CN107148014B - A kind of Android third party pushes Enhancement Method, relevant device and system - Google Patents
A kind of Android third party pushes Enhancement Method, relevant device and system Download PDFInfo
- Publication number
- CN107148014B CN107148014B CN201710338121.0A CN201710338121A CN107148014B CN 107148014 B CN107148014 B CN 107148014B CN 201710338121 A CN201710338121 A CN 201710338121A CN 107148014 B CN107148014 B CN 107148014B
- Authority
- CN
- China
- Prior art keywords
- message
- rsa
- client
- keymsg
- keysign
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of Android third parties to push Enhancement Method, relevant device and system, and encryption and signature authentication to message are realized using asymmetric encryption;Message can sign to message, encrypted and be transmitted via HTTPS when sending;Client receives message, decrypts and verifies to message, while being detected using string matching form to the repeatability of message, and performance cost is smaller;In client key management aspect, realize that asymmetric cryptographic key is stored in by symmetric cryptography using in privately owned storage SharedPreferences by encryption and decryption logic by the library so.Method safety with higher provided by the invention can resist general message forgery, message leakage, message replay attack and third party and push not trusted problem.
Description
Technical field
The invention belongs to mobile security technical fields, push Enhancement Method, phase more particularly, to a kind of Android third party
Close equipment and system.
Background technique
Push Service is nowadays in mobile intelligent terminal using more and more extensive, and push server only needs and application program
Client maintains a socket connection, and developer actively can send message to application client by server-side,
Push Service is widely used in sending the message such as activity notification, version updating.At home, since Android official pushes GCM
(Google cloud messaging) can hardly be used, and major cell phone manufacturer and third party service provider are each provided with
Free Push Service is used for developer.
Push Service alleviates the burden of developer, however some new safety have also been introduced while providing convenient in it
Problem.There is scholar to research and analyse external cloud Push Service GCM (Google cloud messaging), ADM (Amazon at present
Device Messaging) and used these clouds push apply in registration and upload information and use
Existing some problems when PendingIntent, but it mentions private information using symmetric encipherment algorithm when providing solution
For protection, while its unresolved message-replay problem.Then it concentrates and analyzes the domestic Push Service by third-party application
(Service) component as the Push Service of the retransmission center type of propelling data the data forwarding process the problem of,
And the protection scheme proposed using symmetric key based on encryption and HMAC operation proposes to use number for preventing playback attack
It saves all methods using id according to library to solve, when message number accumulation is excessive, this strategy is whole in the mobile phone of scarcity of resources
It is less feasible on end.It whether there is problem during integrated third party push for how to find to apply, one kind occur
Based on FlowDroid can extensive automatic detection the software Seminal of security breaches is applied at push.
In conclusion it is less for the Study on Safety Problem of Android third party push at present, and currently existing scheme is based on
Symmetric cryptography.There is no preferable solution for preventing playback attack, when the key of symmetric cryptography is once by application client
When end, cloud Push Service quotient, application program service end are not intended to reveal, whole flow process will face the condition captured completely.Meanwhile
Existing solution does not consider the insincere problem of third party cloud Push Service quotient.
Summary of the invention
Aiming at the above defects or improvement requirements of the prior art, the object of the present invention is to provide a kind of Android third parties
Enhancement Method, relevant device and system are pushed, thus solves to be subject to message eavesdropping in the prior art, forge, message repetition
Deng the not trusted technical problem of attack and third party's Push Service.
To achieve the above object, according to one aspect of the present invention, a kind of Android third party push Enhancement Method is provided,
Include the following steps:
S1, client generate the asymmetric key pair RSA_KEYMSG for encrypting message, and by the private of RSA_KEYMSG
Key is saved in privately owned SharedPreferences after being encrypted by the library so;
S2, the client are communicated by HTTPS with server end, and Xiang Suoshu server end transmits the public affairs of RSA_KEYMSG
Key, so that the server end generates the asymmetric key pair RSA_KEYSIGN for information signature certification, and by RSA_
The public key of KEYSIGN is sent to the client as response;
The public key encryption of RSA_KEYSIGN is saved in privately owned by S3, the client by the library so
In SharedPreferences, registration request is initiated to cloud push server;
S4, the client receive the message forwarded by the cloud push server, decrypt the message and carry out message
Integrity verification and repeatability detection, wherein the message be by the server end use RSA_KEYSIGN private key
It signs to message content, is then encrypted using the public key of RSA_KEYMSG, be subsequently sent to the cloud Push Service
Device.
