CN107148014B - A kind of Android third party pushes Enhancement Method, relevant device and system - Google Patents

Abstract

The invention discloses a kind of Android third parties to push Enhancement Method, relevant device and system, and encryption and signature authentication to message are realized using asymmetric encryption；Message can sign to message, encrypted and be transmitted via HTTPS when sending；Client receives message, decrypts and verifies to message, while being detected using string matching form to the repeatability of message, and performance cost is smaller；In client key management aspect, realize that asymmetric cryptographic key is stored in by symmetric cryptography using in privately owned storage SharedPreferences by encryption and decryption logic by the library so.Method safety with higher provided by the invention can resist general message forgery, message leakage, message replay attack and third party and push not trusted problem.

Description

A kind of Android third party pushes Enhancement Method, relevant device and system

Technical field

The invention belongs to mobile security technical fields, push Enhancement Method, phase more particularly, to a kind of Android third party Close equipment and system.

Background technique

Push Service is nowadays in mobile intelligent terminal using more and more extensive, and push server only needs and application program Client maintains a socket connection, and developer actively can send message to application client by server-side, Push Service is widely used in sending the message such as activity notification, version updating.At home, since Android official pushes GCM (Google cloud messaging) can hardly be used, and major cell phone manufacturer and third party service provider are each provided with Free Push Service is used for developer.

Push Service alleviates the burden of developer, however some new safety have also been introduced while providing convenient in it Problem.There is scholar to research and analyse external cloud Push Service GCM (Google cloud messaging), ADM (Amazon at present Device Messaging) and used these clouds push apply in registration and upload information and use Existing some problems when PendingIntent, but it mentions private information using symmetric encipherment algorithm when providing solution For protection, while its unresolved message-replay problem.Then it concentrates and analyzes the domestic Push Service by third-party application (Service) component as the Push Service of the retransmission center type of propelling data the data forwarding process the problem of, And the protection scheme proposed using symmetric key based on encryption and HMAC operation proposes to use number for preventing playback attack It saves all methods using id according to library to solve, when message number accumulation is excessive, this strategy is whole in the mobile phone of scarcity of resources It is less feasible on end.It whether there is problem during integrated third party push for how to find to apply, one kind occur Based on FlowDroid can extensive automatic detection the software Seminal of security breaches is applied at push.

In conclusion it is less for the Study on Safety Problem of Android third party push at present, and currently existing scheme is based on Symmetric cryptography.There is no preferable solution for preventing playback attack, when the key of symmetric cryptography is once by application client When end, cloud Push Service quotient, application program service end are not intended to reveal, whole flow process will face the condition captured completely.Meanwhile Existing solution does not consider the insincere problem of third party cloud Push Service quotient.

Summary of the invention

Aiming at the above defects or improvement requirements of the prior art, the object of the present invention is to provide a kind of Android third parties Enhancement Method, relevant device and system are pushed, thus solves to be subject to message eavesdropping in the prior art, forge, message repetition Deng the not trusted technical problem of attack and third party's Push Service.

To achieve the above object, according to one aspect of the present invention, a kind of Android third party push Enhancement Method is provided, Include the following steps:

S1, client generate the asymmetric key pair RSA_KEYMSG for encrypting message, and by the private of RSA_KEYMSG Key is saved in privately owned SharedPreferences after being encrypted by the library so；

S2, the client are communicated by HTTPS with server end, and Xiang Suoshu server end transmits the public affairs of RSA_KEYMSG Key, so that the server end generates the asymmetric key pair RSA_KEYSIGN for information signature certification, and by RSA_ The public key of KEYSIGN is sent to the client as response；

The public key encryption of RSA_KEYSIGN is saved in privately owned by S3, the client by the library so In SharedPreferences, registration request is initiated to cloud push server；

S4, the client receive the message forwarded by the cloud push server, decrypt the message and carry out message Integrity verification and repeatability detection, wherein the message be by the server end use RSA_KEYSIGN private key It signs to message content, is then encrypted using the public key of RSA_KEYMSG, be subsequently sent to the cloud Push Service Device.

Preferably, step S4 specifically includes following sub-step:

S4.1, the client receive the message of the cloud push server forwarding；

S4.2, the client are obtained by the library so and decrypt the RSA_ being stored in SharedPreferences The private key of KEYMSG and the public key of RSA_KEYSIGN；

S4.3, message is decrypted using the private key of RSA_KEYMSG, terminated if decrypting failure；

If S4.3, successful decryption, the message is verified using the public key of RSA_KEYSIGN, if authentication failed Then terminate；

If S4.4, being proved to be successful, repeated judgement is carried out to the message, abandons message if repeating, otherwise message It receives successfully.

Preferably, step S4.4 specifically includes following sub-step:

S4.4.1, it is obtained and is decrypted by the library so and be stored in original message id character string in SharedPreferences, It updates after encrypting the message id of the message by the library so if not into SharedPreferences；

S4.4.2, if it exists original message id character string, then the message id of message described in matching judgment whether there is in original Have in message id character string, illustrate to repeat if it exists, then abandons this message；

S4.4.3, if it does not exist, then will be behind the message id string-concatenation of the message to original message id character string；

S4.4.4, judge whether newly-generated message id string length is greater than the threshold value of setting, if it is cut It is disconnected, first half is abandoned, is not otherwise modified, updates and arrives after new message id character string is encrypted by the library so In SharedPreferences.

It is another aspect of this invention to provide that providing a kind of Android third party push Enhancement Method, include the following steps:

The public key for the RSA_KEYMSG that A1, received server-side client are sent is generated for the non-of information signature certification Symmetric key is sent to client as response to RSA_KEYSIGN, and using the public key of RSA_KEYSIGN, wherein the RSA_ KEYMSG indicates the asymmetric key pair for encrypting message；

A2, the server end construct message, are signed using the private key of RSA_KEYSIGN to the message content, Then it is encrypted using the public key of RSA_KEYMSG, is subsequently sent to cloud push server, it will by the cloud push server The message is sent to the client, by the client according to the private key and RSA_KEYSIGN of RSA_KEYMSG Public key the message is decrypted and carry out message integrity verification and repeatability detection.

Preferably, step A2 includes following sub-step:

A2.1, the server end are integrally signed using the private key of RSA_KEYSIGN to sent message；

A2.2, the server end message and signature section to be sent using the public key encryption of RSA_KEYMSG；

A2.3, the server are delivered to cloud push server end by HTTPS, so that the cloud Push Service Device end forwards the message to the client by HTTPS.

It is another aspect of this invention to provide that providing a kind of client, comprising:

Key production module, for generating the asymmetric key pair RSA_KEYMSG for encrypting message；

Preserving module, it is privately owned for being saved in after encrypting the private key of RSA_KEYMSG by the library so In SharedPreferences；

First sending module, for being communicated by HTTPS with server end, Xiang Suoshu server end transmits RSA_KEYMSG Public key so that the server end generates the asymmetric key pair RSA_KEYSIGN for information signature certification, and by RSA_ The public key of KEYSIGN is sent to the client as response；

The preserving module is also used to be saved in the public key encryption of RSA_KEYSIGN by the library so privately owned In SharedPreferences；

Second sending module, for initiating registration request to cloud push server；

Receiving module, for receiving the message forwarded by the cloud push server；

Decryption verification module, for decrypt the message and carry out message integrity verification and repeatability detection, In, the message is signed using the private key of RSA_KEYSIGN to message content by the server end, is then used The public key of RSA_KEYMSG is encrypted, and the cloud push server is subsequently sent to.

It is another aspect of this invention to provide that providing a kind of server end, comprising:

Receiving module, the public key of the RSA_KEYMSG for receiving client transmission；

Key production module, for generating the asymmetric key pair RSA_KEYSIGN for being used for information signature certification；

First sending module, for the public key of RSA_KEYSIGN to be sent to client as response, wherein described RSA_KEYMSG indicates the asymmetric key pair for encrypting message；

Message constructing module signs the message content using the private key of RSA_KEYSIGN for constructing message Name, is then encrypted using the public key of RSA_KEYMSG；

Second sending module, for sending cloud push server for posttectonic message, by the cloud push server The message is sent to the client, by the client according to the private key and RSA_ of RSA_KEYMSG The public key of KEYSIGN is decrypted the message and carries out integrity verification and the repeatability detection of message.

It is another aspect of this invention to provide that providing a kind of Android third party push enhancing system, comprising: client, clothes Business device end and cloud push server；

The client, for generating the asymmetric key pair RSA_KEYMSG for encrypting message, and by RSA_ The private key of KEYMSG is saved in privately owned SharedPreferences after being encrypted by the library so；It is logical by HTTPS and server end Letter, Xiang Suoshu server end transmit the public key of RSA_KEYMSG；

The server end, for generating the asymmetric key pair RSA_KEYSIGN for being used for information signature certification, and will The public key of RSA_KEYSIGN is sent to the client as response；

The client is also used to be saved in the public key encryption of RSA_KEYSIGN by the library so privately owned In SharedPreferences, Xiang Suoshu cloud push server initiates registration request；

The server end is also used to construct message, is signed using the private key of RSA_KEYSIGN to the message content Name, is then encrypted using the public key of RSA_KEYMSG, is subsequently sent to the cloud push server；

The cloud push server, for sending the message to the client；

The client is also used to according to the private key of RSA_KEYMSG and the public key of RSA_KEYSIGN to the message It is decrypted and carries out integrity verification and the repeatability detection of message.

In general, through the invention it is contemplated above technical scheme is compared with the prior art, can obtain down and show Beneficial effect:

(1) present invention uses for reference unsymmetrical key thought, and the key of encryption and decryption is stored separately, while testing plus a set of signature Card scheme, compares existing symmetric encryption scheme, and safety is higher.Existing symmetric encryption scheme, when its Key Exposure The threats such as message is forged, message is revealed can be faced, using the present invention, when message encryption public key is revealed, attacker, which can forge, to disappear Breath, but since it does not have signature key, the message forged can not will be dropped by verifying；

(2) in order to reinforce the safety that message key is stored in client, realize encryption and decryption logic by key using the library so It is saved in the privately owned SharedPreferences of application after carrying out symmetric cryptography, to avoid because applications client is by decompiling Lead to Key Exposure, verifies the signature of application inside the library so furthermore to prevent others from usurping so file；

(3) preventing playback attack of the present invention for message, it is contemplated that the duplicate scene of real messages, using string-concatenation Inspection verifying is carried out with matched mode, using the method, when there are many message accumulation, required memory space is small to be verified simultaneously Speed is fast, has lesser performance consumption, furthermore in order to enhance safety, already present is disappeared by the encryption of the library so for matched Breath id character string is simultaneously stored in privately owned SharedPreferences.

Detailed description of the invention

Fig. 1 is the flow diagram that a kind of Android third party disclosed by the embodiments of the present invention pushes Enhancement Method；

Fig. 2 is a kind of flow diagram of client message verification method disclosed by the embodiments of the present invention；

Fig. 3 is a kind of flow diagram of client message De-weight method disclosed by the embodiments of the present invention；

Fig. 4 is the flow diagram that another Android third party disclosed by the embodiments of the present invention pushes Enhancement Method；

Fig. 5 is a kind of flow diagram of server end message constructing transmission method disclosed by the embodiments of the present invention；

Fig. 6 is the structural schematic diagram that a kind of Android third party disclosed by the embodiments of the present invention pushes enhancing system；

Fig. 7 is the flow diagram that another Android third party disclosed by the embodiments of the present invention pushes Enhancement Method.

Specific embodiment

In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.As long as in addition, technical characteristic involved in the various embodiments of the present invention described below Not constituting a conflict with each other can be combined with each other.

Technical term according to the present invention is explained and illustrated first below:

Android: by the Mobile operating system based on linux kernel of the leading exploitation of Google；

Android application: the application program in Android system is operated in, is mainly developed by Java language；

API: application programming interface (Application Programming Interface, API) is some preparatory The function of definition, it is therefore an objective to which application program and the developer energy that one group of routine of access is able to based on certain software or hardware are provided Power, and be not necessarily to access source code, or understand the details of internal work mechanism；

SDK: Software Development Kit (Software Development Kit, SDK) refers to that software engineer is specific The set of developing instrument when software package, software frame, hardware platform, operating system etc. establish application software；

Safety enhancing: improving system associated safety mechanism for one kind safety problem present in system, with solution Certainly such safety problem；

Socket connection: socket is a kind of programming interface, and two programs on network pass through a two-way communication link The exchange for realizing data is connect, the end of connection is known as socket；

GCM: full name is Google Cloud Messaging for Android, is the cloud PUSH message that Google newly releases Service；

The library so: so file used in Android is the function library of a c++, in JNI (the Java Native of Android Interface it in), corresponding C language is first packaged into the library so imported into lib file and call；

SharedPreferences: the storage class of a lightweight on Android platform, for saving some common of application Configuration.

Enhancement Method is pushed to Android third party provided by the present invention below in conjunction with specific embodiments and the drawings to do into one Walk explanation.

Android third party provided by the invention pushes Enhancement Method, and its purpose is to solve to push away using existing third party Using message forgery, leakage and the Replay Attack problem faced when sending；Message encryption and decryption is carried out using asymmetrical encryption approach And information signature certification, the safety problem for avoiding symmetric encryption scheme from causing in Key Exposure；Character string is used simultaneously The repeatability detection that message is carried out with form, solves Replay Attack, performance consumption is low；In client key management aspect, use So file realizes that the privately owned SharedPreferences of key encrypting storing to application is carried out key management by encryption and decryption logic, To prevent from leading to Key Exposure using by decompiling.

It is as shown in Figure 1 a kind of flow diagram of Android third party push Enhancement Method disclosed by the embodiments of the present invention； In method shown in Fig. 1 the following steps are included:

S1, client generate the asymmetric key pair RSA_KEYMSG for encrypting message, and by the private of RSA_KEYMSG Key is saved in privately owned SharedPreferences after being encrypted by the library so；

S2, client are communicated by HTTPS with server end, to the public key of server end transmitting RSA_KEYMSG, so that Server end generates the asymmetric key pair RSA_KEYSIGN for information signature certification, and the public key of RSA_KEYSIGN is made Client is sent to for response；

The public key encryption of RSA_KEYSIGN is saved in privately owned SharedPreferences by the library so by S3, client In, registration request is initiated to cloud push server；

S4, client receive the message forwarded by cloud push server, decrypt message and carry out the integrity verification of message And repeatability detection, wherein above-mentioned message is signed using the private key of RSA_KEYSIGN to message content by server end Name, is then encrypted using the public key of RSA_KEYMSG, is subsequently sent to cloud push server.

Wherein, it is illustrated in figure 2 a kind of flow diagram of client message verification method disclosed by the embodiments of the present invention, Specifically include following sub-step:

S4.1, client receive the message of cloud push server forwarding；

S4.2, client are obtained by the library so and decrypt the RSA_KEYMSG's being stored in SharedPreferences The public key of private key and RSA_KEYSIGN；

S4.3, message is decrypted using the private key of RSA_KEYMSG, terminated if decrypting failure；

If S4.3, successful decryption, above-mentioned message is verified using the public key of RSA_KEYSIGN, if authentication failed Then terminate；

If S4.4, being proved to be successful, repeated judgement is carried out to above-mentioned message, abandons message if repeating, otherwise message It receives successfully.

Wherein, it is illustrated in figure 3 a kind of flow diagram of client message De-weight method disclosed by the embodiments of the present invention, Specifically include following sub-step:

S4.4.1, it is obtained and is decrypted by the library so and be stored in original message id character string in SharedPreferences, It updates after encrypting the message id of the message by the library so if not into SharedPreferences；

S4.4.2, if it exists original message id character string, then the message id of message described in matching judgment whether there is in original Have in message id character string, illustrate to repeat if it exists, then abandons this message；

S4.4.3, if it does not exist, then will be behind the message id string-concatenation of above-mentioned message to original message id character string；

S4.4.4, judge whether newly-generated message id string length is greater than the threshold value of setting, if it is cut It is disconnected, first half is abandoned, is not otherwise modified, updates and arrives after new message id character string is encrypted by the library so In SharedPreferences, wherein the threshold value of setting can be rule of thumb determined.

It is illustrated in figure 4 the process signal that another Android third party disclosed by the embodiments of the present invention pushes Enhancement Method Figure, in method shown in Fig. 4 the following steps are included:

The public key for the RSA_KEYMSG that A1, received server-side client are sent is generated for the non-of information signature certification Symmetric key is sent to client as response to RSA_KEYSIGN, and using the public key of RSA_KEYSIGN, wherein above-mentioned RSA_ KEYMSG indicates the asymmetric key pair for encrypting message；

A2, server end construct message, are signed using the private key of RSA_KEYSIGN to above-mentioned message content, then It is encrypted using the public key of RSA_KEYMSG, is subsequently sent to cloud push server, by cloud push server by above-mentioned message It is sent to client, by client according to the private key of RSA_KEYMSG and the public key of RSA_KEYSIGN to above-mentioned message It is decrypted and carries out integrity verification and the repeatability detection of message.

Wherein, it is illustrated in figure 5 a kind of process of server end message constructing transmission method disclosed by the embodiments of the present invention Schematic diagram specifically includes following sub-step:

A2.1, server end are integrally signed using the private key of RSA_KEYSIGN to sent message；

A2.2, the server end message and signature section to be sent using the public key encryption of RSA_KEYMSG；

A2.3, server end are delivered to cloud push server end by HTTPS, so that cloud push server end is logical It crosses HTTPS and forwards the message to client.

It is illustrated in figure 6 the overall architecture that a kind of Android third party disclosed by the embodiments of the present invention pushes enhancing system, Client, server end are provided which corresponding API, and have built a third party and pushed platform.It is carried out first in push platform Registration then integrates corresponding SDK in client and server end, and server end and client generate unsymmetrical key It is right, corresponding public key is transmitted by https traffic between each other；Client is issued to cloud push server and is requested, and transmits message Encrypted public key, developer can be sent out in server end by integrating SDK or passing through console at cloud push server end later Send message to client, various pieces specifically execute operation are as follows:

Client, for generating the asymmetric key pair RSA_KEYMSG for encrypting message, and by RSA_KEYMSG's Private key is saved in privately owned SharedPreferences after being encrypted by the library so；It is communicated by HTTPS with server end, to clothes The public key of business device end transmitting RSA_KEYMSG；

Server end, for generating the asymmetric key pair RSA_KEYSIGN for being used for information signature certification, and by RSA_ The public key of KEYSIGN is sent to client as response；

Client is also used to be saved in the public key encryption of RSA_KEYSIGN by the library so privately owned In SharedPreferences, registration request is initiated to cloud push server；

Server end is also used to construct message, is signed using the private key of RSA_KEYSIGN to above-mentioned message content, Then it is encrypted using the public key of RSA_KEYMSG, is subsequently sent to cloud push server；

Cloud push server, for sending above-mentioned message to client；

Client is also used to carry out above-mentioned message according to the private key of RSA_KEYMSG and the public key of RSA_KEYSIGN Decrypt and carry out integrity verification and the repeatability detection of message.

It is illustrated in figure 7 the process signal that another Android third party disclosed by the embodiments of the present invention pushes Enhancement Method Figure；In method shown in Fig. 7 the following steps are included:

(1) client and server end integrate corresponding SDK；

(2) client generates the asymmetric key pair for encrypting message, and key is saved in by the library so privately owned In SharedPreferences；

(3) client is communicated by HTTPS with server end, the public key of transmitting encryption message；

(4) public key of received server-side message encryption generates the asymmetric key pair for information signature certification, will use Client is sent to as response in the public key of verifying；

(5) client saves the public key for being used for message authentication by the library so, initiates registration request to cloud push server, and The public key of transmitting encryption message；

(6) server end sends message, and cloud push platform forwards the message to client；

(7) client receives message, carries out inspection verifying to message.

As it will be easily appreciated by one skilled in the art that the foregoing is merely illustrative of the preferred embodiments of the present invention, not to The limitation present invention, any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should all include Within protection scope of the present invention.

Claims (6)

1. a kind of Android third party pushes Enhancement Method, which comprises the steps of:

S1, client generate the asymmetric key pair RSA_KEYMSG for encrypting message, and the private key of RSA_KEYMSG is led to It is saved in privately owned SharedPreferences after crossing the encryption of the library so；

S2, the client are communicated by HTTPS with server end, and Xiang Suoshu server end transmits the public key of RSA_KEYMSG, So that the server end generates the asymmetric key pair RSA_KEYSIGN for information signature certification, and by RSA_KEYSIGN Public key be sent to the client as response；

The public key encryption of RSA_KEYSIGN is saved in privately owned SharedPreferences by the library so by S3, the client In, registration request is initiated to cloud push server；

S4, the client receive the message forwarded by the cloud push server, decrypt the message and carry out the complete of message Integrity verification and repeatability detection, wherein the message is to be offseted by the server end using the private key of RSA_KEYSIGN Breath content is signed, and is then encrypted using the public key of RSA_KEYMSG, is subsequently sent to the cloud push server；

The client is decrypted the message and carries out integrity verification and the repeatability detection of message, specifically such as Under: the client receives the message of the cloud push server forwarding；The client is obtained by the library so and decrypts storage The private key of RSA_KEYMSG in SharedPreferences and the public key of RSA_KEYSIGN；Use RSA_KEYMSG's Private key decrypts message, terminates if decrypting failure；If successful decryption, using RSA_KEYSIGN public key to the message into Row signature authentication, terminates if authentification failure；If authenticating successfully, repeated judgement is carried out to the message, is lost if repeating Message is abandoned, otherwise message sink success；

The client carries out repeated detection to the message, specific as follows: obtaining and decrypts by the library so and is stored in Original message id character string in SharedPreferences, is encrypted the message id of the message by the library so if not After update in SharedPreferences；Original message id character string if it exists, then the message id of message described in matching judgment With the presence or absence of in original message id character string, illustrates to repeat if it exists, then abandon this message；If it does not exist, then disappear described Behind the message id string-concatenation of breath to original message id character string；Judge whether newly-generated message id string length is big It in the threshold value of setting, is if it is truncated, abandons first half, otherwise do not modify, new message id character string is passed through It updates after the encryption of the library so into SharedPreferences.

2. a kind of Android third party pushes Enhancement Method, which comprises the steps of:

The public key for the RSA_KEYMSG that A1, received server-side client are sent is generated for the asymmetric of information signature certification Key pair RSA_KEYSIGN, and the public key of RSA_KEYSIGN is sent to client as response, wherein the RSA_ KEYMSG indicates the asymmetric key pair for encrypting message；

A2, the server end construct message, are signed using the private key of RSA_KEYSIGN to the message content, then It is encrypted using the public key of RSA_KEYMSG, is subsequently sent to cloud push server, it will be described by the cloud push server Message is sent to the client, by the client according to the private key of RSA_KEYMSG and the public affairs of RSA_KEYSIGN Key is decrypted the message and carries out integrity verification and the repeatability detection of message；

The client is decrypted the message and carries out integrity verification and the repeatability detection of message, specifically such as Under: the client receives the message of the cloud push server forwarding；The client is obtained by the library so and decrypts storage The private key of RSA_KEYMSG in SharedPreferences and the public key of RSA_KEYSIGN；Use RSA_KEYMSG's Private key decrypts message, terminates if decrypting failure；If successful decryption, using RSA_KEYSIGN public key to the message into Row signature authentication, terminates if authentification failure；If authenticating successfully, repeated judgement is carried out to the message, is lost if repeating Message is abandoned, otherwise message sink success；

The client carries out repeated detection to the message, specific as follows: obtaining and decrypts by the library so and is stored in Original message id character string in SharedPreferences, is encrypted the message id of the message by the library so if not After update in SharedPreferences；Original message id character string if it exists, then the message id of message described in matching judgment With the presence or absence of in original message id character string, illustrates to repeat if it exists, then abandon this message；If it does not exist, then disappear described Behind the message id string-concatenation of breath to original message id character string；Judge whether newly-generated message id string length is big It in the threshold value of setting, is if it is truncated, abandons first half, otherwise do not modify, new message id character string is passed through It updates after the encryption of the library so into SharedPreferences.

3. according to the method described in claim 2, it is characterized in that, step A2 includes following sub-step:

A2.1, the server end are integrally signed using the private key of RSA_KEYSIGN to sent message；

A2.2, the server end message and signature section to be sent using the public key encryption of RSA_KEYMSG；

A2.3, the server end are delivered to cloud push server end by HTTPS, so that the cloud push server End forwards the message to the client by HTTPS.

4. a kind of client characterized by comprising

Key production module, for generating the asymmetric key pair RSA_KEYMSG for encrypting message；

Preserving module, for being saved in privately owned SharedPreferences after encrypting the private key of RSA_KEYMSG by the library so In；

First sending module, for being communicated by HTTPS with server end, Xiang Suoshu server end transmits the public affairs of RSA_KEYMSG Key, so that the server end generates the asymmetric key pair RSA_KEYSIGN for information signature certification, and by RSA_ The public key of KEYSIGN is sent to the client as response；

The preserving module is also used to be saved in the public key encryption of RSA_KEYSIGN by the library so privately owned In SharedPreferences；

Second sending module, for initiating registration request to cloud push server；

Receiving module, for receiving the message forwarded by the cloud push server；

Decryption verification module, for decrypt the message and carry out message integrity verification and repeatability detection, wherein institute Stating message is signed using the private key of RSA_KEYSIGN to message content by the server end, and RSA_ is then used The public key of KEYMSG is encrypted, and the cloud push server is subsequently sent to；

The client is decrypted the message and carries out integrity verification and the repeatability detection of message, specifically such as Under: the client receives the message of the cloud push server forwarding；The client is obtained by the library so and decrypts storage The private key of RSA_KEYMSG in SharedPreferences and the public key of RSA_KEYSIGN；Use RSA_KEYMSG's Private key decrypts message, terminates if decrypting failure；If successful decryption, using RSA_KEYSIGN public key to the message into Row signature authentication, terminates if authentification failure；If authenticating successfully, repeated judgement is carried out to the message, is lost if repeating Message is abandoned, otherwise message sink success；

The client carries out repeated detection to the message, specific as follows: obtaining and decrypts by the library so and is stored in Original message id character string in SharedPreferences, is encrypted the message id of the message by the library so if not After update in SharedPreferences；Original message id character string if it exists, then the message id of message described in matching judgment With the presence or absence of in original message id character string, illustrates to repeat if it exists, then abandon this message；If it does not exist, then disappear described Behind the message id string-concatenation of breath to original message id character string；Judge whether newly-generated message id string length is big It in the threshold value of setting, is if it is truncated, abandons first half, otherwise do not modify, new message id character string is passed through It updates after the encryption of the library so into SharedPreferences.

5. a kind of server end characterized by comprising

Receiving module, the public key of the RSA_KEYMSG for receiving client transmission；

Key production module, for generating the asymmetric key pair RSA_KEYSIGN for being used for information signature certification；

First sending module, for the public key of RSA_KEYSIGN to be sent to client as response, wherein the RSA_ KEYMSG indicates the asymmetric key pair for encrypting message；

Message constructing module is signed to the message content using the private key of RSA_KEYSIGN, is connect for constructing message Encrypted using the public key of RSA_KEYMSG；

Second sending module, for sending cloud push server for posttectonic message, by the cloud push server by institute It states message to be sent to the client, by the client according to the private key of RSA_KEYMSG and RSA_KEYSIGN Public key is decrypted the message and carries out integrity verification and the repeatability detection of message；

The client is decrypted the message and carries out integrity verification and the repeatability detection of message, specifically such as Under: the client receives the message of the cloud push server forwarding；The client is obtained by the library so and decrypts storage The private key of RSA_KEYMSG in SharedPreferences and the public key of RSA_KEYSIGN；Use RSA_KEYMSG's Private key decrypts message, terminates if decrypting failure；If successful decryption, using RSA_KEYSIGN public key to the message into Row signature authentication, terminates if authentification failure；If authenticating successfully, repeated judgement is carried out to the message, is lost if repeating Message is abandoned, otherwise message sink success；

The client carries out repeated detection to the message, specific as follows: obtaining and decrypts by the library so and is stored in Original message id character string in SharedPreferences, is encrypted the message id of the message by the library so if not After update in SharedPreferences；Original message id character string if it exists, then the message id of message described in matching judgment With the presence or absence of in original message id character string, illustrates to repeat if it exists, then abandon this message；If it does not exist, then disappear described Behind the message id string-concatenation of breath to original message id character string；Judge whether newly-generated message id string length is big It in the threshold value of setting, is if it is truncated, abandons first half, otherwise do not modify, new message id character string is passed through It updates after the encryption of the library so into SharedPreferences.

6. a kind of Android third party pushes enhancing system characterized by comprising client, server end and cloud push clothes Business device；

The client, for generating the asymmetric key pair RSA_KEYMSG for encrypting message, and by RSA_KEYMSG's Private key is saved in privately owned SharedPreferences after being encrypted by the library so；It is communicated by HTTPS with server end, to institute State the public key of server end transmitting RSA_KEYMSG；

The server end, for generating the asymmetric key pair RSA_KEYSIGN for being used for information signature certification, and by RSA_ The public key of KEYSIGN is sent to the client as response；

The client is also used to be saved in the public key encryption of RSA_KEYSIGN by the library so privately owned In SharedPreferences, Xiang Suoshu cloud push server initiates registration request；

The server end is also used to construct message, is signed using the private key of RSA_KEYSIGN to the message content, Then it is encrypted using the public key of RSA_KEYMSG, is subsequently sent to the cloud push server；

The cloud push server, for sending the message to the client；

The client is also used to carry out the message according to the private key of RSA_KEYMSG and the public key of RSA_KEYSIGN Decrypt and carry out integrity verification and the repeatability detection of message；

The client is decrypted the message and carries out integrity verification and the repeatability detection of message, specifically such as Under: the client receives the message of the cloud push server forwarding；The client is obtained by the library so and decrypts storage The private key of RSA_KEYMSG in SharedPreferences and the public key of RSA_KEYSIGN；Use RSA_KEYMSG's Private key decrypts message, terminates if decrypting failure；If successful decryption, using RSA_KEYSIGN public key to the message into Row signature authentication, terminates if authentification failure；If authenticating successfully, repeated judgement is carried out to the message, is lost if repeating Message is abandoned, otherwise message sink success；

The client carries out repeated detection to the message, specific as follows: obtaining and decrypts by the library so and is stored in Original message id character string in SharedPreferences, is encrypted the message id of the message by the library so if not After update in SharedPreferences；Original message id character string if it exists, then the message id of message described in matching judgment With the presence or absence of in original message id character string, illustrates to repeat if it exists, then abandon this message；If it does not exist, then disappear described Behind the message id string-concatenation of breath to original message id character string；Judge whether newly-generated message id string length is big It in the threshold value of setting, is if it is truncated, abandons first half, otherwise do not modify, new message id character string is passed through It updates after the encryption of the library so into SharedPreferences.