CN114218534A - Off-line package checking method, device, equipment and storage medium - Google Patents

Off-line package checking method, device, equipment and storage medium Download PDF

Info

Publication number
CN114218534A
CN114218534A CN202111523893.4A CN202111523893A CN114218534A CN 114218534 A CN114218534 A CN 114218534A CN 202111523893 A CN202111523893 A CN 202111523893A CN 114218534 A CN114218534 A CN 114218534A
Authority
CN
China
Prior art keywords
hash value
offline
package
algorithm
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111523893.4A
Other languages
Chinese (zh)
Inventor
易宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An International Smart City Technology Co Ltd
Original Assignee
Ping An International Smart City Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An International Smart City Technology Co Ltd filed Critical Ping An International Smart City Technology Co Ltd
Priority to CN202111523893.4A priority Critical patent/CN114218534A/en
Publication of CN114218534A publication Critical patent/CN114218534A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/128Restricting unauthorised execution of programs involving web programs, i.e. using technology especially used in internet, generally interacting with a web browser, e.g. hypertext markup language [HTML], applets, java

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to the field of artificial intelligence, and discloses a method, a device, equipment and a storage medium for off-line package verification, which are used for improving the accuracy of off-line package verification. The off-line package verification method comprises the following steps: calling a first algorithm to generate a public key and a private key according to the off-line packet acquisition request; acquiring offline package information of an offline package to be updated, calculating a first hash value through a second algorithm, and encrypting the first hash value through the first algorithm according to a public key and a private key to obtain a hash ciphertext; analyzing the offline packet information to obtain a download address; downloading the off-line packet according to the download address to obtain a target off-line packet, and generating a second hash value according to a second algorithm; decrypting the hash ciphertext to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and if the matching is successful, decompressing the target offline packet and operating the target offline packet. In addition, the invention also relates to a block chain technology, and the target offline packet can be stored in the block chain node.

Description

Off-line package checking method, device, equipment and storage medium
Technical Field
The invention relates to the field of artificial intelligence, in particular to a method, a device, equipment and a storage medium for checking an off-line package.
Background
In recent years, mobile internet application programs (apps) are widely used and play an irreplaceable role in promoting economic and social development, serving livelihood and the like; meanwhile, behaviors of illegally stealing and abusing personal information, even resale personal information are endless, and information leakage is serious, so that the personal information safety is greatly threatened. With the advanced development of the national App special treatment action, supervision departments, participants of various industries and terminal users pay more and more attention to the safety problem of the App.
Hybrid has become the main mode that the enterprise developed the App at present, and this kind of mode through h5 off-line package Hybrid development has one set of code and is applicable to different platforms such as android and ios simultaneously, updates advantage such as in time, has reduced the work load of development to can do not need to upgrade the business function that the App was newly increased or in time updated the App. However, this method also exposes some security problems, the offline package is possibly tampered and embedded with malicious code by attackers, and downloading and executing the unverified offline package by the App can cause the App information to be leaked and private data of users to be exposed.
Disclosure of Invention
The invention provides a method, a device and equipment for checking an offline packet and a storage medium, which are used for improving the accuracy of the offline packet checking.
The invention provides a method for checking an off-line package, which comprises the following steps: receiving an offline package acquisition request sent by a preset mobile internet application program, and calling a preset first algorithm according to the offline package acquisition request to generate a public and private key corresponding to the offline package acquisition request, wherein the public and private key comprises a public key and a private key; acquiring offline package information corresponding to an offline package to be updated from a preset local cache, calculating a first hash value corresponding to the offline package information through a preset second algorithm, and encrypting the first hash value according to the public and private keys and the first algorithm to obtain a hash ciphertext corresponding to the first hash value; storing the public and private keys and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information; downloading an off-line packet according to the download address to obtain a target off-line packet, and generating a hash value corresponding to the target off-line packet according to the second algorithm to obtain a second hash value; decrypting the hash ciphertext through the first algorithm and the public and private keys to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline package and operating the target offline package.
Optionally, in a first implementation manner of the first aspect of the present invention, the receiving an offline package acquisition request sent by a preset mobile internet application, and calling a preset first algorithm according to the offline package acquisition request to generate a public and private key corresponding to the offline package acquisition request includes: receiving an offline packet acquisition request sent by a preset mobile internet application program; matching a first algorithm corresponding to the offline packet acquisition request according to the offline packet acquisition request; and generating a public and private key corresponding to the offline packet acquisition request through the first algorithm.
Optionally, in a second implementation manner of the first aspect of the present invention, the obtaining offline packet information corresponding to an offline packet to be updated from a preset local cache, calculating a first hash value corresponding to the offline packet information by using a preset second algorithm, and encrypting the first hash value by using the first algorithm according to the public and private keys to obtain a hash ciphertext corresponding to the first hash value includes: acquiring offline packet information corresponding to an offline packet to be updated from a preset local cache based on the offline packet acquisition request; inputting the offline package information into a preset second algorithm to calculate a hash value to obtain a first hash value corresponding to the offline package information; and based on a private key in the public and private keys, the first hash value is encrypted through the first algorithm to obtain a hash ciphertext corresponding to the first hash value.