Preferably, step S4 specifically includes following sub-step:
S4.1, the client receive the message of the cloud push server forwarding;
S4.2, the client are obtained by the library so and decrypt the RSA_ being stored in SharedPreferences
The private key of KEYMSG and the public key of RSA_KEYSIGN;
S4.3, message is decrypted using the private key of RSA_KEYMSG, terminated if decrypting failure;
If S4.3, successful decryption, the message is verified using the public key of RSA_KEYSIGN, if authentication failed
Then terminate;
If S4.4, being proved to be successful, repeated judgement is carried out to the message, abandons message if repeating, otherwise message
It receives successfully.
Preferably, step S4.4 specifically includes following sub-step:
S4.4.1, it is obtained and is decrypted by the library so and be stored in original message id character string in SharedPreferences,
It updates after encrypting the message id of the message by the library so if not into SharedPreferences;
S4.4.2, if it exists original message id character string, then the message id of message described in matching judgment whether there is in original
Have in message id character string, illustrate to repeat if it exists, then abandons this message;
S4.4.3, if it does not exist, then will be behind the message id string-concatenation of the message to original message id character string;
S4.4.4, judge whether newly-generated message id string length is greater than the threshold value of setting, if it is cut
It is disconnected, first half is abandoned, is not otherwise modified, updates and arrives after new message id character string is encrypted by the library so
In SharedPreferences.
It is another aspect of this invention to provide that providing a kind of Android third party push Enhancement Method, include the following steps:
The public key for the RSA_KEYMSG that A1, received server-side client are sent is generated for the non-of information signature certification
Symmetric key is sent to client as response to RSA_KEYSIGN, and using the public key of RSA_KEYSIGN, wherein the RSA_
KEYMSG indicates the asymmetric key pair for encrypting message;
A2, the server end construct message, are signed using the private key of RSA_KEYSIGN to the message content,
Then it is encrypted using the public key of RSA_KEYMSG, is subsequently sent to cloud push server, it will by the cloud push server
The message is sent to the client, by the client according to the private key and RSA_KEYSIGN of RSA_KEYMSG
Public key the message is decrypted and carry out message integrity verification and repeatability detection.
Preferably, step A2 includes following sub-step:
A2.1, the server end are integrally signed using the private key of RSA_KEYSIGN to sent message;
A2.2, the server end message and signature section to be sent using the public key encryption of RSA_KEYMSG;
A2.3, the server are delivered to cloud push server end by HTTPS, so that the cloud Push Service
Device end forwards the message to the client by HTTPS.
It is another aspect of this invention to provide that providing a kind of client, comprising:
Key production module, for generating the asymmetric key pair RSA_KEYMSG for encrypting message;
Preserving module, it is privately owned for being saved in after encrypting the private key of RSA_KEYMSG by the library so
In SharedPreferences;
First sending module, for being communicated by HTTPS with server end, Xiang Suoshu server end transmits RSA_KEYMSG
Public key so that the server end generates the asymmetric key pair RSA_KEYSIGN for information signature certification, and by RSA_
The public key of KEYSIGN is sent to the client as response;
The preserving module is also used to be saved in the public key encryption of RSA_KEYSIGN by the library so privately owned
In SharedPreferences;
Second sending module, for initiating registration request to cloud push server;
Receiving module, for receiving the message forwarded by the cloud push server;
Decryption verification module, for decrypt the message and carry out message integrity verification and repeatability detection,
In, the message is signed using the private key of RSA_KEYSIGN to message content by the server end, is then used
The public key of RSA_KEYMSG is encrypted, and the cloud push server is subsequently sent to.
It is another aspect of this invention to provide that providing a kind of server end, comprising:
Receiving module, the public key of the RSA_KEYMSG for receiving client transmission;
Key production module, for generating the asymmetric key pair RSA_KEYSIGN for being used for information signature certification;
First sending module, for the public key of RSA_KEYSIGN to be sent to client as response, wherein described
RSA_KEYMSG indicates the asymmetric key pair for encrypting message;
Message constructing module signs the message content using the private key of RSA_KEYSIGN for constructing message
Name, is then encrypted using the public key of RSA_KEYMSG;
Second sending module, for sending cloud push server for posttectonic message, by the cloud push server
The message is sent to the client, by the client according to the private key and RSA_ of RSA_KEYMSG
The public key of KEYSIGN is decrypted the message and carries out integrity verification and the repeatability detection of message.
It is another aspect of this invention to provide that providing a kind of Android third party push enhancing system, comprising: client, clothes
Business device end and cloud push server;
The client, for generating the asymmetric key pair RSA_KEYMSG for encrypting message, and by RSA_
The private key of KEYMSG is saved in privately owned SharedPreferences after being encrypted by the library so;It is logical by HTTPS and server end
Letter, Xiang Suoshu server end transmit the public key of RSA_KEYMSG;
The server end, for generating the asymmetric key pair RSA_KEYSIGN for being used for information signature certification, and will
The public key of RSA_KEYSIGN is sent to the client as response;
The client is also used to be saved in the public key encryption of RSA_KEYSIGN by the library so privately owned
In SharedPreferences, Xiang Suoshu cloud push server initiates registration request;
The server end is also used to construct message, is signed using the private key of RSA_KEYSIGN to the message content
Name, is then encrypted using the public key of RSA_KEYMSG, is subsequently sent to the cloud push server;
The cloud push server, for sending the message to the client;
The client is also used to according to the private key of RSA_KEYMSG and the public key of RSA_KEYSIGN to the message
It is decrypted and carries out integrity verification and the repeatability detection of message.
In general, through the invention it is contemplated above technical scheme is compared with the prior art, can obtain down and show
Beneficial effect:
(1) present invention uses for reference unsymmetrical key thought, and the key of encryption and decryption is stored separately, while testing plus a set of signature
Card scheme, compares existing symmetric encryption scheme, and safety is higher.Existing symmetric encryption scheme, when its Key Exposure
The threats such as message is forged, message is revealed can be faced, using the present invention, when message encryption public key is revealed, attacker, which can forge, to disappear
Breath, but since it does not have signature key, the message forged can not will be dropped by verifying;
(2) in order to reinforce the safety that message key is stored in client, realize encryption and decryption logic by key using the library so
It is saved in the privately owned SharedPreferences of application after carrying out symmetric cryptography, to avoid because applications client is by decompiling
Lead to Key Exposure, verifies the signature of application inside the library so furthermore to prevent others from usurping so file;
(3) preventing playback attack of the present invention for message, it is contemplated that the duplicate scene of real messages, using string-concatenation
Inspection verifying is carried out with matched mode, using the method, when there are many message accumulation, required memory space is small to be verified simultaneously
Speed is fast, has lesser performance consumption, furthermore in order to enhance safety, already present is disappeared by the encryption of the library so for matched
Breath id character string is simultaneously stored in privately owned SharedPreferences.
Detailed description of the invention
Fig. 1 is the flow diagram that a kind of Android third party disclosed by the embodiments of the present invention pushes Enhancement Method;
Fig. 2 is a kind of flow diagram of client message verification method disclosed by the embodiments of the present invention;
Fig. 3 is a kind of flow diagram of client message De-weight method disclosed by the embodiments of the present invention;
Fig. 4 is the flow diagram that another Android third party disclosed by the embodiments of the present invention pushes Enhancement Method;
Fig. 5 is a kind of flow diagram of server end message constructing transmission method disclosed by the embodiments of the present invention;
Fig. 6 is the structural schematic diagram that a kind of Android third party disclosed by the embodiments of the present invention pushes enhancing system;
Fig. 7 is the flow diagram that another Android third party disclosed by the embodiments of the present invention pushes Enhancement Method.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.As long as in addition, technical characteristic involved in the various embodiments of the present invention described below
Not constituting a conflict with each other can be combined with each other.
Technical term according to the present invention is explained and illustrated first below:
Android: by the Mobile operating system based on linux kernel of the leading exploitation of Google;
Android application: the application program in Android system is operated in, is mainly developed by Java language;
API: application programming interface (Application Programming Interface, API) is some preparatory
The function of definition, it is therefore an objective to which application program and the developer energy that one group of routine of access is able to based on certain software or hardware are provided
Power, and be not necessarily to access source code, or understand the details of internal work mechanism;
SDK: Software Development Kit (Software Development Kit, SDK) refers to that software engineer is specific
The set of developing instrument when software package, software frame, hardware platform, operating system etc. establish application software;
Safety enhancing: improving system associated safety mechanism for one kind safety problem present in system, with solution
Certainly such safety problem;
Socket connection: socket is a kind of programming interface, and two programs on network pass through a two-way communication link
The exchange for realizing data is connect, the end of connection is known as socket;
GCM: full name is Google Cloud Messaging for Android, is the cloud PUSH message that Google newly releases
Service;
The library so: so file used in Android is the function library of a c++, in JNI (the Java Native of Android
Interface it in), corresponding C language is first packaged into the library so imported into lib file and call;
SharedPreferences: the storage class of a lightweight on Android platform, for saving some common of application
Configuration.
Enhancement Method is pushed to Android third party provided by the present invention below in conjunction with specific embodiments and the drawings to do into one
Walk explanation.
Android third party provided by the invention pushes Enhancement Method, and its purpose is to solve to push away using existing third party
Using message forgery, leakage and the Replay Attack problem faced when sending;Message encryption and decryption is carried out using asymmetrical encryption approach
And information signature certification, the safety problem for avoiding symmetric encryption scheme from causing in Key Exposure;Character string is used simultaneously
The repeatability detection that message is carried out with form, solves Replay Attack, performance consumption is low;In client key management aspect, use
So file realizes that the privately owned SharedPreferences of key encrypting storing to application is carried out key management by encryption and decryption logic,
To prevent from leading to Key Exposure using by decompiling.
It is as shown in Figure 1 a kind of flow diagram of Android third party push Enhancement Method disclosed by the embodiments of the present invention;
In method shown in Fig. 1 the following steps are included:
S1, client generate the asymmetric key pair RSA_KEYMSG for encrypting message, and by the private of RSA_KEYMSG
Key is saved in privately owned SharedPreferences after being encrypted by the library so;
S2, client are communicated by HTTPS with server end, to the public key of server end transmitting RSA_KEYMSG, so that
Server end generates the asymmetric key pair RSA_KEYSIGN for information signature certification, and the public key of RSA_KEYSIGN is made
Client is sent to for response;
The public key encryption of RSA_KEYSIGN is saved in privately owned SharedPreferences by the library so by S3, client
In, registration request is initiated to cloud push server;
S4, client receive the message forwarded by cloud push server, decrypt message and carry out the integrity verification of message
And repeatability detection, wherein above-mentioned message is signed using the private key of RSA_KEYSIGN to message content by server end
Name, is then encrypted using the public key of RSA_KEYMSG, is subsequently sent to cloud push server.
Wherein, it is illustrated in figure 2 a kind of flow diagram of client message verification method disclosed by the embodiments of the present invention,
Specifically include following sub-step:
S4.1, client receive the message of cloud push server forwarding;
S4.2, client are obtained by the library so and decrypt the RSA_KEYMSG's being stored in SharedPreferences
The public key of private key and RSA_KEYSIGN;
S4.3, message is decrypted using the private key of RSA_KEYMSG, terminated if decrypting failure;
If S4.3, successful decryption, above-mentioned message is verified using the public key of RSA_KEYSIGN, if authentication failed
Then terminate;
If S4.4, being proved to be successful, repeated judgement is carried out to above-mentioned message, abandons message if repeating, otherwise message
It receives successfully.
Wherein, it is illustrated in figure 3 a kind of flow diagram of client message De-weight method disclosed by the embodiments of the present invention,
Specifically include following sub-step:
S4.4.1, it is obtained and is decrypted by the library so and be stored in original message id character string in SharedPreferences,
It updates after encrypting the message id of the message by the library so if not into SharedPreferences;
S4.4.2, if it exists original message id character string, then the message id of message described in matching judgment whether there is in original
Have in message id character string, illustrate to repeat if it exists, then abandons this message;
S4.4.3, if it does not exist, then will be behind the message id string-concatenation of above-mentioned message to original message id character string;
S4.4.4, judge whether newly-generated message id string length is greater than the threshold value of setting, if it is cut
It is disconnected, first half is abandoned, is not otherwise modified, updates and arrives after new message id character string is encrypted by the library so
In SharedPreferences, wherein the threshold value of setting can be rule of thumb determined.
It is illustrated in figure 4 the process signal that another Android third party disclosed by the embodiments of the present invention pushes Enhancement Method
Figure, in method shown in Fig. 4 the following steps are included:
The public key for the RSA_KEYMSG that A1, received server-side client are sent is generated for the non-of information signature certification
Symmetric key is sent to client as response to RSA_KEYSIGN, and using the public key of RSA_KEYSIGN, wherein above-mentioned RSA_
KEYMSG indicates the asymmetric key pair for encrypting message;
A2, server end construct message, are signed using the private key of RSA_KEYSIGN to above-mentioned message content, then
It is encrypted using the public key of RSA_KEYMSG, is subsequently sent to cloud push server, by cloud push server by above-mentioned message
It is sent to client, by client according to the private key of RSA_KEYMSG and the public key of RSA_KEYSIGN to above-mentioned message
It is decrypted and carries out integrity verification and the repeatability detection of message.
Wherein, it is illustrated in figure 5 a kind of process of server end message constructing transmission method disclosed by the embodiments of the present invention
Schematic diagram specifically includes following sub-step:
A2.1, server end are integrally signed using the private key of RSA_KEYSIGN to sent message;
A2.2, the server end message and signature section to be sent using the public key encryption of RSA_KEYMSG;
A2.3, server end are delivered to cloud push server end by HTTPS, so that cloud push server end is logical
It crosses HTTPS and forwards the message to client.
It is illustrated in figure 6 the overall architecture that a kind of Android third party disclosed by the embodiments of the present invention pushes enhancing system,
Client, server end are provided which corresponding API, and have built a third party and pushed platform.It is carried out first in push platform
Registration then integrates corresponding SDK in client and server end, and server end and client generate unsymmetrical key
It is right, corresponding public key is transmitted by https traffic between each other;Client is issued to cloud push server and is requested, and transmits message
Encrypted public key, developer can be sent out in server end by integrating SDK or passing through console at cloud push server end later
Send message to client, various pieces specifically execute operation are as follows:
Client, for generating the asymmetric key pair RSA_KEYMSG for encrypting message, and by RSA_KEYMSG's
Private key is saved in privately owned SharedPreferences after being encrypted by the library so;It is communicated by HTTPS with server end, to clothes
The public key of business device end transmitting RSA_KEYMSG;
Server end, for generating the asymmetric key pair RSA_KEYSIGN for being used for information signature certification, and by RSA_
The public key of KEYSIGN is sent to client as response;
Client is also used to be saved in the public key encryption of RSA_KEYSIGN by the library so privately owned
In SharedPreferences, registration request is initiated to cloud push server;
Server end is also used to construct message, is signed using the private key of RSA_KEYSIGN to above-mentioned message content,
Then it is encrypted using the public key of RSA_KEYMSG, is subsequently sent to cloud push server;
Cloud push server, for sending above-mentioned message to client;
Client is also used to carry out above-mentioned message according to the private key of RSA_KEYMSG and the public key of RSA_KEYSIGN
Decrypt and carry out integrity verification and the repeatability detection of message.
It is illustrated in figure 7 the process signal that another Android third party disclosed by the embodiments of the present invention pushes Enhancement Method
Figure;In method shown in Fig. 7 the following steps are included:
(1) client and server end integrate corresponding SDK;
(2) client generates the asymmetric key pair for encrypting message, and key is saved in by the library so privately owned
In SharedPreferences;
(3) client is communicated by HTTPS with server end, the public key of transmitting encryption message;
(4) public key of received server-side message encryption generates the asymmetric key pair for information signature certification, will use
Client is sent to as response in the public key of verifying;
(5) client saves the public key for being used for message authentication by the library so, initiates registration request to cloud push server, and
The public key of transmitting encryption message;
(6) server end sends message, and cloud push platform forwards the message to client;
(7) client receives message, carries out inspection verifying to message.
As it will be easily appreciated by one skilled in the art that the foregoing is merely illustrative of the preferred embodiments of the present invention, not to
The limitation present invention, any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should all include
Within protection scope of the present invention.
Claims (6)
1. a kind of Android third party pushes Enhancement Method, which comprises the steps of:
S1, client generate the asymmetric key pair RSA_KEYMSG for encrypting message, and the private key of RSA_KEYMSG is led to
It is saved in privately owned SharedPreferences after crossing the encryption of the library so;
S2, the client are communicated by HTTPS with server end, and Xiang Suoshu server end transmits the public key of RSA_KEYMSG,
So that the server end generates the asymmetric key pair RSA_KEYSIGN for information signature certification, and by RSA_KEYSIGN
Public key be sent to the client as response;
The public key encryption of RSA_KEYSIGN is saved in privately owned SharedPreferences by the library so by S3, the client
In, registration request is initiated to cloud push server;
S4, the client receive the message forwarded by the cloud push server, decrypt the message and carry out the complete of message
Integrity verification and repeatability detection, wherein the message is to be offseted by the server end using the private key of RSA_KEYSIGN
Breath content is signed, and is then encrypted using the public key of RSA_KEYMSG, is subsequently sent to the cloud push server;
The client is decrypted the message and carries out integrity verification and the repeatability detection of message, specifically such as
Under: the client receives the message of the cloud push server forwarding;The client is obtained by the library so and decrypts storage
The private key of RSA_KEYMSG in SharedPreferences and the public key of RSA_KEYSIGN;Use RSA_KEYMSG's
Private key decrypts message, terminates if decrypting failure;If successful decryption, using RSA_KEYSIGN public key to the message into
Row signature authentication, terminates if authentification failure;If authenticating successfully, repeated judgement is carried out to the message, is lost if repeating
Message is abandoned, otherwise message sink success;
The client carries out repeated detection to the message, specific as follows: obtaining and decrypts by the library so and is stored in
Original message id character string in SharedPreferences, is encrypted the message id of the message by the library so if not
After update in SharedPreferences;Original message id character string if it exists, then the message id of message described in matching judgment
With the presence or absence of in original message id character string, illustrates to repeat if it exists, then abandon this message;If it does not exist, then disappear described
Behind the message id string-concatenation of breath to original message id character string;Judge whether newly-generated message id string length is big
It in the threshold value of setting, is if it is truncated, abandons first half, otherwise do not modify, new message id character string is passed through
It updates after the encryption of the library so into SharedPreferences.
2. a kind of Android third party pushes Enhancement Method, which comprises the steps of:
The public key for the RSA_KEYMSG that A1, received server-side client are sent is generated for the asymmetric of information signature certification
Key pair RSA_KEYSIGN, and the public key of RSA_KEYSIGN is sent to client as response, wherein the RSA_
KEYMSG indicates the asymmetric key pair for encrypting message;
A2, the server end construct message, are signed using the private key of RSA_KEYSIGN to the message content, then
It is encrypted using the public key of RSA_KEYMSG, is subsequently sent to cloud push server, it will be described by the cloud push server
Message is sent to the client, by the client according to the private key of RSA_KEYMSG and the public affairs of RSA_KEYSIGN
Key is decrypted the message and carries out integrity verification and the repeatability detection of message;
The client is decrypted the message and carries out integrity verification and the repeatability detection of message, specifically such as
Under: the client receives the message of the cloud push server forwarding;The client is obtained by the library so and decrypts storage
The private key of RSA_KEYMSG in SharedPreferences and the public key of RSA_KEYSIGN;Use RSA_KEYMSG's
Private key decrypts message, terminates if decrypting failure;If successful decryption, using RSA_KEYSIGN public key to the message into
Row signature authentication, terminates if authentification failure;If authenticating successfully, repeated judgement is carried out to the message, is lost if repeating
Message is abandoned, otherwise message sink success;
The client carries out repeated detection to the message, specific as follows: obtaining and decrypts by the library so and is stored in
Original message id character string in SharedPreferences, is encrypted the message id of the message by the library so if not
After update in SharedPreferences;Original message id character string if it exists, then the message id of message described in matching judgment
With the presence or absence of in original message id character string, illustrates to repeat if it exists, then abandon this message;If it does not exist, then disappear described
Behind the message id string-concatenation of breath to original message id character string;Judge whether newly-generated message id string length is big
It in the threshold value of setting, is if it is truncated, abandons first half, otherwise do not modify, new message id character string is passed through
It updates after the encryption of the library so into SharedPreferences.
3. according to the method described in claim 2, it is characterized in that, step A2 includes following sub-step:
A2.1, the server end are integrally signed using the private key of RSA_KEYSIGN to sent message;
A2.2, the server end message and signature section to be sent using the public key encryption of RSA_KEYMSG;
A2.3, the server end are delivered to cloud push server end by HTTPS, so that the cloud push server
End forwards the message to the client by HTTPS.
4. a kind of client characterized by comprising
Key production module, for generating the asymmetric key pair RSA_KEYMSG for encrypting message;
Preserving module, for being saved in privately owned SharedPreferences after encrypting the private key of RSA_KEYMSG by the library so
In;
First sending module, for being communicated by HTTPS with server end, Xiang Suoshu server end transmits the public affairs of RSA_KEYMSG
Key, so that the server end generates the asymmetric key pair RSA_KEYSIGN for information signature certification, and by RSA_
The public key of KEYSIGN is sent to the client as response;
The preserving module is also used to be saved in the public key encryption of RSA_KEYSIGN by the library so privately owned
In SharedPreferences;
Second sending module, for initiating registration request to cloud push server;
Receiving module, for receiving the message forwarded by the cloud push server;
Decryption verification module, for decrypt the message and carry out message integrity verification and repeatability detection, wherein institute
Stating message is signed using the private key of RSA_KEYSIGN to message content by the server end, and RSA_ is then used
The public key of KEYMSG is encrypted, and the cloud push server is subsequently sent to;
The client is decrypted the message and carries out integrity verification and the repeatability detection of message, specifically such as
Under: the client receives the message of the cloud push server forwarding;The client is obtained by the library so and decrypts storage
The private key of RSA_KEYMSG in SharedPreferences and the public key of RSA_KEYSIGN;Use RSA_KEYMSG's
Private key decrypts message, terminates if decrypting failure;If successful decryption, using RSA_KEYSIGN public key to the message into
Row signature authentication, terminates if authentification failure;If authenticating successfully, repeated judgement is carried out to the message, is lost if repeating
Message is abandoned, otherwise message sink success;
The client carries out repeated detection to the message, specific as follows: obtaining and decrypts by the library so and is stored in
Original message id character string in SharedPreferences, is encrypted the message id of the message by the library so if not
After update in SharedPreferences;Original message id character string if it exists, then the message id of message described in matching judgment
With the presence or absence of in original message id character string, illustrates to repeat if it exists, then abandon this message;If it does not exist, then disappear described
Behind the message id string-concatenation of breath to original message id character string;Judge whether newly-generated message id string length is big
It in the threshold value of setting, is if it is truncated, abandons first half, otherwise do not modify, new message id character string is passed through
It updates after the encryption of the library so into SharedPreferences.
5. a kind of server end characterized by comprising
Receiving module, the public key of the RSA_KEYMSG for receiving client transmission;
Key production module, for generating the asymmetric key pair RSA_KEYSIGN for being used for information signature certification;
First sending module, for the public key of RSA_KEYSIGN to be sent to client as response, wherein the RSA_
KEYMSG indicates the asymmetric key pair for encrypting message;
Message constructing module is signed to the message content using the private key of RSA_KEYSIGN, is connect for constructing message
Encrypted using the public key of RSA_KEYMSG;
Second sending module, for sending cloud push server for posttectonic message, by the cloud push server by institute
It states message to be sent to the client, by the client according to the private key of RSA_KEYMSG and RSA_KEYSIGN
Public key is decrypted the message and carries out integrity verification and the repeatability detection of message;
The client is decrypted the message and carries out integrity verification and the repeatability detection of message, specifically such as
Under: the client receives the message of the cloud push server forwarding;The client is obtained by the library so and decrypts storage
The private key of RSA_KEYMSG in SharedPreferences and the public key of RSA_KEYSIGN;Use RSA_KEYMSG's
Private key decrypts message, terminates if decrypting failure;If successful decryption, using RSA_KEYSIGN public key to the message into
Row signature authentication, terminates if authentification failure;If authenticating successfully, repeated judgement is carried out to the message, is lost if repeating
Message is abandoned, otherwise message sink success;
The client carries out repeated detection to the message, specific as follows: obtaining and decrypts by the library so and is stored in
Original message id character string in SharedPreferences, is encrypted the message id of the message by the library so if not
After update in SharedPreferences;Original message id character string if it exists, then the message id of message described in matching judgment
With the presence or absence of in original message id character string, illustrates to repeat if it exists, then abandon this message;If it does not exist, then disappear described
Behind the message id string-concatenation of breath to original message id character string;Judge whether newly-generated message id string length is big
It in the threshold value of setting, is if it is truncated, abandons first half, otherwise do not modify, new message id character string is passed through
It updates after the encryption of the library so into SharedPreferences.
6. a kind of Android third party pushes enhancing system characterized by comprising client, server end and cloud push clothes
Business device;
The client, for generating the asymmetric key pair RSA_KEYMSG for encrypting message, and by RSA_KEYMSG's
Private key is saved in privately owned SharedPreferences after being encrypted by the library so;It is communicated by HTTPS with server end, to institute
State the public key of server end transmitting RSA_KEYMSG;
The server end, for generating the asymmetric key pair RSA_KEYSIGN for being used for information signature certification, and by RSA_
The public key of KEYSIGN is sent to the client as response;
The client is also used to be saved in the public key encryption of RSA_KEYSIGN by the library so privately owned
In SharedPreferences, Xiang Suoshu cloud push server initiates registration request;
The server end is also used to construct message, is signed using the private key of RSA_KEYSIGN to the message content,
Then it is encrypted using the public key of RSA_KEYMSG, is subsequently sent to the cloud push server;
The cloud push server, for sending the message to the client;
The client is also used to carry out the message according to the private key of RSA_KEYMSG and the public key of RSA_KEYSIGN
Decrypt and carry out integrity verification and the repeatability detection of message;
The client is decrypted the message and carries out integrity verification and the repeatability detection of message, specifically such as
Under: the client receives the message of the cloud push server forwarding;The client is obtained by the library so and decrypts storage
The private key of RSA_KEYMSG in SharedPreferences and the public key of RSA_KEYSIGN;Use RSA_KEYMSG's
Private key decrypts message, terminates if decrypting failure;If successful decryption, using RSA_KEYSIGN public key to the message into
Row signature authentication, terminates if authentification failure;If authenticating successfully, repeated judgement is carried out to the message, is lost if repeating
Message is abandoned, otherwise message sink success;
The client carries out repeated detection to the message, specific as follows: obtaining and decrypts by the library so and is stored in
Original message id character string in SharedPreferences, is encrypted the message id of the message by the library so if not
After update in SharedPreferences;Original message id character string if it exists, then the message id of message described in matching judgment
With the presence or absence of in original message id character string, illustrates to repeat if it exists, then abandon this message;If it does not exist, then disappear described
Behind the message id string-concatenation of breath to original message id character string;Judge whether newly-generated message id string length is big
It in the threshold value of setting, is if it is truncated, abandons first half, otherwise do not modify, new message id character string is passed through
It updates after the encryption of the library so into SharedPreferences.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710338121.0A CN107148014B (en) | 2017-05-15 | 2017-05-15 | A kind of Android third party pushes Enhancement Method, relevant device and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710338121.0A CN107148014B (en) | 2017-05-15 | 2017-05-15 | A kind of Android third party pushes Enhancement Method, relevant device and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107148014A CN107148014A (en) | 2017-09-08 |
CN107148014B true CN107148014B (en) | 2019-06-07 |
Family
ID=59777041
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710338121.0A Active CN107148014B (en) | 2017-05-15 | 2017-05-15 | A kind of Android third party pushes Enhancement Method, relevant device and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107148014B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108900472B (en) * | 2018-05-31 | 2021-11-30 | 北京五八信息技术有限公司 | Information transmission method and device |
CN109672670A (en) * | 2018-12-11 | 2019-04-23 | 中新金桥数字科技(北京)有限公司 | A method of based on mobile phone H5 safe web page playing stream media |
CN112887972A (en) * | 2021-01-13 | 2021-06-01 | 浙江工业大学 | Android local area network secure communication method based on asymmetric encryption and APP |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101267303A (en) * | 2007-03-13 | 2008-09-17 | 中兴通讯股份有限公司 | Communication method between service nodes |
CN105939343A (en) * | 2016-04-14 | 2016-09-14 | 江苏马上游科技股份有限公司 | Client and server bidirectional authentication method based on information secondary coding |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9141831B2 (en) * | 2010-07-08 | 2015-09-22 | Texas Instruments Incorporated | Scheduler, security context cache, packet processor, and authentication, encryption modules |
US9553982B2 (en) * | 2013-07-06 | 2017-01-24 | Newvoicemedia, Ltd. | System and methods for tamper proof interaction recording and timestamping |
-
2017
- 2017-05-15 CN CN201710338121.0A patent/CN107148014B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101267303A (en) * | 2007-03-13 | 2008-09-17 | 中兴通讯股份有限公司 | Communication method between service nodes |
CN105939343A (en) * | 2016-04-14 | 2016-09-14 | 江苏马上游科技股份有限公司 | Client and server bidirectional authentication method based on information secondary coding |
Also Published As
Publication number | Publication date |
---|---|
CN107148014A (en) | 2017-09-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111541785B (en) | Block chain data processing method and device based on cloud computing | |
CN110162992B (en) | Data processing method, data processing device and computer system | |
KR101786132B1 (en) | Low-latency peer session establishment | |
US8707043B2 (en) | Split termination of secure communication sessions with mutual certificate-based authentication | |
US10680816B2 (en) | Method and system for improving the data security during a communication process | |
WO2019218919A1 (en) | Private key management method and apparatus in blockchain scenario, and system | |
WO2016107203A1 (en) | Identity authentication method and device | |
CN113268715A (en) | Software encryption method, device, equipment and storage medium | |
CN102315945A (en) | Unified identity authentication method based on private agreement | |
US9787651B2 (en) | Method and device for establishing session keys | |
CN110096894B (en) | Data anonymous sharing system and method based on block chain | |
CN107148014B (en) | A kind of Android third party pushes Enhancement Method, relevant device and system | |
CN111355695B (en) | Security agent method and device | |
CN111885058B (en) | Lightweight message transmission method for end-to-end intelligent device communication in Internet of things cloud | |
CN113132087A (en) | Internet of things, identity authentication and secret communication method, chip, equipment and medium | |
CN109272314A (en) | A kind of safety communicating method and system cooperateing with signature calculation based on two sides | |
CN111404695A (en) | Token request verification method and device | |
US11689517B2 (en) | Method for distributed application segmentation through authorization | |
CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
CN111901335B (en) | Block chain data transmission management method and system based on middle station | |
Mtetwa et al. | OTA firmware updates for LoRaWAN using blockchain | |
CN112804260A (en) | Information transmission method and node based on block chain | |
WO2021027504A1 (en) | Consensus protocol-based information processing method, and related device | |
CN116684104A (en) | RSA2 signature rechecking method and device of API (application program interface), electronic equipment and medium | |
CN115001744B (en) | Cloud platform data integrity verification method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |