WO2019079998A1 - Method and terminal for managing and controlling permission of application, and pos terminal - Google Patents

Method and terminal for managing and controlling permission of application, and pos terminal

Info

Publication number
WO2019079998A1
WO2019079998A1 PCT/CN2017/107641 CN2017107641W WO2019079998A1 WO 2019079998 A1 WO2019079998 A1 WO 2019079998A1 CN 2017107641 W CN2017107641 W CN 2017107641W WO 2019079998 A1 WO2019079998 A1 WO 2019079998A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
installation package
permission
interface
obtaining
Prior art date
Application number
PCT/CN2017/107641
Other languages
French (fr)
Chinese (zh)
Inventor
彭波涛
Original Assignee
福建联迪商用设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 福建联迪商用设备有限公司 filed Critical 福建联迪商用设备有限公司
Priority to CN201780001453.8A priority Critical patent/CN108064383A/en
Priority to PCT/CN2017/107641 priority patent/WO2019079998A1/en
Publication of WO2019079998A1 publication Critical patent/WO2019079998A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the present invention relates to the field of data processing, and in particular, to a method and a method for controlling application authority, a terminal, and a P
  • smart P0S (usually using the Android operating system) has become a very hot topic in the POS industry in recent years. Compared with traditional P0S, smart P0S has more business application scenarios, more participating roles, and more complex application types.
  • smart POS terminals In order to support the basic business functions of bank card receipt, smart POS terminals usually need to provide bank cards such as magnetic stripe card readers, contact IC card readers, contactless IC card readers, PIN pads, printers, etc.
  • the various hardware device components required for payment if the access rights to these components are not restricted, may be utilized by third-party applications, fake the fake transaction interface, implement phishing attacks, resulting in loss of the cardholder account.
  • the commissioner in order to ensure the security of the POS terminal, it is necessary for the commissioner to review the code of the third-party application that can run on the POS terminal without the financial transaction function, and check whether the third-party application contains an illegal call.
  • the code of the external financial terminal connected to the POS terminal refers to an external device that can read the user's bank card information.
  • manual review of the code is cumbersome and prone to errors.
  • the technical problem to be solved by the present invention is: How to improve the legitimacy of third-party applications installed on the terminal.
  • the present invention provides a management method and a terminal for application authority, which have the beneficial effects of: configuring a permission file for carrying an information of an accessible interface for an application, and packaging the permission file with an original installation package of the application.
  • the digital signature is performed so that the application only has access rights to the interfaces involved in the permission file during the running process, and the created permission package cannot be tamper with the permission file without being detected. Because even if the code of the application contains interface call code that is not related to business functions However, if the interface information is not included in the permissions file, the application cannot successfully access the interface.
  • the above-mentioned application authority control method and the terminal need not review the application code, and only need to By configuring the interface information that it is allowed to access, it can ensure that the application cannot call the interface unrelated to its business function through phishing code, etc., which not only improves the efficiency of checking the validity of the application, but also improves the legitimacy of the application.
  • the present invention also provides a method for controlling application authority, including:
  • the signed installation package includes an original installation package of the application and a permission file carrying information of the interface accessible by the application;
  • the present invention also provides a POS terminal including one or more second processors and a second memory, the second memory storing a program, and configured to be configured by the one or more second processors Perform the following steps:
  • the signed installation package includes an original installation package of the application and a permission file carrying information of the application accessible interface;
  • the application if the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is denied access to the preset interface; otherwise, the application is allowed to access the The default interface.
  • the present invention also provides a management method for an application authority and a POS terminal, and the beneficial effects thereof are: PO
  • the s terminal only installs the signed installation package containing the permission file, and accepts or rejects the application's request to access a specific interface according to the information of the accessible interface carried by the permission file. Since the rights file and the original installation package of the application are digitally signed as a whole, the permission file cannot be illegally falsified without being detected after the permission file is approved, so that the application installed on the POS terminal only It can call the interface related to its business function, and cannot call the interface unrelated to its business function through the phishing code, etc., which effectively avoids the interception of the user's electronic account information without being allowed, which improves the installation.
  • the legitimacy of third-party applications on the POS terminal, and the security of the POS terminal are examples of the POS terminal.
  • FIG. 1 is a flow chart of a specific implementation manner of a method for controlling and controlling application rights according to the present invention.
  • FIG. 2 is a structural block diagram of a specific implementation manner of a management terminal for application authority according to the present invention.
  • FIG. 3 is a flow chart diagram of a specific implementation manner of a method for controlling and controlling application rights according to the present invention
  • FIG. 4 is a structural block diagram of a specific implementation manner of a POS terminal according to the present invention.
  • FIG. 1 and FIG. 4 Please refer to FIG. 1 and FIG. 4,
  • the present invention provides a method for controlling application authority, including:
  • obtaining a rights file corresponding to the application includes information of the application accessible interface; [0029] packaging the original installation package corresponding to the application and the permission file to obtain an audited installation package
  • the application is assigned a corresponding authority according to the business function of the application claimed by the sender. This effectively prevents the application from performing operations that are not allowed by the user if the user is not aware of it.
  • the financial terminal includes a magnetic stripe card reader, a contact type IC card reader, and a non-contact type IC card reader and password keyboard.
  • the financial terminal is used to obtain the information of the electronic account of the user, and the privacy of the electronic account information is extremely high.
  • the present invention is only provided that the application is configured with an accessible financial terminal interface, and the financial The terminal can be accessed by a third-party application installed on the terminal, which improves the privacy and security of the user information.
  • the method further includes:
  • the application if the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is denied access to the preset interface; otherwise, the application is allowed to access the The default interface.
  • the present invention accepts or rejects the application's request to access a specific interface according to the information of the accessible interface carried by the rights file, so that the application installed on the terminal can only invoke the interface related to its business function. It is not possible to call the industry with a phishing code, etc., unknown to the user.
  • the function-independent interface improves the legitimacy of third-party applications installed on the terminal and the security of the terminal.
  • the method further includes:
  • installing the application according to the signed installation package is specifically:
  • the application is installed according to the signed installation package.
  • the present invention provides a management terminal for application authority, including one or more first processors 1 and a first memory 2, wherein the first memory 2 stores a program and is configured. The following steps are performed by the one or more first processors 1:
  • the rights file includes information that the application can access the interface
  • obtaining a permission list corresponding to the function list specifically: [0062] if the financial transaction function exists in the function list, generating the permission list according to the information of the financial terminal interface; the financial terminal includes a magnetic stripe card reader, a contact IC card reader, and a non-contact type IC card reader and password keyboard.
  • the method further includes:
  • the application if the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is denied access to the preset interface; otherwise, the application is allowed to access the The default interface.
  • the method further includes:
  • installing the application according to the signed installation package is specifically:
  • the application is installed according to the signed installation package.
  • the present invention further provides a method for controlling application permission, including:
  • the signed installation package includes an original installation package of the application and a permission file carrying information of the application accessible interface;
  • the application if the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is denied access to the preset interface; otherwise, the application is allowed to access the Preset Interface.
  • installing the application according to the signed installation package is specifically:
  • the application is installed according to the signed installation package.
  • the method further includes:
  • the rights file corresponding to the application is obtained according to the unique identifier.
  • the method further includes:
  • the present invention further provides a POS terminal, including one or more second processors 3 and a second memory 4, wherein the second memory 4 stores a program and is configured to be
  • the one or more second processors 3 perform the following steps:
  • the signed installation package includes an original installation package of the application and a permission file carrying information of the application accessible interface;
  • the application is installed according to the signed installation package.
  • the method further includes:
  • the rights file corresponding to the application is obtained according to the unique identifier.
  • the method further includes:
  • Embodiment 1 of the present invention is:
  • This embodiment provides a method for controlling and controlling application rights, including:
  • the rights file includes information of the application accessible interface. Specifically:
  • S12. Obtain a permission list corresponding to the function list. Specifically, if the financial transaction function exists in the function list, the permission list is generated according to the information of the financial terminal interface; the financial terminal includes a magnetic stripe card reader, a contact IC card reader, and a contactless IC card reader and password keyboard.
  • a third-party application APP1 For example, if the business function of a third-party application APP1 is document editing, it is not given access to the financial terminal, and the third-party application APP1 can only use the basic functions of the operating system.
  • the service function of another third-party application APP2 is credit card payment, which gives it access to the financial terminal.
  • the third-party application APP2 can call the standard interface of the operating system or the financial connection with the device running APP2. The interface provided by the terminal.
  • access rights to multiple devices are defined as shown in the following table:
  • Type APK // indicates that the format of the APP is an APK
  • Version 3 // format version number of the permission description file, for example, 3 indicates the third version;
  • the unique identifier is the running ID of the application.
  • the operating system can obtain the running ID of the application, and obtain related information of the application according to the running ID.
  • the application is uninstalled.
  • the present embodiment abstracts and extracts the risk of the third-party application, reduces the focus of the control from the code of the entire third-party application to the authority of the third-party application, and narrows the scope of the control. Controlling the effect of the entire third-party application through the control authority; participating in the application signature process by the permission of the third-party application, thereby ensuring that the permission file is also part of the application signature, thereby ensuring that the permission is not illegally falsified. Because once the permission file has been tampered with, it is equal to the whole The signature of the application has been tampered with. After the application is downloaded to the terminal, it will be rejected due to the signature failure. Abstract the access rights of each device into a single permission string entry for easy management
  • Embodiment 2 of the present invention is:
  • the embodiment provides a management terminal for application authority, including one or more first processors 1 and a first memory 2, the first memory 2 stores a program, and is configured to be configured by the one Or the plurality of first processors 1 perform the following steps:
  • the rights file includes information of the application accessible interface. Specifically:
  • S12. Obtain a permission list corresponding to the function list. Specifically, if the financial transaction function exists in the function list, the permission list is generated according to the information of the financial terminal interface; the financial terminal includes a magnetic stripe card reader, a contact IC card reader, and a contactless IC card reader and password keyboard.
  • the access rights of the multiple devices are abstracted into one permission string entry, which is convenient for separately managing the access rights of a third-party application to different devices.
  • the rights file and the original installation package are immediately packaged to obtain the audited installation package.
  • the digitally signed installation package is protected against unauthorized tampering.
  • the unique identifier is an operation ID of the application
  • the operating system may obtain a running ID of the application, and acquire related information of the application according to the running ID.
  • the application is uninstalled.
  • Embodiment 3 of the present invention is:
  • This embodiment provides a method for controlling application authority, including:
  • the signed installation package includes an original installation package of the application and a permission file carrying information of the application accessible interface.
  • the rights file and the original installation package are immediately packaged to obtain the audited installation package.
  • the digitally signed installation package is protected against unauthorized tampering. That is, the current terminal installs a third-party application by using the signed installation package whose access permission is approved and the permission file cannot be illegally tampered with, thereby ensuring the security of the current terminal.
  • the application is installed according to the signed installation package. [0191] wherein, if the digital signature of the signed installation package fails the legality verification, it indicates that the permission file is highly likely to be tampered with after being approved, and installing the third-party application is risky and refuses to install.
  • the unique identifier is an operation ID of the application
  • the operating system may obtain a running ID of the application, and acquire related information of the application according to the running ID.
  • S4 when the application sends a request for accessing the preset interface, acquiring a permission file corresponding to the application according to the unique identifier; detecting whether the preset file exists in the permission file The information corresponding to the interface is obtained.
  • Embodiment 4 of the present invention is:
  • the embodiment provides a POS terminal, including one or more second processors 3 and a second memory 4, wherein the second memory 4 stores a program, and is configured to be configured by the one or more
  • the second processor 3 performs the following steps:
  • the signed installation package includes an original installation package of the application and a permission file carrying information of the application accessible interface.
  • the rights file and the original installation package are immediately packaged to obtain the audited installation package. And digitally sign the audited installation package to prevent it
  • the permission file was illegally tampered with. That is, the current terminal installs a third-party application by using a signed installation package whose access permission is audited and the permission file cannot be illegally tampered with, thereby ensuring the security of the current terminal.
  • the unique identifier is the running ID of the application
  • the operating system may obtain the running ID of the application, and obtain related information of the application according to the running ID.
  • the present invention provides an application permission management method, a terminal, and a POS terminal, by configuring a permission file for carrying an information of an accessible interface for an application, and authenticating the permission file and the application.
  • the installation package is digitally signed after being packaged, so that the application only has the access rights of the interfaces involved in the permission file during the running process, and cannot generate the signed installation package after being undetected.
  • the POS terminal only installs the signed installation package containing the permission file, and accepts or rejects the application's request to access a specific interface according to the information of the accessible interface carried by the permission file.
  • the application cannot successfully access the interface if the interface information is not included in the permission file. Therefore, different from the prior art, by manually checking whether the code containing the illegal calling specific interface in the application has low auditing efficiency and is prone to errors and omissions, the above-mentioned application authority control method and the terminal need not review the application code, and only need to By configuring the interface information that it is allowed to access, it can ensure that the application cannot call the interface unrelated to its business function through phishing code, etc., which not only improves the efficiency of checking the validity of the application, but also improves the legitimacy of the application.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to the field of data processing, and in particular to a method and terminal for managing and controlling a permission of an application, and a POS terminal. By obtaining a permission file corresponding to an application, the permission file comprising information of an accessible interface of the application, packaging an original installation package corresponding to the application and the permission file to obtain a checked installation package, and performing a sign operation on the checked installation package to obtain a signed installation package, the present invention improves the legitimacy of a third-party application installed on a terminal.

Description

一种应用程序权限的管控方法、 终端及 POS终端 技术领域  Management method, terminal and POS terminal of application authority
[0001] 本发明涉及数据处理领域, 尤其涉及一种应用程序权限的管控方法、 终端及 P [0001] The present invention relates to the field of data processing, and in particular, to a method and a method for controlling application authority, a terminal, and a P
OS终端。 OS terminal.
背景技术  Background technique
[0002] 随着 P0S终端和互联网技术的不断融合发展, 智能 P0S (通常采用安卓操作系 统) 成为 POS行业近几年一个非常热门的话题。 智能 P0S相比传统 P0S有着更加 丰富的业务应用场景、 更多的参与角色、 更加复杂的应用种类。 为了支持银行 卡收单这项基本的业务功能, 智能 POS终端通常需要提供磁条卡读写器、 接触式 IC卡读写器、 非接触式 IC卡读写器、 密码键盘、 打印机等银行卡支付所需的各 种硬件设备组件, 如果对这些组件的访问权限不加以限制, 有可能被第三方应 用程序利用, 伪造假的交易界面, 实施钓鱼攻击, 造成持卡人账户损失。  [0002] With the continuous integration of P0S terminals and Internet technologies, smart P0S (usually using the Android operating system) has become a very hot topic in the POS industry in recent years. Compared with traditional P0S, smart P0S has more business application scenarios, more participating roles, and more complex application types. In order to support the basic business functions of bank card receipt, smart POS terminals usually need to provide bank cards such as magnetic stripe card readers, contact IC card readers, contactless IC card readers, PIN pads, printers, etc. The various hardware device components required for payment, if the access rights to these components are not restricted, may be utilized by third-party applications, fake the fake transaction interface, implement phishing attacks, resulting in loss of the cardholder account.
[0003] 目前, 为了保证 POS终端的安全性, 需由专员对可运行于 POS终端上的不具有 金融交易功能的第三方应用程序的代码进行审核, 査看该第三方应用程序是否 包含非法调用与 POS终端连接的外部金融终端的代码。 其中, 金融终端指可读取 用户银行卡信息的外部设备。 但是, 人工审核代码十分繁琐且易出现错漏的情 况。  [0003] At present, in order to ensure the security of the POS terminal, it is necessary for the commissioner to review the code of the third-party application that can run on the POS terminal without the financial transaction function, and check whether the third-party application contains an illegal call. The code of the external financial terminal connected to the POS terminal. Among them, the financial terminal refers to an external device that can read the user's bank card information. However, manual review of the code is cumbersome and prone to errors.
技术问题  technical problem
[0004] 本发明所要解决的技术问题是: 如何提高安装在终端上的第三方应用程序的合 法性。  The technical problem to be solved by the present invention is: How to improve the legitimacy of third-party applications installed on the terminal.
[0005] 技术解决方案与有益效果  [0005] Technical solutions and benefits
[0006] 本发明提供一种应用程序权限的管控方法及终端, 其有益效果在于: 通过为应 用程序配置携带可访问接口的信息的权限文件, 并将权限文件与应用程序的原 始安装包打包后进行数字签名, 使得该应用程序在运行过程中只拥有权限文件 中涉及的接口的访问权限, 且生成已签名安装包后无法在不被察觉的情况下篡 改权限文件。 由于即使应用程序的代码中包含与业务功能无关的接口调用代码 , 但是在权限文件中不包含该接口信息的情况下, 应用程序无法成功访问该接 口。 因此, 区别于现有技术通过人工审核应用程序中是否包含非法调用特定接 口的代码审核效率低且易出现错漏的现象, 上述应用程序权限的管控方法及终 端无需审核应用程序的代码, 只需为其配置允许其访问的接口信息, 即可保证 应用程序无法通过钓鱼代码等调用与其业务功能无关的接口, 不仅提高了审核 应用程序合法性的效率, 还提高了应用程序的合法性。 [0006] The present invention provides a management method and a terminal for application authority, which have the beneficial effects of: configuring a permission file for carrying an information of an accessible interface for an application, and packaging the permission file with an original installation package of the application. The digital signature is performed so that the application only has access rights to the interfaces involved in the permission file during the running process, and the created permission package cannot be tamper with the permission file without being detected. Because even if the code of the application contains interface call code that is not related to business functions However, if the interface information is not included in the permissions file, the application cannot successfully access the interface. Therefore, different from the prior art, by manually checking whether the code containing the illegal calling specific interface in the application has low auditing efficiency and is prone to errors and omissions, the above-mentioned application authority control method and the terminal need not review the application code, and only need to By configuring the interface information that it is allowed to access, it can ensure that the application cannot call the interface unrelated to its business function through phishing code, etc., which not only improves the efficiency of checking the validity of the application, but also improves the legitimacy of the application.
[0007]  [0007]
[0008] 本发明还提供一种应用程序权限的管控方法, 包括:  [0008] The present invention also provides a method for controlling application authority, including:
[0009] 获取已签名安装包; 所述已签名安装包中包括应用程序的原始安装包和携带所 述应用程序可访问接口的信息的权限文件;  Obtaining a signed installation package; the signed installation package includes an original installation package of the application and a permission file carrying information of the interface accessible by the application;
[0010] 根据所述已签名安装包安装所述应用程序; [0010] installing the application according to the signed installation package;
[0011] 当所述应用程序发出访问预设的接口的请求吋, [0011] When the application issues a request to access a preset interface,
[0012] 检测所述权限文件中是否存在与所述预设的接口对应的信息, 得到检测结果; [0013] 若所述检测结果为所述权限文件中不存在与所述预设的接口对应的信息, 则拒 绝所述应用程序访问所述预设的接口; 否则, 允许所述应用程序访问所述预设 的接口。  [0012] detecting whether the information corresponding to the preset interface exists in the permission file, and obtaining a detection result; [0013] if the detection result is that the permission file does not exist, corresponding to the preset interface The information is denied to the application to access the preset interface; otherwise, the application is allowed to access the preset interface.
[0014] 本发明还提供一种 POS终端, 包括一个或多个第二处理器及第二存储器, 所述 第二存储器存储有程序, 并且被配置成由所述一个或多个第二处理器执行以下 步骤:  [0014] The present invention also provides a POS terminal including one or more second processors and a second memory, the second memory storing a program, and configured to be configured by the one or more second processors Perform the following steps:
[0015] 获取已签名安装包; 所述已签名安装包中包括应用程序的原始安装包和携带所 述应用程序可访问接口的信息的权限文件;  [0015] obtaining a signed installation package; the signed installation package includes an original installation package of the application and a permission file carrying information of the application accessible interface;
[0016] 根据所述已签名安装包安装所述应用程序; [0016] installing the application according to the signed installation package;
[0017] 当所述应用程序发出访问预设的接口的请求吋, 检测所述权限文件中是否存在 与所述预设的接口对应的信息, 得到检测结果;  [0017] when the application sends a request for accessing the preset interface, detecting whether the information corresponding to the preset interface exists in the permission file, and obtaining a detection result;
[0018] 若所述检测结果为所述权限文件中不存在与所述预设的接口对应的信息, 则拒 绝所述应用程序访问所述预设的接口; 否则, 允许所述应用程序访问所述预设 的接口。 [0018] if the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is denied access to the preset interface; otherwise, the application is allowed to access the The default interface.
[0019] 本发明还提供一种应用程序权限的管控方法及 POS终端, 其有益效果在于: PO s终端只安装包含权限文件的已签名安装包, 并根据权限文件携带的可访问接口 的信息接受或拒绝应用程序访问一特定接口的请求。 由于权限文件与应用程序 的原始安装包作为一个整体进行数字签名, 因此, 在权限文件审核通过后无法 在不被察觉的情况下对权限文件进行非法篡改, 使得安装于 POS终端上的应用程 序只能够调用与其业务功能相关的接口, 而无法通过钓鱼代码等在用户未知的 情况下调用与其业务功能无关的接口, 有效避免了用户的电子账户信息在未被 允许的情况下被截获, 提高了安装在 POS终端上的第三方应用程序的合法性, 及 POS终端的安全性。 [0019] The present invention also provides a management method for an application authority and a POS terminal, and the beneficial effects thereof are: PO The s terminal only installs the signed installation package containing the permission file, and accepts or rejects the application's request to access a specific interface according to the information of the accessible interface carried by the permission file. Since the rights file and the original installation package of the application are digitally signed as a whole, the permission file cannot be illegally falsified without being detected after the permission file is approved, so that the application installed on the POS terminal only It can call the interface related to its business function, and cannot call the interface unrelated to its business function through the phishing code, etc., which effectively avoids the interception of the user's electronic account information without being allowed, which improves the installation. The legitimacy of third-party applications on the POS terminal, and the security of the POS terminal.
问题的解决方案  Problem solution
发明的有益效果  Advantageous effects of the invention
对附图的简要说明  Brief description of the drawing
附图说明  DRAWINGS
[0020] 图 1为本发明提供的一种应用程序权限的管控方法的具体实施方式的流程框图  1 is a flow chart of a specific implementation manner of a method for controlling and controlling application rights according to the present invention.
[0021] 图 2为本发明提供的一种应用程序权限的管控终端的具体实施方式的结构框图 2 is a structural block diagram of a specific implementation manner of a management terminal for application authority according to the present invention.
[0022] 图 3为本发明还提供的一种应用程序权限的管控方法的具体实施方式的流程框 图; [0022] FIG. 3 is a flow chart diagram of a specific implementation manner of a method for controlling and controlling application rights according to the present invention;
[0023] 图 4本发明提供的一种 POS终端的具体实施方式的结构框图;  4 is a structural block diagram of a specific implementation manner of a POS terminal according to the present invention;
[0024] 标号说明: [0024] Description of the label:
[0025] 1、 第一处理器; 2、 第一存储器; 3、 第二处理器; 4、 第二存储器。  [0025] 1. The first processor; 2. The first memory; 3. The second processor; 4. The second memory.
具体实施方式 Detailed ways
[0026] 请参照图 1以及图 4, Please refer to FIG. 1 and FIG. 4,
[0027] 如图 1所示, 本发明提供一种应用程序权限的管控方法, 包括:  [0027] As shown in FIG. 1, the present invention provides a method for controlling application authority, including:
[0028] 获取与应用程序对应的权限文件; 所述权限文件中包括所述应用程序可访问接 口的信息; [0029] 将与所述应用程序对应的原始安装包和所述权限文件打包, 得到已审核安装包 [0028] obtaining a rights file corresponding to the application; the rights file includes information of the application accessible interface; [0029] packaging the original installation package corresponding to the application and the permission file to obtain an audited installation package
[0030] 对所述已审核安装包进行签名操作, 得到已签名安装包。 [0030] signing the audited installation package to obtain a signed installation package.
[0031] 进一步地, 获取与应用程序对应的权限文件, 具体为:  [0031] Further, obtaining a permission file corresponding to the application, specifically:
[0032] 获取与所述应用程序对应的功能列表;  [0032] obtaining a function list corresponding to the application;
[0033] 获取与所述功能列表对应的权限列表;  [0033] obtaining a permission list corresponding to the function list;
[0034] 根据所述权限列表生成与所述应用程序对应的权限文件。  [0034] generating a rights file corresponding to the application according to the permission list.
[0035] 由上述描述可知, 根据幵发者宣称的应用程序所具有的业务功能, 为应用程序 分配对应的权限。 有效避免了在使用者未知的情况下应用程序执行使用者不允 许的操作。  [0035] As can be seen from the above description, the application is assigned a corresponding authority according to the business function of the application claimed by the sender. This effectively prevents the application from performing operations that are not allowed by the user if the user is not aware of it.
[0036] 进一步地, 获取与所述功能列表对应的权限列表, 具体为:  [0036] Further, obtaining a permission list corresponding to the function list, specifically:
[0037] 若所述功能列表中存在金融交易功能, 则根据金融终端接口的信息生成所述权 限列表; 所述金融终端包括磁条卡读写器、 接触式 IC卡读写器、 非接触式 IC卡 读写器和密码键盘。 [0037] if the financial transaction function exists in the function list, generating the permission list according to the information of the financial terminal interface; the financial terminal includes a magnetic stripe card reader, a contact type IC card reader, and a non-contact type IC card reader and password keyboard.
[0038] 由上述描述可知, 所述金融终端用于获取用户的电子账户的信息, 电子账户信 息的隐私性极高, 本发明只有在为应用程序配置了可访问金融终端接口的前提 下, 金融终端才可被安装于终端上的第三方应用访问, 提高了用户信息的隐私 性及安全性。  [0038] It can be seen from the above description that the financial terminal is used to obtain the information of the electronic account of the user, and the privacy of the electronic account information is extremely high. The present invention is only provided that the application is configured with an accessible financial terminal interface, and the financial The terminal can be accessed by a third-party application installed on the terminal, which improves the privacy and security of the user information.
[0039] 进一步地, 还包括:  [0039] Further, the method further includes:
[0040] 根据所述已签名安装包安装所述应用程序;  [0040] installing the application according to the signed installation package;
[0041] 当所述应用程序发出访问预设的接口的请求吋, 检测所述权限文件中是否存在 与所述预设的接口对应的信息, 得到检测结果;  [0041] when the application sends a request for accessing the preset interface, detecting whether the information corresponding to the preset interface exists in the permission file, and obtaining a detection result;
[0042] 若所述检测结果为所述权限文件中不存在与所述预设的接口对应的信息, 则拒 绝所述应用程序访问所述预设的接口; 否则, 允许所述应用程序访问所述预设 的接口。 [0042] if the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is denied access to the preset interface; otherwise, the application is allowed to access the The default interface.
[0043] 由上述描述可知, 本发明根据权限文件携带的可访问接口的信息接受或拒绝应 用程序访问一特定接口的请求, 使得安装于终端上的应用程序只能够调用与其 业务功能相关的接口, 而无法通过钓鱼代码等在用户未知的情况下调用与其业 务功能无关的接口, 提高了安装在终端上的第三方应用程序的合法性, 及终端 的安全性。 [0043] It can be seen from the above description that the present invention accepts or rejects the application's request to access a specific interface according to the information of the accessible interface carried by the rights file, so that the application installed on the terminal can only invoke the interface related to its business function. It is not possible to call the industry with a phishing code, etc., unknown to the user. The function-independent interface improves the legitimacy of third-party applications installed on the terminal and the security of the terminal.
[0044] 进一步地, 根据所述已签名安装包安装所述应用程序之后, 还包括:  [0044] After the application is installed according to the signed installation package, the method further includes:
[0045] 为所述应用程序分配唯一标识; [0045] assigning a unique identifier to the application;
[0046] 当所述应用程序发出访问预设的接口的请求吋, 根据所述唯一标识获取与所述 应用程序对应的权限文件。  [0046] when the application issues a request to access a preset interface, obtaining a rights file corresponding to the application according to the unique identifier.
[0047] 进一步地, 根据所述已签名安装包安装所述应用程序, 具体为: [0047] Further, installing the application according to the signed installation package is specifically:
[0048] 获取与所述已签名安装包对应的数字签名; Obtaining a digital signature corresponding to the signed installation package;
[0049] 验证所述数字签名的合法性, 得到验证结果; [0049] verifying the legality of the digital signature, and obtaining a verification result;
[0050] 若所述验证结果为所述数字签名合法, 则根据所述已签名安装包安装所述应用 程序。  [0050] If the verification result is that the digital signature is legal, the application is installed according to the signed installation package.
[0051] 由上述描述可知, 若已签名安装包的数字签名验证未通过, 则说明权限文件极 有可能被非法篡改, 安装该应用程序存在风险, 只有当数字签名通过合法性验 证才安装该应用程序, 提高了安装第三方应用终端的安全性。  [0051] It can be seen from the above description that if the digital signature verification of the signed installation package fails, it indicates that the permission file is highly likely to be illegally tampered with. There is a risk in installing the application, and the application is installed only when the digital signature passes the legality verification. The program improves the security of installing third-party application terminals.
[0052]  [0052]
[0053] 如图 2所示, 本发明提供一种应用程序权限的管控终端, 包括一个或多个第一 处理器 1及第一存储器 2, 所述第一存储器 2存储有程序, 并且被配置成由所述一 个或多个第一处理器 1执行以下步骤:  As shown in FIG. 2, the present invention provides a management terminal for application authority, including one or more first processors 1 and a first memory 2, wherein the first memory 2 stores a program and is configured. The following steps are performed by the one or more first processors 1:
[0054] 获取与应用程序对应的权限文件; 所述权限文件中包括所述应用程序可访问接 口的信息;  [0054] obtaining a rights file corresponding to the application; the rights file includes information that the application can access the interface;
[0055] 将与所述应用程序对应的原始安装包和所述权限文件打包, 得到已审核安装包  [0055] packaging the original installation package corresponding to the application and the permission file to obtain an audited installation package
[0056] 对所述已审核安装包进行签名操作, 得到已签名安装包。 [0056] signing the audited installation package to obtain a signed installation package.
[0057] 进一步地, 获取与应用程序对应的权限文件, 具体为:  [0057] Further, obtaining a permission file corresponding to the application, specifically:
[0058] 获取与所述应用程序对应的功能列表;  [0058] obtaining a function list corresponding to the application;
[0059] 获取与所述功能列表对应的权限列表;  [0059] obtaining a permission list corresponding to the function list;
[0060] 根据所述权限列表生成与所述应用程序对应的权限文件。  [0060] generating a rights file corresponding to the application according to the permission list.
[0061] 进一步地, 获取与所述功能列表对应的权限列表, 具体为: [0062] 若所述功能列表中存在金融交易功能, 则根据金融终端接口的信息生成所述权 限列表; 所述金融终端包括磁条卡读写器、 接触式 IC卡读写器、 非接触式 IC卡 读写器和密码键盘。 [0061] Further, obtaining a permission list corresponding to the function list, specifically: [0062] if the financial transaction function exists in the function list, generating the permission list according to the information of the financial terminal interface; the financial terminal includes a magnetic stripe card reader, a contact IC card reader, and a non-contact type IC card reader and password keyboard.
[0063] 进一步地, 还包括:  [0063] Further, the method further includes:
[0064] 根据所述已签名安装包安装所述应用程序;  [0064] installing the application according to the signed installation package;
[0065] 当所述应用程序发出访问预设的接口的请求吋, 检测所述权限文件中是否存在 与所述预设的接口对应的信息, 得到检测结果;  [0065] when the application sends a request for accessing the preset interface, detecting whether the information corresponding to the preset interface exists in the permission file, and obtaining a detection result;
[0066] 若所述检测结果为所述权限文件中不存在与所述预设的接口对应的信息, 则拒 绝所述应用程序访问所述预设的接口; 否则, 允许所述应用程序访问所述预设 的接口。 [0066] if the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is denied access to the preset interface; otherwise, the application is allowed to access the The default interface.
[0067] 进一步地, 根据所述已签名安装包安装所述应用程序之后, 还包括:  [0067] Further, after the application is installed according to the signed installation package, the method further includes:
[0068] 为所述应用程序分配唯一标识; [0068] assigning a unique identifier to the application;
[0069] 当所述应用程序发出访问预设的接口的请求吋, 根据所述唯一标识获取与所述 应用程序对应的权限文件。  [0069] when the application issues a request to access a preset interface, obtaining a rights file corresponding to the application according to the unique identifier.
[0070] 进一步地, 根据所述已签名安装包安装所述应用程序, 具体为: [0070] Further, installing the application according to the signed installation package is specifically:
[0071] 获取与所述已签名安装包对应的数字签名; [0071] obtaining a digital signature corresponding to the signed installation package;
[0072] 验证所述数字签名的合法性, 得到验证结果; [0072] verifying the legality of the digital signature, and obtaining a verification result;
[0073] 若所述验证结果为所述数字签名合法, 则根据所述已签名安装包安装所述应用 程序。  [0073] If the verification result is that the digital signature is legal, the application is installed according to the signed installation package.
[0074]  [0074]
[0075] 如图 3所示, 本发明还提供一种应用程序权限的管控方法, 包括:  [0075] As shown in FIG. 3, the present invention further provides a method for controlling application permission, including:
[0076] 获取已签名安装包; 所述已签名安装包中包括应用程序的原始安装包和携带所 述应用程序可访问接口的信息的权限文件;  [0076] obtaining a signed installation package; the signed installation package includes an original installation package of the application and a permission file carrying information of the application accessible interface;
[0077] 根据所述已签名安装包安装所述应用程序; [0077] installing the application according to the signed installation package;
[0078] 当所述应用程序发出访问预设的接口的请求吋, 检测所述权限文件中是否存在 与所述预设的接口对应的信息, 得到检测结果;  [0078] when the application sends a request for accessing the preset interface, detecting whether the information corresponding to the preset interface exists in the permission file, and obtaining a detection result;
[0079] 若所述检测结果为所述权限文件中不存在与所述预设的接口对应的信息, 则拒 绝所述应用程序访问所述预设的接口; 否则, 允许所述应用程序访问所述预设 的接口。 [0079] if the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is denied access to the preset interface; otherwise, the application is allowed to access the Preset Interface.
[0080] 进一步地, 根据所述已签名安装包安装所述应用程序, 具体为:  [0080] Further, installing the application according to the signed installation package is specifically:
[0081] 获取与所述已签名安装包对应的数字签名; Obtaining a digital signature corresponding to the signed installation package;
[0082] 验证所述数字签名的合法性, 得到验证结果; [0082] verifying the legality of the digital signature, and obtaining a verification result;
[0083] 若所述验证结果为所述数字签名合法, 则根据所述已签名安装包安装所述应用 程序。  [0083] If the verification result is that the digital signature is legal, the application is installed according to the signed installation package.
[0084] 进一步地, 根据所述已签名安装包安装所述应用程序之后, 还包括:  [0084] After the application is installed according to the signed installation package, the method further includes:
[0085] 为所述应用程序分配唯一标识; [0085] assigning a unique identifier to the application;
[0086] 当所述应用程序发出访问预设的接口的请求吋, 根据所述唯一标识获取与所述 应用程序对应的权限文件。  [0086] When the application issues a request to access the preset interface, the rights file corresponding to the application is obtained according to the unique identifier.
[0087] 进一步地, 还包括: [0087] Further, the method further includes:
[0088] 当所述检测结果为所述权限文件中不存在与所述预设的接口对应的信息吋, 卸 载所述应用程序。  [0088] when the detection result is that the information corresponding to the preset interface does not exist in the permission file, the application is uninstalled.
[0089] 由上述描述可知, 当检测到安装于 POS终端上的第三方应用欲调用未授权的接 口吋, 说明该应用程序中极有可能含有钓鱼代码, 为了保证 POS终端的安全性, 卸载所述应用程序, 提高了 POS终端的安全性。  [0089] It can be seen from the above description that when it is detected that a third-party application installed on the POS terminal wants to invoke an unauthorized interface, it indicates that the application program is likely to contain a phishing code. To ensure the security of the POS terminal, the uninstallation is performed. The application program improves the security of the POS terminal.
[0090]  [0090]
[0091] 如图 4所示, 本发明还提供一种 POS终端, 包括一个或多个第二处理器 3及第二 存储器 4, 所述第二存储器 4存储有程序, 并且被配置成由所述一个或多个第二 处理器 3执行以下步骤:  As shown in FIG. 4, the present invention further provides a POS terminal, including one or more second processors 3 and a second memory 4, wherein the second memory 4 stores a program and is configured to be The one or more second processors 3 perform the following steps:
[0092] 获取已签名安装包; 所述已签名安装包中包括应用程序的原始安装包和携带所 述应用程序可访问接口的信息的权限文件;  [0092] obtaining a signed installation package; the signed installation package includes an original installation package of the application and a permission file carrying information of the application accessible interface;
[0093] 根据所述已签名安装包安装所述应用程序;  [0093] installing the application according to the signed installation package;
[0094] 当所述应用程序发出访问预设的接口的请求吋, 检测所述权限文件中是否存在 与所述预设的接口对应的信息, 得到检测结果;  [0094] when the application sends a request for accessing the preset interface, detecting whether the information corresponding to the preset interface exists in the permission file, and obtaining a detection result;
[0095] 若所述检测结果为所述权限文件中不存在与所述预设的接口对应的信息, 则拒 绝所述应用程序访问所述预设的接口; 否则, 允许所述应用程序访问所述预设 的接口。 [0096] 进一步地, 根据所述已签名安装包安装所述应用程序, 具体为: [0095] if the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is denied access to the preset interface; otherwise, the application is allowed to access the The default interface. [0096] Further, installing the application according to the signed installation package is specifically:
[0097] 获取与所述已签名安装包对应的数字签名;  Obtaining a digital signature corresponding to the signed installation package;
[0098] 验证所述数字签名的合法性, 得到验证结果;  [0098] verifying the legality of the digital signature, and obtaining a verification result;
[0099] 若所述验证结果为所述数字签名合法, 则根据所述已签名安装包安装所述应用 程序。  [0099] If the verification result is that the digital signature is legal, the application is installed according to the signed installation package.
[0100] 进一步地, 根据所述已签名安装包安装所述应用程序之后, 还包括:  [0100] Further, after the application is installed according to the signed installation package, the method further includes:
[0101] 为所述应用程序分配唯一标识;  [0101] assigning a unique identifier to the application;
[0102] 当所述应用程序发出访问预设的接口的请求吋, 根据所述唯一标识获取与所述 应用程序对应的权限文件。  [0102] When the application issues a request to access the preset interface, the rights file corresponding to the application is obtained according to the unique identifier.
[0103] 进一步地, 还包括:  [0103] Further, the method further includes:
[0104] 当所述检测结果为所述权限文件中不存在与所述预设的接口对应的信息吋, 卸 载所述应用程序。  [0104] When the detection result is that the information corresponding to the preset interface does not exist in the permission file, the application is uninstalled.
[0105]  [0105]
[0106] 本发明的实施例一为:  [0106] Embodiment 1 of the present invention is:
[0107] 本实施例提供一种应用程序权限的管控方法, 包括:  [0107] This embodiment provides a method for controlling and controlling application rights, including:
[0108] Sl、 获取与应用程序对应的权限文件; 所述权限文件中包括所述应用程序可访 问接口的信息。 具体为:  [0108] Sl, obtaining a rights file corresponding to the application; the rights file includes information of the application accessible interface. Specifically:
[0109] Sl l、 获取与所述应用程序对应的功能列表。 [0109] Sl l. Obtain a function list corresponding to the application.
[0110] S12、 获取与所述功能列表对应的权限列表。 具体为: 若所述功能列表中存在 金融交易功能, 则根据金融终端接口的信息生成所述权限列表; 所述金融终端 包括磁条卡读写器、 接触式 IC卡读写器、 非接触式 IC卡读写器和密码键盘。  [0110] S12. Obtain a permission list corresponding to the function list. Specifically, if the financial transaction function exists in the function list, the permission list is generated according to the information of the financial terminal interface; the financial terminal includes a magnetic stripe card reader, a contact IC card reader, and a contactless IC card reader and password keyboard.
[0111] 例如, 一第三方应用程序 APP1的业务功能为文档编辑, 则不对其赋予可访问 金融终端的权限, 该第三方应用程序 APP1只能够使用操作系统的基本功能。 另 一第三方应用程序 APP2的业务功能为信用卡支付, 则为其赋予可访问金融终端 的权限, 该第三方应用程序 APP2既可调用操作系统的标准接口也可调用与运行 APP2的设备相连的金融终端提供的接口。  [0111] For example, if the business function of a third-party application APP1 is document editing, it is not given access to the financial terminal, and the third-party application APP1 can only use the basic functions of the operating system. The service function of another third-party application APP2 is credit card payment, which gives it access to the financial terminal. The third-party application APP2 can call the standard interface of the operating system or the financial connection with the device running APP2. The interface provided by the terminal.
[0112] S13、 根据所述权限列表生成与所述应用程序对应的权限文件。  [0112] S13. Generate a rights file corresponding to the application according to the permission list.
[0113] 可选地, 将多种设备的访问权限, 抽象成一个权限字符串条目, 方便单独管理 一第三方应用程序对不同设备的访问权限。 [0113] Optionally, abstracting access rights of multiple devices into one permission string entry, which is convenient for separate management A third-party application access to different devices.
例如, 对多种设备的访问权限定义如下表所示: For example, access rights to multiple devices are defined as shown in the following table:
UI UI
9pop ['UOTSSTUlI9d'90TAJ9S90TA9p*SOd^UIS  9pop ['UOTSSTUlI9d'90TAJ9S90TA9p*SOd^UIS
[SZTOO] gqS¾3'UOTSSTUU9d'90TAJ9S90TA9 *SOd^UIS  [SZTOO] gqS3⁄43'UOTSSTUU9d'90TAJ9S90TA9 *SOd^UIS
[εζτοο] j [εζτοο] j
9UU¾0S'UOTSSTUU9d'90TAJ9S90TA9 *SOd^UIS 9UU3⁄40S'UOTSSTUU9d'90TAJ9S90TA9 *SOd^UIS
[moo]  [moo]
[6TT00]
Figure imgf000012_0001
[6TT00]
Figure imgf000012_0001
¾9¾ j¾'UOTSSTUU9d'90TAJ9S90TA9 *SOd^UIS 翁 31卿¾非¾^ [8Π00] [moo]3⁄493⁄4 j3⁄4'UOTSSTUU9d'90TAJ9S90TA9 *SOd^UIS 翁31卿3⁄4非3⁄4^ [8Π00] [moo]
Figure imgf000012_0002
Figure imgf000012_0002
¾9¾3I'UOTSSTUU9d'90TAJ9S90TA9 *SOd^UIS
Figure imgf000012_0003
[ 1100] [STTOO] 3⁄493⁄43I'UOTSSTUU9d'90TAJ9S90TA9 *SOd^UIS
Figure imgf000012_0003
[ 1100] [STTOO]
[εττοο] ^duTj'uoTSSTUXisd'QOTAjgsQOTAg 'sod^uis [εττοο] ^duTj'uoTSSTUXisd'QOTAjgsQOTAg 'sod^uis
[TTTOO]  [TTTOO]
[01100] 目^ [60100]  [01100] Item ^ [60100]
[ΐ挲 l 9L0l/Ll0Z l3/13d 8666Ζ.0/6Ϊ0Ζ OAV [00127] [00128] 使用二代证设备读卡功能的权 smartpos.deviceservice.permission.SAMV限 [ΐ挲l 9L0l/Ll0Z l3/13d 8666Ζ.0/6Ϊ0Ζ OAV [00128] [00128] The right to use the second generation card device card reading function smartpos.deviceservice.permission.SAMV limit
[00129] [00130] 使用蜂鸣器设备功能的权限 smartpos.deviceservice.permission.Beeper [00130] Permission to use the buzzer device function smartpos.deviceservice.permission.Beeper
[00131] [00132] 调用 PBOC金融交互流程功能 smartpos.deviceservice.permission.PBOC 的权限 [00132] Calling the PBOC financial interaction process function smartpos.deviceservice.permission.PBOC
[00133] [00134] 调用获取终端设备信息的权限 smartpos.deviceservice.permission.Device [00134] Calling permission to acquire terminal device information smartpos.deviceservice.permission.Device
Info  Info
[00135] [00136] 使用串口设备功能的权限 smartpos.deviceservice.permission.SerialP [00136] Permission to use serial device function smartpos.deviceservice.permission.SerialP
ort  Ort
[00137] [00138] 使用 LED灯设备功能的权限 smartpos.deviceservice.permission.Led [00138] [00138] Permission to use the LED light device function smartpos.deviceservice.permission.Led
[0115] 根据上述访问权限定义得到的权限文件内容示例如下所示: [0115] An example of the content of the rights file obtained according to the above access rights definition is as follows:
[0116] 文件的内容示例如下: [0116] Examples of the contents of the file are as follows:
[0117] [Main] [0117] [Main]
[0118] Type = APK //表示 APP的格式是 APK;  [0118] Type = APK // indicates that the format of the APP is an APK;
[0119] Version = 3 //权限描述文件的格式版本号, 比如 3表示第三个版本;  [0119] Version = 3 // format version number of the permission description file, for example, 3 indicates the third version;
[0120] AccessableKapIds=00010001 II [0120] AccessableKapIds=00010001 II
可以扩展一下其他想要自定义的信息, 比如 AccessableKapIds , 此功能预留将来 使用;  You can expand other information you want to customize, such as AccessableKapIds, which is reserved for future use.
[0121] II下面可以添加要访问的某个设备的权限  [0121] II can add the permissions of a device to be accessed below
[0122] [Uses-permis sion- 1 ] [0123] Name=smartpos.deviceservice.permission.Pinpad [Uses-permis sion- 1 ] [0123] Name=smartpos.deviceservice.permission.Pinpad
[0124] [Uses-permission-2]  [Uses-permission-2]
[0125] Name=smartpos.deviceservice.permission.MagReader  [0125] Name=smartpos.deviceservice.permission.MagReader
[0126] [Uses-permission-3]  [Uses-permission-3]
[0127] Name: smartpos.deviceservice.permission.ICReader  [0127] Name: smartpos.deviceservice.permission.ICReader
[0128] [Uses-permission-4]  [Uses-permission-4]
[0129] Name= smartpos.deviceservice.permission.RFReader  [0129] Name= smartpos.deviceservice.permission.RFReader
[0130] [Uses-permission-5]  [Uses-permission-5]
[0131] Name= smartpos.deviceservice.permission.Printer  [0131] Name= smartpos.deviceservice.permission.Printer
[0132] [Uses-permission-6]  [Uses-permission-6]
[0133] Name= smartpos.deviceservice.permission.Scanner  [0133] Name= smartpos.deviceservice.permission.Scanner
[0134] [Uses-permission-7]  [Uses-permission-7]
[0135] Name= smartpos.deviceservice.permission.CashBox  [0135] Name= smartpos.deviceservice.permission.CashBox
[0136] [Uses-permission-8]  [Uses-permission-8]
[0137] Name= smartpos.deviceservice.permission.Modem  [0137] Name= smartpos.deviceservice.permission.Modem
[0138] [Uses-permission-9]  [Uses-permission-9]
[0139] Name= smartpos.deviceservice.permission.SAMV  [0139] Name= smartpos.deviceservice.permission.SAMV
[0140] [U ses-permis sion- 10]  [U ses-permis sion- 10]
[0141] Name= smartpos.deviceservice.permission.Beeper  [0141] Name= smartpos.deviceservice.permission.Beeper
[0142] [Uses-permis sion- 11 ]  [Uses-permis sion- 11 ]
[0143] Name= smartpos.deviceservice.permission.PBOC  [0143] Name= smartpos.deviceservice.permission.PBOC
[0144] [U ses-permis sion- 12]  [U ses-permis sion- 12]
[0145] Name= smartpos.deviceservice.permission.DeviceInfo。  [0145] Name= smartpos.deviceservice.permission.DeviceInfo.
[0146] S2、 将与所述应用程序对应的原始安装包和所述权限文件打包, 得到已审核安 装包。  [0146] S2, packaging the original installation package corresponding to the application and the permission file to obtain an audited installation package.
[0147] S3、 对所述已审核安装包进行签名操作, 得到已签名安装包。  [0147] S3. Perform a signature operation on the audited installation package to obtain a signed installation package.
[0148] 其中, 当根据应用程序的业务功能确认其可访问的接口后, 立即将权限文件和 原始安装包打包, 得到已审核安装包。 并对已审核安装包进行数字签名, 防止 权限文件被非法篡改。 [0148] wherein, after confirming the accessible interface according to the service function of the application, the rights file and the original installation package are immediately packaged to obtain the audited installation package. And digitally sign the audited installation package to prevent it The permission file was illegally tampered with.
[0149] S4、 根据所述已签名安装包安装所述应用程序。 具体为: [0149] S4. Install the application according to the signed installation package. Specifically:
[0150] S41、 获取与所述已签名安装包对应的数字签名。 [0150] S41. Obtain a digital signature corresponding to the signed installation package.
[0151] S42、 验证所述数字签名的合法性, 得到验证结果。 [0151] S42. Verify the validity of the digital signature, and obtain a verification result.
[0152] S43、 若所述验证结果为所述数字签名合法, 则根据所述已签名安装包安装所 述应用程序。  [0152] S43. If the verification result is that the digital signature is legal, the application is installed according to the signed installation package.
[0153] S5、 为所述应用程序分配唯一标识。 [0153] S5. Assign a unique identifier to the application.
[0154] 其中, 所述唯一标识为应用程序的运行 ID, 当应用程序处于运行状态吋, 操作 系统可获取到该应用程序的运行 ID, 并根据运行 ID获取应用程序的相关信息。  [0154] The unique identifier is the running ID of the application. When the application is in the running state, the operating system can obtain the running ID of the application, and obtain related information of the application according to the running ID.
[0155] S6、 当所述应用程序发出访问预设的接口的请求吋, 根据所述唯一标识获取与 所述应用程序对应的权限文件; 检测所述权限文件中是否存在与所述预设的接 口对应的信息, 得到检测结果。 [0155] S6, when the application sends a request for accessing the preset interface, acquiring a permission file corresponding to the application according to the unique identifier; detecting whether the preset file exists in the permission file The information corresponding to the interface is obtained.
[0156] 例如, 应用程序请求访问 ICReader设备以读取 IC卡的信息, 若与该应用程序对 应的权限文件中不存在" Name=smartpos.deviceservice.permission.ICReader"贝 1J检测 结果为所述权限文件中不存在与所述预设的接口对应的信息。 [0156] For example, the application requests access to the ICReader device to read the information of the IC card, and if the permission file corresponding to the application does not exist, "Name=smartpos.deviceservice.permission.ICReader" is detected as the permission. There is no information corresponding to the preset interface in the file.
[0157] S7、 若所述检测结果为所述权限文件中不存在与所述预设的接口对应的信息, 则拒绝所述应用程序访问所述预设的接口; 否则, 允许所述应用程序访问所述 预设的接口。 [0157] S7. If the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is denied access to the preset interface; otherwise, the application is allowed. Access the preset interface.
[0158] 可选地, 当所述检测结果为所述权限文件中不存在与所述预设的接口对应的信 息吋, 卸载所述应用程序。  [0158] Optionally, when the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is uninstalled.
[0159] 其中, 当检测到安装于当前终端上的第三方应用欲调用未授权的接口吋, 说明 该应用程序中极有可能含有钓鱼代码, 为了保证当前终端的安全性, 卸载所述 应用程序, 提高了当前终端的安全性。  [0159] Where, when detecting that a third-party application installed on the current terminal wants to invoke an unauthorized interface, it is highly likely that the application has a phishing code, and in order to ensure the security of the current terminal, the application is uninstalled. , improve the security of the current terminal.
[0160] 由上述描述可知, 本实施例将第三方应用程序存在的风险进行了抽象和提取, 将管控的焦点从整个第三方应用程序的代码缩小到第三方应用程序的权限, 缩 小管控的范围, 通过管控权限达到管控整个第三方应用程序的效果; 将第三方 应用程序的权限参与到应用签名过程, 从而保证了权限文件也是应用签名的一 部分, 从而保证了该权限不会被非法篡改。 因为一旦权限文件被篡改, 等于整 个应用的签名发生了篡改, 应用下载到终端中后就会由于签名失败而被拒绝安 装。 将每种设备的访问权限, 抽象成一个权限字符串条目, 从而方便单独管理 [0160] It can be seen from the above description that the present embodiment abstracts and extracts the risk of the third-party application, reduces the focus of the control from the code of the entire third-party application to the authority of the third-party application, and narrows the scope of the control. Controlling the effect of the entire third-party application through the control authority; participating in the application signature process by the permission of the third-party application, thereby ensuring that the permission file is also part of the application signature, thereby ensuring that the permission is not illegally falsified. Because once the permission file has been tampered with, it is equal to the whole The signature of the application has been tampered with. After the application is downloaded to the terminal, it will be rejected due to the signature failure. Abstract the access rights of each device into a single permission string entry for easy management
[0161] [0161]
[0162] 本发明的实施例二为:  [0162] Embodiment 2 of the present invention is:
[0163] 本实施例提供一种应用程序权限的管控终端, 包括一个或多个第一处理器 1及 第一存储器 2, 所述第一存储器 2存储有程序, 并且被配置成由所述一个或多个 第一处理器 1执行以下步骤:  [0163] The embodiment provides a management terminal for application authority, including one or more first processors 1 and a first memory 2, the first memory 2 stores a program, and is configured to be configured by the one Or the plurality of first processors 1 perform the following steps:
[0164] Sl、 获取与应用程序对应的权限文件; 所述权限文件中包括所述应用程序可访 问接口的信息。 具体为:  [0164] Sl, obtaining a rights file corresponding to the application; the rights file includes information of the application accessible interface. Specifically:
[0165] Sl l、 获取与所述应用程序对应的功能列表。  [0165] Sl l. Obtain a function list corresponding to the application.
[0166] S12、 获取与所述功能列表对应的权限列表。 具体为: 若所述功能列表中存在 金融交易功能, 则根据金融终端接口的信息生成所述权限列表; 所述金融终端 包括磁条卡读写器、 接触式 IC卡读写器、 非接触式 IC卡读写器和密码键盘。  [0166] S12. Obtain a permission list corresponding to the function list. Specifically, if the financial transaction function exists in the function list, the permission list is generated according to the information of the financial terminal interface; the financial terminal includes a magnetic stripe card reader, a contact IC card reader, and a contactless IC card reader and password keyboard.
[0167] S13、 根据所述权限列表生成与所述应用程序对应的权限文件。  [0167] S13. Generate a rights file corresponding to the application according to the permission list.
[0168] 可选地, 将多种设备的访问权限, 抽象成一个权限字符串条目, 方便单独管理 一第三方应用程序对不同设备的访问权限。  [0168] Optionally, the access rights of the multiple devices are abstracted into one permission string entry, which is convenient for separately managing the access rights of a third-party application to different devices.
[0169] S2、 将与所述应用程序对应的原始安装包和所述权限文件打包, 得到已审核安 装包。  [0169] S2, packaging the original installation package corresponding to the application and the permission file to obtain an audited installation package.
[0170] S3、 对所述已审核安装包进行签名操作, 得到已签名安装包。  [0170] S3. Perform a signature operation on the audited installation package to obtain a signed installation package.
[0171] 其中, 当根据应用程序的业务功能确认其可访问的接口后, 立即将权限文件和 原始安装包打包, 得到已审核安装包。 并对已审核安装包进行数字签名, 防止 权限文件被非法篡改。  [0171] wherein, after confirming the accessible interface according to the service function of the application, the rights file and the original installation package are immediately packaged to obtain the audited installation package. The digitally signed installation package is protected against unauthorized tampering.
[0172] S4、 根据所述已签名安装包安装所述应用程序。 具体为: [0172] S4. Install the application according to the signed installation package. Specifically:
[0173] S41、 获取与所述已签名安装包对应的数字签名。 [0173] S41. Acquire a digital signature corresponding to the signed installation package.
[0174] S42、 验证所述数字签名的合法性, 得到验证结果。 [0174] S42. Verify the validity of the digital signature, and obtain a verification result.
[0175] S43、 若所述验证结果为所述数字签名合法, 则根据所述已签名安装包安装所 述应用程序。 [0176] S5、 为所述应用程序分配唯一标识。 [0175] S43. If the verification result is that the digital signature is legal, the application is installed according to the signed installation package. [0176] S5. Assign a unique identifier to the application.
[0177] 其中, 所述唯一标识为应用程序的运行 ID, 当应用程序处于运行状态吋, 操作 系统可获取到该应用程序的运行 ID, 并根据运行 ID获取应用程序的相关信息。  [0177] wherein the unique identifier is an operation ID of the application, and when the application is in a running state, the operating system may obtain a running ID of the application, and acquire related information of the application according to the running ID.
[0178] S6、 当所述应用程序发出访问预设的接口的请求吋, 根据所述唯一标识获取与 所述应用程序对应的权限文件; 检测所述权限文件中是否存在与所述预设的接 口对应的信息, 得到检测结果。 [0178] S6, when the application sends a request for accessing the preset interface, acquiring a permission file corresponding to the application according to the unique identifier; detecting whether the preset file exists with the preset The information corresponding to the interface is obtained.
[0179] S7、 若所述检测结果为所述权限文件中不存在与所述预设的接口对应的信息, 则拒绝所述应用程序访问所述预设的接口; 否则, 允许所述应用程序访问所述 预设的接口。 [0179] S7. If the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is denied access to the preset interface; otherwise, the application is allowed. Access the preset interface.
[0180] 可选地, 当所述检测结果为所述权限文件中不存在与所述预设的接口对应的信 息吋, 卸载所述应用程序。  [0180] Optionally, when the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is uninstalled.
[0181] 其中, 当检测到安装于 POS终端上的第三方应用欲调用未授权的接口吋, 说明 该应用程序中极有可能含有钓鱼代码, 为了保证 POS终端的安全性, 卸载所述应 用程序, 提高了 POS终端的安全性。 [0181] wherein, when detecting that the third-party application installed on the POS terminal wants to invoke an unauthorized interface, it indicates that the application program is highly likely to contain a phishing code. To ensure the security of the POS terminal, the application is uninstalled. , improve the security of the POS terminal.
[0182]  [0182]
[0183] 本发明的实施例三为:  [0183] Embodiment 3 of the present invention is:
[0184] 本实施例提供一种应用程序权限的管控方法, 包括:  [0184] This embodiment provides a method for controlling application authority, including:
[0185] Sl、 获取已签名安装包; 所述已签名安装包中包括应用程序的原始安装包和携 带所述应用程序可访问接口的信息的权限文件。  [0185] Sl, obtaining a signed installation package; the signed installation package includes an original installation package of the application and a permission file carrying information of the application accessible interface.
[0186] 其中, 当根据应用程序的业务功能确认其可访问的接口后, 立即将权限文件和 原始安装包打包, 得到已审核安装包。 并对已审核安装包进行数字签名, 防止 权限文件被非法篡改。 即当前终端均采用访问权限审核通过且权限文件无法被 非法篡改的已签名安装包安装第三方应用程序, 保证了当前终端的安全性。  [0186] wherein, after confirming the accessible interface according to the service function of the application, the rights file and the original installation package are immediately packaged to obtain the audited installation package. The digitally signed installation package is protected against unauthorized tampering. That is, the current terminal installs a third-party application by using the signed installation package whose access permission is approved and the permission file cannot be illegally tampered with, thereby ensuring the security of the current terminal.
[0187] S2、 根据所述已签名安装包安装所述应用程序。 具体为:  [0187] S2. Install the application according to the signed installation package. Specifically:
[0188] 获取与所述已签名安装包对应的数字签名;  Obtaining a digital signature corresponding to the signed installation package;
[0189] 验证所述数字签名的合法性, 得到验证结果。  [0189] verifying the legality of the digital signature, and obtaining a verification result.
[0190] 若所述验证结果为所述数字签名合法, 则根据所述已签名安装包安装所述应用 程序。 [0191] 其中, 若已签名安装包的数字签名未通过合法性验证, 则说明权限文件极有可 能在通过审核后被篡改, 安装该第三方应用程序存在风险, 拒绝安装。 [0190] If the verification result is that the digital signature is legal, the application is installed according to the signed installation package. [0191] wherein, if the digital signature of the signed installation package fails the legality verification, it indicates that the permission file is highly likely to be tampered with after being approved, and installing the third-party application is risky and refuses to install.
[0192] S3、 为所述应用程序分配唯一标识。 [0192] S3. Assign a unique identifier to the application.
[0193] 其中, 所述唯一标识为应用程序的运行 ID, 当应用程序处于运行状态吋, 操作 系统可获取到该应用程序的运行 ID, 并根据运行 ID获取应用程序的相关信息。  [0193] wherein the unique identifier is an operation ID of the application, and when the application is in a running state, the operating system may obtain a running ID of the application, and acquire related information of the application according to the running ID.
[0194] S4、 当所述应用程序发出访问预设的接口的请求吋, 根据所述唯一标识获取与 所述应用程序对应的权限文件; 检测所述权限文件中是否存在与所述预设的接 口对应的信息, 得到检测结果。 [0194] S4, when the application sends a request for accessing the preset interface, acquiring a permission file corresponding to the application according to the unique identifier; detecting whether the preset file exists in the permission file The information corresponding to the interface is obtained.
[0195] 例如, 应用程序请求访问 ICReader设备以读取 IC卡的信息, 若与该应用程序对 应的权限文件中不存在" Name=smartpos.deviceservice.permission.ICReader"贝 1J检测 结果为所述权限文件中不存在与所述预设的接口对应的信息。 [0195] For example, the application requests access to the ICReader device to read the information of the IC card, and if the permission file corresponding to the application does not exist, "Name=smartpos.deviceservice.permission.ICReader" is detected as the permission. There is no information corresponding to the preset interface in the file.
[0196] S5、 若所述检测结果为所述权限文件中不存在与所述预设的接口对应的信息, 则拒绝所述应用程序访问所述预设的接口; 否则, 允许所述应用程序访问所述 预设的接口。 [0196] S5. If the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is denied access to the preset interface; otherwise, the application is allowed. Access the preset interface.
[0197] S6、 当所述检测结果为所述权限文件中不存在与所述预设的接口对应的信息吋 [0197] S6. When the detection result is that the information corresponding to the preset interface does not exist in the permission file,
, 卸载所述应用程序。 , uninstall the application.
[0198] 其中, 当检测到安装于当前终端上的第三方应用欲调用未授权的接口吋, 说明 该应用程序中极有可能含有钓鱼代码, 为了保证当前终端的安全性, 卸载所述 应用程序, 提高了当前终端的安全性。  [0198] wherein, when detecting that the third-party application installed on the current terminal wants to invoke an unauthorized interface, it indicates that the application program is highly likely to contain a phishing code, and the application is uninstalled in order to ensure the security of the current terminal. , improve the security of the current terminal.
[0199]  [0199]
[0200] 本发明的实施例四为:  [0200] Embodiment 4 of the present invention is:
[0201] 本实施例提供一种 POS终端, 包括一个或多个第二处理器 3及第二存储器 4, 所 述第二存储器 4存储有程序, 并且被配置成由所述一个或多个第二处理器 3执行 以下步骤:  [0201] The embodiment provides a POS terminal, including one or more second processors 3 and a second memory 4, wherein the second memory 4 stores a program, and is configured to be configured by the one or more The second processor 3 performs the following steps:
[0202] Sl、 获取已签名安装包; 所述已签名安装包中包括应用程序的原始安装包和携 带所述应用程序可访问接口的信息的权限文件。  [0202] Sl, obtaining a signed installation package; the signed installation package includes an original installation package of the application and a permission file carrying information of the application accessible interface.
[0203] 其中, 当根据应用程序的业务功能确认其可访问的接口后, 立即将权限文件和 原始安装包打包, 得到已审核安装包。 并对已审核安装包进行数字签名, 防止 权限文件被非法篡改。 即当前终端均采用访问权限审核通过且权限文件无法被 非法篡改的已签名安装包安装第三方应用程序, 保证了当前终端的安全性。 [0203] wherein, after confirming the accessible interface according to the business function of the application, the rights file and the original installation package are immediately packaged to obtain the audited installation package. And digitally sign the audited installation package to prevent it The permission file was illegally tampered with. That is, the current terminal installs a third-party application by using a signed installation package whose access permission is audited and the permission file cannot be illegally tampered with, thereby ensuring the security of the current terminal.
[0204] S2、 根据所述已签名安装包安装所述应用程序。 具体为:  [0204] S2. Install the application according to the signed installation package. Specifically:
[0205] 获取与所述已签名安装包对应的数字签名;  Obtaining a digital signature corresponding to the signed installation package;
[0206] 验证所述数字签名的合法性, 得到验证结果。  [0206] verifying the legality of the digital signature, and obtaining a verification result.
[0207] 若所述验证结果为所述数字签名合法, 则根据所述已签名安装包安装所述应用 程序。  [0207] If the verification result is that the digital signature is legal, the application is installed according to the signed installation package.
[0208] 其中, 若已签名安装包的数字签名未通过合法性验证, 则说明权限文件极有可 能在通过审核后被篡改, 安装该第三方应用程序存在风险, 拒绝安装。  [0208] Wherein, if the digital signature of the signed installation package fails the legality verification, it indicates that the permission file is highly likely to be tampered with after being approved, and installing the third-party application is risky and refuses to install.
[0209] S3、 为所述应用程序分配唯一标识。 [0209] S3. Assign a unique identifier to the application.
[0210] 其中, 所述唯一标识为应用程序的运行 ID, 当应用程序处于运行状态吋, 操作 系统可获取到该应用程序的运行 ID, 并根据运行 ID获取应用程序的相关信息。  [0210] wherein the unique identifier is the running ID of the application, and when the application is in the running state, the operating system may obtain the running ID of the application, and obtain related information of the application according to the running ID.
[0211] S4、 当所述应用程序发出访问预设的接口的请求吋, 根据所述唯一标识获取与 所述应用程序对应的权限文件; 检测所述权限文件中是否存在与所述预设的接 口对应的信息, 得到检测结果。 [0211] S4, when the application sends a request for accessing the preset interface, acquiring a permission file corresponding to the application according to the unique identifier; detecting whether the preset file exists in the permission file The information corresponding to the interface is obtained.
[0212] S5、 若所述检测结果为所述权限文件中不存在与所述预设的接口对应的信息, 则拒绝所述应用程序访问所述预设的接口; 否则, 允许所述应用程序访问所述 预设的接口。 [0212] S5. If the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is denied access to the preset interface; otherwise, the application is allowed. Access the preset interface.
[0213] S6、 当所述检测结果为所述权限文件中不存在与所述预设的接口对应的信息吋 [0213] S6. When the detection result is that the information corresponding to the preset interface does not exist in the permission file,
, 卸载所述应用程序。 , uninstall the application.
[0214] 其中, 当检测到安装于 POS终端上的第三方应用欲调用未授权的接口吋, 说明 该应用程序中极有可能含有钓鱼代码, 为了保证 POS终端的安全性, 卸载所述应 用程序, 提高了 POS终端的安全性。  [0214] wherein, when detecting that the third-party application installed on the POS terminal wants to invoke an unauthorized interface, it indicates that the application program is highly likely to contain a phishing code. To ensure the security of the POS terminal, the application is uninstalled. , improve the security of the POS terminal.
[0215]  [0215]
[0216] 综上所述, 本发明提供的一种应用程序权限的管控方法、 终端及 POS终端, 通 过为应用程序配置携带可访问接口的信息的权限文件, 并将权限文件与应用程 序的原始安装包打包后进行数字签名, 使得该应用程序在运行过程中只拥有权 限文件中涉及的接口的访问权限, 且生成已签名安装包后无法在不被察觉的情 况下篡改权限文件。 POS终端只安装包含权限文件的已签名安装包, 并根据权限 文件携带的可访问接口的信息接受或拒绝应用程序访问一特定接口的请求。 由 于即使应用程序的代码中包含与业务功能无关的接口调用代码, 但是在权限文 件中不包含该接口信息的情况下, 应用程序无法成功访问该接口。 因此, 区别 于现有技术通过人工审核应用程序中是否包含非法调用特定接口的代码审核效 率低且易出现错漏的现象, 上述应用程序权限的管控方法及终端无需审核应用 程序的代码, 只需为其配置允许其访问的接口信息, 即可保证应用程序无法通 过钓鱼代码等调用与其业务功能无关的接口, 不仅提高了审核应用程序合法性 的效率, 还提高了应用程序的合法性。 [0216] In summary, the present invention provides an application permission management method, a terminal, and a POS terminal, by configuring a permission file for carrying an information of an accessible interface for an application, and authenticating the permission file and the application. The installation package is digitally signed after being packaged, so that the application only has the access rights of the interfaces involved in the permission file during the running process, and cannot generate the signed installation package after being undetected. In the case of tampering with the permissions file. The POS terminal only installs the signed installation package containing the permission file, and accepts or rejects the application's request to access a specific interface according to the information of the accessible interface carried by the permission file. Because even if the code of the application contains interface call code that is not related to the business function, the application cannot successfully access the interface if the interface information is not included in the permission file. Therefore, different from the prior art, by manually checking whether the code containing the illegal calling specific interface in the application has low auditing efficiency and is prone to errors and omissions, the above-mentioned application authority control method and the terminal need not review the application code, and only need to By configuring the interface information that it is allowed to access, it can ensure that the application cannot call the interface unrelated to its business function through phishing code, etc., which not only improves the efficiency of checking the validity of the application, but also improves the legitimacy of the application.

Claims

权利要求书 Claim
[权利要求 1] 一种应用程序权限的管控方法, 其特征在于, 包括:  [Claim 1] A method for controlling the authority of an application program, comprising:
获取与应用程序对应的权限文件; 所述权限文件中包括所述应用程序 可访问接口的信息;  Obtaining a permission file corresponding to the application; the permission file includes information of the interface accessible by the application;
将与所述应用程序对应的原始安装包和所述权限文件打包, 得到已审 核安装包;  The original installation package corresponding to the application and the permission file are packaged to obtain an audited installation package;
对所述已审核安装包进行签名操作, 得到已签名安装包。  Sign the audited installation package to get the signed installation package.
[权利要求 2] 根据权利要求 1所述的应用程序权限的管控方法, 其特征在于, 获取 与应用程序对应的权限文件, 具体为:  [Claim 2] The method for controlling the authority of an application according to claim 1, wherein the permission file corresponding to the application is obtained, specifically:
获取与所述应用程序对应的功能列表;  Obtaining a list of functions corresponding to the application;
获取与所述功能列表对应的权限列表;  Obtaining a permission list corresponding to the function list;
根据所述权限列表生成与所述应用程序对应的权限文件。  Generating a rights file corresponding to the application according to the permission list.
[权利要求 3] 根据权利要求 2所述的应用程序权限的管控方法, 其特征在于, 获取 与所述功能列表对应的权限列表, 具体为: [Claim 3] The method for controlling the application authority according to claim 2, wherein the permission list corresponding to the function list is obtained, specifically:
若所述功能列表中存在金融交易功能, 则根据金融终端接口的信息生 成所述权限列表; 所述金融终端包括磁条卡读写器、 接触式 IC卡读写 器、 非接触式 IC卡读写器和密码键盘。  If the financial transaction function exists in the function list, generating the permission list according to the information of the financial terminal interface; the financial terminal includes a magnetic stripe card reader, a contact IC card reader, and a non-contact IC card reading. Writer and password keyboard.
[权利要求 4] 根据权利要求 1所述的应用程序权限的管控方法, 其特征在于, 还包 括: [Claim 4] The method for controlling the application authority according to claim 1, further comprising:
根据所述已签名安装包安装所述应用程序;  Installing the application according to the signed installation package;
当所述应用程序发出访问预设的接口的请求吋, 检测所述权限文件中 是否存在与所述预设的接口对应的信息, 得到检测结果;  When the application sends a request for accessing the preset interface, detecting whether the information corresponding to the preset interface exists in the permission file, and obtaining a detection result;
若所述检测结果为所述权限文件中不存在与所述预设的接口对应的信 息, 则拒绝所述应用程序访问所述预设的接口; 否则, 允许所述应用 程序访问所述预设的接口。  If the detection result is that the information corresponding to the preset interface does not exist in the permission file, the application is denied access to the preset interface; otherwise, the application is allowed to access the preset. Interface.
[权利要求 5] 根据权利要求 4所述的应用程序权限的管控方法, 其特征在于, 根据 所述已签名安装包安装所述应用程序之后, 还包括: [Claim 5] The method for controlling the application authority according to claim 4, wherein after the application is installed according to the signed installation package, the method further includes:
为所述应用程序分配唯一标识; 当所述应用程序发出访问预设的接口的请求吋, 根据所述唯一标识获 取与所述应用程序对应的权限文件。 Assigning a unique identifier to the application; When the application issues a request to access the preset interface, the permission file corresponding to the application is obtained according to the unique identifier.
根据权利要求 4所述的应用程序权限的管控方法, 其特征在于, 根据 所述已签名安装包安装所述应用程序, 具体为: The method for controlling the application authority according to claim 4, wherein the application is installed according to the signed installation package, specifically:
获取与所述已签名安装包对应的数字签名; Obtaining a digital signature corresponding to the signed installation package;
验证所述数字签名的合法性, 得到验证结果; Verifying the legality of the digital signature and obtaining the verification result;
若所述验证结果为所述数字签名合法, 则根据所述已签名安装包安装 所述应用程序。 If the verification result is that the digital signature is legal, the application is installed according to the signed installation package.
一种应用程序权限的管控终端, 其特征在于, 包括一个或多个第一处 理器及第一存储器, 所述第一存储器存储有程序, 并且被配置成由所 述一个或多个第一处理器执行以下步骤: A management terminal for application authority, comprising: one or more first processors and a first memory, wherein the first memory stores a program and is configured to be processed by the one or more first Perform the following steps:
获取与应用程序对应的权限文件; 所述权限文件中包括所述应用程序 可访问接口的信息; Obtaining a permission file corresponding to the application; the permission file includes information of the interface accessible by the application;
将与所述应用程序对应的原始安装包和所述权限文件打包, 得到已审 核安装包; The original installation package corresponding to the application and the permission file are packaged to obtain an audited installation package;
对所述已审核安装包进行签名操作, 得到已签名安装包。 Sign the audited installation package to get the signed installation package.
根据权利要求 7所述的应用程序权限的管控终端, 其特征在于, 获取 与应用程序对应的权限文件, 具体为: The control terminal of the application authority according to claim 7, wherein the permission file corresponding to the application is obtained, specifically:
获取与所述应用程序对应的功能列表; Obtaining a list of functions corresponding to the application;
获取与所述功能列表对应的权限列表; 根据所述权限列表生成与所述应用程序对应的权限文件。 Obtaining a permission list corresponding to the function list; and generating a rights file corresponding to the application according to the permission list.
根据权利要求 8所述的应用程序权限的管控终端, 其特征在于, 获取 与所述功能列表对应的权限列表, 具体为: The control terminal of the application authority according to claim 8, wherein the permission list corresponding to the function list is obtained, specifically:
若所述功能列表中存在金融交易功能, 则根据金融终端接口的信息生 成所述权限列表; 所述金融终端包括磁条卡读写器、 接触式 IC卡读写 器、 非接触式 IC卡读写器和密码键盘。 If the financial transaction function exists in the function list, generating the permission list according to the information of the financial terminal interface; the financial terminal includes a magnetic stripe card reader, a contact IC card reader, and a non-contact IC card reading. Writer and password keyboard.
根据权利要求 7所述的应用程序权限的管控终端, 其特征在于, 还包 括: 根据所述已签名安装包安装所述应用程序; The control terminal of the application authority according to claim 7, further comprising: Installing the application according to the signed installation package;
当所述应用程序发出访问预设的接口的请求吋, 检测所述权限文件中 是否存在与所述预设的接口对应的信息, 得到检测结果; When the application sends a request for accessing the preset interface, detecting whether the information corresponding to the preset interface exists in the permission file, and obtaining a detection result;
若所述检测结果为所述权限文件中不存在与所述预设的接口对应的信 息, 则拒绝所述应用程序访问所述预设的接口; 否则, 允许所述应用 程序访问所述预设的接口。 If the detection result is that the information corresponding to the preset interface does not exist in the permission file, the application is denied access to the preset interface; otherwise, the application is allowed to access the preset. Interface.
根据权利要求 10所述的应用程序权限的管控终端, 其特征在于, 根据 所述已签名安装包安装所述应用程序之后, 还包括: The control terminal of the application authority according to claim 10, wherein after the application is installed according to the signed installation package, the method further includes:
为所述应用程序分配唯一标识; Assigning a unique identifier to the application;
当所述应用程序发出访问预设的接口的请求吋, 根据所述唯一标识获 取与所述应用程序对应的权限文件。 When the application issues a request to access the preset interface, the rights file corresponding to the application is obtained according to the unique identifier.
根据权利要求 10所述的应用程序权限的管控终端, 其特征在于, 根据 所述已签名安装包安装所述应用程序, 具体为: The control terminal of the application authority according to claim 10, wherein the application is installed according to the signed installation package, specifically:
获取与所述已签名安装包对应的数字签名; Obtaining a digital signature corresponding to the signed installation package;
验证所述数字签名的合法性, 得到验证结果; Verifying the legality of the digital signature and obtaining the verification result;
若所述验证结果为所述数字签名合法, 则根据所述已签名安装包安装 所述应用程序。 If the verification result is that the digital signature is legal, the application is installed according to the signed installation package.
一种应用程序权限的管控方法, 其特征在于, 包括: A method for controlling application authority, characterized in that it comprises:
获取已签名安装包; 所述已签名安装包中包括应用程序的原始安装包 和携带所述应用程序可访问接口的信息的权限文件; Obtaining a signed installation package; the signed installation package includes an original installation package of the application and a permission file carrying information of the interface accessible by the application;
根据所述已签名安装包安装所述应用程序; Installing the application according to the signed installation package;
当所述应用程序发出访问预设的接口的请求吋, 检测所述权限文件中 是否存在与所述预设的接口对应的信息, 得到检测结果; When the application sends a request for accessing the preset interface, detecting whether the information corresponding to the preset interface exists in the permission file, and obtaining a detection result;
若所述检测结果为所述权限文件中不存在与所述预设的接口对应的信 息, 则拒绝所述应用程序访问所述预设的接口; 否则, 允许所述应用 程序访问所述预设的接口。 If the detection result is that the information corresponding to the preset interface does not exist in the permission file, the application is denied access to the preset interface; otherwise, the application is allowed to access the preset. Interface.
根据权利要求 13所述的应用程序权限的管控方法, 其特征在于, 根据 所述已签名安装包安装所述应用程序, 具体为: 获取与所述已签名安装包对应的数字签名; The method for controlling the application authority according to claim 13, wherein the application is installed according to the signed installation package, specifically: Obtaining a digital signature corresponding to the signed installation package;
验证所述数字签名的合法性, 得到验证结果; Verifying the legality of the digital signature and obtaining the verification result;
若所述验证结果为所述数字签名合法, 则根据所述已签名安装包安装 所述应用程序。 If the verification result is that the digital signature is legal, the application is installed according to the signed installation package.
根据权利要求 13所述的一种应用程序权限的管控方法, 其特征在于, 根据所述已签名安装包安装所述应用程序之后, 还包括: The method for controlling the application authority according to claim 13, wherein after the application is installed according to the signed installation package, the method further includes:
为所述应用程序分配唯一标识; Assigning a unique identifier to the application;
当所述应用程序发出访问预设的接口的请求吋, 根据所述唯一标识获 取与所述应用程序对应的权限文件。 When the application issues a request to access the preset interface, the rights file corresponding to the application is obtained according to the unique identifier.
根据权利要求 13所述的一种应用程序权限的管控方法, 其特征在于, 还包括: The method for controlling the application authority according to claim 13, further comprising:
当所述检测结果为所述权限文件中不存在与所述预设的接口对应的信 息吋, 卸载所述应用程序。 When the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is uninstalled.
一种 POS终端, 其特征在于, 包括一个或多个第二处理器及第二存储 器, 所述第二存储器存储有程序, 并且被配置成由所述一个或多个第 二处理器执行以下步骤: A POS terminal, comprising: one or more second processors and a second memory, wherein the second memory stores a program and is configured to perform the following steps by the one or more second processors :
获取已签名安装包; 所述已签名安装包中包括应用程序的原始安装包 和携带所述应用程序可访问接口的信息的权限文件; Obtaining a signed installation package; the signed installation package includes an original installation package of the application and a permission file carrying information of the interface accessible by the application;
根据所述已签名安装包安装所述应用程序; Installing the application according to the signed installation package;
当所述应用程序发出访问预设的接口的请求吋, 检测所述权限文件中 是否存在与所述预设的接口对应的信息, 得到检测结果; When the application sends a request for accessing the preset interface, detecting whether the information corresponding to the preset interface exists in the permission file, and obtaining a detection result;
若所述检测结果为所述权限文件中不存在与所述预设的接口对应的信 息, 则拒绝所述应用程序访问所述预设的接口; 否则, 允许所述应用 程序访问所述预设的接口。 If the detection result is that the information corresponding to the preset interface does not exist in the permission file, the application is denied access to the preset interface; otherwise, the application is allowed to access the preset. Interface.
根据权利要求 17所述的 POS终端, 其特征在于, 根据所述已签名安装 包安装所述应用程序, 具体为: The POS terminal according to claim 17, wherein the application is installed according to the signed installation package, specifically:
获取与所述已签名安装包对应的数字签名; Obtaining a digital signature corresponding to the signed installation package;
验证所述数字签名的合法性, 得到验证结果; 若所述验证结果为所述数字签名合法, 则根据所述已签名安装包安装 所述应用程序。 Verifying the legality of the digital signature and obtaining the verification result; If the verification result is that the digital signature is legal, the application is installed according to the signed installation package.
[权利要求 19] 根据权利要求 17所述的 POS终端, 其特征在于, 根据所述已签名安装 包安装所述应用程序之后, 还包括:  The POS terminal according to claim 17, wherein after the application is installed according to the signed installation package, the method further includes:
为所述应用程序分配唯一标识;  Assigning a unique identifier to the application;
当所述应用程序发出访问预设的接口的请求吋, 根据所述唯一标识获 取与所述应用程序对应的权限文件。  When the application issues a request to access the preset interface, the rights file corresponding to the application is obtained according to the unique identifier.
[权利要求 20] 根据权利要求 17所述的 POS终端, 其特征在于, 还包括:  [Claim 20] The POS terminal according to claim 17, further comprising:
当所述检测结果为所述权限文件中不存在与所述预设的接口对应的信 息吋, 卸载所述应用程序。  When the detection result is that the information corresponding to the preset interface does not exist in the rights file, the application is uninstalled.
PCT/CN2017/107641 2017-10-25 2017-10-25 Method and terminal for managing and controlling permission of application, and pos terminal WO2019079998A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201780001453.8A CN108064383A (en) 2017-10-25 2017-10-25 A kind of management-control method, terminal and the POS terminal of application program permission
PCT/CN2017/107641 WO2019079998A1 (en) 2017-10-25 2017-10-25 Method and terminal for managing and controlling permission of application, and pos terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/107641 WO2019079998A1 (en) 2017-10-25 2017-10-25 Method and terminal for managing and controlling permission of application, and pos terminal

Publications (1)

Publication Number Publication Date
WO2019079998A1 true WO2019079998A1 (en) 2019-05-02

Family

ID=62141994

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/107641 WO2019079998A1 (en) 2017-10-25 2017-10-25 Method and terminal for managing and controlling permission of application, and pos terminal

Country Status (2)

Country Link
CN (1) CN108064383A (en)
WO (1) WO2019079998A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108573130B (en) * 2018-05-24 2022-06-03 深圳鼎智通讯股份有限公司 Cutter protection system during operation of intelligent POS machine terminal
CN109344605B (en) * 2018-09-10 2022-04-05 惠尔丰(中国)信息系统有限公司 Authority control method and system of intelligent POS machine
CN113190275A (en) * 2020-01-13 2021-07-30 奇安信科技集团股份有限公司 Associated application setting method, associated application starting control method and associated application starting control device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104317587A (en) * 2014-10-22 2015-01-28 中国人民解放军国防科学技术大学 Automatic android mobile device oriented application generation method
WO2016175880A1 (en) * 2015-04-29 2016-11-03 Hewlett Packard Enterprise Development Lp Merging incoming data in a database
CN106304040A (en) * 2015-05-25 2017-01-04 阿里巴巴集团控股有限公司 The management method of Mobile solution, device
CN106778190A (en) * 2016-11-29 2017-05-31 艾体威尔电子技术(北京)有限公司 A kind of system and method for strengthening Android system application installation and operation safety

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006101549A2 (en) * 2004-12-03 2006-09-28 Whitecell Software, Inc. Secure system for allowing the execution of authorized computer program code
CN103514397A (en) * 2013-09-29 2014-01-15 西安酷派软件科技有限公司 Server, terminal and authority management and permission method
CN103632073A (en) * 2013-12-05 2014-03-12 北京网秦天下科技有限公司 Method and device used for controlling terminal application permission
CN104464114A (en) * 2014-12-11 2015-03-25 上海富友支付服务有限公司 System and method for managing and monitoring safety of application of financial terminals
CN105808979B (en) * 2016-03-07 2016-12-07 炫彩互动网络科技有限公司 The signature of the Android software installation kit of a kind of improvement and sign test method
CN105893837B (en) * 2016-03-31 2019-04-30 北京智能果技术有限公司 Application program installation method, security encryption chip and terminal
CN106372496A (en) * 2016-08-31 2017-02-01 福建联迪商用设备有限公司 Method and system for improving payment terminal application security
CN107169320A (en) * 2017-04-20 2017-09-15 北京小米移动软件有限公司 Method of calibration and device
CN107273742B (en) * 2017-06-09 2020-02-14 广州涉川科技有限公司 Authorized installation method, code scanning payment terminal, server and system for android application
CN109344605B (en) * 2018-09-10 2022-04-05 惠尔丰(中国)信息系统有限公司 Authority control method and system of intelligent POS machine

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104317587A (en) * 2014-10-22 2015-01-28 中国人民解放军国防科学技术大学 Automatic android mobile device oriented application generation method
WO2016175880A1 (en) * 2015-04-29 2016-11-03 Hewlett Packard Enterprise Development Lp Merging incoming data in a database
CN106304040A (en) * 2015-05-25 2017-01-04 阿里巴巴集团控股有限公司 The management method of Mobile solution, device
CN106778190A (en) * 2016-11-29 2017-05-31 艾体威尔电子技术(北京)有限公司 A kind of system and method for strengthening Android system application installation and operation safety

Also Published As

Publication number Publication date
CN108064383A (en) 2018-05-22

Similar Documents

Publication Publication Date Title
US9667426B2 (en) Information processing apparatus, program, storage medium and information processing system
US9898587B2 (en) Software protection using an installation product having an entitlement file
US6148083A (en) Application certification for an international cryptography framework
CN101501642B (en) Use the method for the portable mass storage of virtual machine activation
US20220092595A1 (en) Secure in-line payments for rich internet applications
US20030156719A1 (en) Delivery of a secure software license for a software product and a toolset for creating the sorftware product
US20090217047A1 (en) Service providing system, service providing server and information terminal device
EP0843249A1 (en) Dynamic classes of service for an international cryptography framework
US20160189135A1 (en) Virtual chip card payment
KR20080108549A (en) Secure network commercial transactions
JPH11355264A (en) Host system element for international cryptographic system
KR20090006831A (en) Authentication for a commercial transaction using a mobile module
CN109344605B (en) Authority control method and system of intelligent POS machine
JP2003005859A (en) Method for managing program and data, and computer
US20230334127A1 (en) System and method for protecting software licensing information via a trusted platform module
WO2019079998A1 (en) Method and terminal for managing and controlling permission of application, and pos terminal
CN112166449A (en) Method of processing secure financial transactions using commercial off-the-shelf or internet-of-things devices
EP2009565A1 (en) Method for securely loading a client applet in an electronic portable device
US20140136248A1 (en) Ticket transfer fingerprinting, security, and anti-fraud measures
CN104200247A (en) Method, device and terminal for processing personalized data
JP2007157030A (en) Ic card management system
CN112513839A (en) License management device, issuing device and method, program execution device and method, and computer-readable medium
US20220084008A1 (en) System and method of operating a consumer device as a payment device
JP7494150B2 (en) Verification device, verification method, and verification program
RU2736507C1 (en) Method and system for creating and using trusted digital image of document and digital image of document created by this method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17929901

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17929901

Country of ref document: EP

Kind code of ref document: A1