Optionally, in a third implementation manner of the first aspect of the present invention, the storing the public and private keys and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information includes: assembling the public and private keys, the offline packet information and the hash ciphertext to obtain an offline packet message, and returning the offline packet message to the mobile internet application program; and analyzing the offline package information to obtain a download address corresponding to the offline package information.
Optionally, in a fourth implementation manner of the first aspect of the present invention, the downloading an offline package according to the download address to obtain a target offline package, and generating a hash value corresponding to the target offline package according to the second algorithm to obtain a second hash value includes: acquiring downloading resources based on the downloading address, and downloading an offline package corresponding to the offline package information according to the downloading resources to obtain a target offline package; and calculating the hash value corresponding to the target off-line packet through the second algorithm to obtain a second hash value.
Optionally, in a fifth implementation manner of the first aspect of the present invention, the decrypting the hash ciphertext by the first algorithm and the public and private keys to obtain the first hash value, and matching the first hash value with the second target hash value to obtain a matching result includes: analyzing the hash ciphertext through a public key in the public and private keys and the first algorithm to obtain the first hash value; and matching the first hash value and the second hash value in a preset local cache to obtain a matching result, wherein the matching result comprises that the first hash value and the second hash value are successfully matched and the first hash value and the second hash value are unsuccessfully matched.
Optionally, in a sixth implementation manner of the first aspect of the present invention, the method for checking an offline package further includes: if the matching result is that the first hash value and the second hash value are unsuccessfully matched, matching the first hash value and the second hash value unsuccessfully to generate prompt information; and sending the prompt information to the mobile internet application program for early warning.
The second aspect of the present invention provides an apparatus for checking an offline packet, where the apparatus for checking an offline packet includes: the system comprises a receiving module, a sending module and a sending module, wherein the receiving module is used for receiving an offline package obtaining request sent by a preset mobile internet application program, and calling a preset first algorithm according to the offline package obtaining request to generate a public and private key corresponding to the offline package obtaining request, and the public and private key comprises a public key and a private key; the processing module is used for acquiring offline packet information corresponding to an offline packet to be updated from a preset local cache, calculating a first hash value corresponding to the offline packet information through a preset second algorithm, and encrypting the first hash value according to the public and private keys and the first algorithm to obtain a hash ciphertext corresponding to the first hash value; the analysis module is used for storing the public and private keys and the hash ciphertext and analyzing the offline package information to obtain a download address corresponding to the offline package information; the downloading module is used for downloading the off-line package according to the downloading address to obtain a target off-line package, and generating a hash value corresponding to the target off-line package according to the second algorithm to obtain a second hash value; the matching module is used for decrypting the hash ciphertext through the first algorithm and the public and private keys to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and the decompression module is used for decompressing the target offline package and operating the target offline package if the matching result is that the first hash value and the second hash value are successfully matched.
Optionally, in a first implementation manner of the second aspect of the present invention, the receiving module is specifically configured to: receiving an offline packet acquisition request sent by a preset mobile internet application program; matching a first algorithm corresponding to the offline packet acquisition request according to the offline packet acquisition request; and generating a public and private key corresponding to the offline packet acquisition request through the first algorithm.
Optionally, in a second implementation manner of the second aspect of the present invention, the processing module is specifically configured to: acquiring offline packet information corresponding to an offline packet to be updated from a preset local cache based on the offline packet acquisition request; inputting the offline package information into a preset second algorithm to calculate a hash value to obtain a first hash value corresponding to the offline package information; and based on a private key in the public and private keys, the first hash value is encrypted through the first algorithm to obtain a hash ciphertext corresponding to the first hash value.
Optionally, in a third implementation manner of the second aspect of the present invention, the parsing module is specifically configured to: assembling the public and private keys, the offline packet information and the hash ciphertext to obtain an offline packet message, and returning the offline packet message to the mobile internet application program; and analyzing the offline package information to obtain a download address corresponding to the offline package information.
Optionally, in a fourth implementation manner of the second aspect of the present invention, the downloading module is specifically configured to: acquiring downloading resources based on the downloading address, and downloading an offline package corresponding to the offline package information according to the downloading resources to obtain a target offline package; and calculating the hash value corresponding to the target off-line packet through the second algorithm to obtain a second hash value.
Optionally, in a fifth implementation manner of the second aspect of the present invention, the matching module is specifically configured to: analyzing the hash ciphertext through a public key in the public and private keys and the first algorithm to obtain the first hash value; and matching the first hash value and the second hash value in a preset local cache to obtain a matching result, wherein the matching result comprises that the first hash value and the second hash value are successfully matched and the first hash value and the second hash value are unsuccessfully matched.
Optionally, in a sixth implementation manner of the second aspect of the present invention, the device for checking an off-line packet further includes: the prompt module is used for matching the first hash value with the second hash value unsuccessfully to generate prompt information if the matching result is that the first hash value and the second hash value are unsuccessfully matched; and sending the prompt information to the mobile internet application program for early warning.
A third aspect of the present invention provides an offline package verification apparatus, including: a memory and at least one processor, the memory having instructions stored therein; the at least one processor calls the instructions in the memory to cause the off-line package verification device to execute the off-line package verification method.
A fourth aspect of the present invention provides a computer-readable storage medium having stored therein instructions, which, when run on a computer, cause the computer to execute the above-mentioned off-line package verification method.
In the technical scheme provided by the invention, a first algorithm is called to generate a public key and a private key according to an offline packet acquisition request; acquiring offline package information corresponding to an offline package to be updated, calculating a first hash value corresponding to the offline package information through a second algorithm, and encrypting the first hash value through the first algorithm according to a public key and a private key to obtain a hash ciphertext; storing the public and private keys and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information; downloading the off-line packet according to the download address to obtain a target off-line packet, and generating a hash value corresponding to the target off-line packet according to a second algorithm to obtain a second hash value; decrypting the hash ciphertext through a first algorithm and a public-private key to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline package and operating the target offline package. The invention effectively distinguishes the truth of the off-line package of the mixed-mode mobile application through the state cryptographic algorithm, and when the verification is successful, the operation is safe, the verification failure is stopped in time, and the accuracy of the off-line package verification is effectively improved.
Drawings
Fig. 1 is a schematic diagram of an embodiment of a method for checking an off-line packet according to an embodiment of the present invention;
fig. 2 is a schematic diagram of another embodiment of a method for checking an off-line packet according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an embodiment of an off-line package verification apparatus according to the present invention;
FIG. 4 is a schematic diagram of another embodiment of an off-line package verification apparatus according to an embodiment of the present invention;
fig. 5 is a schematic diagram of an embodiment of an off-line package verification device in an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a method, a device and equipment for checking an offline packet and a storage medium, which are used for improving the accuracy of the offline packet checking. The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," or "having," and any variations thereof, are intended to cover non-exclusive inclusions, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of understanding, a specific flow of the embodiment of the present invention is described below, and referring to fig. 1, a first embodiment of the off-line package verification method in the embodiment of the present invention includes:
101. receiving an offline package acquisition request sent by a preset mobile internet application program, and calling a preset first algorithm according to the offline package acquisition request to generate a public and private key corresponding to the offline package acquisition request, wherein the public and private key comprises a public key and a private key;
specifically, when the user enters a mobile internet application program (App), the mobile internet application program sends a request to the server to acquire information of the offline package. After receiving an instruction sent by the mobile internet application program, the server side first generates a pair of public and private key pairs randomly through a first algorithm (the first algorithm may be SM2 algorithm), and stores the public and private keys.
It is to be understood that the execution subject of the present invention may be a verification device of an offline package, and may also be a terminal or a server, which is not limited herein. The embodiment of the present invention is described by taking a server as an execution subject. The embodiment of the invention can acquire and process related data based on an artificial intelligence technology. Among them, Artificial Intelligence (AI) is a theory, method, technique and application system that simulates, extends and expands human Intelligence using a digital computer or a machine controlled by a digital computer, senses the environment, acquires knowledge and uses the knowledge to obtain the best result. The artificial intelligence infrastructure generally includes technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and the like. The server may be an independent server, or may be a cloud server that provides basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a Content Delivery Network (CDN), and a big data and artificial intelligence platform.
102. Acquiring offline packet information corresponding to an offline packet to be updated from a preset local cache, calculating a first hash value corresponding to the offline packet information through a preset second algorithm, and encrypting the hash value through the first algorithm according to a public key and a private key to obtain a hash ciphertext corresponding to the first hash value;
specifically, the server encrypts the hash value of the offline packet through the stored private key and the first algorithm to generate a hash ciphertext. It should be noted that the second algorithm may be an SM3 algorithm, and the SM3 algorithm may be used for digital signature and verification in commercial cryptographic applications, and is an algorithm implemented to be improved on the basis of SHA-256, the second algorithm adopts a Merkle-Damgard structure, the message packet length is 512 bits, the digest value length is 256 bits, and the compression function of the second algorithm has a similar structure to that of the SHA-256 compression function, but the design of the second algorithm is more complex, for example, each round of the compression function uses 2 message words.
103. Storing the public and private keys and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information;
specifically, the server assembles an offline packet message which comprises information such as a download address, a public key, a hash ciphertext and the like and returns the information to the mobile internet application program, the server assembles the public key, the offline packet message and the hash ciphertext to obtain an offline packet message, and the server returns the offline packet message to the mobile internet application program; and the server analyzes the offline packet information to obtain a download address corresponding to the offline packet information.
104. Downloading the off-line packet according to the download address to obtain a target off-line packet, and generating a hash value corresponding to the target off-line packet according to a second algorithm to obtain a second hash value;
specifically, the server ensures the integrity and consistency of the offline packets, the hash values calculated by the offline packets through the second algorithm have consistency, and the hash values calculated by different offline packets are different. Therefore, the integrity of the offline packet can be effectively verified, and the consistency of the offline packet operated by the App and the server side is ensured.
105. Decrypting the hash ciphertext through a first algorithm and a public-private key to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result;
specifically, the server analyzes the hash ciphertext through a public key in a public and private key and a first algorithm to obtain a first hash value; and the server matches the first hash value with the second hash value in a preset local cache to obtain a matching result, wherein the matching result comprises that the first hash value and the second hash value are successfully matched and the first hash value and the second hash value are unsuccessfully matched.
106. And if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline package and operating the target offline package.
It should be noted that, the mixed mode mobile application: the mobile internet application program is a mobile internet application program between a web mobile application and a local mobile application, the mobile internet application program looks like a local mobile application, but only has one web page, the web mobile application is accessed from the inside, namely, a shell of a client is developed by using a local native, the bottom functional API is provided by a native container in a certain mode, then business logic is completed by an H5 page, and finally the native container loads an H5 page to complete the whole App. The H5 page may be loaded and run in an online loading manner or in an offline loading manner.
Further, the server stores the target offline packet in the blockchain database, which is not limited herein.
In the embodiment of the invention, a first algorithm is called to generate a public key and a private key according to an offline packet acquisition request; acquiring offline package information corresponding to an offline package to be updated, calculating a first hash value corresponding to the offline package information through a second algorithm, and encrypting the first hash value through the first algorithm according to a public key and a private key to obtain a hash ciphertext; storing the public and private keys and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information; downloading the off-line packet according to the download address to obtain a target off-line packet, and generating a hash value corresponding to the target off-line packet according to a second algorithm to obtain a second hash value; decrypting the hash ciphertext through a first algorithm and a public-private key to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline package and operating the target offline package. The invention effectively distinguishes the truth of the off-line package of the mixed-mode mobile application through the state cryptographic algorithm, and when the verification is successful, the operation is safe, the verification failure is stopped in time, and the accuracy of the off-line package verification is effectively improved.
Referring to fig. 2, a second embodiment of the method for checking an offline package according to the embodiment of the present invention includes:
201. receiving an offline package acquisition request sent by a preset mobile internet application program, and calling a preset first algorithm according to the offline package acquisition request to generate a public and private key corresponding to the offline package acquisition request, wherein the public and private key comprises a public key and a private key;
optionally, the server receives an offline packet acquisition request sent by a preset mobile internet application program; the server matches a first algorithm corresponding to the offline packet acquisition request according to the offline packet acquisition request; and the server generates a public and private key corresponding to the offline packet acquisition request through a first algorithm.
It should be noted that, the first algorithm: the SM2 elliptic curve public key cryptographic algorithm is a public key cryptographic algorithm, and comprises an SM2-1 elliptic curve digital signature algorithm, an SM2-2 elliptic curve key exchange protocol and an SM2-3 elliptic curve public key cryptographic algorithm, which are respectively used for realizing functions of digital signature key negotiation, data encryption and the like. Elliptic curves are not ellipses and are therefore called elliptic curves because they are represented by a cubic equation, and this equation is similar to the equation for calculating the circumference of an ellipse. In general, the cubic equation of an elliptic curve is: y2+ axy + by x3+ cx2+ dx + e; where a, b, c, d and e are real numbers that satisfy certain conditions, since the exponent in the equation is at most 3, we call it a cubic equation, or the degree of the equation is 3, and the first algorithm uses the equation: y2 ═ x3+ ax + b; the first algorithm is implemented as follows: (1) selecting element G of Ep (a, b) such that the order n of G is a large prime number; (2) the order of G refers to the minimum value of n satisfying nG ═ O; (3) secret selection integer k, calculation of B ═ kG, and then disclosure of (p, a, B, G, B), B being a public key, confidentiality k, k being a private key; and encryption M: the message M is first transformed to a point Pm in Ep (a, b), then a random number r is selected, the ciphertext Cm is calculated as { rG, Pm + rP }, and r is reselected if r makes rG or rP O.
202. Acquiring offline packet information corresponding to an offline packet to be updated from a preset local cache, calculating a first hash value corresponding to the offline packet information through a preset second algorithm, and encrypting the hash value through the first algorithm according to a public key and a private key to obtain a hash ciphertext corresponding to the first hash value;
optionally, the server acquires offline packet information corresponding to the offline packet to be updated from a preset local cache based on the offline packet acquisition request; the server inputs offline package information into a preset second algorithm to calculate a hash value, and a first hash value corresponding to the offline package information is obtained; and the server encrypts the first hash value through a first algorithm based on the private key in the public and private keys to obtain a hash ciphertext corresponding to the first hash value.
Specifically, the server acquires offline packet information corresponding to an offline packet to be updated from a preset local cache based on the offline packet acquisition request; the server inputs offline package information into a preset second algorithm to calculate a hash value, and a first hash value corresponding to the offline package information is obtained; and the server encrypts the first hash value through a first algorithm based on the private key in the public and private keys to obtain a hash ciphertext corresponding to the first hash value. The second algorithm is a cipher hash algorithm independently designed in China through an SM3 cipher hash (Hash ) algorithm, can be used for generating and verifying a digital signature and verification message authentication code and generating a random number in commercial cipher application, and can meet the safety requirements of various cipher applications.
203. Storing the public and private keys and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information;
optionally, the server assembles the public and private keys, the offline packet information and the hash ciphertext to obtain an offline packet message, and returns the offline packet message to the mobile internet application program; and the server analyzes the offline packet information to obtain a download address corresponding to the offline packet information.
Specifically, the server assembles an offline packet message which comprises information such as a download address, a public key, a hash ciphertext and the like, returns the information to the mobile internet application program, analyzes the offline packet information returned by the service by the mobile internet application program, stores the public key and the hash ciphertext, assembles the public key, the offline packet information and the hash ciphertext by the server to obtain an offline packet message, and returns the offline packet message to the mobile internet application program; the server analyzes the offline package information to obtain a download address corresponding to the offline package information, and the processing scheme is different from the processing scheme of simply checking the hash or signature of the offline package.
204. Downloading the off-line packet according to the download address to obtain a target off-line packet, and generating a hash value corresponding to the target off-line packet according to a second algorithm to obtain a second hash value;
optionally, the server acquires a download resource based on the download address, and downloads an offline package corresponding to the offline package information according to the download resource to obtain a target offline package; and the server calculates the hash value corresponding to the target offline packet through a second algorithm to obtain a second hash value.
Specifically, the server acquires a download resource based on the download address, and downloads an offline package corresponding to the offline package information according to the download resource to obtain a target offline package; and the server calculates the hash value corresponding to the target off-line package through a second algorithm to obtain a second hash value, so that the authenticity of the off-line package of the mixed-mode mobile application is effectively distinguished, if the verification is successful, the operation is safe, and the verification failure is timely terminated. The method and the device prevent serious security accidents of the mobile internet application program caused by the fact that an attacker forges or implants malicious codes offline during operation, ensure the information security of the mobile internet application program and protect personal privacy data.
205. Decrypting the hash ciphertext through a first algorithm and a public-private key to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result;
optionally, the server analyzes the hash ciphertext through a public key in the public and private keys and a first algorithm to obtain a first hash value; and the server matches the first hash value with the second hash value in a preset local cache to obtain a matching result, wherein the matching result comprises that the first hash value and the second hash value are successfully matched and the first hash value and the second hash value are unsuccessfully matched.
Specifically, the server analyzes the hash ciphertext through a public key in the public and private keys and a first algorithm to obtain a first hash value, wherein Cm is analyzed: (Pm + rP) -k (rg) -Pm + rkG-krG-Pm; the security of the first algorithm is implemented based on a mathematical problem "discrete logarithm problem ECDLP", i.e. considering the equation Q ═ KP, where Q, P belongs to Ep (a, b), and K < p, then: 1) p knows q and p and calculates K to obtain a first hash value.
206. If the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline package and operating the target offline package;
it should be noted that, the mixed mode mobile application: the mobile internet application program is a mobile internet application program between a web mobile application and a local mobile application, the mobile internet application program looks like a local mobile application, but only has one web page, the web mobile application is accessed from the inside, namely, a shell of a client is developed by using a local native, the bottom functional API is provided by a native container in a certain mode, then business logic is completed by an H5 page, and finally the native container loads an H5 page to complete the whole App. The H5 page may be loaded and run in an online loading manner or in an offline loading manner.
207. If the matching result is that the first hash value and the second hash value are unsuccessfully matched, matching the first hash value and the second hash value to generate prompt information;
208. and sending the prompt information to a mobile internet application program for early warning.
Specifically, compared with a traditional mixed-mode mobile application off-line package processing scheme, the device increases an off-line package checking process, and a mobile internet application program can effectively identify the authenticity of an off-line package, so that user information and privacy data are prevented from being revealed due to operation tampering or implantation of an off-line package of a malicious program. Different from the processing scheme of simply checking the offline packet hash or the signature, the device adds the processes of server private key encryption and mobile internet application program public key decryption to the hash value of the offline packet, and meanwhile, the mobile internet application program can confirm the public key generated by the server, so that an attacker is prevented from forging the offline packet file and the hash value in the midway.
Further, the server stores the target offline packet in the blockchain database, which is not limited herein.
In the embodiment of the invention, a first algorithm is called to generate a public key and a private key according to an offline packet acquisition request; acquiring offline package information corresponding to an offline package to be updated, calculating a first hash value corresponding to the offline package information through a second algorithm, and encrypting the first hash value through the first algorithm according to a public key and a private key to obtain a hash ciphertext; storing the public and private keys and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information; downloading the off-line packet according to the download address to obtain a target off-line packet, and generating a hash value corresponding to the target off-line packet according to a second algorithm to obtain a second hash value; decrypting the hash ciphertext through a first algorithm and a public-private key to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline package and operating the target offline package. The invention effectively distinguishes the truth of the off-line package of the mixed-mode mobile application through the state cryptographic algorithm, and when the verification is successful, the operation is safe, the verification failure is stopped in time, and the accuracy of the off-line package verification is effectively improved.
With reference to fig. 3, the method for checking an off-line package in the embodiment of the present invention is described above, and a checking apparatus for an off-line package in the embodiment of the present invention is described below, where a first embodiment of the checking apparatus for an off-line package in the embodiment of the present invention includes:
the receiving module 301 is configured to receive an offline package acquisition request sent by a preset mobile internet application program, and call a preset first algorithm according to the offline package acquisition request to generate a public and private key corresponding to the offline package acquisition request, where the public and private key includes a public key and a private key;
the processing module 302 is configured to obtain offline packet information corresponding to an offline packet to be updated from a preset local cache, calculate a first hash value corresponding to the offline packet information through a preset second algorithm, and encrypt the first hash value according to the public and private keys and through the first algorithm to obtain a hash ciphertext corresponding to the first hash value;
the analysis module 303 is configured to store the public and private keys and the hash ciphertext, and analyze the offline package information to obtain a download address corresponding to the offline package information;
the downloading module 304 is configured to download the offline package according to the downloading address to obtain a target offline package, and generate a hash value corresponding to the target offline package according to the second algorithm to obtain a second hash value;
a matching module 305, configured to decrypt the hash ciphertext through the first algorithm and the public and private keys to obtain the first hash value, and match the first hash value with a second target hash value to obtain a matching result;
a decompressing module 306, configured to decompress the target offline package and run the target offline package if the matching result is that the first hash value and the second hash value are successfully matched.
Further, the server stores the target offline packet in the blockchain database, which is not limited herein.
In the embodiment of the invention, a first algorithm is called to generate a public key and a private key according to an offline packet acquisition request; acquiring offline package information corresponding to an offline package to be updated, calculating a first hash value corresponding to the offline package information through a second algorithm, and encrypting the first hash value through the first algorithm according to a public key and a private key to obtain a hash ciphertext; storing the public and private keys and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information; downloading the off-line packet according to the download address to obtain a target off-line packet, and generating a hash value corresponding to the target off-line packet according to a second algorithm to obtain a second hash value; decrypting the hash ciphertext through a first algorithm and a public-private key to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline package and operating the target offline package. The invention effectively distinguishes the truth of the off-line package of the mixed-mode mobile application through the state cryptographic algorithm, and when the verification is successful, the operation is safe, the verification failure is stopped in time, and the accuracy of the off-line package verification is effectively improved.
Referring to fig. 4, a second embodiment of the off-line package verification apparatus according to the present invention includes:
the receiving module 301 is configured to receive an offline package acquisition request sent by a preset mobile internet application program, and call a preset first algorithm according to the offline package acquisition request to generate a public and private key corresponding to the offline package acquisition request, where the public and private key includes a public key and a private key;
the processing module 302 is configured to obtain offline packet information corresponding to an offline packet to be updated from a preset local cache, calculate a first hash value corresponding to the offline packet information through a preset second algorithm, and encrypt the first hash value according to the public and private keys and through the first algorithm to obtain a hash ciphertext corresponding to the first hash value;
the analysis module 303 is configured to store the public and private keys and the hash ciphertext, and analyze the offline package information to obtain a download address corresponding to the offline package information;
the downloading module 304 is configured to download the offline package according to the downloading address to obtain a target offline package, and generate a hash value corresponding to the target offline package according to the second algorithm to obtain a second hash value;
a matching module 305, configured to decrypt the hash ciphertext through the first algorithm and the public and private keys to obtain the first hash value, and match the first hash value with a second target hash value to obtain a matching result;
a decompressing module 306, configured to decompress the target offline package and run the target offline package if the matching result is that the first hash value and the second hash value are successfully matched.
Optionally, the receiving module 301 is specifically configured to:
receiving an offline packet acquisition request sent by a preset mobile internet application program; matching a first algorithm corresponding to the offline packet acquisition request according to the offline packet acquisition request; and generating a public and private key corresponding to the offline packet acquisition request through the first algorithm.
Optionally, the processing module 302 is specifically configured to:
acquiring offline packet information corresponding to an offline packet to be updated from a preset local cache based on the offline packet acquisition request; inputting the offline package information into a preset second algorithm to calculate a hash value to obtain a first hash value corresponding to the offline package information; and based on a private key in the public and private keys, the first hash value is encrypted through the first algorithm to obtain a hash ciphertext corresponding to the first hash value.
Optionally, the parsing module 303 is specifically configured to:
assembling the public and private keys, the offline packet information and the hash ciphertext to obtain an offline packet message, and returning the offline packet message to the mobile internet application program; and analyzing the offline package information to obtain a download address corresponding to the offline package information.
Optionally, the downloading module 304 is specifically configured to:
acquiring downloading resources based on the downloading address, and downloading an offline package corresponding to the offline package information according to the downloading resources to obtain a target offline package; and calculating the hash value corresponding to the target off-line packet through the second algorithm to obtain a second hash value.
Optionally, the matching module 305 is specifically configured to:
analyzing the hash ciphertext through a public key in the public and private keys and the first algorithm to obtain the first hash value; and matching the first hash value and the second hash value in a preset local cache to obtain a matching result, wherein the matching result comprises that the first hash value and the second hash value are successfully matched and the first hash value and the second hash value are unsuccessfully matched.
Optionally, the verification device for the off-line package further includes:
a prompt module 307, configured to, if the matching result is that the first hash value and the second hash value are unsuccessfully matched, unsuccessfully match the first hash value and the second hash value to generate a prompt message; and sending the prompt information to the mobile internet application program for early warning.
Further, the server stores the target offline packet in the blockchain database, which is not limited herein.
In the embodiment of the invention, a first algorithm is called to generate a public key and a private key according to an offline packet acquisition request; acquiring offline package information corresponding to an offline package to be updated, calculating a first hash value corresponding to the offline package information through a second algorithm, and encrypting the first hash value through the first algorithm according to a public key and a private key to obtain a hash ciphertext; storing the public and private keys and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information; downloading the off-line packet according to the download address to obtain a target off-line packet, and generating a hash value corresponding to the target off-line packet according to a second algorithm to obtain a second hash value; decrypting the hash ciphertext through a first algorithm and a public-private key to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline package and operating the target offline package. The invention effectively distinguishes the truth of the off-line package of the mixed-mode mobile application through the state cryptographic algorithm, and when the verification is successful, the operation is safe, the verification failure is stopped in time, and the accuracy of the off-line package verification is effectively improved.
Fig. 3 and 4 describe the verification device of the off-line package in the embodiment of the present invention in detail from the perspective of the modular functional entity, and the verification device of the off-line package in the embodiment of the present invention is described in detail from the perspective of hardware processing.
Fig. 5 is a schematic structural diagram of an offline package verification apparatus according to an embodiment of the present invention, where the offline package verification apparatus 500 may generate relatively large differences due to different configurations or performances, and may include one or more processors (CPUs) 510 (e.g., one or more processors) and a memory 520, and one or more storage media 530 (e.g., one or more mass storage devices) for storing applications 533 or data 532. Memory 520 and storage media 530 may be, among other things, transient or persistent storage. The program stored on the storage medium 530 may include one or more modules (not shown), each of which may include a series of instruction operations in the verification device 500 for an off-line package. Still further, the processor 510 may be arranged to communicate with the storage medium 530, to execute a series of instruction operations in the storage medium 530 on the off-package verification device 500.
The off-package verification apparatus 500 may also include one or more power supplies 540, one or more wired or wireless network interfaces 550, one or more input-output interfaces 560, and/or one or more operating systems 531, such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, etc. It will be appreciated by those skilled in the art that the off-line package verification device configuration shown in figure 5 does not constitute a limitation of the off-line package verification device and may include more or fewer components than shown, or some components may be combined, or a different arrangement of components.
The invention further provides a verification device for an off-line package, which comprises a memory and a processor, wherein computer readable instructions are stored in the memory, and when the computer readable instructions are executed by the processor, the processor executes the steps of the verification method for the off-line package in the above embodiments.
The present invention also provides a computer-readable storage medium, which may be a non-volatile computer-readable storage medium, and which may also be a volatile computer-readable storage medium, having stored therein instructions, which, when run on a computer, cause the computer to perform the steps of the off-line package verification method.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A method for checking an off-line package is characterized by comprising the following steps:
receiving an offline package acquisition request sent by a preset mobile internet application program, and calling a preset first algorithm according to the offline package acquisition request to generate a public and private key corresponding to the offline package acquisition request, wherein the public and private key comprises a public key and a private key;
acquiring offline package information corresponding to an offline package to be updated from a preset local cache, calculating a first hash value corresponding to the offline package information through a preset second algorithm, and encrypting the first hash value according to the public and private keys and the first algorithm to obtain a hash ciphertext corresponding to the first hash value;
storing the public and private keys and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information;
downloading an off-line packet according to the download address to obtain a target off-line packet, and generating a hash value corresponding to the target off-line packet according to the second algorithm to obtain a second hash value;
decrypting the hash ciphertext through the first algorithm and the public and private keys to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result;
and if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline package and operating the target offline package.
2. The offline package verification method according to claim 1, wherein the receiving an offline package acquisition request sent by a preset mobile internet application program, and calling a preset first algorithm according to the offline package acquisition request to generate a public and private key corresponding to the offline package acquisition request includes:
receiving an offline packet acquisition request sent by a preset mobile internet application program;
matching a first algorithm corresponding to the offline packet acquisition request according to the offline packet acquisition request;
and generating a public and private key corresponding to the offline packet acquisition request through the first algorithm.
3. The offline package verification method according to claim 1, wherein the obtaining of offline package information corresponding to an offline package to be updated from a preset local cache, calculating a first hash value corresponding to the offline package information through a preset second algorithm, and encrypting the first hash value according to the public and private keys and the first algorithm to obtain a hash ciphertext corresponding to the first hash value comprises:
acquiring offline packet information corresponding to an offline packet to be updated from a preset local cache based on the offline packet acquisition request;
inputting the offline package information into a preset second algorithm to calculate a hash value to obtain a first hash value corresponding to the offline package information;
and based on a private key in the public and private keys, the first hash value is encrypted through the first algorithm to obtain a hash ciphertext corresponding to the first hash value.
4. The off-line package verification method according to claim 1, wherein the storing the public and private keys and the hash ciphertext and analyzing the off-line package information to obtain a download address corresponding to the off-line package information comprises:
assembling the public and private keys, the offline packet information and the hash ciphertext to obtain an offline packet message, and returning the offline packet message to the mobile internet application program;
and analyzing the offline package information to obtain a download address corresponding to the offline package information.
5. The offline package verification method according to claim 1, wherein the downloading the offline package according to the download address to obtain a target offline package, and generating a hash value corresponding to the target offline package according to the second algorithm to obtain a second hash value includes:
acquiring downloading resources based on the downloading address, and downloading an offline package corresponding to the offline package information according to the downloading resources to obtain a target offline package;
and calculating the hash value corresponding to the target off-line packet through the second algorithm to obtain a second hash value.
6. The off-line package verification method according to claim 1, wherein the decrypting the hash ciphertext through the first algorithm and the public and private keys to obtain the first hash value, and matching the first hash value with a second target hash value to obtain a matching result includes:
analyzing the hash ciphertext through a public key in the public and private keys and the first algorithm to obtain the first hash value;
and matching the first hash value and the second hash value in a preset local cache to obtain a matching result, wherein the matching result comprises that the first hash value and the second hash value are successfully matched and the first hash value and the second hash value are unsuccessfully matched.
7. The off-line package verification method according to any one of claims 1 to 6, further comprising:
if the matching result is that the first hash value and the second hash value are unsuccessfully matched, matching the first hash value and the second hash value unsuccessfully to generate prompt information;
and sending the prompt information to the mobile internet application program for early warning.
8. An off-line package verification device, comprising:
the system comprises a receiving module, a sending module and a sending module, wherein the receiving module is used for receiving an offline package obtaining request sent by a preset mobile internet application program, and calling a preset first algorithm according to the offline package obtaining request to generate a public and private key corresponding to the offline package obtaining request, and the public and private key comprises a public key and a private key;
the processing module is used for acquiring offline packet information corresponding to an offline packet to be updated from a preset local cache, calculating a first hash value corresponding to the offline packet information through a preset second algorithm, and encrypting the first hash value according to the public and private keys and the first algorithm to obtain a hash ciphertext corresponding to the first hash value;
the analysis module is used for storing the public and private keys and the hash ciphertext and analyzing the offline package information to obtain a download address corresponding to the offline package information;
the downloading module is used for downloading the off-line package according to the downloading address to obtain a target off-line package, and generating a hash value corresponding to the target off-line package according to the second algorithm to obtain a second hash value;
the matching module is used for decrypting the hash ciphertext through the first algorithm and the public and private keys to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result;
and the decompression module is used for decompressing the target offline package and operating the target offline package if the matching result is that the first hash value and the second hash value are successfully matched.
9. An off-coil verification device, comprising: a memory and at least one processor, the memory having instructions stored therein;
the at least one processor invokes the instructions in the memory to cause the off-line package verification device to perform the off-line package verification method of any of claims 1-7.
10. A computer-readable storage medium having instructions stored thereon, which when executed by a processor implement the method of verification of an off-line package according to any one of claims 1 to 7.
CN202111523893.4A 2021-12-14 2021-12-14 Off-line package checking method, device, equipment and storage medium Pending CN114218534A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111523893.4A CN114218534A (en) 2021-12-14 2021-12-14 Off-line package checking method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111523893.4A CN114218534A (en) 2021-12-14 2021-12-14 Off-line package checking method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114218534A true CN114218534A (en) 2022-03-22

Family

ID=80701585

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111523893.4A Pending CN114218534A (en) 2021-12-14 2021-12-14 Off-line package checking method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114218534A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105204906A (en) * 2015-09-29 2015-12-30 北京元心科技有限公司 Operating system starting method and intelligent terminal
CN108363580A (en) * 2018-03-12 2018-08-03 平安普惠企业管理有限公司 Application program installation method, device, computer equipment and storage medium
CN109067524A (en) * 2018-07-31 2018-12-21 杭州复杂美科技有限公司 A kind of public private key pair generation method and system
CN109451064A (en) * 2018-12-26 2019-03-08 深圳左邻永佳科技有限公司 Offline implementation method, device, computer equipment and the storage medium of web application

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105204906A (en) * 2015-09-29 2015-12-30 北京元心科技有限公司 Operating system starting method and intelligent terminal
CN108363580A (en) * 2018-03-12 2018-08-03 平安普惠企业管理有限公司 Application program installation method, device, computer equipment and storage medium
CN109067524A (en) * 2018-07-31 2018-12-21 杭州复杂美科技有限公司 A kind of public private key pair generation method and system
CN109451064A (en) * 2018-12-26 2019-03-08 深圳左邻永佳科技有限公司 Offline implementation method, device, computer equipment and the storage medium of web application

Similar Documents

Publication Publication Date Title
CN103888251B (en) A kind of method of virtual machine credible security in cloud environment
CN109194625B (en) Client application protection method and device based on cloud server and storage medium
CN109660343A (en) Token updating method, device, computer equipment and storage medium
CN113014539B (en) Internet of things equipment safety protection system and method
CN112507363A (en) Data supervision method, device and equipment based on block chain and storage medium
CN110637301B (en) Reducing disclosure of sensitive data in virtual machines
CN113014444B (en) Internet of things equipment production test system and safety protection method
CN111666564B (en) Application program safe starting method and device, computer equipment and storage medium
CN114143117B (en) Data processing method and device
CN111585995B (en) Secure wind control information transmission and processing method and device, computer equipment and storage medium
JPWO2004053664A1 (en) Program execution control device, OS, client terminal, server, program execution control system, program execution control method, program execution control program
CN112398861B (en) Encryption system and method for sensitive data in web configuration system
CN116455572B (en) Data encryption method, device and equipment
CN107026729B (en) Method and device for transmitting software
CN111898101A (en) Application security equipment verification method and device
CN111475690A (en) Character string matching method and device, data detection method and server
CN115022012B (en) Data transmission method, device, system, equipment and storage medium
CN116881936A (en) Trusted computing method and related equipment
CN111245594A (en) Homomorphic operation-based collaborative signature method and system
CN114218534A (en) Off-line package checking method, device, equipment and storage medium
CN114117471A (en) Confidential data management method, electronic device, storage medium, and program product
US20220067727A1 (en) Method for operating a distributed database system, distributed database system, and industrial automation system
CN115146284A (en) Data processing method and device, electronic equipment and storage medium
US20220035924A1 (en) Service trust status
CN111343170A (en) Electronic signing method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination