CN109150865A - A kind of protection, device and the storage medium of mobile terminal APP communications protocol - Google Patents

A kind of protection, device and the storage medium of mobile terminal APP communications protocol Download PDF

Info

Publication number
CN109150865A
CN109150865A CN201810890833.8A CN201810890833A CN109150865A CN 109150865 A CN109150865 A CN 109150865A CN 201810890833 A CN201810890833 A CN 201810890833A CN 109150865 A CN109150865 A CN 109150865A
Authority
CN
China
Prior art keywords
app
communications protocol
key
mobile terminal
cloud server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810890833.8A
Other languages
Chinese (zh)
Inventor
蔡阿川
苏玉海
兰书俊
杨佳悦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Meiya Pico Information Co Ltd
Original Assignee
Xiamen Meiya Pico Information Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Meiya Pico Information Co Ltd filed Critical Xiamen Meiya Pico Information Co Ltd
Priority to CN201810890833.8A priority Critical patent/CN109150865A/en
Publication of CN109150865A publication Critical patent/CN109150865A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a kind of guard method this method of mobile terminal APP communications protocol and devices, this method comprises: generation step, APP generates verification ciphertext based on the facility information of mobile terminal;Step is added, verification ciphertext is added in a field of communications protocol;Verification step, when APP is communicated by communications protocol with cloud server, cloud server verifies the verification ciphertext in communications protocol, and after being verified, APP establishes connection with cloud server and communicated.The present invention generates verification ciphertext based on the facility information of mobile terminal by APP and verification ciphertext is added in a field of communications protocol; verification ciphertext is verified when mobile terminal is communicated with cloud server; it is just communicated after being verified; also APP and ciphertext are protected in the present invention; it prevents the core algorithm of APP from being cracked easily, improves user data and the safety of APP.

Description

A kind of protection, device and the storage medium of mobile terminal APP communications protocol
Technical field
The present invention relates to technical field of data security, especially a kind of protection of mobile terminal APP communications protocol, device and Storage medium.
Background technique
Http/Https is the agreement that the most common access cloud server obtains data in cell phone application, as APP is a large amount of Downloading use, the APP on mobile phone is closely bound up with personal privacy information, and the personal relevant information in part is with Sqlite3 number According to library, Plist file format etc. is stored directly on mobile phone, and the sensitive data of most of cores is then stored in cloud server On, acquisition could be accessed by communications protocol by needing to network.Some APP using when carry out the personal information of registration binding, Personal account will be saved by carrying out mobile phone after once logging in, and Crypted password accesses the information such as the key in cloud and facilitates user again It is secondary to exempt to log in directly access cloud server using APP.Therefore carry out APP's by the personal information being retained in cell phone application Communication protocol simulates accessible APP cloud server, so that the personal data for being stored in cloud server are covered all at one glance, thus Cause personal sensitive information leakage even property loss.
Cell phone application using the standard agreements such as Http/Https access cloud server obtain data when, it is some illegal Packet catcher carries out the available parameter for carrying out needs when protocol communication of packet capturing, includes personal letter by obtain cell phone application Breath file can carry out parametric configuration synthesis, so that the login protocol simulation for carrying out APP obtains access cloud server permission, into And carry out the simulated operation after various APP logins.Therefore using the APP of standard agreement when the file comprising protocol parameter is acquired In the case where be just easy to be modeled realization, give individual privacy data band on the cloud APP to carry out huge risk.
Summary of the invention
The present invention is directed to above-mentioned defect in the prior art, proposes following technical solution.
A kind of guard method of mobile terminal APP communications protocol, this method comprises:
Generation step, the APP generate verification ciphertext based on the facility information of mobile terminal;
Step is added, the verification ciphertext is added in a field of the communications protocol;
Verification step, when the APP is communicated by the communications protocol with cloud server, the cloud server Verification ciphertext in the communications protocol is verified, after being verified, the APP and cloud server establish connection progress Communication.
Further, the mobile terminal is smart phone, tablet computer or PDA.
Further, the communications protocol is Http and/or Https, in the Post of Http and/or Https Body adds the verification ciphertext in part.
Further, the operation of the generation step are as follows: read the facility information of mobile terminal to Json array, with admittedly The facility information of fixed key pair mobile terminal carries out Hash encryption and generates unique signature (Signature), and by the label Name is added in the Json array;Using the random key SecRandomKey for generating Encryption Algorithm to the Json array into Row encryption generates verification ciphertext.
Further, the method also includes judgment step, judge the APP whether debugged or packet capturing, if It is then to exit the APP, and issue the user with warning message;Wherein, the judgment step is held before the generation step Row.
Further, the operation whether APP is debugged is judged to judge whether to be debugged by system function, lead to Time when crossing acquisition operation judges whether debugged and/or judges whether to lead under environment of escaping from prison with the timestamp comparison of storage It crosses tweak plug-in unit and carries out injection debugging;Judge the APP whether by the operation of packet capturing to judge whether packet catcher is provided with generation Reason carries out packet capturing.
Further, protection operation is carried out after generating verification ciphertext: the Key Functions of APP are protected, it is logical to APP Rsa public key used in agreement is interrogated, Hmacmd5 encryption key is encrypted, Aes, the Hmacmd5 used APP verification ciphertext Frame, which is obscured, using Ollvm with Rsa Encryption Algorithm carries out Code obfuscation protection.
Further, the operation of verification step are as follows: generate the rivest, shamir, adelman using rivest, shamir, adelman Public key and private key, the character string of the public key fixation is stored in inside APP character string by the way of protection, the private Key is stored in cloud server, carries out encryption generation Key to random key SecRandomKey is generated by the public key, and The key is also added in a field of the communications protocol;When cloud server receives the access request of APP, lead to It crosses private key Key is decrypted and get SecRandomKey, verification ciphertext is decrypted by SecRandomKey, is obtained The facility information and signature of mobile terminal, and judge whether the facility information and signature are legal, if it is, passing through fixation Key pair decryption Json array remove signature part carry out Hash computations generate signature verification, judge it is described signature and Whether the signature verification is identical, if so, the cloud server transmits data to the APP, if not, the cloud takes Business device is refused to transmit data to the APP, and issues the user with prompt information.
The invention also provides a kind of protective device of mobile terminal APP communications protocol, which includes:
Generation unit, for making the APP generate verification ciphertext based on the facility information of mobile terminal;
Adding unit, for the verification ciphertext to be added in a field of the communications protocol;
Authentication unit, when for communicating the APP with cloud server by the communications protocol, the cloud Server verifies the verification ciphertext in the communications protocol, and after being verified, the APP and cloud server are established and connected Tap into capable communication.
Further, the mobile terminal is the mobile electronic devices such as smart phone, tablet computer or PDA.
Further, the communications protocol is Http and/or Https, in the Post of Http and/or Https Body adds the verification ciphertext in part.
Further, the operation that the generation unit executes are as follows: read the facility information of mobile terminal to Json array, Hash encryption is carried out with the facility information of fixed key pair mobile terminal and generates unique signature (Signature), and by institute Signature is stated to be added in the Json array;Using the random key SecRandomKey for generating Encryption Algorithm to the Json number Group carries out encryption and generates verification ciphertext.
Further, described device further include: judging unit, for judging whether the APP debugged or packet capturing, such as Fruit is then to exit the APP, and issue the user with warning message;Wherein, the operation of the judging unit is in the generation unit Operation before execute.
Further, the operation whether APP is debugged is judged to judge whether to be debugged by system function, lead to Time when crossing acquisition operation judges whether debugged and/or judges whether to lead under environment of escaping from prison with the timestamp comparison of storage It crosses tweak plug-in unit and carries out injection debugging;Judge the APP whether by the operation of packet capturing to judge whether packet catcher is provided with generation Reason carries out packet capturing.
Further, protection operation is carried out after generating verification ciphertext: the Key Functions of APP are protected, it is logical to APP Rsa public key used in agreement is interrogated, Hmacmd5 encryption key is encrypted, Aes, the Hmacmd5 used APP verification ciphertext Frame, which is obscured, using Ollvm with Rsa Encryption Algorithm carries out Code obfuscation protection.
Further, the operation that authentication unit executes are as follows: generate the asymmetric encryption using rivest, shamir, adelman The character string of the public key fixation is stored in inside APP character string, institute by the public key and private key of algorithm by the way of protection It states private key to be stored in cloud server, encryption generation is carried out to random key SecRandomKey is generated by the public key Key, and the key is also added in a field of the communications protocol;When cloud server receives the access request of APP When, Key is decrypted by private key and gets SecRandomKey, verification ciphertext is solved by SecRandomKey It is close, the facility information and signature of mobile terminal are obtained, and judge whether the facility information and signature are legal, if it is, logical The Json array for crossing fixed key pair decryption removes the part progress Hash computations generation signature verification of signature, judges institute It is whether identical as the signature verification to state signature, if so, the cloud server transmits data to the APP, if not, institute It states cloud server to refuse to transmit data to the APP, and issues the user with prompt information.
The invention also provides a kind of computer readable storage medium, computer program generation is stored on the storage medium Code, above-mentioned any method is executed when the computer program code is computer-executed.
Technical effect of the invention are as follows: the present invention generates verification ciphertext simultaneously based on the facility information of mobile terminal by APP The verification ciphertext is added in a field of the communications protocol, when mobile terminal is communicated with cloud server pair Verification ciphertext is verified, and is just communicated after being verified, and is also protected to APP and ciphertext in the present invention, is prevented APP's Core algorithm is cracked easily, improves user data and the safety of APP.
Detailed description of the invention
By reading a detailed description of non-restrictive embodiments in the light of the attached drawings below, the application's is other Feature, objects and advantages will become more apparent upon.
Fig. 1 is a kind of flow chart of the guard method of mobile terminal APP communications protocol of embodiment according to the present invention.
Fig. 2 is a kind of structure chart of the protective device of mobile terminal APP communications protocol of embodiment according to the present invention.
Specific embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining related invention, rather than the restriction to the invention.It also should be noted that in order to Convenient for description, part relevant to related invention is illustrated only in attached drawing.
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase Mutually combination.The application is described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
Fig. 1 shows a kind of guard method of mobile terminal APP communications protocol of the invention, this method comprises:
Generation step S101, the APP generate verification ciphertext based on the facility information of mobile terminal.
Step S102 is added, the verification ciphertext is added in a field of the communications protocol.
Verification step S103, when the APP is communicated by the communications protocol with cloud server, the cloud clothes Business device verifies the verification ciphertext in the communications protocol, and after being verified, the APP and cloud server establish connection It is communicated.
In an embodiment of the present invention, the mobile terminal can be including but not limited to smart phone, tablet computer, electricity Philosophical works reader, PDA (personal digital assistant), MP4 (Moving Picture Experts Group Audio Layer IV, Dynamic image expert's compression standard audio level 4) player, pocket computer on knee etc..
In one embodiment of the invention, customized verification ciphertext is added to the standard communication protocol of APP, with Http/ For Https, the verification ciphertext of the part the Body addition customized generation of App when mobile phone carries out communication request in Post is simultaneously passed Cloud server is delivered to be verified.Verifying is decrypted to verification ciphertext in cloud server, when being verified as legal just being rung It answers, returns above corresponding data to the App of mobile phone.Communications protocol i.e. of the invention includes but is not limited to that the communications protocol is The verification ciphertext is added in Http and/or Https, the part Body in the Post of Http and/or Https, this is the present invention One of important inventive point, improve the safety of user data.
Operation in generation step S101 are as follows: read the facility information of mobile terminal to Json array, with fixed key Hash encryption is carried out to the facility information of mobile terminal and generates unique signature (Signature), and the signature is added to In the Json array;Encryption life is carried out to the Json array using the random key SecRandomKey for generating Encryption Algorithm At verification ciphertext.Facility information can be hardware information, such as be generated using Mac, Deviceid, timestamp of cell phone system etc. Json array.Hash algorithm can be Hmacmd5, and hash algorithm is not limited only to Hmacmd5 algorithm, generate encryption calculation using random The code key (AesKey) of method (such as AES, algorithm are not limited only to aes algorithm) carries out encryption life using secret key pair Json array At verification ciphertext Data.Since the hardware information of terminal device has uniqueness, the verification ciphertext of generation has uniqueness, Improve the reliability of safety and verification.
In one embodiment, it is the safety for further increasing APP, before executing generation step S101, also executes Judgment step S100 judges whether the APP debugged or packet capturing, if it is, exiting the APP, and issues the user with police Accuse information;Wherein, the judgment step executes before the generation step.The operation for judging whether the APP is debugged is Judge whether to be debugged by system function (as by judging that ptrace, syscall, ask_get_cxception_ports be It is no to be called to judge whether APP is debugged), by obtain run when time with storage timestamp comparison judge whether by It debugs and/or judges whether to carry out injection debugging (such as modification protective program by tweak plug-in unit under environment of escaping from prison Part Section (_ RESTRICT, _ restrict));Judge the APP whether by the operation of packet capturing to judge that packet catcher is It is no to be provided with agency's progress packet capturing, such as judge whether to be provided with agency, does not allow to access in the case of setting agency, this is of the invention Another important inventive point.
In one embodiment, it is the safety for further increasing APP and user data, prevents the verification ciphertext quilt generated It cracks, carries out protection operation after generating verification ciphertext: the Key Functions of APP are protected (e.g., such as carries out symbol and obscures, Establish symbol table, class name, method name, variable name be substituted for meaningless symbol), to the public affairs of Rsa used in APP communications protocol Key and Hmacmd5 encryption key are encrypted, and Aes, Hmacmd5 and Rsa Encryption Algorithm used APP verification ciphertext uses Ollvm obscures frame and carries out Code obfuscation protection, this is another important inventive point of the invention.
Another important inventive point of the invention is that cloud server verifies the request of APP, will be retouched in detail below It states, the operation of verification step S103 are as follows: the public key and private key of the rivest, shamir, adelman are generated using rivest, shamir, adelman, The character string of the public key fixation is stored in inside APP character string by the way of protection, the private key storage is beyond the clouds In server, Key is generated to generating random key SecRandomKey and carry out encryption by the public key, and by the key It is added in a field of the communications protocol;When cloud server receives the access request of APP, by private key to Key It is decrypted and gets SecRandomKey, verification ciphertext is decrypted by SecRandomKey, obtains mobile terminal Facility information and signature, and judge whether the facility information and signature are legal, if it is, passing through fixed key pair decryption Json array remove signature part carry out Hash computations generate signature verification, judge it is described signature with the verification label Name it is whether identical, if so, the cloud server to the APP transmit data, if not, the cloud server refuse to The APP transmits data, and issues the user with prompt information.
With further reference to Fig. 2, as the realization to method shown in above-mentioned Fig. 1, this application provides mobile terminal APP communications One embodiment of the protective device of agreement, the Installation practice is corresponding with embodiment of the method shown in FIG. 1, and the device is specific It may include in various electronic equipments.
Fig. 2 shows a kind of guard methods of mobile terminal APP communications protocol of the invention, this method comprises:
Generation module 201, for making the APP generate verification ciphertext based on the facility information of mobile terminal.
Adding module 202, for the verification ciphertext to be added in a field of the communications protocol.
Authentication module 203, it is described when for communicating the APP with cloud server by the communications protocol Cloud server verifies the verification ciphertext in the communications protocol, and after being verified, the APP is built with cloud server Vertical connection is communicated.
In one embodiment of the invention, customized verification ciphertext is added to the standard communication protocol of APP, with Http/ For Https, the verification ciphertext of the part the Body addition customized generation of App when mobile phone carries out communication request in Post is simultaneously passed Cloud server is delivered to be verified.Verifying is decrypted to verification ciphertext in cloud server, when being verified as legal just being rung It answers, returns above corresponding data to the App of mobile phone.Communications protocol i.e. of the invention includes but is not limited to that the communications protocol is The verification ciphertext is added in Http and/or Https, the part Body in the Post of Http and/or Https, this is the present invention One of important inventive point, improve the safety of user data.
The operation executed in generation module 201 are as follows: the facility information of mobile terminal is read to Json array, with fixed close Key carries out Hash encryption to the facility information of mobile terminal and generates unique signature (Signature), and the signature is added To in the Json array;The Json array is encrypted using the random key SecRandomKey for generating Encryption Algorithm Generate verification ciphertext.Facility information can be hardware information, such as raw using Mac, Deviceid, timestamp of cell phone system etc. At Json array.Hash algorithm can be Hmacmd5, and hash algorithm is not limited only to Hmacmd5 algorithm, generate encryption using random The code key (AesKey) of algorithm (such as AES, algorithm are not limited only to aes algorithm), is encrypted using secret key pair Json array Generate verification ciphertext Data.Since the hardware information of terminal device has uniqueness, the verification ciphertext of generation has uniquely Property, improve the reliability of safety and verification.
In one embodiment, it is the safety for further increasing APP, before the operation for executing generation module 201, also holds The operation of row judgment module 200, for judging whether the APP debugged or packet capturing, if it is, the APP is exited, and to User sends a warning message;Wherein, the judgment step executes before the generation step.Judge whether the APP is adjusted The operation of examination is to judge whether to be debugged (as by judging ptrace, syscall, ask_get_ by system function Whether cxception_ports is called to judge whether APP is debugged), by obtain run when time with storage when Between stamp comparison judge whether debugged and/or judge whether that carrying out injection debugging by tweak plug-in unit under environment of escaping from prison (such as repairs Change part Section (_ RESTRICT, _ restrict) of protective program);Judge the APP whether by the operation of packet capturing to sentence Whether disconnected packet catcher is provided with agency and carries out packet capturing, such as judges whether to be provided with agency, does not allow to visit in the case of setting agency It asks, this is another important inventive point of the invention.
In one embodiment, it is the safety for further increasing APP and user data, prevents the verification ciphertext quilt generated It cracks, carries out protection operation after generating verification ciphertext: the Key Functions of APP are protected (e.g., such as carries out symbol and obscures, Establish symbol table, class name, method name, variable name be substituted for meaningless symbol), to the public affairs of Rsa used in APP communications protocol Key and Hmacmd5 encryption key are encrypted, and Aes, Hmacmd5 and Rsa Encryption Algorithm used APP verification ciphertext uses Ollvm obscures frame and carries out Code obfuscation protection, this is another important inventive point of the invention.
Another important inventive point of the invention is that cloud server verifies the request of APP, will be retouched in detail below It states, the operation of authentication module 203 are as follows: the public key and private key of the rivest, shamir, adelman are generated using rivest, shamir, adelman, The character string of the public key fixation is stored in inside APP character string by the way of protection, the private key storage is beyond the clouds In server, Key is generated to generating random key SecRandomKey and carry out encryption by the public key, and by the key It is added in a field of the communications protocol;When cloud server receives the access request of APP, by private key to Key It is decrypted and gets SecRandomKey, verification ciphertext is decrypted by SecRandomKey, obtains mobile terminal Facility information and signature, and judge whether the facility information and signature are legal, if it is, passing through fixed key pair decryption Json array remove signature part carry out Hash computations generate signature verification, judge it is described signature with the verification label Name it is whether identical, if so, the cloud server to the APP transmit data, if not, the cloud server refuse to The APP transmits data, and issues the user with prompt information.
The present invention generates verification ciphertext based on the facility information of mobile terminal by APP and is added to the verification ciphertext In one field of the communications protocol, verification ciphertext is verified when mobile terminal is communicated with cloud server, is tested Card is just communicated after passing through, and is also protected to APP and ciphertext in the present invention, is prevented the core algorithm of APP from being cracked easily, Improve user data and the safety of APP.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this The function of each unit can be realized in the same or multiple software and or hardware when application.
As seen through the above description of the embodiments, those skilled in the art can be understood that the application can It realizes by means of software and necessary general hardware platform.Based on this understanding, the technical solution essence of the application On in other words the part that contributes to existing technology can be embodied in the form of software products, the computer software product It can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that a computer equipment (can be personal computer, server or the network equipment etc.) executes the certain of each embodiment of the application or embodiment Method described in part.
It should be noted last that: above embodiments only illustrate and not to limitation technical solution of the present invention, although reference Above-described embodiment describes the invention in detail, those skilled in the art should understand that: it still can be to this hair It is bright to be modified or replaced equivalently, it without departing from the spirit or scope of the invention, or any substitutions, should all It is included within the scope of the claims of the present invention.

Claims (10)

1. a kind of guard method of mobile terminal APP communications protocol, which is characterized in that this method comprises:
Generation step, the APP generate verification ciphertext based on the facility information of mobile terminal;
Step is added, the verification ciphertext is added in a field of the communications protocol;
Verification step, when the APP is communicated by the communications protocol with cloud server, the cloud server is to institute The verification ciphertext stated in communications protocol is verified, and after being verified, the APP establishes connection with cloud server and led to Letter.
2. the method according to claim 1, wherein the mobile terminal be smart phone, tablet computer or PDA。
3. according to the method described in claim 2, it is characterized in that, the communications protocol is Http and/or Https, in Http And/or the verification ciphertext is added in the part Body in the Post of Https.
4. the method according to claim 1, wherein the operation of the generation step are as follows:
The facility information of mobile terminal is read to Json array, carries out Hash with the facility information of fixed key pair mobile terminal Encryption generates unique signature (Signature), and the signature is added in the Json array;Added using random generate The key SecRandomKey of close algorithm carries out encryption to the Json array and generates verification ciphertext.
5. according to the method described in claim 4, it is characterized in that, the method also includes:
Judgment step judges whether the APP debugged or packet capturing, if it is, exiting the APP, and issues the user with police Accuse information;
Wherein, the judgment step executes before the generation step.
6. according to the method described in claim 5, it is characterized in that, the operation for judging whether the APP is debugged is to pass through Time when system function judges whether to be debugged, be run by obtaining with the timestamp comparison of storage judge whether it is debugged and/ Or judge whether to carry out injection debugging by tweak plug-in unit under environment of escaping from prison;Judge the APP whether by the operation of packet capturing be Judge whether packet catcher is provided with agency and carries out packet capturing.
7. according to the method described in claim 6, it is characterized in that, carrying out protection operation after generating verification ciphertext: to the pass of APP Key function is protected, and to Rsa public key used in APP communications protocol, Hmacmd5 encryption key is encrypted, and is verified to APP Aes, Hmacmd5 and Rsa Encryption Algorithm that ciphertext uses use Ollvm to obscure frame and carry out Code obfuscation protection.
8. according to the method described in claim 5, it is characterized in that, the operation of verification step are as follows:
The public key and private key that the rivest, shamir, adelman is generated using rivest, shamir, adelman, by the word of the public key fixation Symbol string is stored in inside APP character string by the way of protection, and the private key is stored in cloud server, passes through the public key Encryption generation Key is carried out to random key SecRandomKey is generated, and the key is also added to the one of the communications protocol In field;
When cloud server receives the access request of APP, Key is decrypted by private key and is got SecRandomKey is decrypted verification ciphertext by SecRandomKey, obtains the facility information and signature of mobile terminal, And judge whether the facility information and signature are legal, if it is, being removed by the Json array of fixed key pair decryption The part of signature carries out Hash computations and generates signature verification, judges whether the signature is identical as the signature verification, such as Fruit is that the cloud server transmits data to the APP, if not, the cloud server is refused to transmit number to the APP According to, and issue the user with prompt information.
9. a kind of protective device of mobile terminal APP communications protocol, which is characterized in that the device includes:
Generation unit, for making the APP generate verification ciphertext based on the facility information of mobile terminal;
Adding unit, for the verification ciphertext to be added in a field of the communications protocol;
Authentication unit, when for communicating the APP with cloud server by the communications protocol, the cloud service Device verifies the verification ciphertext in the communications protocol, after being verified, the APP and cloud server establish connection into Row communication.
10. a kind of computer readable storage medium, which is characterized in that it is stored with computer program code on the storage medium, When the computer program code is computer-executed, perform claim requires any method of 1-8.
CN201810890833.8A 2018-08-07 2018-08-07 A kind of protection, device and the storage medium of mobile terminal APP communications protocol Pending CN109150865A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810890833.8A CN109150865A (en) 2018-08-07 2018-08-07 A kind of protection, device and the storage medium of mobile terminal APP communications protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810890833.8A CN109150865A (en) 2018-08-07 2018-08-07 A kind of protection, device and the storage medium of mobile terminal APP communications protocol

Publications (1)

Publication Number Publication Date
CN109150865A true CN109150865A (en) 2019-01-04

Family

ID=64792209

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810890833.8A Pending CN109150865A (en) 2018-08-07 2018-08-07 A kind of protection, device and the storage medium of mobile terminal APP communications protocol

Country Status (1)

Country Link
CN (1) CN109150865A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981665A (en) * 2019-04-01 2019-07-05 北京纬百科技有限公司 Resource provider method and device, resource access method and device and system

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103428176A (en) * 2012-05-18 2013-12-04 中国电信股份有限公司 Mobile user accessing mobile Internet application method and system and application server
CN103475477A (en) * 2013-09-03 2013-12-25 深圳市共进电子股份有限公司 Safe authorized access method
US20140007192A1 (en) * 2011-10-11 2014-01-02 Zenprise, Inc. Providing secure mobile device access to enterprise resources using application tunnels
CN104065624A (en) * 2013-03-21 2014-09-24 北京百度网讯科技有限公司 Security verification method, system and apparatus of request message
CN104394147A (en) * 2014-11-26 2015-03-04 西安电子科技大学 Method of adding identity authentication information in HTTP protocol of Android system
CN106470137A (en) * 2015-08-21 2017-03-01 腾讯科技(深圳)有限公司 A kind of data processing method and terminal
CN106506470A (en) * 2016-10-31 2017-03-15 大唐高鸿信安(浙江)信息科技有限公司 network data security transmission method
CN106712932A (en) * 2016-07-20 2017-05-24 腾讯科技(深圳)有限公司 Secret key management method, device and system
CN106911684A (en) * 2017-02-17 2017-06-30 武汉斗鱼网络科技有限公司 A kind of method for authenticating and system
CN107733933A (en) * 2017-11-30 2018-02-23 中国电力科学研究院有限公司 A kind of double factor identity authentication method and system based on biological identification technology
CN107911398A (en) * 2018-01-04 2018-04-13 世纪龙信息网络有限责任公司 Authentication method, device and the system of identity information
CN107959929A (en) * 2017-11-08 2018-04-24 无线生活(杭州)信息科技有限公司 One kind switching Proxy Method and device
CN108040045A (en) * 2017-12-07 2018-05-15 百度在线网络技术(北京)有限公司 Generation method, device, server and the storage medium of flowing of access file

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140007192A1 (en) * 2011-10-11 2014-01-02 Zenprise, Inc. Providing secure mobile device access to enterprise resources using application tunnels
CN103428176A (en) * 2012-05-18 2013-12-04 中国电信股份有限公司 Mobile user accessing mobile Internet application method and system and application server
CN104065624A (en) * 2013-03-21 2014-09-24 北京百度网讯科技有限公司 Security verification method, system and apparatus of request message
CN103475477A (en) * 2013-09-03 2013-12-25 深圳市共进电子股份有限公司 Safe authorized access method
CN104394147A (en) * 2014-11-26 2015-03-04 西安电子科技大学 Method of adding identity authentication information in HTTP protocol of Android system
CN106470137A (en) * 2015-08-21 2017-03-01 腾讯科技(深圳)有限公司 A kind of data processing method and terminal
CN106712932A (en) * 2016-07-20 2017-05-24 腾讯科技(深圳)有限公司 Secret key management method, device and system
CN106506470A (en) * 2016-10-31 2017-03-15 大唐高鸿信安(浙江)信息科技有限公司 network data security transmission method
CN106911684A (en) * 2017-02-17 2017-06-30 武汉斗鱼网络科技有限公司 A kind of method for authenticating and system
CN107959929A (en) * 2017-11-08 2018-04-24 无线生活(杭州)信息科技有限公司 One kind switching Proxy Method and device
CN107733933A (en) * 2017-11-30 2018-02-23 中国电力科学研究院有限公司 A kind of double factor identity authentication method and system based on biological identification technology
CN108040045A (en) * 2017-12-07 2018-05-15 百度在线网络技术(北京)有限公司 Generation method, device, server and the storage medium of flowing of access file
CN107911398A (en) * 2018-01-04 2018-04-13 世纪龙信息网络有限责任公司 Authentication method, device and the system of identity information

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
冯光升等: "《无线网络安全及实践》", 31 December 2017 *
刘桂江等: "《计算机网络》", 30 June 2008 *
岳倩: "移动互联网APP应用安全评估模型", 《沈阳航空航天大学学报》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981665A (en) * 2019-04-01 2019-07-05 北京纬百科技有限公司 Resource provider method and device, resource access method and device and system
CN109981665B (en) * 2019-04-01 2020-05-26 北京纬百科技有限公司 Resource providing method and device, and resource access method, device and system

Similar Documents

Publication Publication Date Title
Sookhak et al. Security and privacy of smart cities: a survey, research issues and challenges
Springall et al. Security analysis of the Estonian internet voting system
CN105007279B (en) Authentication method and Verification System
CN106899410A (en) A kind of method and device of equipment identities certification
CN108985081A (en) A kind of watermark encrypting method, apparatus, medium and electronic equipment
CN109309565A (en) A kind of method and device of safety certification
CN109525400A (en) Security processing, system and electronic equipment
CN103608819B (en) Software application is set to execute on a mobile station
CN109729523A (en) A kind of method and apparatus of terminal networking certification
CN109194625A (en) A kind of client application guard method, device and storage medium based on cloud server
US11349660B2 (en) Secure self-identification of a device
CN109255210A (en) The method, apparatus and storage medium of intelligent contract are provided in block chain network
CN105447715A (en) Method and apparatus for anti-theft electronic coupon sweeping by cooperating with third party
CN106899571A (en) Information interacting method and device
CN110505185A (en) Auth method, equipment and system
CN109831311A (en) A kind of server validation method, system, user terminal and readable storage medium storing program for executing
CN105681340A (en) Digital certificate use method and apparatus
CN110365928A (en) A kind of Driving Test videotape storage means, apparatus and system based on block chain
CN104104650B (en) data file access method and terminal device
CN108959990A (en) A kind of verification method and device of two dimensional code
CN108667801A (en) A kind of Internet of Things access identity safety certifying method and system
Talib et al. Towards new data access control technique based on multi agent system architecture for cloud computing
CN109150865A (en) A kind of protection, device and the storage medium of mobile terminal APP communications protocol
CN106375327B (en) A kind of proxy signature key of anti-malicious attack obscures electronic voting system and method
JP2016012902A (en) Electronic data utilization system, portable terminal device, and method for electronic data utilization system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190104