CN108229144B - Verification method of application program, terminal equipment and storage medium - Google Patents
Verification method of application program, terminal equipment and storage medium Download PDFInfo
- Publication number
- CN108229144B CN108229144B CN201810031252.9A CN201810031252A CN108229144B CN 108229144 B CN108229144 B CN 108229144B CN 201810031252 A CN201810031252 A CN 201810031252A CN 108229144 B CN108229144 B CN 108229144B
- Authority
- CN
- China
- Prior art keywords
- application program
- ciphertext
- application
- core component
- generate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The application is applicable to the technical field of information security, and provides an application program verification method, terminal equipment and a storage medium, wherein the application program verification method comprises the following steps: when the application program is installed, the core component of the application program is encrypted to generate a ciphertext, the generated ciphertext is stored in a preset storage space, the core component of the application program is encrypted again to generate the ciphertext under a preset trigger mechanism, the regenerated ciphertext is matched with the ciphertext stored in the storage space, if the matching fails, the application program is forbidden to run or the running application program is stopped forcibly, and the legality of the installed application program can be verified through the application.
Description
Technical Field
The present application belongs to the technical field of information security, and in particular, to a verification method for an application program, a terminal device, and a storage medium.
Background
Android is a linux-based operating system with free and open source codes, and is mainly used for mobile devices such as smart phones and tablet computers. With the rapid development of the internet, a large number of application programs based on the android system are born.
The Android system application program is usually subjected to security verification during installation, and after the installation is completed, verification of the installed application program is not provided any more. However, applications may also be tampered with by an attack after installation is complete. Therefore, the existing application program verification method cannot play a role in verifying the validity of the installed application program.
Disclosure of Invention
In view of this, embodiments of the present application provide an application program verification method, a terminal device, and a storage medium, so as to solve the problem that the validity of an application program cannot be verified after the application program is installed.
A first aspect of an embodiment of the present application provides a method for verifying an application program, including:
when the application program is installed, encrypting the core component of the application program to generate a ciphertext, and storing the generated ciphertext in a preset storage space;
under a preset trigger mechanism, re-encrypting the core component of the application program to generate a ciphertext, and matching the re-generated ciphertext with the ciphertext stored in the storage space;
and if the matching fails, forbidding the application program to run or forcibly stopping the running application program.
A second aspect of an embodiment of the present application provides a terminal device, including:
the ciphertext generating module is used for encrypting the core component of the application program to generate a ciphertext when the application program is installed, and storing the generated ciphertext in a preset storage space;
the matching module is used for encrypting the core component of the application program again to generate a ciphertext under a preset trigger mechanism and matching the regenerated ciphertext with the ciphertext stored in the storage space;
and the processing module is used for forbidding the application program to run or forcibly stopping the running application program if the matching fails.
A third aspect of an embodiment of the present application provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the method provided in the first aspect of the embodiment of the present application when executing the computer program.
A fourth aspect of embodiments of the present application provides a computer-readable storage medium storing a computer program which, when executed by one or more processors, performs the steps of the method provided by the first aspect of embodiments of the present application.
A fifth aspect of embodiments of the present application provides a computer program product comprising a computer program that, when executed by one or more processors, performs the steps of the method provided by the first aspect of embodiments of the present application.
In the embodiment of the application, when the application is installed, the core component of the application is encrypted to generate a ciphertext, the generated ciphertext is stored in a preset storage space, the core component of the application is encrypted again to generate the ciphertext under a preset trigger mechanism, the regenerated ciphertext is matched with the ciphertext stored in the storage space, if the matching fails, the application is prohibited from running or the application in running is stopped forcibly, because the core component of the application is encrypted to generate the ciphertext and stored in the preset storage space as a standard ciphertext when the application is installed, the core component of the application can be encrypted to generate the ciphertext in the same way after the application is installed, and then the ciphertext generated by the current core component of the application is matched with the standard ciphertext, if the matching is successful, it indicates that the current core component of the application program is not tampered by the attack, and if the matching is failed, it indicates that the current core component of the application program is tampered by the attack, it is necessary to set a prohibition on the running of the application program or a forced stop of the running application program, so that after the application program is installed, the validity of the application program can be effectively verified, and the attack behavior of the hacked application program on the terminal device is avoided.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic implementation flow diagram of a verification method for an application according to an embodiment of the present application;
fig. 2 is a schematic flow chart illustrating an implementation of a verification method for an application according to another embodiment of the present application;
fig. 3 is a schematic block diagram of a terminal device provided in an embodiment of the present application;
fig. 4 is a schematic block diagram of a terminal device according to another embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the present application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of the present application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
In order to explain the technical solution described in the present application, the following description will be given by way of specific examples.
Fig. 1 is a schematic implementation flow diagram of a verification method for an application program according to an embodiment of the present application, and as shown in the figure, the method may include the following steps:
step S101, when the installation of the application program is completed, encrypting the core component of the application program to generate a ciphertext, and storing the generated ciphertext in a preset storage space.
In the embodiment of the application, security authentication can be performed before the application is installed, and if the authentication passes, the application is installed, so that the application can be determined not to be hacked during installation, and when the application is installed, a core component of the application is encrypted to generate a ciphertext, and the generated ciphertext is stored in a preset storage space. In practical application, any time after the installation of the application program is completed can be set. In order to ensure that the core component corresponding to the ciphertext stored in the preset storage space is not tampered by an attack, the core component of the application program can be encrypted to generate the ciphertext when the installation of the application program is completed.
The core components include, but are not limited to: and the method comprises the steps of applying a dynamic library, a base.apk file under a data directory, a dex file, a parameter file and a javascript script file. Of course, other files that are preset may also be included.
The preset storage space may be a plurality of preset storage blocks, each storage block, after data (e.g., ciphertext) is written, sets an application program associated with the data stored in the storage block for the storage block, and sets the storage block to be non-writable; when the application program related to the data stored in the storage block is uninstalled, the storage block is set to allow deletion, namely, the data stored in the storage block can be deleted; after deleting the data stored in the memory block, the memory block is set to allow writing, i.e., writable data (the ciphertext of the core component of the other application or the ciphertext of the core component of the application to be downloaded again). Similarly, after rewriting data (e.g., ciphertext), the application associated with the data stored in the memory block is set while the memory block is set as non-writable, … ….
And step S102, under a preset trigger mechanism, re-encrypting the core component of the application program to generate a ciphertext, and matching the re-generated ciphertext with the ciphertext stored in the storage space.
In an embodiment of the present application, the preset trigger mechanism includes: and when a starting instruction of the application program is detected and/or a trigger instruction of a preset time interval in the running process of the application program is detected. Namely, the re-encrypting the core component of the application program to generate the ciphertext under the preset trigger mechanism includes:
when a starting instruction of the application program is detected, re-encrypting the core component of the application program to generate a ciphertext;
and/or, during the running process of the application program, re-encrypting the core component of the application program at a preset time interval to generate a ciphertext.
Of course, in practical applications, during the running process of the application program, the core component of the application program may be re-encrypted at regular time to generate the ciphertext.
Since the regenerated ciphertext needs to be matched with the ciphertext stored in the storage space, the process of encrypting the core component of the application program again to generate the ciphertext is consistent with the process of encrypting the core component of the application program to generate the ciphertext when the application program is installed.
And step S103, if the matching fails, the application program is prohibited from running or the running application program is forcibly stopped.
In the embodiment of the application, if the core component of the application is re-encrypted to generate the ciphertext when the starting instruction of the application is detected, the application is prohibited from being started and operated after the matching fails; and if the core component of the application program is re-encrypted at a preset time interval to generate a ciphertext in the running process of the application program, forcibly stopping the running application program.
After the matching fails, prompt information can be displayed through a visual interface, and the prompt information is used for prompting that the application program is tampered by attack.
And if the matching is successful, the core component of the application program is not tampered by the attack.
In the embodiment of the application, if the core component of the application is re-encrypted to generate the ciphertext when the starting instruction of the application is detected, the application is started after matching is successful; and if the core component of the application program is re-encrypted at a preset time interval to generate a ciphertext in the running process of the application program, maintaining the current running state of the application program after matching is successful.
The embodiment of the application encrypts the core component of the application program to generate a ciphertext and stores the ciphertext in a preset storage space as a standard ciphertext when the application program is installed, after the application program is installed, the core components of the application program can be encrypted in the same way to generate a ciphertext, then matching the cipher text generated by the current core component of the application program with the standard cipher text, if the matching is successful, if the matching fails, the current core component of the application program is tampered with by the attack, the running of the application program needs to be prohibited or the running application program needs to be forcibly stopped, therefore, after the application program is installed, the validity of the application program can be effectively verified, and the attack behavior of the hacked and tampered application program on the terminal equipment is avoided.
Fig. 2 is a flowchart illustrating a verification method for an application according to another embodiment of the present application, where the method may include the following steps:
step S201, when receiving an installation instruction of an application program, performs signature authentication on the application program.
In the embodiment of the application, a verification process is also provided when the application is installed, so as to ensure that the installed application is an application which is not tampered by an attack. For example, the private key in the RSA key pair is signed, and the public key is verified to verify the application software publisher, so that in practical application, the system can be protected by fixing the public key to install only the application program signed by the trusted person.
Step S202, if the signature authentication of the application program passes, the application program is installed.
Step S203, when the installation of the application program is completed, calculating a hash value for the core component by an application protection program stored in a system partition, wherein the system partition is set to be unwritable.
In the embodiment of the application, the system partition is a partition in an Android system, the middle layer of the Android system is in the system partition, and the system partition can be set to be unwritable by a system kernel, so that the system partition cannot be tampered even if a root right is obtained after an application layer attack. The application protection program exists in the system partition code space, so the application protection program cannot be tampered. And acquiring the core component of the application software through the application protection program which cannot be tampered, and calculating the hash value of the core component.
Step S204, when the installation of the application program is completed, an encryption node provided by a system kernel is called through the application protection program, and the encryption node is set to be called by the application protection program.
In the embodiment of the application, the encryption node provided by the system kernel is called by the application protection program which cannot be tampered, the encryption node may be set to be called only by the application protection program, and of course, to ensure sufficient security, the encryption node may also be set to be called only once. And an encryption node provided by a system kernel adopts a symmetric key encryption algorithm, a key is unique and secret for each terminal device, and if the encryption node is set to be only called by the application protection program, an intermediate layer of the android system cannot be obtained. Firstly, the application protection program cannot be tampered, and secondly, the encryption node can only be called by the application protection program which cannot be tampered, so that the safety of an encryption algorithm is guaranteed.
Step S205, encrypt the hash value by the encryption node to generate a ciphertext, and store the generated ciphertext in a preset storage space.
In the embodiment of the application, the hash value obtained according to the core component of the application program is encrypted through a secure encryption algorithm to generate the ciphertext, so that the security and the uniqueness of the generated ciphertext are ensured. Therefore, even if the attack program tampers the core component of the application program through the root authority, the attack program cannot call the encryption node provided by the system kernel, so that the attack program cannot recalculate the ciphertext generated by the tampered core component, once the application protection program regenerates the ciphertext according to the tampered core component, matching fails, and at this time, the application program is only prohibited from starting or forcibly stopped from running.
In addition, even if the attack program tampers the ciphertext stored in the preset storage space through the root authority, the attack program cannot recalculate the ciphertext corresponding to the tampered core component because the attack program cannot call the encrypted node provided by the system kernel. Therefore, the ciphertext in the preset storage space cannot be updated in the way expected by the attack program.
Of course, in practical application, the core component may be directly encrypted by the encryption node to generate the ciphertext, without obtaining the hash value according to the core component first and then encrypting the hash value by the encryption node to generate the ciphertext.
And step S206, under a preset trigger mechanism, re-encrypting the core component of the application program to generate a ciphertext, and matching the re-generated ciphertext with the ciphertext stored in the storage space.
The content of the step is the same as that of step S102, and the description of step S102 may be specifically referred to, which is not repeated herein.
Step S207, if the matching fails, prohibiting the application program from running or forcibly stopping the running application program, unloading the application program in the terminal equipment, downloading the application program from a preset downloading node, and installing the re-downloaded application program.
In this embodiment of the application, if only the application program in the operation or the forced stop of the operation of the application program is prohibited, the application program is not usable, and after the application program in the operation or the forced stop of the operation of the application program is prohibited, the application program in the terminal device may be uninstalled, the application program may be downloaded from a preset download node, and a newly downloaded application program may be installed. Of course, the step of installing the newly downloaded application may be performed in the manner described with reference to step S201 to step S205.
In the embodiment of the application, the application protection program stored in the system partition which is set to be unwritable calculates the hash value of the core component, and the encryption node which can be called only by the application protection program is called by the application protection program to encrypt the hash value to generate the ciphertext serving as the standard ciphertext, so that the standard ciphertext has safety and uniqueness. In this way, after the core component of the application program regenerates the ciphertext, the regenerated ciphertext is matched with the standard ciphertext, so that the application program is not tampered by attack under the condition of successful matching, and the application program is tampered by attack under the condition of failed matching.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
Fig. 3 is a schematic block diagram of a terminal device according to an embodiment of the present application, and only a part related to the embodiment of the present application is shown for convenience of description.
The terminal device 3 may be a software unit, a hardware unit, or a combination of software and hardware unit built in an existing terminal device such as a mobile phone and a notebook, may be integrated into the existing terminal device such as a mobile phone and a notebook as an independent pendant, and may exist as an independent terminal device.
The terminal device 3 includes:
the ciphertext generating module 31 is configured to encrypt the core component of the application program to generate a ciphertext when the application program is installed, and store the generated ciphertext in a preset storage space;
the matching module 32 is configured to re-encrypt the core component of the application program to generate a ciphertext under a preset trigger mechanism, and match the re-generated ciphertext with the ciphertext stored in the storage space;
and the processing module 33 is configured to prohibit the application program from running or forcibly stop the running application program if the matching fails.
Optionally, the matching module 32 is further configured to:
when a starting instruction of the application program is detected, re-encrypting the core component of the application program to generate a ciphertext;
and/or, during the running process of the application program, re-encrypting the core component of the application program at a preset time interval to generate a ciphertext.
Optionally, the ciphertext generating module 31 includes:
a hash value calculation unit 311 for calculating a hash value for the core component by an application protection program stored in a system partition set to be unwritable;
an encrypted node calling unit 312, configured to call, by the application protection program, an encrypted node provided by a system kernel, where the encrypted node is set to be called by the application protection program;
a ciphertext generating unit 313, configured to encrypt the hash value by the encryption node to generate a ciphertext.
Optionally, the terminal device 3 further includes:
the signature authentication module 34 is configured to perform signature authentication on the application program when receiving an installation instruction of the application program;
and the installation module 35 is configured to install the application program if the signature authentication of the application program passes.
Optionally, the processing module 33 is further configured to:
and if the matching fails, displaying prompt information through a visual interface, wherein the prompt information is used for prompting that the application program is attacked and tampered.
Optionally, the core component includes: and the method comprises the steps of applying a dynamic library, a base.apk file under a data directory, a dex file, a parameter file and a javascript script file.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional units and modules is merely used as an example, and in practical applications, the foregoing function distribution may be performed by different functional units and modules as needed, that is, the internal structure of the terminal device is divided into different functional units or modules to perform all or part of the above-described functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the above-mentioned apparatus may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
Fig. 4 is a schematic block diagram of a terminal device according to another embodiment of the present application. As shown in fig. 4, the terminal device 4 of this embodiment includes: one or more processors 40, a memory 41, and a computer program 42 stored in the memory 41 and executable on the processors 40. The processor 40 implements the steps in the above embodiments of the authentication method for each application program when executing the computer program 42, such as the steps S101 to S103 shown in fig. 1. Alternatively, the processor 40, when executing the computer program 42, implements the functions of the modules/units in the terminal device embodiments described above, such as the functions of the modules 31 to 33 shown in fig. 3.
Illustratively, the computer program 42 may be partitioned into one or more modules/units that are stored in the memory 41 and executed by the processor 40 to accomplish the present application. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program 42 in the terminal device 4. For example, the computer program 42 may be divided into a ciphertext generation module, a matching module, and a processing module.
The ciphertext generating module is used for encrypting the core component of the application program to generate a ciphertext when the installation of the application program is finished, and storing the generated ciphertext in a preset storage space;
the matching module is used for encrypting the core component of the application program again to generate a ciphertext under a preset trigger mechanism, and matching the regenerated ciphertext with the ciphertext stored in the storage space;
and the processing module is used for forbidding the application program to run or forcibly stopping the running application program if the matching fails.
Other modules or units can refer to the description of the embodiment shown in fig. 3, and are not described again here.
The terminal device includes, but is not limited to, a processor 40, and a memory 41. Those skilled in the art will appreciate that fig. 4 is only one example of a terminal device 4 and does not constitute a limitation of terminal device 4 and may include more or fewer components than shown, or some components may be combined, or different components, for example, the terminal device may also include an input device, an output device, a network access device, a bus, etc.
The Processor 40 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 41 may be an internal storage unit of the terminal device 4, such as a hard disk or a memory of the terminal device 4. The memory 41 may also be an external storage device of the terminal device 4, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the terminal device 4. Further, the memory 41 may also include both an internal storage unit and an external storage device of the terminal device 4. The memory 41 is used for storing the computer program and other programs and data required by the terminal device. The memory 41 may also be used to temporarily store data that has been output or is to be output.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed terminal device and method may be implemented in other ways. For example, the above-described terminal device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical function division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow in the method of the embodiments described above can be realized by a computer program, which can be stored in a computer-readable storage medium and can realize the steps of the embodiments of the methods described above when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain other components which may be suitably increased or decreased as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media which may not include electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.
Claims (9)
1. A method for authenticating an application, comprising:
when the application program is installed, encrypting the core component of the application program to generate a ciphertext, and storing the generated ciphertext in a preset storage space; wherein the encrypting the core component of the application program to generate the ciphertext comprises: calculating a hash value for the core component by an application protection program stored in a system partition, the system partition being set by a system kernel to be unwriteable; calling an encryption node provided by a system kernel through the application protection program, wherein the encryption node is set to be called by the application protection program; encrypting the hash value through the encryption node to generate a ciphertext;
under a preset trigger mechanism, re-encrypting the core component of the application program to generate a ciphertext, and matching the re-generated ciphertext with the ciphertext stored in the storage space;
and if the matching fails, forbidding the application program to run or forcibly stopping the running application program.
2. The method for verifying the application program according to claim 1, wherein the re-encrypting the core component of the application program to generate the ciphertext under the preset trigger mechanism comprises:
when a starting instruction of the application program is detected, re-encrypting the core component of the application program to generate a ciphertext;
and/or, during the running process of the application program, re-encrypting the core component of the application program at a preset time interval to generate a ciphertext.
3. The method for authenticating an application program according to claim 1, wherein the authentication method further comprises:
when an installation instruction of the application program is received, performing signature authentication on the application program;
and if the signature authentication of the application program passes, installing the application program.
4. The method for authenticating an application according to claim 1, wherein if the matching fails, further comprising:
and displaying prompt information through a visual interface, wherein the prompt information is used for prompting that the application program is tampered by attack.
5. A method of validating an application program as claimed in any one of claims 1 to 4, wherein the core component comprises: and the method comprises the steps of applying a dynamic library, a base.apk file under a data directory, a dex file, a parameter file and a javascript script file.
6. A terminal device, comprising:
the system comprises a ciphertext generation module, a storage module and a processing module, wherein the ciphertext generation module is used for encrypting a core component of an application program to generate a ciphertext and storing the generated ciphertext in a preset storage space when the application program is installed; wherein the encrypting the core component of the application program to generate the ciphertext comprises: calculating a hash value for the core component by an application protection program stored in a system partition, the system partition being set by a system kernel to be unwriteable; calling an encryption node provided by a system kernel through the application protection program, wherein the encryption node is set to be called by the application protection program; encrypting the hash value through the encryption node to generate a ciphertext;
the matching module is used for encrypting the core component of the application program again to generate a ciphertext under a preset trigger mechanism and matching the regenerated ciphertext with the ciphertext stored in the storage space;
and the processing module is used for forbidding the application program to run or forcibly stopping the running application program if the matching fails.
7. The terminal device of claim 6, wherein the matching module is further configured to:
when a starting instruction of the application program is detected, re-encrypting the core component of the application program to generate a ciphertext;
and/or, during the running process of the application program, re-encrypting the core component of the application program at a preset time interval to generate a ciphertext.
8. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 5 when executing the computer program.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by one or more processors, implements the steps of the method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810031252.9A CN108229144B (en) | 2018-01-12 | 2018-01-12 | Verification method of application program, terminal equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810031252.9A CN108229144B (en) | 2018-01-12 | 2018-01-12 | Verification method of application program, terminal equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108229144A CN108229144A (en) | 2018-06-29 |
| CN108229144B true CN108229144B (en) | 2020-04-03 |
Family
ID=62641127
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810031252.9A Active CN108229144B (en) | 2018-01-12 | 2018-01-12 | Verification method of application program, terminal equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108229144B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109635522A (en) * | 2018-11-13 | 2019-04-16 | 许继集团有限公司 | A kind of tamper resistant method and device of dynamic base |
| CN114674066B (en) * | 2019-10-31 | 2023-12-29 | 广东美的制冷设备有限公司 | Operation verification method and device, air conditioner and storage medium |
| CN111625288B (en) * | 2020-04-27 | 2023-09-08 | 深圳市广和通无线股份有限公司 | Method and device for controlling starting of application program, computer equipment and storage medium |
| CN111722880B (en) * | 2020-05-11 | 2024-02-09 | 深圳市共进电子股份有限公司 | Equipment production method and device, terminal equipment and medium |
| CN112948807A (en) * | 2021-02-04 | 2021-06-11 | 中国联合网络通信集团有限公司 | Application program validity verification method and device |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5736994B2 (en) * | 2011-06-15 | 2015-06-17 | 株式会社リコー | Information processing apparatus, validity verification method, and program |
| CN102456111B (en) * | 2011-07-12 | 2014-04-09 | 中标软件有限公司 | Method and system for license control of Linux operating system |
| CN102779257B (en) * | 2012-06-28 | 2015-10-07 | 北京奇虎科技有限公司 | A kind of safety detection method of Android application program and system |
| CN103064706A (en) * | 2012-12-20 | 2013-04-24 | 曙光云计算技术有限公司 | Starting method and device for virtual machine system |
| CN106650420A (en) * | 2016-11-17 | 2017-05-10 | 乐视控股(北京)有限公司 | Service security guard method, device and electronic equipment |
-
2018
- 2018-01-12 CN CN201810031252.9A patent/CN108229144B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN108229144A (en) | 2018-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108229144B (en) | Verification method of application program, terminal equipment and storage medium | |
| CN109313690B (en) | Self-contained encrypted boot policy verification | |
| AU2009233685B2 (en) | Method and apparatus for incremental code signing | |
| CN111723383B (en) | Data storage and verification method and device | |
| CN101308538B (en) | Method and apparatus for checking integrity of firmware | |
| CN111404696B (en) | Collaborative signature method, security service middleware, related platform and system | |
| CN104462965A (en) | Method for verifying integrity of application program and network device | |
| EP2879327A1 (en) | Encryption and decryption processing method, apparatus and device | |
| CN112257086B (en) | User privacy data protection method and electronic equipment | |
| CN104751049A (en) | Application program installing method and mobile terminal | |
| CN107466455B (en) | POS machine security verification method and device | |
| CN110795126A (en) | Firmware safety upgrading system | |
| CN108259479B (en) | Business data processing method, client and computer readable storage medium | |
| CN108880859B (en) | Configuration method, device, server, terminal and storage medium of upgrade file | |
| EP3316160A1 (en) | Authentication method and apparatus for reinforced software | |
| JP2018512010A (en) | Secure software authentication and verification | |
| CN113378119B (en) | Software authorization method, device, equipment and storage medium | |
| JP6387908B2 (en) | Authentication system | |
| CN111160879A (en) | Hardware wallet and security improving method and device thereof | |
| CN103971034A (en) | Method and device for protecting Java software | |
| CN112231702A (en) | Application protection method, device, equipment and medium | |
| CN112346759A (en) | Firmware upgrading method and device and computer readable storage medium | |
| CN114880011A (en) | OTA (over the air) upgrading method and device, electronic equipment and readable storage medium | |
| CN109302442B (en) | Data storage proving method and related equipment | |
| CN115688120A (en) | Secure chip firmware importing method, secure chip and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |