CN112350828A - Method, client, server and system for generating security application - Google Patents

Method, client, server and system for generating security application Download PDF

Info

Publication number
CN112350828A
CN112350828A CN201910723916.2A CN201910723916A CN112350828A CN 112350828 A CN112350828 A CN 112350828A CN 201910723916 A CN201910723916 A CN 201910723916A CN 112350828 A CN112350828 A CN 112350828A
Authority
CN
China
Prior art keywords
application
digital information
file
request
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910723916.2A
Other languages
Chinese (zh)
Other versions
CN112350828B (en
Inventor
严家成
梁家韶
严伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Yuanxin Technology Co ltd
Original Assignee
Guangdong Yuanxin Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Yuanxin Technology Co ltd filed Critical Guangdong Yuanxin Technology Co ltd
Priority to CN201910723916.2A priority Critical patent/CN112350828B/en
Publication of CN112350828A publication Critical patent/CN112350828A/en
Application granted granted Critical
Publication of CN112350828B publication Critical patent/CN112350828B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Virology (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

The present disclosure discloses a method of generating a security application, comprising the steps of: s100, receiving a request for downloading a first application, wherein the request carries a first ID; s200, responding to the request, searching: a second ID corresponding to the first ID and a first digital file corresponding to the second ID; s300, generating a second digital file according to the second ID and the first digital file; s400, signing the original installation file of the first application by using the second digital file, generating the signed first application and using the signed first application as the security application associated with the first ID. The present disclosure can generate the second digital file by means of the second ID and the corresponding first digital file and sign the relevant application to enhance the security of the application, which not only can achieve the control of the specific application for the specific ID, but also can prevent the application tampered by others from being widely distributed.

Description

Method, client, server and system for generating security application
Technical Field
The present disclosure relates to the field of computers, and in particular, to a method, a client, a server, and a system for generating a security application.
Background
In the field of application distribution, a conventional PC mainly distributes software through a download page of an application developer homepage or a third-party application download website, and recently, a distribution method using a BT seed file or other P2P has been introduced to increase the speed of application download. And the intelligent terminal distributes applications mainly through various application stores.
However, with the generation of a large number of third party app stores or third party app download websites, some counterfeit third party app stores or third party app download websites are also born. This causes many users' computers or intelligent terminals to become infected with malicious programs or even virus programs. How to improve the distribution mode and the installation mode of the application is always a technical problem to be solved urgently in the field.
Disclosure of Invention
The present disclosure discloses a method for generating a security application, comprising the steps of:
s100, receiving a request for downloading a first application, wherein the request carries a first ID;
s200, responding to the request, searching: a second ID corresponding to the first ID and first digital information corresponding to the second ID;
s300, generating second digital information according to the second ID and the first digital information;
s400, signing the original installation file of the first application by using the second digital information, generating the signed first application and using the signed first application as the security application associated with the first ID.
Preferably, the first and second liquid crystal materials are,
the first ID is a user ID or a device ID, such as a MAC address of a device to which the client belongs.
Preferably, the first and second liquid crystal materials are,
the second ID is a device ID or a user ID different from the first ID.
Preferably, the first and second liquid crystal materials are,
the first digital information includes plaintext information or binary information different from the plaintext information, wherein the binary information includes information recorded by a key or a digital certificate.
Preferably, the first and second liquid crystal materials are,
the second digital information includes information recorded by the digital certificate.
Preferably, the first and second liquid crystal materials are,
the first application comprises an APK file or an EXE file or an MSI file or other application program files for which the operating system is applicable.
In addition, this disclosure also discloses a client, including:
a sending unit, configured to send a request for downloading a first application, where the request carries a first ID:
a receiving unit, configured to receive a secure application, where the secure application is obtained by signing an original installation file of a first application via second digital information, and the secure application is associated with the first ID.
In addition, the present disclosure also discloses a server, including:
a receiving unit for: receiving a request for downloading a first application, wherein the request carries a first ID;
a lookup unit to: in response to the request, look up: a second ID corresponding to the first ID and first digital information corresponding to the second ID;
a generation unit for: generating second digital information according to the second ID and the first digital information;
a signature unit to: and signing the original installation file of the first application by utilizing the second digital information, generating the signed first application and taking the signed first application as the security application associated with the first ID.
In addition, the present disclosure also provides a simplified technical solution, which is also a method for generating a security application, comprising the following steps:
s1001, receiving a request for downloading a first application, wherein the request carries a first ID;
s2001, in response to the request, looking up: first digital information corresponding to the first ID;
s3001, signing the original installation file of the first application by using the first digital information, generating the signed first application and using the signed first application as the security application associated with the first ID.
Through the technical scheme, the related application can be signed by means of the digital information corresponding to the corresponding ID so as to enhance the safety of the application, so that the control of the specific application aiming at the specific ID can be realized, and the application tampered by others can be prevented from being widely distributed.
Drawings
FIG. 1 is a schematic illustration of a method according to one embodiment of the present disclosure.
Detailed Description
In order to make those skilled in the art understand the technical solutions disclosed in the present disclosure, the technical solutions of the various embodiments will be described below with reference to the embodiments and the related drawings, and the described embodiments are a part of the embodiments of the present disclosure, but not all of the embodiments. The terms "first," "second," and the like as used in this disclosure are used for distinguishing between different objects and not for describing a particular order. Furthermore, "include" and "have," as well as any variations thereof, are intended to cover and not to exclude inclusions. For example, a process, method, system, or article or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may alternatively include other steps or elements not expressly listed or inherent to such process, method, system, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the disclosure. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It will be appreciated by those skilled in the art that the embodiments described herein may be combined with other embodiments.
Referring to fig. 1, fig. 1 is a method for generating a security application according to an embodiment of the present disclosure, including the following steps:
s100, receiving a request for downloading a first application, wherein the request carries a first ID;
s200, responding to the request, searching: a second ID corresponding to the first ID and first digital information corresponding to the second ID;
s300, generating second digital information according to the second ID and the first digital information;
s400, signing the original installation file of the first application by using the second digital information, generating the signed first application and using the signed first application as the security application associated with the first ID.
Through the technical scheme, the second digital information can be generated by means of the second ID and the corresponding first digital information, and the related application is signed to enhance the safety of the application, so that not only can the control of the specific application aiming at the specific ID be realized, but also the application tampered by others can be prevented from being widely distributed. For example, when the application is executed, whether the application has the related digital information corresponding to the first ID, for example, the second digital information, is judged locally or in the cloud, so that the authenticity of the application can be identified.
It can be appreciated that the first digital information is equivalent to providing a first level of security assurance, whether the first digital information is plaintext or binary information, differing only in the level of security. And, the second digital information further improves security. Finally, the original installation file of the first application is signed by the second digital information, so that two technical effects can be obtained: firstly, the application security level is improved, and tampering is prevented; second, the application establishes an association with the first ID, which enables personalized application distribution for different IDs.
In another embodiment of the present invention, the substrate is,
the first ID is a user ID or a device ID.
In another embodiment of the present invention, the substrate is,
the second ID is a device ID or a user ID different from the first ID.
In another embodiment of the present invention, the substrate is,
the first digital information includes plaintext information or binary information different from the plaintext information, wherein the binary information includes information recorded by a key or a digital certificate.
It is understood that a key is sometimes understood to be a piece of information and sometimes a file, and vice versa for a digital certificate. In either case, the first digital information is preferably information such as a key or information recorded by a key, since keys are easy to implement in terms of engineering and it is preferable that they have a certain level of security, in particular AES256 or higher. It should be noted that, when the first digital information is stored in the database, the first digital information may directly store the plaintext information or the binary information different from the plaintext information in the database, or may read in the plaintext file or the binary file different from the plaintext file in advance and write the plaintext information or the binary information in the database. By way of further extension, it is understood that for purposes of this disclosure, in theory, the first digital information, the second digital information, may be represented in the form of information stored in a database, or may be in a particular file format.
In another embodiment, the searching in step S200 includes the following steps: in a database, or in a file system.
It will be appreciated that the first digital information may be information stored in a database when looked up in the database. When looking up in the file system, the first digital information may be a file stored in the file system.
In another embodiment of the present invention, the substrate is,
the second digital information includes information recorded by the digital certificate.
In fact, the second digital information is only in this embodiment preferred to the information recorded by the digital certificate. If the first digital information selects a key and the second digital information selects a digital certificate, this helps to further enhance the security of the disclosed solution, since the key and the digital certificate are of different systems. However, it should be noted that if a non-standard means is adhered to, for example, a certain non-standard ciphertext is used as the second digital information to sign the original installation file of the first application, such a signature is also possible, and the secure application can be realized in the same way. More broadly, a digital file corresponding to various known obfuscation means, or information recorded by the digital file, is used for "signing" or obfuscating, and can also be used as the second digital information and for implementing the security application described in the present disclosure.
In another embodiment of the present invention, the substrate is,
the first application comprises an APK file or an EXE file or an MSI file or other application program files for which the operating system is applicable.
The steps in the method of the embodiment of the present disclosure may be sequentially adjusted, combined, and deleted according to actual needs.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention.
In addition, the present disclosure also discloses, in another embodiment, a client, including:
a sending unit, configured to send a request for downloading a first application, where the request carries a first ID;
a receiving unit, configured to receive a secure application, where the secure application is obtained by signing an original installation file of a first application via second digital information, and the secure application is associated with the first ID.
Furthermore, in another embodiment, the present disclosure also discloses a server comprising:
a receiving unit for: receiving a request for downloading a first application, wherein the request carries a first ID:
a lookup unit to: in response to the request, look up: a second ID corresponding to the first ID and first digital information corresponding to the second ID;
a generation unit for: generating second digital information according to the second ID and the first digital information;
a signature unit to: and signing the original installation file of the first application by utilizing the second digital information, generating the signed first application and taking the signed first application as the security application associated with the first ID.
In addition, in order to balance the friendliness and safety of user interaction, the present disclosure also provides a simplified technical solution, which is also a method for generating a secure application, including the following steps:
s1001, receiving a request for downloading a first application, wherein the request carries a first ID;
s2001, in response to the request, looking up: first digital information corresponding to the first ID;
s3001, signing the original installation file of the first application by using the first digital information, generating the signed first application and using the signed first application as the security application associated with the first ID.
It can be seen that the above embodiments implement signing of related applications and generation of secure applications therefrom, using only one ID and its corresponding digital information.
Accordingly, for the simplified version of the method for generating a security application, the client and the server described above may also be simplified in a targeted manner, and only one kind of ID and its corresponding digital information are used.
It can be understood that, whether the client or the server or the system formed by the client and the server, the generation of the security application can be realized by the present disclosure, which obviously facilitates the distribution and use of the security application in the later period and also facilitates the personalized distribution and deployment of the cloud.
Those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts, modules and units described are not necessarily required to practice the invention.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the several embodiments provided in the present disclosure, it should be understood that the disclosed methods may be implemented as corresponding functional units, processors or even systems, wherein parts of the system may be located in one place or distributed over multiple network elements. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment. In addition, each functional unit may be integrated into one processing unit, each unit may exist alone, or two or more units may be integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit. The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a smartphone, a personal digital assistant, a wearable device, a laptop, a tablet computer) to perform all or part of the steps of the method according to the embodiments of the present disclosure. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
As described above, the above embodiments are only used to illustrate the technical solutions of the present disclosure, and not to limit the same; although the present disclosure has been described in detail with reference to the foregoing embodiments, it should be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present disclosure.

Claims (17)

1. A method of generating a secure application, comprising the steps of:
s100, receiving a request for downloading a first application, wherein the request carries a first ID;
s200, responding to the request, searching: a second ID corresponding to the first ID and first digital information corresponding to the second ID;
s300, generating second digital information according to the second ID and the first digital information;
s400, signing the original installation file of the first application by using the second digital information, generating the signed first application and using the signed first application as the security application associated with the first ID.
2. The method according to claim 1, wherein preferably:
the first ID is a user ID or a device ID, such as a MAC address of a device to which the client belongs.
3. The method of claim 1, wherein:
the second ID is a device ID or a user ID different from the first ID.
4. The method of claim 1, wherein:
the first digital information includes plaintext information or binary information different from the plaintext information, wherein the binary information includes information recorded by a key or a digital certificate.
5. The method of claim 1, wherein:
the second digital information includes information recorded by the digital certificate.
6. The method of claim 1, wherein:
the first application comprises an APK file or an EXE file or an MSI file or other application program files for which the operating system is applicable.
7. A client, comprising:
a sending unit, configured to send a request for downloading a first application, where the request carries a first ID;
a receiving unit, configured to receive a secure application, where the secure application is obtained by signing an original installation file of a first application via second digital information, and the secure application is associated with the first ID.
8. The client of claim 7, wherein:
the first ID is a user ID or a device ID to which the client belongs, for example, a MAC address of a device to which the client belongs.
9. The client of claim 7, wherein:
the second digital information includes information recorded by the digital certificate.
10. The client of claim 7, wherein:
the first application comprises an APK file or an EXE file or an MSI file or other application program files for which the operating system is applicable.
11. A server, comprising:
a receiving unit for: receiving a request for downloading a first application, wherein the request carries a first ID;
a lookup unit to: in response to the request, look up: a second ID corresponding to the first ID and first digital information corresponding to the second ID;
a generation unit for: generating second digital information according to the second ID and the first digital information;
a signature unit to: and signing the original installation file of the first application by utilizing the second digital information, generating the signed first application and taking the signed first application as the security application associated with the first ID.
12. The server of claim 11, wherein:
the first ID is a user ID or a device ID to which the client belongs, for example, a MAC address of a device to which the client belongs.
13. The server of claim 11, wherein:
the second ID is a device ID or a user ID different from the first ID.
14. The server of claim 11, wherein:
the first digital information includes plaintext information or binary information different from the plaintext information, wherein the binary information includes information recorded by a key or a digital certificate.
15. The server of claim 11, wherein:
the second digital information includes information recorded by the digital certificate.
16. The server of claim 11, wherein:
the first application comprises an APK file or an EXE file or an MSI file or other application program files for which the operating system is applicable.
17. A method of generating a secure application, comprising the steps of:
s1001, receiving a request for downloading a first application, wherein the request carries a first ID;
s2001, in response to the request, looking up: first digital information corresponding to the first ID;
s3001, signing the original installation file of the first application by using the first digital information, generating the signed first application and using the signed first application as the security application associated with the first ID.
CN201910723916.2A 2019-08-06 2019-08-06 Method, client, server and system for generating security application Active CN112350828B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910723916.2A CN112350828B (en) 2019-08-06 2019-08-06 Method, client, server and system for generating security application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910723916.2A CN112350828B (en) 2019-08-06 2019-08-06 Method, client, server and system for generating security application

Publications (2)

Publication Number Publication Date
CN112350828A true CN112350828A (en) 2021-02-09
CN112350828B CN112350828B (en) 2023-04-07

Family

ID=74367335

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910723916.2A Active CN112350828B (en) 2019-08-06 2019-08-06 Method, client, server and system for generating security application

Country Status (1)

Country Link
CN (1) CN112350828B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102446106A (en) * 2010-09-30 2012-05-09 联想(北京)有限公司 Installation management method, server and terminal for application program
CN105743910A (en) * 2016-03-30 2016-07-06 福建联迪商用设备有限公司 Method and system for installing programs through digital signatures
CN106209751A (en) * 2015-05-08 2016-12-07 中标软件有限公司 Service-oriented interface authentication method based on the operating system certificate of authority
CN109617694A (en) * 2018-12-21 2019-04-12 网易(杭州)网络有限公司 A kind of application issued method and apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102446106A (en) * 2010-09-30 2012-05-09 联想(北京)有限公司 Installation management method, server and terminal for application program
CN106209751A (en) * 2015-05-08 2016-12-07 中标软件有限公司 Service-oriented interface authentication method based on the operating system certificate of authority
CN105743910A (en) * 2016-03-30 2016-07-06 福建联迪商用设备有限公司 Method and system for installing programs through digital signatures
CN109617694A (en) * 2018-12-21 2019-04-12 网易(杭州)网络有限公司 A kind of application issued method and apparatus

Also Published As

Publication number Publication date
CN112350828B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
US8831228B1 (en) System and method for decentralized management of keys and policies
US8707404B2 (en) System and method for transparently authenticating a user to a digital rights management entity
US10574693B2 (en) Password breach registry
US20190207770A1 (en) Methods for access control of contract data in a distributed system with distributed consensus and contract generator and validation server thereof
US20110185179A1 (en) System And Method For Digital Rights Management With A Lightweight Digital Watermarking Component
US8359473B1 (en) System and method for digital rights management using digital signatures
US20040039932A1 (en) Apparatus, system and method for securing digital documents in a digital appliance
US20130132733A1 (en) System And Method For Digital Rights Management With System Individualization
CN106295255B (en) Application program reinforcing method and device
JP2015181010A (en) System and method for protecting user privacy in multimedia uploaded to internet sites
US20040260933A1 (en) Method of preventing tampering of program by using unique number, method of upgrading obfuscated program, and apparatus thereof
US8862892B2 (en) System and method for detecting a security compromise on a device
Beato et al. For some eyes only: protecting online information sharing
US9619653B2 (en) System and method for detecting a security compromise on a device
US20080148401A1 (en) System for Reducing Fraud
US8683195B2 (en) System and method for reducing fraud
EP3033866B1 (en) Secure transfers of files within network-based storage
CN114144993B (en) Method, system and medium for protecting integrity of client device communication
CN112350828B (en) Method, client, server and system for generating security application
US20170019258A1 (en) Methods for securing an account-management application and apparatuses using the same
US20150347365A1 (en) System and method for distributing censored and encrypted versions of a document
CN114391242B (en) Anonymous event attestation
CN115563429A (en) Page display method and device, electronic equipment and readable storage medium
US11251940B2 (en) Decentralized repository using encryption for non-repudiable activity and ownership
Hwang et al. Design of Reliable Electronic Document Based on HTML and Blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant