CN106022098A - Signature verification method and device for application - Google Patents
Signature verification method and device for application Download PDFInfo
- Publication number
- CN106022098A CN106022098A CN201610308551.3A CN201610308551A CN106022098A CN 106022098 A CN106022098 A CN 106022098A CN 201610308551 A CN201610308551 A CN 201610308551A CN 106022098 A CN106022098 A CN 106022098A
- Authority
- CN
- China
- Prior art keywords
- signing messages
- application program
- dynamic
- link library
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a signature verification method and device for an application. The method comprises the steps of calling a target function in a preset dynamic link library; obtaining dynamic signature information of the application through the target function; verifying whether the dynamic signature information and first signature information pre-buried in the preset dynamic link library are consistent or not; closing the application if the information is inconsistent; and operating the application if the information is consistent. According to the embodiment of the method and the device, the dynamic signature information of the application is obtained by calling the function in the dynamic link library; the dynamic signature information is compared with the pre-buried first signature information; and the application is closed if the information is inconsistent. The cracking difficulty of the dynamic link library is high, and therefore, the method of obtaining the signature information by calling the function of the JAVA layer in the dynamic link library is difficult to crack. A counterfeiter is difficult to obtain the signature information of the application, and the application is prevented from being packaged secondarily.
Description
Technical field
The application relates to field of information security technology, particularly relates to the signature verification side of a kind of application program
Method and the signature verification device of a kind of application program.
Background technology
Along with the development of technology, the intelligent terminal such as smart mobile phone, intelligent television increasingly becomes people's life
In an indispensable part.Types of applications program on intelligent terminal presents one to people and enriches many
The color world, by application program, people can easily realize acquisition data, viewing entertainment,
The free choice of goods, complete the activities such as payment.Just because of application program function from strength to strength, apply journey
The data safety of sequence is the most increasingly subject to people's attention.
Due to the opening of android system, regular Android APP is being broken by part lawless person
Xie Hou, implants APP by malicious code and repacks.Through the APP of generation of secondary packing no matter from property
Energy, Consumer's Experience, outward appearance it all with regular APP is the same but behind it the most silently run can
The program be afraid of, it can waste mobile phone electricity, flow, maliciously deduct fees, peeps privacy etc. unconsciously
Deng behavior.In the face of there are the precautionary measures of oneself in the many companies of secondary packing, many APP simply exist
Its code aspect processes and prevents secondary from packing, its way be by dynamically obtain in program application signature with
The plaintext signing messages contrast that the program that is preset at becomes, then judges whether to be packed by secondary, but at present
Android terminal code is as easy as rolling off a log decoding, the plaintext signing messages being particularly directly written in code
It is more prone to cruelly leak.
Summary of the invention
In view of the above problems, it is proposed that the embodiment of the present application is to provide one to overcome the problems referred to above or extremely
Partially solve the signature verification method of a kind of application program of the problems referred to above and corresponding a kind of application
The signature verification device of program.
In order to solve the problems referred to above, the embodiment of the present application discloses the signature verification side of a kind of application program
Method, including:
Call the object function in preset dynamic link library;
The dynamic signature information of described application program is obtained by described object function;
Whether verify the first signing messages pre-buried in described dynamic signature information and described dynamic link library
Unanimously;
If inconsistent, then close described application program;
If consistent, then run described application program.
Preferably, described first signing messages is the most pre-buried:
Obtain the first signing messages of described application program;
Use predetermined encryption mode, encrypt described first signing messages;
The first signing messages after encryption is stored in described dynamic link library.
Preferably, the first label that described checking described dynamic signature information is pre-buried with described dynamic link library
The step that name information is the most consistent includes:
By described predetermined encryption mode, encrypt described dynamic signature information;
The relatively dynamic signature information after encryption is the most consistent with described first signing messages.
Preferably, the first label that described checking described dynamic signature information is pre-buried with described dynamic link library
The step that name information is the most consistent includes:
Use the manner of decryption corresponding with described predetermined encryption mode, decipher described first signing messages;
Relatively the first signing messages after described deciphering is the most consistent with described dynamic signature information.
Preferably, the step calling the object function in described dynamic link library described in includes:
When the entrance function of described application program is triggered, called by built-in JAVA local interface
Object function in described dynamic link library.
Meanwhile, disclosed herein as well is the signature verification device of a kind of application program, including:
Function call module, for calling the object function in preset dynamic link library;
Dynamic signature acquisition module, for obtaining the dynamic label of described application program by described object function
Name information;
Authentication module, is used for verifying first that described dynamic signature information is pre-buried with described dynamic link library
Signing messages is the most consistent;
Close module, if inconsistent with described first signing messages for described dynamic signature information, then close
Close described application program;
Run module, if consistent with described first signing messages for described dynamic signature information, then run
Described application program.
Preferably, described first signing messages is by as pre-buried in lower module:
First signature acquisition module, for obtaining the first signing messages of described application program;
First encrypted signature module, is used for using predetermined encryption mode, encrypts described first signing messages;
Memory module, for being stored in the first signing messages after encryption in described dynamic link library.
Preferably, described authentication module farther includes:
Dynamic signature encryption submodule, for by described predetermined encryption mode, encrypts described dynamic signature letter
Breath;
First comparison sub-module, the dynamic signature information after comparing encryption and described first signing messages
The most consistent.
Preferably, described authentication module farther includes:
Deciphering submodule, for using the manner of decryption corresponding with described predetermined encryption mode, deciphering is described
First signing messages;
Second comparison sub-module, the first signing messages after relatively described deciphering and described dynamic signature
Information is the most consistent.
Preferably, it is characterised in that described function call module farther includes:
Interface interchange submodule, for when the entrance function of described application program is triggered, by built-in
JAVA local interface call the object function in described dynamic link library.
The embodiment of the present application includes advantages below:
The embodiment of the present application obtains the dynamic label of application program by calling the function in dynamic link library
Name information, contrasts dynamic signature information with the first pre-buried signing messages, if inconsistent, then closes
Close application program.Due to dynamic link library to crack difficulty high, so by calling in dynamic link library
The function of JAVA layer obtains the method for signing messages to be also difficult to be cracked.Make counterfeiter, difficult
To obtain the signing messages of application program, thus prevent program from being packed by secondary.
Accompanying drawing explanation
Fig. 1 is the flow chart of steps of the signature verification method embodiment 1 of a kind of application program of the application;
Fig. 2 is the flow chart of the signature verification method embodiment of a kind of application program of the application;
Fig. 3 is the flow chart of steps of the signature verification method embodiment 2 of a kind of application program of the application;
Fig. 4 is the schematic diagram of a kind of dynamic signature value obtaining application program in the embodiment of the present application;
Fig. 5 is the structured flowchart of the signature verification device embodiment of a kind of application program of the application.
Detailed description of the invention
Understandable, below in conjunction with the accompanying drawings for enabling the above-mentioned purpose of the application, feature and advantage to become apparent from
With detailed description of the invention, the application is described in further detail.
One of core idea of the embodiment of the present application is, the embodiment of the present application is by calling dynamic link library
In function obtain the dynamic signature information of application program, dynamic signature information is signed with pre-buried first
Name information contrasts, if inconsistent, then closes application program;If consistent, then run application program.
With reference to Fig. 1, it is shown that the step of the signature verification method embodiment 1 of a kind of application program of the application
Rapid flow chart, specifically may include steps of:
Step 101, calls the object function in preset dynamic link library;
In Android system, dynamic link library exists with .so formatted file.
The function of dynamic link library is not a part for application program itself, but according to performing application journey
The on-demand loading of needs of sequence, its execution code can be shared between multiple application programs simultaneously.
Cracking of dynamic link libraries needs first to carry out dis-assembling, and code dis-assembling obtained the most again is changed
Become the code of high-level language.Therefore, it can be said that the difficulty that cracks of dynamic link library is the biggest.
Step 102, obtains the dynamic signature information of described application program by described object function;
In Android android system, all systematic difference programs that are installed to have a digital certificate,
Described digital certificate may be used for setting up trusting relationship between the developer and application program of application program.
Generally, if the protection class for the license of an application program is signature protection, then just only have that
Application program (such as, the same application of same digital certificate is had a bit with the program at this license place
The different upgraded versions of program) could obtain described application program is accessed or to the amendment of data with
And cover installation authority.Android android system requires that each is installed into systematic difference program and is
Through digital certificate signature, the private key of digital certificate is then saved in developer's hands of application program.
Therefore, revealing so long as not artificial, digital certificate just can only obtain, so once generation within program
It is to ensure that the safety of this application data.
The signing messages of application program is the code of JAVA layer, in the embodiment of the present application, by dynamic
In state chained library, the code of reverse calling JAVA layer obtains application signature information.Due to dynamic chain
Connect storehouse almost can not be solved by counter, so called the generation of JAVA layer by direction in dynamic link library
Code logic also can not be solved by counter.This ensure that the safety of encryption logic itself.
Step 103, verifies the first signature that described dynamic signature information is pre-buried with described dynamic link library
Information is the most consistent;
First signing messages is the signature value of application program, and the signature value of application program is solid after generation
Fixed and unique.Therefore, it can compare the dynamic signature value got with the first pre-buried signature value
Right, determine that the two is the most consistent.
First signing messages by the developer of application program on stream, is embedded into dynamic link libraries
In, once dynamic link library is driven into installation kit (APK, the Android of android application program
Package), in, the first signing messages is impossible to be replaced or counterfeit.Applications cannot be passed through
Crack apk file and other modes get, can only obtain by program is internal.
Step 104, if inconsistent, then closes described application program;
If dynamic signature information is inconsistent with the first signing messages, then interface interchange authentication error will occur,
Application program is made to be automatically switched off.
Step 105, if unanimously, then runs described application program.
If dynamic signature information is consistent with the first signing messages, then continue to run with application program.
In the embodiment of the present application, the dynamic of application program is obtained by calling the function in dynamic link library
State signing messages, contrasts dynamic signature information with the first pre-buried signing messages, if inconsistent,
Then close application program.Due to dynamic link library to crack difficulty high, so by dynamic link library
The function calling JAVA layer is also difficult to be cracked to the method obtaining signing messages.Make counterfeiter,
It is difficult to obtain the signing messages of application program, thus prevents program from being packed by secondary.
With reference to Fig. 2, it is shown that the flow process of the signature verification method embodiment of a kind of application program of the application
Figure.First JAVA layer calls JAVA local interface (JNI, Java Native Interface) interface,
By JNI interface interchange dynamic link library, obtained by dynamic link library reverse calling JAVA layer functions
Take application signature information.Then signing messages pre-buried in dynamic link library and reversely acquisition are judged
Signing messages is the most consistent.If inconsistent, then terminate application program;If consistent, then continue to run with application
Program.
With reference to Fig. 3, it is shown that the step of the signature verification method embodiment 2 of a kind of application program of the application
Rapid flow chart, specifically may include steps of:
Step 201, when the entrance function of described application program is triggered, by built-in JAVA originally
Object function in dynamic link library described in ground interface interchange;
In Android system, the entrance function of application program is typically Application apoplexy due to endogenous wind
Oncreat function.In the embodiment of the present application, dynamic chain will be called by built-in JAVA local interface
The logic connecing the object function in storehouse writes in oncreat function.When oncreat function is triggered, can
The object function in dynamic link library is called by built-in JAVA local interface with the very first time, thus
Trigger verifying logic.
JAVA local interface (JNI, Java Native Interface) is one group of two-way interface, JNI
Can identify that (territory here refers to JAVA language for territory (Field) and method (Method) by ID
In territory, method refers to the method in JAVA language, and its name and ID can be by developers oneself
Definition).The ID of one territory or method is the necessary parameter of the function of any process territory and method, Mei Gehan
Number can accept (as parameter) territory or the class of method, title, symbol, and they corresponding returns
FieldID (territory ID) or methodID (method ID), we can pass through territory ID and method ID,
Find corresponding method, thus realize in dynamic link library, call JAVA layer functions.
Step 202, obtains the dynamic signature information of described application program by described object function;
Concrete, the dynamic signature information of application program can be obtained by calling minor function such as:
GetMethodID(cls,"getPackageManager","()Landroid/content/pm/PackageM
anager;");
GetMethodID(cls,"getPackageInfo","(Ljava/lang/String;I)Landroid/content/
pm/PackageInfo;");
GetFieldID(cls,"signatures","[Landroid/content/pm/Signature;");
As shown in Figure 4, it is the signal of a kind of dynamic signature value obtaining application program in the embodiment of the present application
Figure.In implementing, can JAVA local interface based on Android android system, call dynamic
State chained library, and by the technology of reverse calling JAVA in described dynamic link library, get described
The dynamic signature value of application program.
Step 203, verifies the first signature that described dynamic signature information is pre-buried with described dynamic link library
Information is the most consistent;
In a preferred embodiment of the present application, described first signing messages is the most pre-buried:
Sub-step S11, obtains the first signing messages of described application program;
The signature value of the first signing messages, i.e. application program, uniquely generated by the developer of application program.
Sub-step S12, uses predetermined encryption mode, encrypts described first signing messages;
Although it is big that dynamic link library cracks difficulty, but it is also possible that be broken, particularly the inside is bright
Literary composition information, but the probability that method is newly acquired is little.
Therefore, in the embodiment of the present application, further to the first A.L.S. being embedded in dynamic link library
Breath is encrypted so that the first signing messages is more difficult to be acquired.For example, it is possible to the first A.L.S.
Breath carries out md5 encryption process.
Sub-step S13, is stored in the first signing messages after encryption in described dynamic link library.
By developer, the first signing messages after encryption is stored in dynamic link library, the most again will dynamically
Chained library is squeezed in apk.
In a preferred embodiment of the present application, described step 203 can include following sub-step:
Sub-step S21, by described predetermined encryption mode, encrypts described dynamic signature information;
In the embodiment of the present application, it is in development process by default cipher mode due to the first signing messages
In be just encrypted.Therefore, before checking signature, dynamic signature information can be used and encryption
The same cipher mode of first signing messages is encrypted.Such as, if the first signing messages is to use
Md5 encryption, dynamic signature information is also adopted by MD5 and is encrypted.
Sub-step S22, compares the dynamic signature information after encryption the most consistent with described first signing messages.
The relatively dynamic signature information after encryption is the most consistent with the first signing messages through encryption.
In another preferred embodiment of the present application, described step 203 can include following sub-step:
Sub-step S31, uses the manner of decryption corresponding with described predetermined encryption mode, deciphers described first
Signing messages;
Except checking, the dynamic signature information after encryption and the first signing messages through encrypting are
No consistent outside.Can also be first by the first signing messages deciphering through encryption, more dynamically
Signing messages is the most consistent with the first signing messages after deciphering.
Whether the first signing messages after sub-step S32, relatively described deciphering and described dynamic signature information
Unanimously.
Step 204, if inconsistent, then closes described application program;
Step 205, if unanimously, then runs described application program.
In the embodiment of the present application, after getting the first signature value of application program, sign described first
Name value is encrypted, then by pre-buried to dynamic link library for the signature value after encryption so that dynamic chain
Connecing the clear data in storehouse more firm, sensitive information is more difficult to be acquired, and further ensure that application
The data safety of program.
It should be noted that for embodiment of the method, in order to be briefly described, therefore it is all expressed as one it be
The combination of actions of row, but those skilled in the art should know, and the embodiment of the present application is not by described
The restriction of sequence of movement because according to the embodiment of the present application, some step can use other orders or
Person is carried out simultaneously.Secondly, those skilled in the art also should know, embodiment described in this description
Belong to preferred embodiment, necessary to involved action not necessarily the embodiment of the present application.
With reference to Fig. 5, it is shown that the structure of the signature verification device embodiment of a kind of application program of the application
Block diagram, specifically can include such as lower module:
Function call module 51, for calling the object function in preset dynamic link library;
Dynamic signature acquisition module 52, for obtaining the dynamic of described application program by described object function
Signing messages;
Authentication module 53, for verifying in described dynamic signature information and described dynamic link library pre-buried the
One signing messages is the most consistent;
Close module 54, if inconsistent, then with described first signing messages for described dynamic signature information
Close described application program;
Run module 55, if consistent with described first signing messages for described dynamic signature information, then transport
The described application program of row.
In a kind of preferred exemplary in the embodiment of the present application, described first signing messages is by such as lower module
Pre-buried:
First signature acquisition module, for obtaining the first signing messages of described application program;
First encrypted signature module, is used for using predetermined encryption mode, encrypts described first signing messages;
Memory module, for being stored in the first signing messages after encryption in described dynamic link library.
In a kind of preferred exemplary in the embodiment of the present application, described authentication module 53 can wrap further
Include:
Dynamic signature encryption submodule, for by described predetermined encryption mode, encrypts described dynamic signature letter
Breath;
First comparison sub-module, the dynamic signature information after comparing encryption and described first signing messages
The most consistent.
In a kind of preferred exemplary in the embodiment of the present application, described authentication module 53 can wrap further
Include:
Deciphering submodule, for using the manner of decryption corresponding with described predetermined encryption mode, deciphering is described
First signing messages;
Second comparison sub-module, the first signing messages after relatively described deciphering and described dynamic signature
Information is the most consistent.
In a kind of preferred exemplary in the embodiment of the present application, described function call module 51 is wrapped further
Include:
Interface interchange submodule, for when the entrance function of described application program is triggered, by built-in
JAVA local interface call the object function in described dynamic link library.
For device embodiment, due to itself and embodiment of the method basic simlarity, so the comparison described
Simply, relevant part sees the part of embodiment of the method and illustrates.
Each embodiment in this specification all uses the mode gone forward one by one to describe, and each embodiment stresses
Be all the difference with other embodiments, between each embodiment, identical similar part sees mutually
?.
Those skilled in the art are it should be appreciated that the embodiment of the embodiment of the present application can be provided as method, dress
Put or computer program.Therefore, the embodiment of the present application can use complete hardware embodiment, completely
Software implementation or the form of the embodiment in terms of combining software and hardware.And, the embodiment of the present application
Can use and can be situated between with storage at one or more computers wherein including computer usable program code
The upper computer journey implemented of matter (including but not limited to disk memory, CD-ROM, optical memory etc.)
The form of sequence product.
The embodiment of the present application is with reference to the method according to the embodiment of the present application, terminal unit (system) and meter
The flow chart of calculation machine program product and/or block diagram describe.It should be understood that can be by computer program instructions
Each flow process in flowchart and/or block diagram and/or square frame and flow chart and/or square frame
Flow process in figure and/or the combination of square frame.Can provide these computer program instructions to general purpose computer,
The processor of special-purpose computer, Embedded Processor or other programmable data processing terminal equipment is to produce
One machine so that performed by the processor of computer or other programmable data processing terminal equipment
Instruction produce for realizing at one flow process of flow chart or multiple flow process and/or one square frame of block diagram or
The device of the function specified in multiple square frames.
These computer program instructions may be alternatively stored in and computer or other programmable datas can be guided to process
In the computer-readable memory that terminal unit works in a specific way so that be stored in this computer-readable
Instruction in memorizer produces the manufacture including command device, and this command device realizes flow chart one
The function specified in flow process or multiple flow process and/or one square frame of block diagram or multiple square frame.
These computer program instructions also can be loaded into computer or other programmable data processing terminals set
Standby upper so that on computer or other programmable terminal equipment, to perform sequence of operations step in terms of producing
The process that calculation machine realizes, thus the instruction performed on computer or other programmable terminal equipment provides and uses
In realizing in one flow process of flow chart or multiple flow process and/or one square frame of block diagram or multiple square frame
The step of the function specified.
Although having been described for the preferred embodiment of the embodiment of the present application, but those skilled in the art being once
Know basic creative concept, then these embodiments can be made other change and amendment.So,
Claims are intended to be construed to include preferred embodiment and fall into the institute of the embodiment of the present application scope
There are change and amendment.
Finally, in addition it is also necessary to explanation, in this article, the relational terms of such as first and second or the like
It is used merely to separate an entity or operation with another entity or operating space, and not necessarily requires
Or imply relation or the order that there is any this reality between these entities or operation.And, art
Language " includes ", " comprising " or its any other variant are intended to comprising of nonexcludability, so that
Process, method, article or terminal unit including a series of key elements not only include those key elements, and
Also include other key elements being not expressly set out, or also include for this process, method, article or
The key element that person's terminal unit is intrinsic.In the case of there is no more restriction, statement " include one
It is individual ... " key element that limits, it is not excluded that including the process of described key element, method, article or end
End equipment there is also other identical element.
Signature verification method and a kind of application program to a kind of application program provided herein above
Signature verification device, be described in detail, the specific case principle to the application used herein
And embodiment is set forth, the explanation of above example is only intended to help and understands the present processes
And core concept;Simultaneously for one of ordinary skill in the art, according to the thought of the application,
All will change in detailed description of the invention and range of application, in sum, this specification content should not
It is interpreted as the restriction to the application.
Claims (10)
1. the signature verification method of an application program, it is characterised in that including:
Call the object function in preset dynamic link library;
The dynamic signature information of described application program is obtained by described object function;
Whether verify the first signing messages pre-buried in described dynamic signature information and described dynamic link library
Unanimously;
If inconsistent, then close described application program;
If consistent, then run described application program.
Method the most according to claim 1, it is characterised in that described first signing messages passes through
Following manner is pre-buried:
Obtain the first signing messages of described application program;
Use predetermined encryption mode, encrypt described first signing messages;
The first signing messages after encryption is stored in described dynamic link library.
Method the most according to claim 2, it is characterised in that the described dynamic signature of described checking
The most consistent step of information first signing messages pre-buried with described dynamic link library includes:
By described predetermined encryption mode, encrypt described dynamic signature information;
The relatively dynamic signature information after encryption is the most consistent with described first signing messages.
Method the most according to claim 2, it is characterised in that the described dynamic signature of described checking
The most consistent step of information first signing messages pre-buried with described dynamic link library includes:
Use the manner of decryption corresponding with described predetermined encryption mode, decipher described first signing messages;
Relatively the first signing messages after described deciphering is the most consistent with described dynamic signature information.
5. according to the method described in claim 1 or 2 or 3 or 4, it is characterised in that described in call
The step of the object function in described dynamic link library includes:
When the entrance function of described application program is triggered, called by built-in JAVA local interface
Object function in described dynamic link library.
6. the signature verification device of an application program, it is characterised in that including:
Function call module, for calling the object function in preset dynamic link library;
Dynamic signature acquisition module, for obtaining the dynamic label of described application program by described object function
Name information;
Authentication module, is used for verifying first that described dynamic signature information is pre-buried with described dynamic link library
Signing messages is the most consistent;
Close module, if inconsistent with described first signing messages for described dynamic signature information, then close
Close described application program;
Run module, if consistent with described first signing messages for described dynamic signature information, then run
Described application program.
Device the most according to claim 6, it is characterised in that described first signing messages passes through
As lower module is pre-buried:
First signature acquisition module, for obtaining the first signing messages of described application program;
First encrypted signature module, is used for using predetermined encryption mode, encrypts described first signing messages;
Memory module, for being stored in the first signing messages after encryption in described dynamic link library.
Device the most according to claim 7, it is characterised in that described authentication module wraps further
Include:
Dynamic signature encryption submodule, for by described predetermined encryption mode, encrypts described dynamic signature letter
Breath;
First comparison sub-module, the dynamic signature information after comparing encryption and described first signing messages
The most consistent.
Device the most according to claim 7, it is characterised in that described authentication module wraps further
Include:
Deciphering submodule, for using the manner of decryption corresponding with described predetermined encryption mode, deciphering is described
First signing messages;
Second comparison sub-module, the first signing messages after relatively described deciphering and described dynamic signature
Information is the most consistent.
10. according to the device described in claim 6 or 7 or 8 or 9, it is characterised in that described function
Calling module farther includes:
Interface interchange submodule, for when the entrance function of described application program is triggered, by built-in
JAVA local interface call the object function in described dynamic link library.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610308551.3A CN106022098A (en) | 2016-05-10 | 2016-05-10 | Signature verification method and device for application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610308551.3A CN106022098A (en) | 2016-05-10 | 2016-05-10 | Signature verification method and device for application |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106022098A true CN106022098A (en) | 2016-10-12 |
Family
ID=57099329
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610308551.3A Pending CN106022098A (en) | 2016-05-10 | 2016-05-10 | Signature verification method and device for application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106022098A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106709324A (en) * | 2016-11-10 | 2017-05-24 | 京东方科技集团股份有限公司 | Method and equipment used for verifying application safety |
| CN106899593A (en) * | 2017-02-27 | 2017-06-27 | 深圳数字电视国家工程实验室股份有限公司 | A kind of APP beats again bag verification method and device |
| CN107870793A (en) * | 2017-12-22 | 2018-04-03 | 上海众人网络安全技术有限公司 | The method and device of SO files is loaded in a kind of application program |
| CN108197469A (en) * | 2017-11-28 | 2018-06-22 | 东软集团股份有限公司 | The method, apparatus and storage medium and electronic equipment of verification Application program |
| CN108399320A (en) * | 2018-02-24 | 2018-08-14 | 北京三快在线科技有限公司 | A kind of method and device of control application interior function operation |
| CN108427880A (en) * | 2018-03-07 | 2018-08-21 | 北京元心科技有限公司 | The method and device of program operation |
| CN111046377A (en) * | 2019-12-25 | 2020-04-21 | 五八同城信息技术有限公司 | Method and device for loading dynamic link library, electronic equipment and storage medium |
| CN111353148A (en) * | 2020-02-07 | 2020-06-30 | 贝壳技术有限公司 | Method and equipment for determining whether application program is repackaged |
| CN111787369A (en) * | 2019-04-03 | 2020-10-16 | 深圳Tcl数字技术有限公司 | Root authority control method and system for smart television and storage medium |
| CN112529423A (en) * | 2020-12-15 | 2021-03-19 | 青岛海尔科技有限公司 | Target resource acquisition method and device, storage medium and electronic device |
| CN112861191A (en) * | 2021-04-23 | 2021-05-28 | 腾讯科技(深圳)有限公司 | Application program monitoring method and device |
| CN113761587A (en) * | 2020-09-23 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Method and device for signature verification |
| CN115001782A (en) * | 2022-05-26 | 2022-09-02 | 爱驰汽车有限公司 | Method, device and equipment for processing interface request parameters and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103902859A (en) * | 2013-12-25 | 2014-07-02 | 武汉安天信息技术有限责任公司 | Code protecting method and system based on hook technology in JAVA |
| CN104021321A (en) * | 2014-06-17 | 2014-09-03 | 北京奇虎科技有限公司 | Reinforcing protection method and device for software installation package |
| CN104199657A (en) * | 2014-08-27 | 2014-12-10 | 百度在线网络技术(北京)有限公司 | Call method and device for open platform |
| CN104268468A (en) * | 2014-09-25 | 2015-01-07 | 福建升腾资讯有限公司 | Protecting method and system of dynamic link library of Android system |
| CN104281788A (en) * | 2013-07-05 | 2015-01-14 | 腾讯科技(深圳)有限公司 | Terminal application protecting method and device |
| CN104615933A (en) * | 2015-01-27 | 2015-05-13 | 北京奇虎科技有限公司 | Method for preventing software decompilation and method and device for preventing decompilation software from starting |
| CN105068932A (en) * | 2015-08-25 | 2015-11-18 | 北京安普诺信息技术有限公司 | Android application program packing detection method |
-
2016
- 2016-05-10 CN CN201610308551.3A patent/CN106022098A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104281788A (en) * | 2013-07-05 | 2015-01-14 | 腾讯科技(深圳)有限公司 | Terminal application protecting method and device |
| CN103902859A (en) * | 2013-12-25 | 2014-07-02 | 武汉安天信息技术有限责任公司 | Code protecting method and system based on hook technology in JAVA |
| CN104021321A (en) * | 2014-06-17 | 2014-09-03 | 北京奇虎科技有限公司 | Reinforcing protection method and device for software installation package |
| CN104199657A (en) * | 2014-08-27 | 2014-12-10 | 百度在线网络技术(北京)有限公司 | Call method and device for open platform |
| CN104268468A (en) * | 2014-09-25 | 2015-01-07 | 福建升腾资讯有限公司 | Protecting method and system of dynamic link library of Android system |
| CN104615933A (en) * | 2015-01-27 | 2015-05-13 | 北京奇虎科技有限公司 | Method for preventing software decompilation and method and device for preventing decompilation software from starting |
| CN105068932A (en) * | 2015-08-25 | 2015-11-18 | 北京安普诺信息技术有限公司 | Android application program packing detection method |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106709324A (en) * | 2016-11-10 | 2017-05-24 | 京东方科技集团股份有限公司 | Method and equipment used for verifying application safety |
| WO2018086276A1 (en) * | 2016-11-10 | 2018-05-17 | 京东方科技集团股份有限公司 | Method and device used for verifying application security |
| US10621335B2 (en) | 2016-11-10 | 2020-04-14 | Boe Technology Group Co., Ltd. | Method and device for verifying security of application |
| CN106899593A (en) * | 2017-02-27 | 2017-06-27 | 深圳数字电视国家工程实验室股份有限公司 | A kind of APP beats again bag verification method and device |
| CN108197469A (en) * | 2017-11-28 | 2018-06-22 | 东软集团股份有限公司 | The method, apparatus and storage medium and electronic equipment of verification Application program |
| CN107870793A (en) * | 2017-12-22 | 2018-04-03 | 上海众人网络安全技术有限公司 | The method and device of SO files is loaded in a kind of application program |
| CN107870793B (en) * | 2017-12-22 | 2021-03-23 | 上海众人网络安全技术有限公司 | Method and device for loading SO file in application program |
| CN108399320A (en) * | 2018-02-24 | 2018-08-14 | 北京三快在线科技有限公司 | A kind of method and device of control application interior function operation |
| CN108427880A (en) * | 2018-03-07 | 2018-08-21 | 北京元心科技有限公司 | The method and device of program operation |
| CN108427880B (en) * | 2018-03-07 | 2022-09-16 | 北京元心科技有限公司 | Program running method and device |
| CN111787369A (en) * | 2019-04-03 | 2020-10-16 | 深圳Tcl数字技术有限公司 | Root authority control method and system for smart television and storage medium |
| CN111787369B (en) * | 2019-04-03 | 2022-05-03 | 深圳Tcl数字技术有限公司 | Root authority control method and system for smart television and storage medium |
| CN111046377A (en) * | 2019-12-25 | 2020-04-21 | 五八同城信息技术有限公司 | Method and device for loading dynamic link library, electronic equipment and storage medium |
| CN111046377B (en) * | 2019-12-25 | 2023-11-14 | 五八同城信息技术有限公司 | Method and device for loading dynamic link library, electronic equipment and storage medium |
| CN111353148A (en) * | 2020-02-07 | 2020-06-30 | 贝壳技术有限公司 | Method and equipment for determining whether application program is repackaged |
| CN111353148B (en) * | 2020-02-07 | 2022-10-14 | 贝壳技术有限公司 | Method and equipment for determining whether application program is repackaged |
| CN113761587A (en) * | 2020-09-23 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Method and device for signature verification |
| CN112529423A (en) * | 2020-12-15 | 2021-03-19 | 青岛海尔科技有限公司 | Target resource acquisition method and device, storage medium and electronic device |
| CN112861191A (en) * | 2021-04-23 | 2021-05-28 | 腾讯科技(深圳)有限公司 | Application program monitoring method and device |
| CN115001782A (en) * | 2022-05-26 | 2022-09-02 | 爱驰汽车有限公司 | Method, device and equipment for processing interface request parameters and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106022098A (en) | Signature verification method and device for application | |
| CN108399329B (en) | Method for improving security of trusted application program | |
| Sabt et al. | Trusted execution environment: What it is, and what it is not | |
| CN107679393B (en) | Android integrity verification method and device based on trusted execution environment | |
| CN102760219B (en) | A kind of Android platform software protection system, method and apparatus | |
| AU2009233685B2 (en) | Method and apparatus for incremental code signing | |
| Ekberg et al. | The untapped potential of trusted execution environments on mobile devices | |
| CN105956456B (en) | A kind of pair of android system carries out the implementation method of quadruple combinations signature verification | |
| AU2012337403B2 (en) | Cryptographic system and methodology for securing software cryptography | |
| CN106055936B (en) | Executable program data packet encrypting/decrypting method and device | |
| CN106355081A (en) | Android program start verification method and device | |
| CN105844150A (en) | Application program data protection method and device | |
| CN104751049B (en) | A kind of application program installation method and mobile terminal | |
| CN109960903A (en) | A kind of method, apparatus, electronic equipment and storage medium that application is reinforced | |
| CN104680061A (en) | Method and system for verifying code signing during startup of application in Android environment | |
| CN105718807A (en) | Android system based on software TCM and trusted software stack and trusted authentication system and method thereof | |
| CN111191195A (en) | Method and device for protecting APK | |
| Jung et al. | A secure platform for iot devices based on arm platform security architecture | |
| CN108804935A (en) | A kind of safety encryption storage system and method based on TrustZone | |
| Jung et al. | A secure platform model based on ARM platform security architecture for IoT devices | |
| Albakri et al. | Survey on Reverse‐Engineering Tools for Android Mobile Devices | |
| CN108416224A (en) | A kind of data encryption/decryption method and device | |
| Yalew et al. | TruApp: A TrustZone-based authenticity detection service for mobile apps | |
| Cooijmans et al. | Secure key storage and secure computation in Android | |
| US20170286665A1 (en) | Devices and methods for facilitating software signing by more than one signing authority |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20170123 Address after: 266000 Shandong Province, Qingdao city Laoshan District Songling Road No. 399 Applicant after: Poly Polytron Technologies Inc Address before: 266100 Laoshan, Qingdao province Hongkong District No. East Road, room 248, room 131 Applicant before: Hisense Media Networks Co., Ltd. |
|
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161012 |
|
| RJ01 | Rejection of invention patent application after publication |