签名系统,包括终端设备厂商服务器Signature system, including terminal equipment vendor servers
11
、收单机构服务器Acquirer server
22
和终端设备服务器And terminal device server
33
;;
所述终端设备厂商服务器Terminal device manufacturer server
11
包括第一生成模块Including the first generation module
010010
、第二生成模块Second generation module
011011
和第一签名模块And first signature module
012012
;;
所述第一生成模块The first generation module
010010
,用于不同终端设备厂商For different terminal equipment manufacturers
CACA
服务器各自生成厂商根公私钥对,将厂商根公钥生成厂商根公钥证书和使用厂商根私钥对厂商工作公钥签名生成厂商工作公钥证书;Each server generates a vendor root public-private key pair, generates a vendor root public key certificate from the vendor root public key, and generates a vendor work public key certificate by using the vendor root private key to sign the vendor work public key;
所述第二生成模块The second generation module
011011
,用于不同终端设备厂商签名服务器各自生成厂商工作公私钥对,将工作公钥分发至各自的厂商Used by different terminal device manufacturers to generate a vendor's work public-private key pair and distribute the work public key to their respective vendors.
CACA
服务器;server;
所述第一签名模块The first signature module
012012
,用于不同终端设备厂商签名服务器使用各自的厂商工作私钥对包括原始Used by different terminal device vendors to sign servers using their respective vendor work private key pairs including original
APKAPK
文件的被签名数据签名生成不同终端设备厂商签名数据,根据不同终端设备厂商的验签机制将各自的厂商工作公钥证书放入各自生成的厂商签名数据中或预装在终端设备中;不同终端设备厂商将各自的厂商根公钥证书预装在各自的终端设备中;The signed data signature of the file generates signature data of different terminal device vendors, and the respective manufacturer work public key certificates are put into the respective manufacturer signature data or pre-installed in the terminal device according to different terminal device vendors' verification mechanisms; different terminals Device vendors pre-install their respective vendor root public key certificates in their respective terminal devices;
所述收单机构服务器The acquirer server
22
包括第二签名模块Including the second signature module
020020
;;
所述第二签名模块The second signature module
020020
,用于收单机构签名服务器将不同终端设备厂商签名服务器生成的不同厂商签名数据按照签名时间的先后顺序采用Used by the acquiring institution signature server to adopt different vendor signature data generated by different terminal device manufacturer signature servers according to the order of signature time.
DERDER
格式组成已签名Format composition signed
APK APK
文件;其中,所述已签名File; wherein the signed
APK APK
文件包括原始File includes original
APKAPK
文件和签名文件头,所述签名文件头包括基础文件和扩展文件,所述基础文件用于标识文件已经过签名操作;所述扩展文件用于标识不同终端设备各自的厂商签名数据的个数及不同终端设备各自的厂商签名数据在已签名a file and a signature file header, the signature file header includes a base file and an extension file, where the basic file is used to identify that the file has been signed, and the extension file is used to identify the number of vendor signature data of different terminal devices and The vendor signature data of each terminal device is signed
APK APK
文件中的具体位置;The specific location in the file;
所述终端设备服务器Terminal device server
33
包括第一判断模块Including the first judgment module
030030
、定位模块Positioning module
031031
、第一验证模块First verification module
032032
和第二验证模块And second verification module
033033
;;
所述第一判断模块The first determining module
030030
,用于终端设备从所述收单机构签名服务器获取已签名For the terminal device to obtain the signed from the acquirer signature server
APK APK
文件,判断已签名File, judge signed
APK APK
文件中是否有与所述终端设备对应的终端设备厂商生成的厂商签名数据;Whether there is vendor signature data generated by the terminal device manufacturer corresponding to the terminal device in the file;
所述定位模块Positioning module
031031
,用于终端设备判定有对应的厂商签名数据后通过所述已签名, after the terminal device determines that there is corresponding vendor signature data, and passes the signed
APK APK
文件的文件头定位所述厂商签名数据;The file header of the file locates the vendor signature data;
所述第一验证模块The first verification module
032032
,用于终端设备使用厂商根公钥证书验证厂商签名数据中厂商工作公钥证书的合法性;For the terminal device to verify the legality of the vendor working public key certificate in the vendor signature data by using the vendor root public key certificate;
所述第二验证模块The second verification module
033033
,用于终端设备成功验证厂商工作公钥证书的合法性后,终端设备提取厂商工作公钥证书中的工作公钥验证签名数据,验证通过后允许安装或运行。After the terminal device successfully verifies the legality of the working public key certificate of the manufacturer, the terminal device extracts the working public key verification signature data in the manufacturer's working public key certificate, and allows the installation or operation after the verification is passed.
请参阅图Please refer to the picture
44
,为本发明一种多方授权的, a multi-party authorization for the invention
APKAPK
签名系统中收单机构服务器Acquirer server in the signature system
22
的组成框图。The composition of the block diagram.
实施方式四:Embodiment 4:
在上述方案的基础上,本实施方式所述收单机构还包括第三签名模块On the basis of the foregoing solution, the acquiring institution of the embodiment further includes a third signature module.
021021
、写入模块Write module
022022
和第二判断模块And second judgment module
023023
;;
所述第三签名模块The third signature module
021021
,用于收单机构签名服务器将原始, used for the acquirer signature server will be original
APKAPK
文件尾填充File tail padding
0x000x00
四字节补齐,确保原始Four bytes are filled to ensure original
APKAPK
文件尾以End of file
0x000x00
结尾后作为被签名数据;After the end as the signed data;
所述写入模块The write module
022022
,用于收单机构签名服务器将被签名数据的标识、版本和原始, for the identity, version, and original of the signed data that the acquiring institution signature server will be signed
APKAPK
文件的长度及校验值写入所述基础文件中;The length of the file and the check value are written into the base file;
所述第二判断模块The second determining module
023023
,用于收单机构签名服务器判断是否还有不同的终端设备厂商需要进行签名操作,若是,则不同终端设备厂商调用各自的厂商签名服务器进行签名操作,修改所述签名文件头;若否,则结束。For the acquiring institution signature server to determine whether there are different terminal device manufacturers that need to perform the signing operation, if yes, different terminal device manufacturers call their respective manufacturer signature servers to perform the signing operation, and modify the signature file header; if not, then End.
本实施方式中所述修改所述签名文件头具体包括修改文件头中基础文件中的文件体长度、扩展文件中加入新的终端设备厂商签名操作后的签名数据内容。The modifying the signature file header in the embodiment includes modifying the length of the file body in the basic file in the file header, and adding the signature data content after the new terminal device manufacturer signature operation in the extended file.
实施方式五:Embodiment 5:
在上述方案的基础上,本实施方式所述第一签名模块The first signature module in the embodiment is based on the foregoing solution.
012012
包括签名单元;Including a signature unit;
所述签名单元,用于不同终端设备厂商签名服务器将包括原始The signature unit for different terminal device vendor signature servers will include the original
APKAPK
文件的被签名数据计算哈希得到哈希值The signed data of the file is calculated by hashing to get the hash value.
HASH 1HASH 1
;将哈希值; will hash
HASH 1HASH 1
按照一定签名填充方式进行填充后得到被签名Signed according to a certain signature filling method to get signed
APK APK
文件;将被签名File; will be signed
APK APK
文件使用终端设备厂商签名服务器各自的工作私钥进行签名操作生成不同终端设备厂商签名数据。The file uses the working private key of the terminal device manufacturer's signature server to perform a signature operation to generate signature data of different terminal device vendors.
请参阅图Please refer to the picture
5-5-
图Figure
66
,分别为本发明一种多方授权的, respectively, a multi-party authorization for the present invention
APKAPK
签名系统中第一验证模块The first verification module in the signature system
032032
的组成框图和本发明一种多方授权的Block diagram of the composition and a multi-party authorization of the present invention
APKAPK
签名系统中第二验证模块Second verification module in the signature system
033033
的组成框图。The composition of the block diagram.
实施方式六:Embodiment 6:
在上述方案的基础上,本实施方式所述第一验证模块Based on the foregoing solution, the first verification module in this implementation manner
032032
包括第二判断单元Including the second judging unit
03210321
和第三验证单元;所述第二验证模块And a third verification unit; the second verification module
033033
包括第一运算单元First arithmetic unit
03310331
和第三判断单元And third judgment unit
0332032203320322
;;
所述第二判断单元The second determining unit
03210321
,用于判断厂商工作公钥证书是否预装在终端设备中,若是,获取厂商工作公钥证书;若否,通过所述已签名For judging whether the vendor work public key certificate is pre-installed in the terminal device, and if so, obtaining the vendor work public key certificate; if not, passing the signed
APK APK
文件的文件头定位并获取设备终端对应的厂商签名数据;The file header of the file is located and obtains the vendor signature data corresponding to the device terminal;
所述第三验证单元,用于终端设备获取厂商签名数据中的厂商工作公钥证书;终端设备使用预装的厂商根公钥证书验证厂商签名数据中厂商工作公钥证书的合法性;The third verification unit is configured to acquire, by the terminal device, a vendor work public key certificate in the vendor signature data; the terminal device uses the pre-installed vendor root public key certificate to verify the legality of the vendor work public key certificate in the vendor signature data;
所述第一运算单元The first arithmetic unit
03310331
,用于终端设备提取厂商工作公钥证书中的工作公钥验证签名数据并计算哈希,得到哈希值For the terminal device to extract the work public key verification signature data in the vendor work public key certificate and calculate the hash to obtain a hash value.
HASH
2HASH
2
;;
所述第三判断单元The third determining unit
0332032203320322
,用于终端设备判断哈希值For the terminal device to determine the hash value
HASH
1HASH
1
和哈希值And hash value
HASH 2HASH 2
是否一致,若是,则判定已签名Is it consistent, if it is, then it is signed
APK APK
文件合法,允许File legal, allowed
APKAPK
安装;若否,则判定已签名Installation; if not, then judged signed
APK APK
文件不合法,不允许File is not legal, not allowed
APKAPK
安装。installation.
本发明提供的一种多方授权的The invention provides a multi-party authorized
APKAPK
签名方法及其系统,采用方便扩展的Signature method and its system, which are easy to expand
DERDER
编码不同终端设备厂商经过各自签名操作后生成的厂商签名数据,不同终端设备在下载所需Encoding the manufacturer's signature data generated by different terminal equipment manufacturers after their respective signature operations, and different terminal equipments are required for downloading.
APKAPK
的过程中,只需识别有经过自身终端设备签名过的签名文件,并在定位自身终端设备的签名数据后运用自身的验签机制进行验证合法性,验证通过后便可允许In the process, only the signature file signed by the own terminal device is identified, and after verifying the signature data of the terminal device, the verification validity is verified by using the verification mechanism of the terminal device, and the verification can be allowed after the verification is passed.
APKAPK
安装或运行。本发明即确保签名后的Install or run. The invention ensures the signature
APKAPK
经过传输后的完整性合法性,又省去了以往需费时同时验签多家厂商终端设备的叠加签名后的签名数据,进一步的,大大缩减了客户的维护成本,客户只需维护厂商终端设备自身的签名验签机制。After the integrity of the transmission, the signature data of the superimposed signature of the terminal equipment of multiple manufacturers is eliminated at the same time. Further, the maintenance cost of the customer is greatly reduced, and the customer only needs to maintain the terminal equipment of the manufacturer. Its own signature verification mechanism.
以上所述仅为本发明的实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above is only the embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformation of the present invention and the contents of the drawings may be directly or indirectly applied to other related technologies. The fields are all included in the scope of patent protection of the present invention.