CN109150865A - A kind of protection, device and the storage medium of mobile terminal APP communications protocol - Google Patents
A kind of protection, device and the storage medium of mobile terminal APP communications protocol Download PDFInfo
- Publication number
- CN109150865A CN109150865A CN201810890833.8A CN201810890833A CN109150865A CN 109150865 A CN109150865 A CN 109150865A CN 201810890833 A CN201810890833 A CN 201810890833A CN 109150865 A CN109150865 A CN 109150865A
- Authority
- CN
- China
- Prior art keywords
- app
- communications protocol
- key
- mobile terminal
- cloud server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a kind of guard method this method of mobile terminal APP communications protocol and devices, this method comprises: generation step, APP generates verification ciphertext based on the facility information of mobile terminal;Step is added, verification ciphertext is added in a field of communications protocol;Verification step, when APP is communicated by communications protocol with cloud server, cloud server verifies the verification ciphertext in communications protocol, and after being verified, APP establishes connection with cloud server and communicated.The present invention generates verification ciphertext based on the facility information of mobile terminal by APP and verification ciphertext is added in a field of communications protocol; verification ciphertext is verified when mobile terminal is communicated with cloud server; it is just communicated after being verified; also APP and ciphertext are protected in the present invention; it prevents the core algorithm of APP from being cracked easily, improves user data and the safety of APP.
Description
Technical field
The present invention relates to technical field of data security, especially a kind of protection of mobile terminal APP communications protocol, device and
Storage medium.
Background technique
Http/Https is the agreement that the most common access cloud server obtains data in cell phone application, as APP is a large amount of
Downloading use, the APP on mobile phone is closely bound up with personal privacy information, and the personal relevant information in part is with Sqlite3 number
According to library, Plist file format etc. is stored directly on mobile phone, and the sensitive data of most of cores is then stored in cloud server
On, acquisition could be accessed by communications protocol by needing to network.Some APP using when carry out the personal information of registration binding,
Personal account will be saved by carrying out mobile phone after once logging in, and Crypted password accesses the information such as the key in cloud and facilitates user again
It is secondary to exempt to log in directly access cloud server using APP.Therefore carry out APP's by the personal information being retained in cell phone application
Communication protocol simulates accessible APP cloud server, so that the personal data for being stored in cloud server are covered all at one glance, thus
Cause personal sensitive information leakage even property loss.
Cell phone application using the standard agreements such as Http/Https access cloud server obtain data when, it is some illegal
Packet catcher carries out the available parameter for carrying out needs when protocol communication of packet capturing, includes personal letter by obtain cell phone application
Breath file can carry out parametric configuration synthesis, so that the login protocol simulation for carrying out APP obtains access cloud server permission, into
And carry out the simulated operation after various APP logins.Therefore using the APP of standard agreement when the file comprising protocol parameter is acquired
In the case where be just easy to be modeled realization, give individual privacy data band on the cloud APP to carry out huge risk.
Summary of the invention
The present invention is directed to above-mentioned defect in the prior art, proposes following technical solution.
A kind of guard method of mobile terminal APP communications protocol, this method comprises:
Generation step, the APP generate verification ciphertext based on the facility information of mobile terminal;
Step is added, the verification ciphertext is added in a field of the communications protocol;
Verification step, when the APP is communicated by the communications protocol with cloud server, the cloud server
Verification ciphertext in the communications protocol is verified, after being verified, the APP and cloud server establish connection progress
Communication.
Further, the mobile terminal is smart phone, tablet computer or PDA.
Further, the communications protocol is Http and/or Https, in the Post of Http and/or Https
Body adds the verification ciphertext in part.
Further, the operation of the generation step are as follows: read the facility information of mobile terminal to Json array, with admittedly
The facility information of fixed key pair mobile terminal carries out Hash encryption and generates unique signature (Signature), and by the label
Name is added in the Json array;Using the random key SecRandomKey for generating Encryption Algorithm to the Json array into
Row encryption generates verification ciphertext.
Further, the method also includes judgment step, judge the APP whether debugged or packet capturing, if
It is then to exit the APP, and issue the user with warning message;Wherein, the judgment step is held before the generation step
Row.
Further, the operation whether APP is debugged is judged to judge whether to be debugged by system function, lead to
Time when crossing acquisition operation judges whether debugged and/or judges whether to lead under environment of escaping from prison with the timestamp comparison of storage
It crosses tweak plug-in unit and carries out injection debugging;Judge the APP whether by the operation of packet capturing to judge whether packet catcher is provided with generation
Reason carries out packet capturing.
Further, protection operation is carried out after generating verification ciphertext: the Key Functions of APP are protected, it is logical to APP
Rsa public key used in agreement is interrogated, Hmacmd5 encryption key is encrypted, Aes, the Hmacmd5 used APP verification ciphertext
Frame, which is obscured, using Ollvm with Rsa Encryption Algorithm carries out Code obfuscation protection.
Further, the operation of verification step are as follows: generate the rivest, shamir, adelman using rivest, shamir, adelman
Public key and private key, the character string of the public key fixation is stored in inside APP character string by the way of protection, the private
Key is stored in cloud server, carries out encryption generation Key to random key SecRandomKey is generated by the public key, and
The key is also added in a field of the communications protocol;When cloud server receives the access request of APP, lead to
It crosses private key Key is decrypted and get SecRandomKey, verification ciphertext is decrypted by SecRandomKey, is obtained
The facility information and signature of mobile terminal, and judge whether the facility information and signature are legal, if it is, passing through fixation
Key pair decryption Json array remove signature part carry out Hash computations generate signature verification, judge it is described signature and
Whether the signature verification is identical, if so, the cloud server transmits data to the APP, if not, the cloud takes
Business device is refused to transmit data to the APP, and issues the user with prompt information.
The invention also provides a kind of protective device of mobile terminal APP communications protocol, which includes:
Generation unit, for making the APP generate verification ciphertext based on the facility information of mobile terminal;
Adding unit, for the verification ciphertext to be added in a field of the communications protocol;
Authentication unit, when for communicating the APP with cloud server by the communications protocol, the cloud
Server verifies the verification ciphertext in the communications protocol, and after being verified, the APP and cloud server are established and connected
Tap into capable communication.
Further, the mobile terminal is the mobile electronic devices such as smart phone, tablet computer or PDA.
Further, the communications protocol is Http and/or Https, in the Post of Http and/or Https
Body adds the verification ciphertext in part.
Further, the operation that the generation unit executes are as follows: read the facility information of mobile terminal to Json array,
Hash encryption is carried out with the facility information of fixed key pair mobile terminal and generates unique signature (Signature), and by institute
Signature is stated to be added in the Json array;Using the random key SecRandomKey for generating Encryption Algorithm to the Json number
Group carries out encryption and generates verification ciphertext.
Further, described device further include: judging unit, for judging whether the APP debugged or packet capturing, such as
Fruit is then to exit the APP, and issue the user with warning message;Wherein, the operation of the judging unit is in the generation unit
Operation before execute.
Further, the operation whether APP is debugged is judged to judge whether to be debugged by system function, lead to
Time when crossing acquisition operation judges whether debugged and/or judges whether to lead under environment of escaping from prison with the timestamp comparison of storage
It crosses tweak plug-in unit and carries out injection debugging;Judge the APP whether by the operation of packet capturing to judge whether packet catcher is provided with generation
Reason carries out packet capturing.
Further, protection operation is carried out after generating verification ciphertext: the Key Functions of APP are protected, it is logical to APP
Rsa public key used in agreement is interrogated, Hmacmd5 encryption key is encrypted, Aes, the Hmacmd5 used APP verification ciphertext
Frame, which is obscured, using Ollvm with Rsa Encryption Algorithm carries out Code obfuscation protection.
Further, the operation that authentication unit executes are as follows: generate the asymmetric encryption using rivest, shamir, adelman
The character string of the public key fixation is stored in inside APP character string, institute by the public key and private key of algorithm by the way of protection
It states private key to be stored in cloud server, encryption generation is carried out to random key SecRandomKey is generated by the public key
Key, and the key is also added in a field of the communications protocol;When cloud server receives the access request of APP
When, Key is decrypted by private key and gets SecRandomKey, verification ciphertext is solved by SecRandomKey
It is close, the facility information and signature of mobile terminal are obtained, and judge whether the facility information and signature are legal, if it is, logical
The Json array for crossing fixed key pair decryption removes the part progress Hash computations generation signature verification of signature, judges institute
It is whether identical as the signature verification to state signature, if so, the cloud server transmits data to the APP, if not, institute
It states cloud server to refuse to transmit data to the APP, and issues the user with prompt information.
The invention also provides a kind of computer readable storage medium, computer program generation is stored on the storage medium
Code, above-mentioned any method is executed when the computer program code is computer-executed.
Technical effect of the invention are as follows: the present invention generates verification ciphertext simultaneously based on the facility information of mobile terminal by APP
The verification ciphertext is added in a field of the communications protocol, when mobile terminal is communicated with cloud server pair
Verification ciphertext is verified, and is just communicated after being verified, and is also protected to APP and ciphertext in the present invention, is prevented APP's
Core algorithm is cracked easily, improves user data and the safety of APP.
Detailed description of the invention
By reading a detailed description of non-restrictive embodiments in the light of the attached drawings below, the application's is other
Feature, objects and advantages will become more apparent upon.
Fig. 1 is a kind of flow chart of the guard method of mobile terminal APP communications protocol of embodiment according to the present invention.
Fig. 2 is a kind of structure chart of the protective device of mobile terminal APP communications protocol of embodiment according to the present invention.
Specific embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining related invention, rather than the restriction to the invention.It also should be noted that in order to
Convenient for description, part relevant to related invention is illustrated only in attached drawing.
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase
Mutually combination.The application is described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
Fig. 1 shows a kind of guard method of mobile terminal APP communications protocol of the invention, this method comprises:
Generation step S101, the APP generate verification ciphertext based on the facility information of mobile terminal.
Step S102 is added, the verification ciphertext is added in a field of the communications protocol.
Verification step S103, when the APP is communicated by the communications protocol with cloud server, the cloud clothes
Business device verifies the verification ciphertext in the communications protocol, and after being verified, the APP and cloud server establish connection
It is communicated.
In an embodiment of the present invention, the mobile terminal can be including but not limited to smart phone, tablet computer, electricity
Philosophical works reader, PDA (personal digital assistant), MP4 (Moving Picture Experts Group Audio Layer IV,
Dynamic image expert's compression standard audio level 4) player, pocket computer on knee etc..
In one embodiment of the invention, customized verification ciphertext is added to the standard communication protocol of APP, with Http/
For Https, the verification ciphertext of the part the Body addition customized generation of App when mobile phone carries out communication request in Post is simultaneously passed
Cloud server is delivered to be verified.Verifying is decrypted to verification ciphertext in cloud server, when being verified as legal just being rung
It answers, returns above corresponding data to the App of mobile phone.Communications protocol i.e. of the invention includes but is not limited to that the communications protocol is
The verification ciphertext is added in Http and/or Https, the part Body in the Post of Http and/or Https, this is the present invention
One of important inventive point, improve the safety of user data.
Operation in generation step S101 are as follows: read the facility information of mobile terminal to Json array, with fixed key
Hash encryption is carried out to the facility information of mobile terminal and generates unique signature (Signature), and the signature is added to
In the Json array;Encryption life is carried out to the Json array using the random key SecRandomKey for generating Encryption Algorithm
At verification ciphertext.Facility information can be hardware information, such as be generated using Mac, Deviceid, timestamp of cell phone system etc.
Json array.Hash algorithm can be Hmacmd5, and hash algorithm is not limited only to Hmacmd5 algorithm, generate encryption calculation using random
The code key (AesKey) of method (such as AES, algorithm are not limited only to aes algorithm) carries out encryption life using secret key pair Json array
At verification ciphertext Data.Since the hardware information of terminal device has uniqueness, the verification ciphertext of generation has uniqueness,
Improve the reliability of safety and verification.
In one embodiment, it is the safety for further increasing APP, before executing generation step S101, also executes
Judgment step S100 judges whether the APP debugged or packet capturing, if it is, exiting the APP, and issues the user with police
Accuse information;Wherein, the judgment step executes before the generation step.The operation for judging whether the APP is debugged is
Judge whether to be debugged by system function (as by judging that ptrace, syscall, ask_get_cxception_ports be
It is no to be called to judge whether APP is debugged), by obtain run when time with storage timestamp comparison judge whether by
It debugs and/or judges whether to carry out injection debugging (such as modification protective program by tweak plug-in unit under environment of escaping from prison
Part Section (_ RESTRICT, _ restrict));Judge the APP whether by the operation of packet capturing to judge that packet catcher is
It is no to be provided with agency's progress packet capturing, such as judge whether to be provided with agency, does not allow to access in the case of setting agency, this is of the invention
Another important inventive point.
In one embodiment, it is the safety for further increasing APP and user data, prevents the verification ciphertext quilt generated
It cracks, carries out protection operation after generating verification ciphertext: the Key Functions of APP are protected (e.g., such as carries out symbol and obscures,
Establish symbol table, class name, method name, variable name be substituted for meaningless symbol), to the public affairs of Rsa used in APP communications protocol
Key and Hmacmd5 encryption key are encrypted, and Aes, Hmacmd5 and Rsa Encryption Algorithm used APP verification ciphertext uses
Ollvm obscures frame and carries out Code obfuscation protection, this is another important inventive point of the invention.
Another important inventive point of the invention is that cloud server verifies the request of APP, will be retouched in detail below
It states, the operation of verification step S103 are as follows: the public key and private key of the rivest, shamir, adelman are generated using rivest, shamir, adelman,
The character string of the public key fixation is stored in inside APP character string by the way of protection, the private key storage is beyond the clouds
In server, Key is generated to generating random key SecRandomKey and carry out encryption by the public key, and by the key
It is added in a field of the communications protocol;When cloud server receives the access request of APP, by private key to Key
It is decrypted and gets SecRandomKey, verification ciphertext is decrypted by SecRandomKey, obtains mobile terminal
Facility information and signature, and judge whether the facility information and signature are legal, if it is, passing through fixed key pair decryption
Json array remove signature part carry out Hash computations generate signature verification, judge it is described signature with the verification label
Name it is whether identical, if so, the cloud server to the APP transmit data, if not, the cloud server refuse to
The APP transmits data, and issues the user with prompt information.
With further reference to Fig. 2, as the realization to method shown in above-mentioned Fig. 1, this application provides mobile terminal APP communications
One embodiment of the protective device of agreement, the Installation practice is corresponding with embodiment of the method shown in FIG. 1, and the device is specific
It may include in various electronic equipments.
Fig. 2 shows a kind of guard methods of mobile terminal APP communications protocol of the invention, this method comprises:
Generation module 201, for making the APP generate verification ciphertext based on the facility information of mobile terminal.
Adding module 202, for the verification ciphertext to be added in a field of the communications protocol.
Authentication module 203, it is described when for communicating the APP with cloud server by the communications protocol
Cloud server verifies the verification ciphertext in the communications protocol, and after being verified, the APP is built with cloud server
Vertical connection is communicated.
In one embodiment of the invention, customized verification ciphertext is added to the standard communication protocol of APP, with Http/
For Https, the verification ciphertext of the part the Body addition customized generation of App when mobile phone carries out communication request in Post is simultaneously passed
Cloud server is delivered to be verified.Verifying is decrypted to verification ciphertext in cloud server, when being verified as legal just being rung
It answers, returns above corresponding data to the App of mobile phone.Communications protocol i.e. of the invention includes but is not limited to that the communications protocol is
The verification ciphertext is added in Http and/or Https, the part Body in the Post of Http and/or Https, this is the present invention
One of important inventive point, improve the safety of user data.
The operation executed in generation module 201 are as follows: the facility information of mobile terminal is read to Json array, with fixed close
Key carries out Hash encryption to the facility information of mobile terminal and generates unique signature (Signature), and the signature is added
To in the Json array;The Json array is encrypted using the random key SecRandomKey for generating Encryption Algorithm
Generate verification ciphertext.Facility information can be hardware information, such as raw using Mac, Deviceid, timestamp of cell phone system etc.
At Json array.Hash algorithm can be Hmacmd5, and hash algorithm is not limited only to Hmacmd5 algorithm, generate encryption using random
The code key (AesKey) of algorithm (such as AES, algorithm are not limited only to aes algorithm), is encrypted using secret key pair Json array
Generate verification ciphertext Data.Since the hardware information of terminal device has uniqueness, the verification ciphertext of generation has uniquely
Property, improve the reliability of safety and verification.
In one embodiment, it is the safety for further increasing APP, before the operation for executing generation module 201, also holds
The operation of row judgment module 200, for judging whether the APP debugged or packet capturing, if it is, the APP is exited, and to
User sends a warning message;Wherein, the judgment step executes before the generation step.Judge whether the APP is adjusted
The operation of examination is to judge whether to be debugged (as by judging ptrace, syscall, ask_get_ by system function
Whether cxception_ports is called to judge whether APP is debugged), by obtain run when time with storage when
Between stamp comparison judge whether debugged and/or judge whether that carrying out injection debugging by tweak plug-in unit under environment of escaping from prison (such as repairs
Change part Section (_ RESTRICT, _ restrict) of protective program);Judge the APP whether by the operation of packet capturing to sentence
Whether disconnected packet catcher is provided with agency and carries out packet capturing, such as judges whether to be provided with agency, does not allow to visit in the case of setting agency
It asks, this is another important inventive point of the invention.
In one embodiment, it is the safety for further increasing APP and user data, prevents the verification ciphertext quilt generated
It cracks, carries out protection operation after generating verification ciphertext: the Key Functions of APP are protected (e.g., such as carries out symbol and obscures,
Establish symbol table, class name, method name, variable name be substituted for meaningless symbol), to the public affairs of Rsa used in APP communications protocol
Key and Hmacmd5 encryption key are encrypted, and Aes, Hmacmd5 and Rsa Encryption Algorithm used APP verification ciphertext uses
Ollvm obscures frame and carries out Code obfuscation protection, this is another important inventive point of the invention.
Another important inventive point of the invention is that cloud server verifies the request of APP, will be retouched in detail below
It states, the operation of authentication module 203 are as follows: the public key and private key of the rivest, shamir, adelman are generated using rivest, shamir, adelman,
The character string of the public key fixation is stored in inside APP character string by the way of protection, the private key storage is beyond the clouds
In server, Key is generated to generating random key SecRandomKey and carry out encryption by the public key, and by the key
It is added in a field of the communications protocol;When cloud server receives the access request of APP, by private key to Key
It is decrypted and gets SecRandomKey, verification ciphertext is decrypted by SecRandomKey, obtains mobile terminal
Facility information and signature, and judge whether the facility information and signature are legal, if it is, passing through fixed key pair decryption
Json array remove signature part carry out Hash computations generate signature verification, judge it is described signature with the verification label
Name it is whether identical, if so, the cloud server to the APP transmit data, if not, the cloud server refuse to
The APP transmits data, and issues the user with prompt information.
The present invention generates verification ciphertext based on the facility information of mobile terminal by APP and is added to the verification ciphertext
In one field of the communications protocol, verification ciphertext is verified when mobile terminal is communicated with cloud server, is tested
Card is just communicated after passing through, and is also protected to APP and ciphertext in the present invention, is prevented the core algorithm of APP from being cracked easily,
Improve user data and the safety of APP.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this
The function of each unit can be realized in the same or multiple software and or hardware when application.
As seen through the above description of the embodiments, those skilled in the art can be understood that the application can
It realizes by means of software and necessary general hardware platform.Based on this understanding, the technical solution essence of the application
On in other words the part that contributes to existing technology can be embodied in the form of software products, the computer software product
It can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that a computer equipment
(can be personal computer, server or the network equipment etc.) executes the certain of each embodiment of the application or embodiment
Method described in part.
It should be noted last that: above embodiments only illustrate and not to limitation technical solution of the present invention, although reference
Above-described embodiment describes the invention in detail, those skilled in the art should understand that: it still can be to this hair
It is bright to be modified or replaced equivalently, it without departing from the spirit or scope of the invention, or any substitutions, should all
It is included within the scope of the claims of the present invention.
Claims (10)
1. a kind of guard method of mobile terminal APP communications protocol, which is characterized in that this method comprises:
Generation step, the APP generate verification ciphertext based on the facility information of mobile terminal;
Step is added, the verification ciphertext is added in a field of the communications protocol;
Verification step, when the APP is communicated by the communications protocol with cloud server, the cloud server is to institute
The verification ciphertext stated in communications protocol is verified, and after being verified, the APP establishes connection with cloud server and led to
Letter.
2. the method according to claim 1, wherein the mobile terminal be smart phone, tablet computer or
PDA。
3. according to the method described in claim 2, it is characterized in that, the communications protocol is Http and/or Https, in Http
And/or the verification ciphertext is added in the part Body in the Post of Https.
4. the method according to claim 1, wherein the operation of the generation step are as follows:
The facility information of mobile terminal is read to Json array, carries out Hash with the facility information of fixed key pair mobile terminal
Encryption generates unique signature (Signature), and the signature is added in the Json array;Added using random generate
The key SecRandomKey of close algorithm carries out encryption to the Json array and generates verification ciphertext.
5. according to the method described in claim 4, it is characterized in that, the method also includes:
Judgment step judges whether the APP debugged or packet capturing, if it is, exiting the APP, and issues the user with police
Accuse information;
Wherein, the judgment step executes before the generation step.
6. according to the method described in claim 5, it is characterized in that, the operation for judging whether the APP is debugged is to pass through
Time when system function judges whether to be debugged, be run by obtaining with the timestamp comparison of storage judge whether it is debugged and/
Or judge whether to carry out injection debugging by tweak plug-in unit under environment of escaping from prison;Judge the APP whether by the operation of packet capturing be
Judge whether packet catcher is provided with agency and carries out packet capturing.
7. according to the method described in claim 6, it is characterized in that, carrying out protection operation after generating verification ciphertext: to the pass of APP
Key function is protected, and to Rsa public key used in APP communications protocol, Hmacmd5 encryption key is encrypted, and is verified to APP
Aes, Hmacmd5 and Rsa Encryption Algorithm that ciphertext uses use Ollvm to obscure frame and carry out Code obfuscation protection.
8. according to the method described in claim 5, it is characterized in that, the operation of verification step are as follows:
The public key and private key that the rivest, shamir, adelman is generated using rivest, shamir, adelman, by the word of the public key fixation
Symbol string is stored in inside APP character string by the way of protection, and the private key is stored in cloud server, passes through the public key
Encryption generation Key is carried out to random key SecRandomKey is generated, and the key is also added to the one of the communications protocol
In field;
When cloud server receives the access request of APP, Key is decrypted by private key and is got
SecRandomKey is decrypted verification ciphertext by SecRandomKey, obtains the facility information and signature of mobile terminal,
And judge whether the facility information and signature are legal, if it is, being removed by the Json array of fixed key pair decryption
The part of signature carries out Hash computations and generates signature verification, judges whether the signature is identical as the signature verification, such as
Fruit is that the cloud server transmits data to the APP, if not, the cloud server is refused to transmit number to the APP
According to, and issue the user with prompt information.
9. a kind of protective device of mobile terminal APP communications protocol, which is characterized in that the device includes:
Generation unit, for making the APP generate verification ciphertext based on the facility information of mobile terminal;
Adding unit, for the verification ciphertext to be added in a field of the communications protocol;
Authentication unit, when for communicating the APP with cloud server by the communications protocol, the cloud service
Device verifies the verification ciphertext in the communications protocol, after being verified, the APP and cloud server establish connection into
Row communication.
10. a kind of computer readable storage medium, which is characterized in that it is stored with computer program code on the storage medium,
When the computer program code is computer-executed, perform claim requires any method of 1-8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810890833.8A CN109150865A (en) | 2018-08-07 | 2018-08-07 | A kind of protection, device and the storage medium of mobile terminal APP communications protocol |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810890833.8A CN109150865A (en) | 2018-08-07 | 2018-08-07 | A kind of protection, device and the storage medium of mobile terminal APP communications protocol |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109150865A true CN109150865A (en) | 2019-01-04 |
Family
ID=64792209
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810890833.8A Pending CN109150865A (en) | 2018-08-07 | 2018-08-07 | A kind of protection, device and the storage medium of mobile terminal APP communications protocol |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109150865A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981665A (en) * | 2019-04-01 | 2019-07-05 | 北京纬百科技有限公司 | Resource provider method and device, resource access method and device and system |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103428176A (en) * | 2012-05-18 | 2013-12-04 | 中国电信股份有限公司 | Mobile user accessing mobile Internet application method and system and application server |
CN103475477A (en) * | 2013-09-03 | 2013-12-25 | 深圳市共进电子股份有限公司 | Safe authorized access method |
US20140007192A1 (en) * | 2011-10-11 | 2014-01-02 | Zenprise, Inc. | Providing secure mobile device access to enterprise resources using application tunnels |
CN104065624A (en) * | 2013-03-21 | 2014-09-24 | 北京百度网讯科技有限公司 | Security verification method, system and apparatus of request message |
CN104394147A (en) * | 2014-11-26 | 2015-03-04 | 西安电子科技大学 | Method of adding identity authentication information in HTTP protocol of Android system |
CN106470137A (en) * | 2015-08-21 | 2017-03-01 | 腾讯科技(深圳)有限公司 | A kind of data processing method and terminal |
CN106506470A (en) * | 2016-10-31 | 2017-03-15 | 大唐高鸿信安(浙江)信息科技有限公司 | network data security transmission method |
CN106712932A (en) * | 2016-07-20 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Secret key management method, device and system |
CN106911684A (en) * | 2017-02-17 | 2017-06-30 | 武汉斗鱼网络科技有限公司 | A kind of method for authenticating and system |
CN107733933A (en) * | 2017-11-30 | 2018-02-23 | 中国电力科学研究院有限公司 | A kind of double factor identity authentication method and system based on biological identification technology |
CN107911398A (en) * | 2018-01-04 | 2018-04-13 | 世纪龙信息网络有限责任公司 | Authentication method, device and the system of identity information |
CN107959929A (en) * | 2017-11-08 | 2018-04-24 | 无线生活(杭州)信息科技有限公司 | One kind switching Proxy Method and device |
CN108040045A (en) * | 2017-12-07 | 2018-05-15 | 百度在线网络技术(北京)有限公司 | Generation method, device, server and the storage medium of flowing of access file |
-
2018
- 2018-08-07 CN CN201810890833.8A patent/CN109150865A/en active Pending
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140007192A1 (en) * | 2011-10-11 | 2014-01-02 | Zenprise, Inc. | Providing secure mobile device access to enterprise resources using application tunnels |
CN103428176A (en) * | 2012-05-18 | 2013-12-04 | 中国电信股份有限公司 | Mobile user accessing mobile Internet application method and system and application server |
CN104065624A (en) * | 2013-03-21 | 2014-09-24 | 北京百度网讯科技有限公司 | Security verification method, system and apparatus of request message |
CN103475477A (en) * | 2013-09-03 | 2013-12-25 | 深圳市共进电子股份有限公司 | Safe authorized access method |
CN104394147A (en) * | 2014-11-26 | 2015-03-04 | 西安电子科技大学 | Method of adding identity authentication information in HTTP protocol of Android system |
CN106470137A (en) * | 2015-08-21 | 2017-03-01 | 腾讯科技(深圳)有限公司 | A kind of data processing method and terminal |
CN106712932A (en) * | 2016-07-20 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Secret key management method, device and system |
CN106506470A (en) * | 2016-10-31 | 2017-03-15 | 大唐高鸿信安(浙江)信息科技有限公司 | network data security transmission method |
CN106911684A (en) * | 2017-02-17 | 2017-06-30 | 武汉斗鱼网络科技有限公司 | A kind of method for authenticating and system |
CN107959929A (en) * | 2017-11-08 | 2018-04-24 | 无线生活(杭州)信息科技有限公司 | One kind switching Proxy Method and device |
CN107733933A (en) * | 2017-11-30 | 2018-02-23 | 中国电力科学研究院有限公司 | A kind of double factor identity authentication method and system based on biological identification technology |
CN108040045A (en) * | 2017-12-07 | 2018-05-15 | 百度在线网络技术(北京)有限公司 | Generation method, device, server and the storage medium of flowing of access file |
CN107911398A (en) * | 2018-01-04 | 2018-04-13 | 世纪龙信息网络有限责任公司 | Authentication method, device and the system of identity information |
Non-Patent Citations (3)
Title |
---|
冯光升等: "《无线网络安全及实践》", 31 December 2017 * |
刘桂江等: "《计算机网络》", 30 June 2008 * |
岳倩: "移动互联网APP应用安全评估模型", 《沈阳航空航天大学学报》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981665A (en) * | 2019-04-01 | 2019-07-05 | 北京纬百科技有限公司 | Resource provider method and device, resource access method and device and system |
CN109981665B (en) * | 2019-04-01 | 2020-05-26 | 北京纬百科技有限公司 | Resource providing method and device, and resource access method, device and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Sookhak et al. | Security and privacy of smart cities: a survey, research issues and challenges | |
Springall et al. | Security analysis of the Estonian internet voting system | |
CN105007279B (en) | Authentication method and Verification System | |
CN106899410A (en) | A kind of method and device of equipment identities certification | |
CN108985081A (en) | A kind of watermark encrypting method, apparatus, medium and electronic equipment | |
CN109309565A (en) | A kind of method and device of safety certification | |
CN109525400A (en) | Security processing, system and electronic equipment | |
CN103608819B (en) | Software application is set to execute on a mobile station | |
CN109729523A (en) | A kind of method and apparatus of terminal networking certification | |
CN109194625A (en) | A kind of client application guard method, device and storage medium based on cloud server | |
US11349660B2 (en) | Secure self-identification of a device | |
CN109255210A (en) | The method, apparatus and storage medium of intelligent contract are provided in block chain network | |
CN105447715A (en) | Method and apparatus for anti-theft electronic coupon sweeping by cooperating with third party | |
CN106899571A (en) | Information interacting method and device | |
CN110505185A (en) | Auth method, equipment and system | |
CN109831311A (en) | A kind of server validation method, system, user terminal and readable storage medium storing program for executing | |
CN105681340A (en) | Digital certificate use method and apparatus | |
CN110365928A (en) | A kind of Driving Test videotape storage means, apparatus and system based on block chain | |
CN104104650B (en) | data file access method and terminal device | |
CN108959990A (en) | A kind of verification method and device of two dimensional code | |
CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system | |
Talib et al. | Towards new data access control technique based on multi agent system architecture for cloud computing | |
CN109150865A (en) | A kind of protection, device and the storage medium of mobile terminal APP communications protocol | |
CN106375327B (en) | A kind of proxy signature key of anti-malicious attack obscures electronic voting system and method | |
JP2016012902A (en) | Electronic data utilization system, portable terminal device, and method for electronic data utilization system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190104 |