WO2022222696A1

WO2022222696A1 - Application distribution method, apparatus, device, and medium

Info

Publication number: WO2022222696A1
Application number: PCT/CN2022/083328
Authority: WO
Inventors: 梁永峰; 李林锋; 刘连喜; 曾容华
Original assignee: 华为技术有限公司
Priority date: 2021-04-21
Filing date: 2022-03-28
Publication date: 2022-10-27
Also published as: CN115220733A

Abstract

Embodiments of the present application disclose an application distribution method, comprising: an application certificate server sends a first application certificate to an application developer device, wherein the first application certificate is used to identify an application developer, and the application developer device is used to add the first application certificate to a target application; the application certificate server obtains second application certificate information from an application distribution server; if according to the second application certificate information, the application certificate server confirms that the first application certificate matches a second application certificate, the application certificate server sends a verification successful result to the application distribution server. The present application also provides an apparatus, a device, and a medium. The application developer device adds application certificates uniformly managed by the application certificate server to the target application, so that the application distribution server can check an application by means of the application certificates, and installation conflicts caused by repeated package names during a multi-channel distribution application process are avoided.

Description

A method, apparatus, device and medium for distributing applications

This application claims the priority of the Chinese patent application filed on April 21, 2021 with the application number CN202110431800.9 and the invention titled "A method, device, device and medium for distributing applications", the entire contents of which are incorporated by reference in this application.

technical field

The present application relates to the field of electronics, and in particular, to a method, apparatus, device and medium for distributing applications.

Background technique

Currently, in some operating systems, the package name of the application is used as the unique identifier of the application, and when the application is installed, upgraded, or run, the application with the same package name will be recognized as the same application.

Based on the consideration of openness, some systems support the installation of applications from multiple markets/channels (such as browsers, in-app installations). For different applications distributed by different developers in different channels, the package name cannot be guaranteed to be globally unique, which will induce many packages. Name conflict problem, which affects the normal work of the application in the system, and the developer experience is poor.

Therefore, the above problems existing in the prior art still need to be improved.

SUMMARY OF THE INVENTION

The present application provides a method, apparatus, device and medium for distributing applications, which are used to solve the problem of package name conflict caused by duplicate application package names in the process of application distribution.

In view of this, a first aspect of the present application provides a method for distributing applications, including:

The application certificate server sends a first application certificate to the application developer device, where the first application certificate is used to identify the application developer, and the application developer device is used to add the first application certificate to the application to be distributed to obtain the target application ;

The application certificate server obtains second application certificate information from the application distribution server, where the second application certificate information is used to record the information of the second application certificate carried in the target application sent by the application developer device to the application distribution server;

If the application certificate server confirms that the first application certificate matches the second application certificate according to the second application certificate information, the application certificate server sends a verification result to the application distribution server.

In this application, the application certificate server is used for unified management and control, and the application certificate for distinguishing from other developers is allocated to the developer, and then the developer adds the application certificate to the application, thus solving the package name caused by the duplication of package names. conflict issues. At the same time, since the application certificate is uniformly managed and controlled by the application certificate server, the application certificate server can assist the application distribution server to verify the application to be put on the shelf according to the application certificate information sent by the application distribution server, thereby ensuring the unified management and control of the application to be distributed.

Optionally, before the application certificate server sends the first application certificate to the application developer device, the method further includes: the application certificate server obtains a request from the application developer device; the application certificate server generates a developer identifier according to the request, and the development The developer identifier is used to identify the application developer; the application certificate server generates the first application certificate, and the first application certificate includes the developer identifier.

In this application, the developer sends a request to the application certificate server through the application developer device, and the request is used to apply for an application certificate, and then the application certificate server allocates the developer identifier and generates the application certificate according to the request, and then issues the application certificate to the application certificate server. The device of the application developer, thus realizing the unified management and control of the application certificate by the application certificate server.

Optionally, the request includes information about the company name where the application developer is located, and/or information about the country where the application developer is located, and the generation of the first application certificate by the application certificate server includes: the application certificate server according to the development identifier of the developer, and generate the first application certificate according to the company name information where the application developer is located and/or the country information where the application developer is located, where the first application certificate includes the developer identifier and is related to the developer identifier. One or more of the company name information or the country information associated with the company.

In this application, the application certificate includes the developer identifier, and one or more of the company name information or the country information associated with the developer identifier, so that the application certificate can identify the developer according to these information, In this way, it can be distinguished from other developers and avoid conflicts caused by the same application package name.

Optionally, the application certificate server acquiring the second application certificate information from the application distribution server includes: the application certificate server acquiring the developer identifier and the second digest of the second application certificate from the application distribution server; the application certificate server After obtaining the second application certificate information from the application distribution server, the method further includes: the application certificate server obtains the first digest of the first application certificate locally according to the developer identifier; Confirm that the first application certificate matches the second application certificate, and the application certificate server sends a verification pass result to the application distribution server, including: if the application certificate server determines the first application certificate according to the first digest and the second digest The application certificate matches the second application certificate, and the application certificate server sends the verification pass result to the application distribution server.

In this application, since the application certificate server is responsible for the unified management and control of application certificates, the application certificate server can verify the target application to be put on the shelf according to the second application certificate information sent by the application distribution server, and the second application certificate information is based on the application certificate. The advantage of digest implementation is that the amount of transmitted data is small, and the application distribution server only needs to send the content of the digest to the application certificate server to verify whether the application certificate matches.

Optionally, the first digest is a first hash value generated by the application certificate server according to the recorded content of the first application certificate, and the second digest is generated by the application distribution server according to the recorded content of the second application certificate. second hash value; then if the application certificate server confirms that the first application certificate matches the second application certificate according to the second application certificate information, the application certificate server sends the verification result to the application distribution server, The method includes: if the application certificate server determines that the first hash value is the same as the second hash value, the application certificate server sends the verification pass result to the application distribution server.

In this application, the second digest and the first digest can have hash values respectively. Since the content of the application certificate changes, the hash value will change. Therefore, when the hash values of the first digest and the second digest are consistent, the application The certificate server may determine that the first application certificate matches the second application certificate, that is, the content of the application certificate on the side of the application distribution server has not changed, so the verification is passed. Conversely, if the hash values of the first digest and the second digest are inconsistent, it means that the first application certificate does not match the second application certificate, the application certificate obtained by the application distribution server has changed, and the verification fails.

Optionally, obtaining the second application certificate information from the application distribution server by the application certificate server includes: the application certificate server obtains the second application certificate from the application distribution server; the application certificate server obtains the second application certificate from the application distribution server After the information, it also includes: the application certificate server obtains the developer identifier from the second application certificate; the application certificate server obtains the first application certificate locally according to the developer identifier; if the application certificate server obtains the first application certificate according to the first application certificate The second application certificate information confirms that the first application certificate matches the second application certificate, and the application certificate server sends a verification result to the application distribution server, including: if the application certificate server compares the first application certificate with the second application certificate The developer identifiers of the two application certificates are the same, and the company name information of the application developer and/or the country information of the application developer is the same, and the application certificate server sends the verification result to the application distribution server.

In this application, the application distribution server sends the entire content of the application certificate to the application certificate server during the verification process, so that the application certificate server can compare the application certificate with the application certificate stored by the developer locally in the application certificate server, thereby Perform more precise verification, such as integrity verification, validity verification and attribution verification of application certificates.

A second aspect of the present application provides a method for distributing applications, including: an application distribution server acquires a target application from an application developer device; the application distribution server acquires a second application certificate from the target application, where the second application certificate is The application certificate server sends to the application developer device, and the application developer device joins the target application; the application distribution server sends the second application certificate information of the second application certificate to the application certificate server, the second application certificate The certificate information is used to record the content in the second application certificate; the application distribution server allows distribution of the target application according to the verification result obtained from the application certificate server, and the verification result is used to indicate the second application The certificate matches the first application certificate distributed by the application certificate server for the application developer.

Optionally, the second application certificate includes a developer identifier, and one or more of the company name information or the country information associated with the developer identifier, and the developer identifier is allocated by the application certificate server. The ID used to identify the developer of this app.

Optionally, the second application certificate information includes the second digest of the second application certificate and the developer identifier, so that the application certificate server obtains the locally stored first application certificate according to the developer identifier, and passes the first application certificate through the first application certificate. When the first digest of the application certificate and the second digest determine that the first application certificate matches the second application certificate, the verification result is sent; then the application distribution server sends the second application certificate to the application certificate server. Before the second application certificate information, the method further includes: the application distribution server generates the second digest according to the content recorded in the second application certificate.

Optionally, the second digest is a hash value, so that the first hash value generated by the application certificate server according to the first application certificate is sent when the first hash value and the second hash value are the same If the verification is passed, the application distribution server generates the second digest according to the content recorded in the second application certificate, which includes: the application distribution server generates a second hash value according to the content recorded in the second application certificate.

Optionally, sending, by the application distribution server, the second application certificate information of the second application certificate to the application certificate server includes: the application distribution server sending the second application certificate to the application certificate server, so that the application certificate server can send the second application certificate to the application certificate server. When comparing the developer ID of the first application certificate and the second application certificate, and the company name information where the application developer is located, and/or the country information where the application developer is located is the same, the application is distributed to the application The server sends the verification pass result.

For the beneficial effects of the second aspect, reference may be made to the relevant records of the first aspect, which will not be repeated here.

A third aspect of the present application provides a method for distributing applications, including: an application developer device obtains a first application certificate from an application certificate server, where the first application certificate is used to identify the application developer; the application developer device uses the first application certificate to identify the application developer; An application certificate is added to the application to be distributed to obtain the target application; the application developer device sends the target application to the application distribution server.

Optionally, before the application developer device acquires the first application certificate from the application certificate server, the method further includes: the application developer device sends a request to the application certificate server, where the request is used for requesting to acquire the first application certificate.

Optionally, the request includes information on the company name where the application developer is located, and/or information on the country where the application developer is located.

Optionally, the first application certificate includes a developer identifier, and one or more of the company name information or the country information associated with the developer identifier, wherein the developer identifier is allocated by the application certificate server. , which is used to identify the developer of the application.

For the beneficial effects of the third aspect, reference may be made to the relevant records of the first aspect, which will not be repeated here.

A fourth aspect of the present application provides a method for distributing an application, including:

The user equipment obtains the target application from the application distribution server, the target application is the application uploaded to the application distribution server by the application developer device, the target application includes the application certificate, and the application certificate is the certificate sent by the application certificate server to the application developer device , so that the application distribution server verifies the target application through the application certificate; when the package name of the target application is the same as the package name of the first local application in the user equipment, and the application certificate of the target application is the same as that of the first local application in the user equipment When the application certificates of a local application match, the user equipment determines the target application as an upgrade package of the first local application, and uses the target application to upgrade or overwrite the first local application.

In this application, since the target application includes an application certificate, and the application certificate can identify the developer of the application, during the process of installing the target application, the user equipment can determine, according to the application certificate, that the application that matches the application certificate is an upgrade package of the existing application , so as to avoid the application conflict problem that occurs when the package name is repeated.

Optionally, the method further includes: when the package name of the target application is repeated with the package name of the first local application in the user equipment, and the application certificate of the target application does not match the application certificate of the first local application, The user equipment determines the target application as a new application; the user equipment installs the target application into the local system.

In this application, since the target application includes an application certificate, the application certificate can identify the developer of the application. Therefore, in the process of installing the target application, in the case of repeated package names, the user equipment can determine the current The application is a brand new application, which avoids the application conflict problem that occurs when the package name is repeated.

Optionally, the method further includes: when the package name of the target application does not overlap with the package name of the local application of the user equipment, the user equipment determines that the target application is a new application; the user equipment installs the target application to in the local system.

In this application, since the target application has been verified by the application distribution server during the distribution process, when the package name is not repeated, the target application can directly identify the current application as a brand-new application installation, and the verification process of the application distribution server guarantees application security.

A fifth aspect of the present application provides a system for distributing applications, including: an application developer device and an application distribution server, wherein the application developer device is used to add an application certificate to an application to be distributed to obtain a target application, The application certificate is used to identify the application developer; the application distribution server is used to obtain the target application from the application developer's device, and verify the target application according to the application certificate; the application distribution server is also used for the application in the school The distribution of the target application is allowed when the verification is passed.

Optionally, the system further includes an application certificate server, wherein the application certificate server is configured to distribute the application certificate to the application developer device according to the request of the application developer device; the application distribution server is also configured to obtain the application certificate from the application developer device. The target application obtains the application certificate, and sends the application certificate information of the application certificate to the application certificate server; the application certificate server is also used to compare the application certificate information sent by the application distribution server with the application of the local application certificate certificate information, to judge whether the application certificate sent by the application distribution server matches the local application certificate, and if it matches, send the verification result to the application distribution server; the application distribution server is also used to obtain the verification pass As a result, distribution of the target application is allowed.

Optionally, the system further includes user equipment, wherein the user equipment is used to obtain the target application distributed by the application distribution server, and determine whether the target application is a brand-new application or a local application according to the application certificate of the target application. Install the upgrade package.

For the beneficial effects of the fifth aspect, reference may be made to the relevant records of the first aspect and the fourth aspect, which will not be repeated here.

A sixth aspect of the present application provides an application certificate server, including:

a sending unit, configured to send a first application certificate to the application developer device, where the first application certificate is used to identify the application developer, and the application developer device is used to add the first application certificate to the application to be distributed to obtain target application;

an obtaining unit, configured to obtain second application certificate information from the application distribution server, where the second application certificate information is used to record the information of the second application certificate carried in the target application sent by the application developer device to the application distribution server;

A verification unit, configured to make the sending unit send a verification pass result to the application distribution server if the application certificate server confirms that the first application certificate matches the second application certificate according to the second application certificate information.

Optionally, the obtaining unit is further configured to: obtain a request from the application developer device;

Also includes, an execution unit, the execution unit is configured to generate a developer identifier according to the request, and the developer identifier is used to identify the application developer;

The execution unit is further configured to generate the first application certificate, where the first application certificate includes the developer identifier.

Optionally, if the request includes the company name information where the application developer is located, and/or the information about the country where the application developer is located, the execution unit is further used for:

The first application certificate is generated according to the developer identifier and the company name information where the application developer is located and/or the country information where the application developer is located, where the first application certificate includes the developer identifier and is related to the developer. One or more of the company name information or the country information associated with the person identification.

Optionally, the obtaining unit is further configured to: obtain the developer identifier and the second digest of the second application certificate from the application distribution server;

The execution unit is further configured to: obtain the first digest of the first application certificate locally according to the developer identifier;

The verification unit is further configured to: if it is determined according to the first digest and the second digest that the first application certificate matches the second application certificate, make the sending unit send the verification pass result to the application distribution server.

Optionally, the first digest is a first hash value generated by the application certificate server according to the recorded content of the first application certificate, and the second digest is generated by the application distribution server according to the recorded content of the second application certificate. second hash value; then if the application certificate server confirms that the first application certificate matches the second application certificate according to the second application certificate information, the verification unit is further configured to:

If it is determined that the first hash value is the same as the second hash value, the sending unit sends the verification pass result to the application distribution server.

Optionally, the obtaining unit is further configured to: obtain the second application certificate from the application distribution server;

The execution unit is further configured to: obtain the developer identifier from the second application certificate;

The execution unit is further configured to: obtain the first application certificate locally according to the developer identifier;

The verification unit is further configured to: if the developer identification of the first application certificate and the second application certificate are the same, and the company name information where the application developer is located, and/or, the application developer is located in The country information is the same, so that the sending unit sends the verification result to the application distribution server.

A seventh aspect of the present application provides an application distribution server, including:

an acquisition unit, used to acquire the target application from the application developer's device;

an execution unit, configured to acquire a second application certificate from the target application, where the second application certificate is sent by the application certificate server to the application developer device, and the application developer device joins the target application;

a sending unit, configured to send second application certificate information of the second application certificate to the application certificate server, where the second application certificate information is used to record content in the second application certificate;

The execution unit is further configured to allow distribution of the target application according to a verification result obtained from the application certificate server, where the verification result is used to indicate that the second application certificate and the application certificate server are the application developer The distributed first application certificate matches.

Optionally, the second application certificate information includes the second digest of the second application certificate and the developer identifier, so that the application certificate server obtains the locally stored first application certificate according to the developer identifier, and passes the first application certificate through the first application certificate. When the first digest of the application certificate and the second digest determine that the first application certificate matches the second application certificate, the verification pass result is sent; then the execution unit is further configured to:

The second digest is generated according to the content recorded in the second application certificate.

Optionally, the second digest is a hash value, so that the first hash value generated by the application certificate server according to the first application certificate is sent when the first hash value and the second hash value are the same The result of the verification is passed; then the execution unit is also used for:

A second hash value is generated according to the content recorded in the second application certificate.

Optionally, the sending unit is further used for:

sending the second application certificate to the application certificate server, so that the application certificate server compares the first application certificate and the second application certificate with the same developer identification, and the company name information of the application developer, and /Or, when the information about the country where the application developer is located is the same, send the verification pass result to the application distribution server.

An eighth aspect of the present application provides an application developer device, including:

an obtaining unit, configured to obtain a first application certificate from an application certificate server, where the first application certificate is used to identify the application developer;

an execution unit, configured to add the first application certificate to the application to be distributed to obtain a target application;

The sending unit is used for sending the target application to the application distribution server.

Optionally, the sending unit is further configured to send a request to the application certificate server, where the request is used to request to obtain the first application certificate.

A ninth aspect of the present application provides a user equipment, including:

an obtaining unit, configured to obtain a target application from an application distribution server, where the target application is an application uploaded by an application developer device to the application distribution server, the target application includes an application certificate, and the application certificate is sent by the application certificate server to the application developer The certificate of the device, so that the application distribution server can verify the target application through the application certificate;

an execution unit, configured to determine the target application when the package name of the target application is repeated with the package name of the first local application in the user equipment, and the application certificate of the target application matches the application certificate of the first local application It is an upgrade package of the first local application, and the first local application is upgraded or over-installed with the target application.

Optionally, the execution unit is also used for:

When the package name of the target application duplicates the package name of the first local application in the user equipment, and the application certificate of the target application does not match the application certificate of the first local application, the target application is determined as a new application;

Install the target application to the local system.

Optionally, the execution unit is also used for:

When the package name of the target application does not overlap with the package name of the local application of the user equipment, the target application is determined as a new application;

Install the target application to the local system.

A tenth aspect of the present application provides an electronic device, the electronic device comprising: an interaction device, an input/output (I/O) interface, a processor, and a memory, where program instructions are stored in the memory;

The interaction device is used to obtain the operation instruction input by the user;

The processor is configured to execute program instructions stored in the memory, so that the electronic device executes the method according to any one of the first to fourth aspects.

An eleventh aspect of the present application provides a computer-readable storage medium, comprising instructions, which when executed on a computer device, cause the computer device to execute the method according to any one of the first to fourth aspects.

For the beneficial effects of the sixth to eleventh aspects, reference may be made to the descriptions of the first aspect and the fourth aspect, which will not be repeated here.

Description of drawings

1 is a schematic diagram of a terminal device downloading applications through different application markets;

2 is a schematic diagram of a terminal showing an interface to a user when the signatures of the applications are inconsistent;

3 is a schematic diagram of a method for distributing an application provided by an embodiment of the present application;

4 is a schematic diagram of a user equipment verifying a target application in the method for distributing an application provided by an embodiment of the present application;

5 is a schematic diagram of a system for distributing applications provided by an embodiment of the present application;

6 is a schematic diagram of an electronic device provided by an embodiment of the present application;

7 is a schematic diagram of an application certificate server provided by an embodiment of the present application;

8 is a schematic diagram of an application distribution server provided by an embodiment of the present application;

FIG. 9 is a schematic diagram of an application developer device provided by an embodiment of the present application;

FIG. 10 is a schematic diagram of a user equipment provided by an embodiment of the present application.

Detailed ways

The embodiments of the present invention provide a method for distributing applications, which is used to solve the problem of package name conflict caused by repeated application package names in the process of application distribution.

In order to make those skilled in the art better understand the solutions of the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only The embodiments are part of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the scope of protection of the present application.

The terms "first", "second", "third", "fourth", etc. (if any) in the description and claims of this application and the above-mentioned drawings are used to distinguish similar objects and are not necessarily used to Describe a particular order or sequence. It is to be understood that data so used may be interchanged under appropriate circumstances so that the embodiments described herein can be practiced in sequences other than those illustrated or described herein. Furthermore, the terms "comprising" and "having", and any variations thereof, are intended to cover non-exclusive inclusion, for example, a process, method, system, product or device comprising a series of steps or units is not necessarily limited to those expressly listed Rather, those steps or units may include other steps or units not expressly listed or inherent to these processes, methods, products or devices.

For example, as shown in FIG. 1, the package name of application A (101) is “com.123”, which is uploaded by developer A to application market A (102), and the terminal device 105 uses application market A (102) to upload the application A (102). 101) Download and install into the local system. The package name of the application B (103) is also "com.123", which is uploaded to the application market B (104) by the developer B, and the terminal device 105 downloads the application B (103) to the local through the application market B (104). In the system, during the installation process, the package names used for application B (103) and the installed application A (101) are also "com.123", and a package name conflict occurs. Install on the local system of the terminal.

For this reason, the current application identification generally adopts the method of "package name + signature certificate", wherein the signature certificate is a certificate generated by the developer through private key signature when developing the application. As a specific implementation, when an application needs to be installed on the system, it is necessary to compare the "package name + signature certificate" of the application to be installed with the "package name + signature certificate" of the installed application in the system, and an error message will appear. The following cases.

1. Different package names: Identify the application to be installed as a brand-new application, and the application can be installed independently, without conflict with the installed application, and can exist at the same time.

2. The package names are the same, and the signing certificate is verified as follows:

1) Consistent signature certificate: Identify the application with the same signature certificate currently installed in the current system as the same application developed by the same developer. The application currently to be installed can perform overwrite/upgrade installation on the installed application.

2) Inconsistent signature certificates: Identify the current application to be installed as a different application developed by different developers, the application is not allowed to be installed/upgraded, and the old application must be uninstalled before the new application can be installed.

The above example in Figure 1 is still used for description, in which, application A and application B are applications developed by different developers, and the package names of the two applications are both "com.123". If the private keys are different, and the signature certificates of application A and application B are different, during the process of installing application B, the system verifies that the signature certificates of application B and application A are inconsistent. At this time, the terminal displays the interface as shown in Figure 2 to the user. , to prompt the user through a prompt box 201 that the signature of the current application B is inconsistent with that of the installed old version of the application A, and the application B can be installed only after the application A is uninstalled.

However, in the current scheme, there are still some problems. After the developer replaces the signing certificate for the same application, the system will recognize the change of the application signing certificate, and the upgrade is not allowed, and it will still appear that the old version of the application must be uninstalled before the new version of the application can be installed. At the same time, if the developer certificate/private key is leaked, other developers can use the leaked certificate/private key to sign a malicious application (with the same package name as the attacked application), and the malicious application can be directly installed and overwritten on the system. Original app.

The above problems all affect the identification efficiency and security of the application identification.

Therefore, in order to solve this problem, an embodiment of the present application provides a method for distributing applications, through unified management and control of the server, assigning application certificates to developers for distinguishing from other developers, and solving the problem of package name conflict caused by repeated package names . For ease of understanding, the methods provided by the embodiments of the present application will be described in detail below with reference to the accompanying drawings.

Please refer to FIG. 3 , which is a schematic diagram of a method for distributing an application provided by an embodiment of the present application. As shown in FIG. 3 , the method for distributing an application provided by an embodiment of the present application includes.

301. The application developer device obtains the application certificate from the application certificate server.

In this embodiment, the application developer device is the terminal where the application developer is located. As a specific implementation, the application developer device is provided with a developer platform provided for the developer, and the application developer can use the development platform on the application developer device. Develop applications. The application certificate server is used to manage the application certificate, the application certificate server is the application certificate generated by the application developer device, and the subject (subject) in the application certificate includes a content provider identity (CPID), The CPID is an identifier allocated by the application certificate server to the device of the application developer, which is used to identify the developer. The CPID may also be referred to as a developer identifier. In a possible implementation manner, the CPID has a unique corresponding relationship with the developer, so that the application developed by the developer can be distinguished from the applications developed by other developers according to the subject of the application certificate.

Further, the subject in the application certificate may also include the company name and the country of the developer where the developer of the application developer device is located, and optionally, may also include any other information that can identify the developer's identity. For this, The embodiments of the present application are not limited.

It should be noted that, as another specific implementation, the same developer may obtain multiple application certificates, and at least some of the subjects included in the multiple application certificates may be the same. For example, for developer A, in the development stage of the target application, he needs to obtain the debugging certificate of the target application: application certificate A; in the online stage of the target application, he needs to obtain the commercial certificate of the target application: application certificate B; The content of the application certificate may be leaked. For example, the content of application certificate B is leaked. At this time, developer A needs to apply for a new application certificate C. In the above example, at least some of the subjects contained in the multiple application certificates A, B and C obtained by the same developer A have the same contents. For example, the CPIDs in the subjects of the three application certificates are the same. Optionally, all the contents recorded in the subject included in the three application certificates are the same.

As a specific implementation, the developer sends a request to the application certificate server through the application developer device, and the request is used to apply for an application certificate. The certificate server verifies the request, such as the authenticity of the company name and the developer's country, then assigns a CPID and generates an application certificate according to the request, and then issues the application certificate to the application developer's device. The device obtains the application certificate.

As a possible implementation, the subject of the application certificate is content allocated by the application certificate server to the device of the application developer that can be distinguished from other developers. For example, the subject of the application certificate may be globally unique. In a possible scenario, if multiple servers are used to distribute application certificates, you can configure the fields of application certificates distributed by each server to be different, thus ensuring that each server distributes applications within its management domain. The CPID of the certificate is different. Or, the subject in the application certificate allocated to the terminal by one or more servers is unique within a certain geographical scope, for example, the subject content of the application certificate is unique within the scope of mainland China. In this way, when the target application is listed on the subsequent application market, the target application to be listed can be verified according to the subject of the application certificate. Compared with the method in the prior art in which the user generates a signature certificate for verification through a private key, the certificate can be prevented from being forged, the security of the certificate is improved, and the security of subsequent application verification is also improved, and the signature certificate will not appear. resulting conflict.

302. The application developer device adds the application certificate to the target application.

In this embodiment, the target application is an application developed by the developer through the developer platform on the application developer device. When the development of the target application is completed, the application developer device packages the application certificate and adds it to the target application, so that the target application can It is identified by the subject in the application certificate. In the subsequent installation process of the target application, the target application can prevent conflicts with other applications according to the subject.

Optionally, the application developer device may also add a package name PackageName and a developer signature to the target application, where the package name is used to identify the name of the target application, thereby forming an identification method of "PackageName+subject" in the target application. , the developer's signature is a signature generated by the developer according to the private key. In the solution provided by the embodiment of this application, the developer's signature can be used for the integrity check of the target application to prevent the installation package of the target application from being in the data transmission process. damage has occurred.

303. The application developer device sends the target application to the application distribution server.

In this embodiment, the application distribution server is used to manage and distribute application programs. For example, the application distribution server may be a server that provides application market services, or other application distribution channels that allow end users to download applications. The application examples are not limited. Taking the application distribution server as the server supporting the application market service as an example, the application developer device sends the target application to the application distribution server, so that the target application can be listed in the application market, and other users can download the target application from the application market. application.

304. The application distribution server verifies the target application according to the application certificate.

In this embodiment, the subject in the application certificate is the content that is uniformly controlled by the application certificate server, so the application market in the application distribution server can use the application certificate server to verify the target application according to the application certificate to prevent conflicts between applications Case. In contrast, in the traditional scheme, the signature certificate used for application verification is generated by the user, which lacks unified management and control, so it is impossible to prove that the source of the signature certificate is legitimate.

Optionally, the specific verification step can be performed through the following steps.

1. The application distribution server obtains the second digest and CPID of the second application certificate.

In this embodiment, the application certificate obtained by the application distribution server from the target application is the second application certificate, and the application distribution server generates a second digest according to the content recorded in the second application certificate. The hash value generated by the content of the second application certificate, the change of the content in the application certificate will cause the change of the hash value, so the second digest can accurately represent the content contained in the current second application certificate. The CPID is the content recorded in the subject of the application certificate, and the application distribution server may obtain the CPID from the subject of the second application certificate.

2. The application distribution server sends the second digest and the CPID to the application certificate server.

In this embodiment, the application certificate server is used to manage the application certificate, and the application certificate server records the information of the application certificate distributed to each developer. Therefore, the application distribution server sends the second digest to the application certificate server, and the application certificate server sends the second digest to the application certificate server. The server performs the verification of the second digest.

Optionally, the application distribution server may also obtain a developer signature from the target application, where the developer signature is a signature generated by the developer according to the private key, and can be used to verify the integrity of the second digest. As a specific implementation, the application distribution server sends the developer's signature to the application certificate server together, so that the server can determine whether the second digest has been tampered with according to the developer's signature.

It should be noted that the application certificate server and the application distribution server may be two independent servers, or may be two different functional modules in the same server, which are not limited in this embodiment of the present application.

3. The application certificate server verifies the application certificate of the target application according to the second digest and the CPID.

In this embodiment, the application certificate server is a module for managing certificates. As a specific implementation, verification is performed in the following manner.

1) The application certificate server obtains locally the first application certificate assigned to the corresponding developer according to the CPID.

In this embodiment, the application certificate is generated and controlled by the application certificate server. Therefore, the application certificate server locally stores the application certificate corresponding to each CPID. According to the CPID sent by the application distribution server, the application certificate server can query the CPID. The corresponding application certificate locally.

2) The application certificate server generates a first digest according to the content of the first application certificate.

In this embodiment, the first digest is the first digest generated by the application certificate server according to the content recorded in the locally stored first application certificate, and the method for generating the digest is the same as the application distribution server according to the content recorded in the second application certificate. The method for generating the second abstract is consistent.

3) The application certificate server compares the first digest with the second digest.

In this embodiment, as a specific implementation, the second digest and the first digest can have hash values respectively. Since the change of the content in the application certificate will cause the change of the hash value, when the first digest and the second digest When the hash values of the two are consistent, the application certificate server can determine that the first application certificate matches the second application certificate, that is, the content of the application certificate on the application distribution server side has not changed, so the verification is passed. Conversely, if the hash values of the first digest and the second digest are inconsistent, it means that the first application certificate does not match the second application certificate, the application certificate obtained by the application distribution server has changed, and the verification fails.

4. The application certificate server sends the verification result to the application distribution server.

In this embodiment, the application certificate server sends the verification result to the application distribution server, so that the application distribution server knows the verification status of the target application by the application certificate server. If the verification result is not passed, the application distribution server determines that the current target application is illegal and does not put it on the shelf, and the process ends. If the verification result is passed, the application distribution server puts the target application on the shelf.

It should be noted that the methods provided in the above steps 1 to 4 are based on the verification of the digest of the application certificate. Verify that the app certificates match. Optionally, the application distribution server may also send the entire content of the application certificate to the application certificate server, so that the application certificate server can compare the application certificate with the application certificate stored by the developer locally in the application certificate server, so that the execution is more accurate. verification, such as integrity verification, validity verification and attribution verification of application certificates.

In this embodiment, two verification methods for the second application certificate are provided, one is to realize the verification by sending the digest of the application certificate, and the other is to directly send the entire content of the second application certificate to realize the verification. The result of the verification is to determine whether the first application certificate matches the second application certificate. Optionally, "matching" can be achieved by:

a. The first abstract is identical or partially identical to the second abstract.

b. The first hash value is identical or partially identical to the second hash value.

c. The contents recorded in the first application certificate and the second application certificate are completely or partially the same.

It can be seen that, in the verification process of the above step 304, the application certificate server determines that any one of the above conditions a to c is satisfied, and can determine that the verification is passed, and sends the verification pass result to the application distribution server.

In this embodiment, since the subject in the application certificate is the content uniformly managed and controlled by the application certificate server, the application certificate can be verified at the application distribution server (ie, the application market) side through interaction with the application certificate server, thereby preventing Conflicts between apps.

It should be noted that since the above verification steps are performed through the application certificate, as a specific implementation, if the developer replaces the developer signature information in the target application as required, for example, the developer executes the application signature due to If the private key is leaked and the developer's signature is changed, this operation will not affect the verification, that is, the application distribution server will not affect the verification result because the developer changes the developer's signature, which improves the stability of the scheme. As long as the content of the subject in the assigned application certificate remains unchanged, the identification method of "PackageName+subject" will not change, so the application certificate will not affect the identification of the application, and it will not affect the developer's certificate change. Verify that the application installation/upgrade can still be carried out normally.

Further, when the verification result of the application distribution server on the target application is passed, the subsequent steps are performed.

305. The application distribution server opens the download permission of the target application.

In this embodiment, when the application distribution server passes the verification of the target application, it indicates that the target application is a legitimate application and does not conflict with the previous application, and at this time, the target application is an application that can be downloaded by other terminals. For example, if the application distribution server is an application market, the specific implementation method of this step is: the application market puts the target application on the shelf, and the application after the shelf can be queried and downloaded by each terminal.

It should be noted that the above application distribution server only represents the server where one of the application markets is located. As a specific implementation, there may also be multiple application distribution servers, and each server corresponds to a different application market or application distribution channel. , and the specific working mode of each server may be the same as that of the application distribution server, so the embodiments of the present application will not repeat them.

306. The user equipment acquires the target application from the application distribution server.

In this embodiment, the user equipment is any terminal that needs to download and install the target application. For example, the application distribution server is a server supporting the application market service, and the user equipment is the terminal of the common user accessing the application market. As a specific implementation, the target application is downloaded by the user equipment from the application market (application distribution server) to the local user equipment in the form of an installation package, and the installation package of the target application includes the package name of the target application, the application certificate and the development signature.

307. The user equipment verifies the target application.

In this embodiment, after the user equipment downloads the target application locally, it needs to verify the target application before installing the target application to determine whether the current target application is a brand-new application or an upgrade package of the local application, Specifically, please refer to FIG. 4 , which shows an implementation manner in which the user equipment verifies the target application. As shown in FIG. 4 , the verification step of the user equipment may be performed in the following manner.

401. The user equipment obtains the application certificate of the target application.

In this embodiment, the application certificate in the target application is the certificate added to the target application in the preceding steps. When the user equipment obtains the application certificate from the target application, the following steps are further performed.

402. The user equipment determines whether the package name of the target application duplicates the package name of the local application.

In this embodiment, since the application certificate of the target application carries a subject that is uniformly managed and controlled by the application certificate server and can be distinguished from other developers, on the application distribution server (application market) side, the application distribution server has The application has been verified. After the user device downloads the target application from the application market to the local, if it is determined during verification that the package name of the target application and the package name of the local application are not identical, the user device can directly transfer the current The target application is judged to be a brand new application, and the verification is passed. If the package name of the target application is the same as the package name of the application installed locally on the user equipment, further perform subsequent steps.

403. The user equipment determines whether the application certificate of the target application is consistent with the application certificate of the local application.

In this embodiment, if the subject in the application certificate of the target application is consistent with the subject in the application certificate of the first local application installed locally, the user equipment can determine that the current target application is an upgrade package of the first local application, and the Pass the test. If the subject contained in the application certificate of the target application is inconsistent with the subject' in the application certificates of all the locally installed applications, the user equipment determines that the target application is a brand-new application, and the verification passes.

In this embodiment, through the above steps 401 to 403, the user equipment verifies the target application. Since the application certificate in the target application carries the subject that is uniformly managed and controlled by the application certificate server, it is avoided that in an open system, due to the application package Installation conflicts caused by duplicate names, while ensuring the security and accuracy of application verification.

Further, when the user equipment passes the verification of the target application, the following steps are performed.

308. The user equipment installs the target application locally.

In this embodiment, according to the verification result, if the user equipment determines that the target application is a brand-new application, the target application is directly installed in the local system. If the user equipment determines that the target application is an upgrade package of the first local application that has been installed locally, the first application is upgraded or over-installed according to the target application.

It should be noted that, in the above working process, if the user equipment does not obtain the application certificate from the application when verifying the application downloaded to the local, it means that the current application does not execute the method for distributing the application provided by this application. It can be directly determined that the application is an illegal application, and the verification fails.

In this embodiment, the application certificate obtained by the application developer device from the application certificate server includes the subject that is uniformly managed and controlled by the application certificate server. After the application certificate and the package name PackageName are packaged into the target application, the target application is uploaded to the application distribution server. The application distribution server verifies the target application according to the subject and the package name in the application certificate, and then the target application is open for download. verify. Since the subject of the application certificate is the content uniformly managed and controlled by the application certificate server and used to distinguish developers, the situation of installation conflicts between applications caused by the same package name is avoided. It eliminates the problem of different developers with the same package name, and effectively solves the problem of application identification conflicts under multiple application distribution channels. At the same time, the mechanism that the application certificate is uniformly managed and controlled by the application certificate server can ensure that the source of the application certificate is legal and the format is uniform, and provide a basis for introducing developer identity information into the application identification. On the premise of obtaining the application certificate, the developer can distribute the application through different channels, and the server of each distribution channel can verify the application to be put on the shelf through the subject uniformly controlled by the application certificate server. The openness of the system is taken into account while ensuring that the application ecology of the system is uniformly managed and controlled.

For ease of understanding, an example is given below to describe the method for distributing applications provided by the embodiments of the present application.

In the above step 301, the developer applies to the application certificate server for an application certificate through the application developer device, and the subject in the application certificate is generated by the application certificate server in a fixed format. For example, the CPID of the application developer device is 98789479145275401, If the company is Beijing xx Co., Ltd. and the country where the developer is located is China CN, the subject in the application certificate adopts the following format.

subject=(O=Beijing xx Co., Ltd., OU=98789479145275401, C=CN)

The name of the software is "First Application", and the package name of the software, PackageName, is in the following format.

packagename=(com.123.example.video)

The developer signs the "first application" application through the private key, thereby obtaining the developer's signature in the "first application" application.

Finally, the developer packages the "first application" application through the application developer device, and the packaged "first application" application includes the aforementioned packagename, subject, and the developer's signature.

The application developer device uploads the packaged "first application" application to the "A application market", which is an application market running on the application distribution server.

After obtaining the "first application" application, the "A application market" verifies the "first application" application according to the relevant steps described in 304 above.

After the verification is passed, "App Market A" will put the "First App" application on the shelves, and the user device, such as the user's mobile phone, can download the "First App" application to the local user device through "App Market A". Perform the following verification steps for the "first application" application.

1). When the "first application" is installed, the user's mobile phone installer module extracts the application certificate in the application for verification:

a). If the application certificate cannot be extracted, it is identified as an illegal application, installation is prohibited, and the process ends.

b). If it can be extracted normally, enter the subsequent process.

2). The user's mobile phone installer module extracts the PackageName=(com.123.example.video) of the "first application", and compares it with the PackageName of the installed application:

a). If the package name of the installed application does not overlap, the "first application" is identified as a brand-new application, and a brand-new installation is performed at this time, and the process ends.

b). If it is the same as the package name of the installed application, enter the subsequent process.

3). The user's mobile phone installer module extracts the subject=(O=Beijing xx Co., Ltd., OU=98789479145275401, C=CN) of the application certificate in the "First Application" application, and judges it and the developer certificate of the repackaged application Is the subject consistent:

a). If the subject in the application certificate is the same, for example, the installed application with the repackage name is a lower version of the "first application", at this time, the two applications are identified as the same application, and the upgrade/overwrite installation is performed, and the process ends.

b). If the subjects in the application certificate are inconsistent, for example, the package name of the "first application" PackageName=(com.123.example.video) and the package name of the "second application" installed locally on the user's mobile phone PackageName= (com.123.example.video) is the same, resulting in duplication, but the application certificate of the "second application" subject=(O=Shanghai xx Co., Ltd., OU=98789479111111111, C=CN), which is the same as that of the "first application" The application certificate subject=(O=Beijing xx Co., Ltd., OU=98789479145275401, C=CN) is different. At this time, the two applications are identified as different applications provided by different developers, and a new installation is performed. The two applications can exist at the same time, not will be overwritten and the process will end.

In this embodiment, through the above method, the "second application" and the "first application" are originally applications with the same package name, but because the subjects in the application certificates are different, the user's mobile phone can access the two applications during the installation process. To distinguish, to avoid the installation conflict caused by the same package name. At the same time, since the subject in the application certificate of the "first application" application is uniformly managed and controlled by the application certificate server, the application market "A application market" can verify the "first application" according to the subject in the application certificate, so that the application market It can verify the applications listed on the shelves, which ensures the security of applications in the application market while ensuring the openness of the system.

Further, based on the method for distributing applications provided by the embodiments of the present application, the embodiments of the present application further provide an operating system, the operating system supports a third-party application market, and resolves package name conflicts in a multi-party application market distributed distribution scenario. And problems such as application identity spoofing. For ease of understanding, the system provided by the embodiments of the present application will be described in detail below with reference to the accompanying drawings.

Please refer to FIG. 5. As shown in FIG. 5, the operating system provided by the embodiment of the present application includes.

The application developer device 501 is the above-mentioned application developer device. For details, please refer to the foregoing description, which will not be repeated here.

The certificate management module 502, wherein the certificate management module 502 runs in the above-mentioned application certificate server, and the certificate management module 502 specifically includes a certificate management unit 5021 and a certificate verification unit 5022, wherein the certificate management unit 5021 is used according to the application developer device. The application of 501 allocates an application certificate 506 to the application developer device, and the application certificate 506 contains a globally unique subject generated by the certificate management unit 5021 . For a specific implementation manner, reference may be made to the foregoing step 301, which will not be repeated here.

Further, the certificate verification unit 5022 is used to verify the application certificate 506 of the application according to the application of the application market 504 to verify the integrity, legality and attribution of the application certificate 506. For details, please refer to the relevant records of the above step 304 , and will not be repeated here.

The application packaging and signing module 503, which runs on the application developer device 501, is used to obtain the application certificate 506 obtained by the application developer device 501 from the certificate management unit 5021, as well as the package name of the application, the developer's company Name and developer country and other information, and package these information into the target application 507 developed by the developer module to obtain the packaged target application 508 . For a specific implementation manner, reference may be made to the description of the foregoing step 302, which will not be repeated here.

The application market 504, in the embodiment of this application, the application market 504 runs on the application distribution server, and the application market 504 is used to obtain the packaged target application 508 uploaded by the application developer device 501, and pass the certificate verification unit 5022 to the target application 508. The application certificate 506 in the application is verified. For details, please refer to the relevant records of the above-mentioned step 304, which will not be repeated here.

Further, the above-mentioned application market 504 running on the application distribution server is the application market A. Since the system provided by the embodiment of the present application supports the third-party application market, the system may also include the application market B, the application market C... Application Market N and many other application markets. The working methods of each application market can be referred to the above records, and will not be repeated here.

After the above-mentioned application market 504 completes the verification, the verified target application 509 is put on the shelf for the user equipment 505 to download.

User equipment 505, the user equipment 505 is a terminal on the user side that downloads the target application through the application market 504. The specific method of the user equipment 505 downloading, verifying and installing the target application 510 can be referred to the relevant records of the above-mentioned FIG. 3 and FIG. 4 , It will not be repeated here.

In the operating system provided by this embodiment, an application certificate is allocated to the developer terminal through the certificate management unit in the certificate management module, and the application certificate contains a globally unique subject, and the application certificate is packaged to the developer terminal by the application packaging and signing module of the developer terminal. In the developed target application, upload the packaged target application to the application market, and then the application market verifies the application certificate of the target application through the certificate verification unit in the certificate management module. Therefore, developers can distribute applications through different channels, and the servers of each distribution channel can verify the applications to be put on the shelves through the globally unique subject in the application certificate, which improves the openness of the system and ensures the purity of the system. After the verification is passed, the application market puts the target application on the shelf for the user equipment to download, and the user equipment verifies the target application through the application certificate of the target application after downloading the target application, thereby avoiding application conflicts caused by the same package name.

Described in terms of hardware structure, the above method may be implemented by one entity device, or jointly implemented by multiple entity devices, or may be a logic function module in one entity device, which is not specifically limited in this embodiment of the present application.

For example, the above method can be implemented by the electronic device in FIG. 6 . 6 is a schematic diagram of the hardware structure of an electronic device provided by an embodiment of the present application; the electronic device may be an application developer device, an application certificate server, an application distribution server, or a user device in an embodiment of the present invention, and the electronic device includes at least A processor 601 , communication lines 602 , memory 603 and at least one communication interface 604 .

The processor 601 can be a general-purpose central processing unit (central processing unit, CPU), a microprocessor, an application-specific integrated circuit (application-specific integrated circuit, server IC), or one or more programs used to control the program execution of the present application of integrated circuits.

Communication line 602 may include a path to communicate information between the aforementioned components.

Communication interface 604, using any transceiver-like device, for communicating with other devices or communication networks, such as Ethernet, radio access network (RAN), wireless local area networks (WLAN), etc. .

Memory 603 may be read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (RAM), or other types of storage devices that can store information and instructions It can also be an electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disk storage, optical disk storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or capable of carrying or storing desired program code in the form of instructions or data structures and capable of being executed by a computer Access any other medium without limitation. The memory may exist independently and be connected to the processor through communication line 602 . The memory can also be integrated with the processor.

The memory 603 is used for storing computer-executed instructions for executing the solutions of the present application, and the execution is controlled by the processor 601 . The processor 601 is configured to execute the computer-executed instructions stored in the memory 603, thereby implementing the charging management method provided by the following embodiments of the present application.

Optionally, the computer-executed instructions in the embodiment of the present application may also be referred to as application code, which is not specifically limited in the embodiment of the present application.

In a specific implementation, as an embodiment, the processor 601 may include one or more CPUs, such as CPU0 and CPU1 in FIG. 6 .

In a specific implementation, as an embodiment, the electronic device may include multiple processors, for example, the processor 601 and the processor 607 in FIG. 6 . Each of these processors can be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (eg, computer program instructions).

In a specific implementation, as an embodiment, the electronic device may further include an output device 605 and an input device 606 . The output device 605 is in communication with the processor 601 and can display information in a variety of ways. For example, the output device 605 may be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector (projector) Wait. Input device 606 is in communication with processor 601 and can receive user input in a variety of ways. For example, the input device 606 may be a mouse, a keyboard, a touch screen device or a sensing device, or the like.

The above-mentioned electronic device may be a general-purpose device or a special-purpose device. In a specific implementation, the electronic device may be a server, a wireless terminal device, an embedded device, or a device with a similar structure in FIG. 6 . The embodiments of the present application do not limit the type of the electronic device.

In this embodiment of the present application, the electronic device may be divided into functional units according to the foregoing method examples. For example, each functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing unit. The above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units. It should be noted that the division of units in the embodiments of the present application is illustrative, and is only a logical function division, and other division methods may be used in actual implementation.

For example, when each functional unit is divided in an integrated manner, FIG. 7 shows a schematic structural diagram of an application certificate server provided by an embodiment of the present application.

Please refer to FIG. 7. As shown in FIG. 7, an application certificate server provided by an embodiment of the present application includes.

A sending unit 701 is configured to send a first application certificate to an application developer device, where the first application certificate is used to identify the application developer, and the application developer device is used to add the first application certificate to the application to be distributed, to get the target application;

Obtaining unit 702, configured to obtain second application certificate information from the application distribution server, where the second application certificate information is used to record the information of the second application certificate carried in the target application sent by the application developer device to the application distribution server ;

The verification unit 703 is configured to cause the sending unit 701 to send a verification pass result to the application distribution server if the application certificate server confirms that the first application certificate matches the second application certificate according to the second application certificate information.

Optionally, the obtaining unit 702 is further configured to: obtain a request from the application developer device;

Also includes, an execution unit 704, the execution unit 704 is configured to generate a developer identifier according to the request, and the developer identifier is used to identify the application developer;

The executing unit 704 is further configured to generate the first application certificate, where the first application certificate includes the developer identifier.

Optionally, if the request includes name information of the company where the application developer is located, and/or information about the country where the application developer is located, the execution unit 704 is further configured to:

Optionally, the obtaining unit 702 is further configured to: obtain the developer identifier and the second digest of the second application certificate from the application distribution server;

The executing unit 704 is further configured to: obtain the first digest of the first application certificate locally according to the developer identifier;

The verification unit 703 is further configured to: if it is determined according to the first digest and the second digest that the first application certificate matches the second application certificate, make the sending unit 701 send the verification pass result to the application distribution server .

Optionally, the first digest is a first hash value generated by the application certificate server according to the recorded content of the first application certificate, and the second digest is generated by the application distribution server according to the recorded content of the second application certificate. second hash value; then if the application certificate server confirms that the first application certificate matches the second application certificate according to the second application certificate information, the verification unit 703 is further configured to:

If it is determined that the first hash value is the same as the second hash value, the sending unit 701 sends the verification pass result to the application distribution server.

Optionally, the obtaining unit 702 is further configured to: obtain the second application certificate from the application distribution server;

The executing unit 704 is further configured to: obtain the developer identifier from the second application certificate;

The executing unit 704 is further configured to: obtain the first application certificate locally according to the developer identifier;

The verification unit 703 is further configured to: compare the developer ID of the first application certificate and the second application certificate to be the same, and the company name information where the application developer is located, and/or, where the application developer is located The country information is the same, so that the sending unit 701 sends the verification result to the application distribution server.

Please refer to FIG. 8. As shown in FIG. 8, an application distribution server provided by an embodiment of the present application includes.

an obtaining unit 801, configured to obtain a target application from an application developer device;

an execution unit 802, configured to acquire a second application certificate from the target application, the second application certificate is sent by the application certificate server to the application developer device, and the application developer device joins the target application;

A sending unit 803, configured to send the second application certificate information of the second application certificate to the application certificate server, where the second application certificate information is used to record the content in the second application certificate;

The execution unit 802 is further configured to allow distribution of the target application according to the verification result obtained from the application certificate server, where the verification result is used to indicate that the second application certificate and the application certificate server are developed for the application The first application certificate distributed by the user matches.

Optionally, the second application certificate information includes the second digest of the second application certificate and the developer identifier, so that the application certificate server obtains the locally stored first application certificate according to the developer identifier, and passes the first application certificate through the first application certificate. When the first digest of an application certificate and the second digest determine that the first application certificate matches the second application certificate, send the verification pass result; then the execution unit 802 is further configured to:

Optionally, the second digest is a hash value, so that the first hash value generated by the application certificate server according to the first application certificate is sent when the first hash value and the second hash value are the same The verification passes the result; then the execution unit 802 is also used for:

Optionally, the sending unit 803 is further configured to:

Please refer to FIG. 9. As shown in FIG. 9, an application developer device provided by an embodiment of the present application includes.

an obtaining unit 901, configured to obtain a first application certificate from an application certificate server, where the first application certificate is used to identify the application developer;

an executing unit 902, configured to add the first application certificate to the application to be distributed to obtain a target application;

The sending unit 903 is configured to send the target application to the application distribution server.

Optionally, the sending unit 903 is further configured to send a request to the application certificate server, where the request is used to request to acquire the first application certificate.

Please refer to FIG. 10. As shown in FIG. 10, a user equipment provided by an embodiment of the present application includes.

Obtaining unit 1001, configured to obtain a target application from an application distribution server, where the target application is an application uploaded to the application distribution server by an application developer device, the target application includes an application certificate, and the application certificate is sent by the application certificate server to the application development server certificate of the target device, so that the application distribution server verifies the target application through the application certificate;

Executing unit 1002, configured to execute the target application when the package name of the target application is repeated with the package name of the first local application in the user equipment, and the application certificate of the target application matches the application certificate of the first local application It is determined to be an upgrade package of the first local application, and the first local application is upgraded or over-installed with the target application.

Optionally, the execution unit 1002 is also used for:

Install the target application to the local system.

Optionally, the execution unit 1002 is also used for:

Install the target application to the local system.

Embodiments of the present application further provide a computer-readable storage medium, including instructions, when the instructions are executed on a computer device, the computer device is made to execute the above-mentioned method for distributing an application provided by the embodiments of the present application.

In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented in software, it can be implemented in whole or in part in the form of a computer program product.

A computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the procedures or functions according to the embodiments of the present invention result in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable device. Computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website site, computer, server, or data center over a wire (e.g. coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.) to another website site, computer, server, or data center. The computer-readable storage medium can be any available medium that can be stored by a computer or a data storage device such as a server, a data center, etc. that includes one or more available media integrated. Useful media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVD), or semiconductor media (eg, Solid State Disk (SSD)), among others.

Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working process of the system, device and unit described above may refer to the corresponding process in the foregoing method embodiments, which will not be repeated here.

In the several embodiments provided in this application, it should be understood that the disclosed communication method, relay device, host base station, and computer storage medium may be implemented in other ways. For example, the apparatus embodiments described above are only illustrative. For example, the division of units is only a logical function division. In actual implementation, there may be other division methods, for example, multiple units or components may be combined or integrated. to another system, or some features can be ignored, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.

Units described as separate components may or may not be physically separated, and components shown as units may or may not be physical units, that is, may be located in one place, or may be distributed over multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit. The above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.

The integrated unit, if implemented as a software functional unit and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solutions of the present application can be embodied in the form of software products in essence, or the parts that contribute to the prior art, or all or part of the technical solutions, and the computer software products are stored in a storage medium , including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods in the various embodiments of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (full English name: Read-Only Memory, English abbreviation: ROM), random access memory (English full name: Random Access Memory, English abbreviation: RAM), magnetic Various media that can store program codes, such as discs or optical discs.

Above, the above embodiments are only used to illustrate the technical solutions of the present application, but not to limit them; although the present application has been described in detail with reference to the above-mentioned embodiments, those of ordinary skill in the art should understand that: it can still be used for the above-mentioned implementations The technical solutions described in the examples are modified, or some technical features thereof are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the scope of the technical solutions of the embodiments of the present application.

Claims

A method for distributing applications, comprising:

The application certificate server sends a first application certificate to the application developer device, where the first application certificate is used to identify the application developer, and the application developer device is used to add the first application certificate to the application to be distributed to get the target application;

The application certificate server obtains second application certificate information from an application distribution server, where the second application certificate information is used to record the second application carried in the target application sent by the application developer device to the application distribution server information about the certificate;

If the application certificate server confirms that the first application certificate matches the second application certificate according to the second application certificate information, the application certificate server sends a verification result to the application distribution server.
The method according to claim 1, wherein before the application certificate server sends the first application certificate to the application developer device, the method further comprises:

obtaining, by the application certificate server, a request from the application developer device;

The application certificate server generates a developer identifier according to the request, where the developer identifier is used to identify the application developer;

The application certificate server generates the first application certificate, where the first application certificate includes the developer identifier.
The method according to claim 2, wherein the request includes the name information of the company where the application developer is located, and/or the information of the country where the application developer is located, and the application certificate server generates the information The first application certificate includes:

The application certificate server generates the first application certificate according to the developer identifier, the company name information where the application developer is located and/or the country information where the application developer is located, and the first application certificate The developer identification is included, and one or more of the company name information or the country information associated with the developer identification.
The method according to claim 2 or 3, wherein the application certificate server obtains the second application certificate information from the application distribution server, comprising:

The application certificate server obtains the developer identifier and the second digest of the second application certificate from the application distribution server;

After the application certificate server obtains the second application certificate information from the application distribution server, the method further includes:

obtaining, by the application certificate server, a first digest of the first application certificate locally according to the developer identifier;

If the application certificate server confirms that the first application certificate matches the second application certificate according to the second application certificate information, the application certificate server sends a verification pass result to the application distribution server, including :

If the application certificate server determines that the first application certificate matches the second application certificate according to the first digest and the second digest, the application certificate server sends the verification to the application distribution server through the results.
The method according to claim 4, wherein the first digest is a first hash value generated by the application certificate server according to the content recorded in the first application certificate, and the second digest is the a second hash value generated by the application distribution server according to the content recorded in the second application certificate; then the if the application certificate server confirms the first application certificate and the second application certificate according to the second application certificate information The application certificate matches, and the application certificate server sends the verification pass result to the application distribution server, including:

If the application certificate server determines that the first hash value is the same as the second hash value, the application certificate server sends the verification pass result to the application distribution server.
The method according to claim 3, wherein the application certificate server obtains the second application certificate information from the application distribution server, comprising:

obtaining, by the application certificate server, the second application certificate from the application distribution server;

After the application certificate server obtains the second application certificate information from the application distribution server, the method further includes:

obtaining, by the application certificate server, the developer identifier from the second application certificate;

obtaining, by the application certificate server, the first application certificate locally according to the developer identifier;

If the application certificate server confirms that the first application certificate matches the second application certificate according to the second application certificate information, the application certificate server sends a verification pass result to the application distribution server, including :

If the application certificate server compares the developer ID of the first application certificate and the second application certificate to be the same, and the company name information of the application developer, and/or, the application developer is located in The country information is the same, and the application certificate server sends the verification result to the application distribution server.
A method for distributing applications, comprising:

The application distribution server obtains the target application from the application developer's device;

The application distribution server acquires a second application certificate from the target application, the second application certificate is sent by the application certificate server to the application developer device, and the application developer device joins the target application of;

sending, by the application distribution server, second application certificate information of the second application certificate to the application certificate server, where the second application certificate information is used to record content in the second application certificate;

The application distribution server allows distribution of the target application according to the verification result obtained from the application certificate server, and the verification result is used to indicate that the second application certificate and the application certificate server are the same. match the first application certificate distributed by the application developer.
The method of claim 7, wherein the second application certificate includes a developer identification and one or more of the company name information or the country information associated with the developer identification , where the developer identifier is an identifier assigned by the application certificate server and used to identify the application developer.
The method according to claim 8, wherein the second application certificate information comprises a second digest of the second application certificate and the developer identifier, so that the application certificate server obtains the developer identifier according to the The first application certificate stored locally, and the verification result is sent when it is determined that the first application certificate matches the second application certificate according to the first digest and the second digest of the first application certificate ; before the application distribution server sends the second application certificate information of the second application certificate to the application certificate server, the method further includes:

The application distribution server generates the second digest according to the content recorded in the second application certificate.
The method according to claim 9, wherein the second digest is a hash value, so that the first hash value generated by the application certificate server according to the first application certificate, in the first When the hash value is the same as the second hash value, the verification result is sent; then the application distribution server generates the second digest according to the content recorded in the second application certificate, including:

The application distribution server generates a second hash value according to the content recorded in the second application certificate.
The method according to claim 8, wherein the sending, by the application distribution server, the second application certificate information of the second application certificate to the application certificate server, comprises:

The application distribution server sends the second application certificate to the application certificate server, so that the application certificate server compares the first application certificate and the second application certificate with the same developer identifier, and all information about the company name where the application developer is located, and/or when the information about the country where the application developer is located is the same, send the verification pass result to the application distribution server.
A method for distributing applications, comprising:

The application developer device obtains a first application certificate from the application certificate server, where the first application certificate is used to identify the application developer;

The application developer device adds the first application certificate to the application to be distributed to obtain the target application;

The application developer device sends the target application to an application distribution server.
The method according to claim 12, wherein before the application developer device acquires the first application certificate from the application certificate server, the method further comprises:

The application developer device sends a request to the application certificate server, where the request is used for requesting to acquire the first application certificate.
The method according to claim 12 or 13, wherein the request includes information on the company name where the application developer is located, and/or information on the country where the application developer is located.
The method of claim 14, wherein the first application certificate includes a developer identification and one or more of the company name information or the country information associated with the developer identification , wherein the developer identifier is an identifier assigned by the application certificate server and used to identify the application developer.
A method for distributing applications, comprising:

The user equipment obtains a target application from an application distribution server, the target application is an application uploaded to the application distribution server by an application developer device, and the target application includes an application certificate, and the application certificate is sent to the application by the application certificate server a certificate of the developer device, so that the application distribution server verifies the target application through the application certificate;

When the package name of the target application is the same as the package name of the first local application in the user equipment, and the application certificate of the target application matches the application certificate of the first local application, the user equipment will The target application is determined to be an upgrade package of the first local application, and the first local application is upgraded or over-installed with the target application.
The method of claim 16, wherein the method further comprises:

When the package name of the target application is the same as the package name of the first local application in the user equipment, and the application certificate of the target application does not match the application certificate of the first local application, the user equipment will The target application is determined to be a new application;

The user equipment installs the target application into the local system.
The method of claim 16, wherein the method further comprises:

When the package name of the target application does not overlap with the package name of the local application of the user equipment, the user equipment determines that the target application is a new application;

The user equipment installs the target application into the local system.
A system for distributing applications, comprising: an application developer device and an application distribution server, wherein,

the application developer device, configured to add an application certificate to the application to be distributed to obtain a target application, where the application certificate is used to identify the application developer;

the application distribution server, configured to acquire the target application from the application developer device, and verify the target application according to the application certificate;

The application distribution server is further configured to allow distribution of the target application when the verification is passed.
The system of claim 19, wherein the system further comprises an application certificate server, wherein:

the application certificate server, configured to allocate the application certificate to the application developer device according to the request of the application developer device;

The application distribution server is further configured to obtain the application certificate from the target application, and send the application certificate information of the application certificate to the application certificate server;

The application certificate server is further configured to compare the application certificate information sent by the application distribution server with the application certificate information of the local application certificate, to determine whether the application certificate sent by the application distribution server is the same as the local application certificate match, if it matches, send the verification pass result to the application distribution server;

The application distribution server is further configured to allow distribution of the target application when the verification result is obtained.
The system according to claim 19 or 20, wherein the system further comprises user equipment, wherein:

The user equipment is configured to acquire the target application distributed by the application distribution server, and determine whether the target application is a brand-new application or an installation upgrade package of a local application according to the application certificate of the target application.
An application certificate server, characterized in that it includes:

a sending unit, configured to send a first application certificate to an application developer device, where the first application certificate is used to identify the application developer, and the application developer device is configured to add the first application certificate to the application to be distributed , to obtain the target application;

an obtaining unit, configured to obtain second application certificate information from an application distribution server, where the second application certificate information is used to record the second application carried in the target application sent by the application developer device to the application distribution server information about the certificate;

a verification unit, configured to make the sending unit send a verification to the application distribution server if the application certificate server confirms that the first application certificate matches the second application certificate according to the second application certificate information through the results.
An application distribution server, comprising:

an acquisition unit, used to acquire the target application from the application developer's device;

an execution unit, configured to acquire a second application certificate from the target application, where the second application certificate is sent by the application certificate server to the application developer device, and the application developer device joins the target application of;

a sending unit, configured to send second application certificate information of the second application certificate to the application certificate server, where the second application certificate information is used to record content in the second application certificate;

The execution unit is further configured to allow distribution of the target application according to a verification pass result obtained from the application certificate server, where the verification pass result is used to indicate the second application certificate and the application certificate The server matches the first application certificate distributed by the application developer.
An application developer device, characterized in that it includes:

an obtaining unit, configured to obtain a first application certificate from an application certificate server, where the first application certificate is used to identify the application developer;

an execution unit, configured to add the first application certificate to the application to be distributed to obtain a target application;

A sending unit, configured to send the target application to an application distribution server.
A user equipment, characterized in that it includes:

An acquiring unit, configured to acquire a target application from an application distribution server, where the target application is an application uploaded by an application developer device to the application distribution server, the target application includes an application certificate, and the application certificate is sent by the application certificate server to the application distribution server. a certificate of the application developer device, so that the application distribution server verifies the target application through the application certificate;

an execution unit, configured to: when the package name of the target application is the same as the package name of the first local application in the user equipment, and the application certificate of the target application matches the application certificate of the first local application, The target application is determined to be an upgrade package of the first local application, and the first local application is upgraded or over-installed with the target application.
An electronic device, characterized in that the electronic device comprises: an interaction device, an input/output (I/O) interface, a processor, and a memory, wherein program instructions are stored in the memory;

The interaction device is used to obtain the operation instruction input by the user;

The processor is configured to execute program instructions stored in the memory, so that the electronic device performs the method of any one of claims 1-6 or 7-11 or 12-15 or 16-18.
A computer-readable storage medium, comprising instructions, characterized in that, when the instructions are executed on a computer device, the computer device is made to execute the method described in claims 1-6 or 7-11 or 12-15 or 16-18 The method of any of the above.