WO2016165215A1 - Method and apparatus for loading code signing on applications - Google Patents

Method and apparatus for loading code signing on applications Download PDF

Info

Publication number
WO2016165215A1
WO2016165215A1 PCT/CN2015/083878 CN2015083878W WO2016165215A1 WO 2016165215 A1 WO2016165215 A1 WO 2016165215A1 CN 2015083878 W CN2015083878 W CN 2015083878W WO 2016165215 A1 WO2016165215 A1 WO 2016165215A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
signature
information
code
server
Prior art date
Application number
PCT/CN2015/083878
Other languages
French (fr)
Chinese (zh)
Inventor
杜金芳
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016165215A1 publication Critical patent/WO2016165215A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software

Definitions

  • This paper relates to the field of Internet technology, and in particular to a method and apparatus for loading code signatures by an application.
  • the system program installed by the terminal verifies the application downloaded to the terminal, and the verification method is performed by the terminal system program on the downloaded application to be installed.
  • the code signature is verified to identify the source of the software and the true identity of the software developer.
  • the code signature is typically authorized by the certificate authority of the end system program to the application publisher and loaded by the application publisher in the application.
  • the code signature may be at risk of tampering.
  • the application publisher forcibly deletes the original code signature in the application developed by others, and then re-overwrites it with the code signature owned by itself, so that the identity of the application becomes its own identifier. , causing the application to be ambiguous. What's more, if the code signature is obtained by the illegal publisher, it may be used by the illegal publisher to publish the illegal application, which poses a great threat to the security of the user terminal.
  • the main purpose of the embodiments of the present invention is to provide a method and apparatus for loading code signatures by an application program, to avoid malicious tampering or misappropriation of code signatures, and to improve application security.
  • the embodiment of the invention provides a method for an application to load a code signature, comprising the steps of:
  • the server verifies the identity information of the requesting party
  • the server After the server verifies the identity information of the requesting party, the server uses the signature authorized by the certification authority. The private key loads the code signature of the application;
  • the server backs up the signed application and the current signature information of the application in the backup record.
  • the step of loading, by the server, the code signature of the application by using a signature private key authorized by the certificate authority includes:
  • the application is loaded with a code signature by using a signature private key authorized by the certification authority, and the code signature of the application is encrypted according to the identification information of the application, the time of the signature, and the signature private key.
  • the step of the server backing up the signed application and the current signature information of the application in the backup record includes:
  • the method further includes:
  • the server refuses to sign the application
  • the server searches for the historical signature information of the application in the backup record
  • the server When the historical signature information of the application is found, the server sends the latest version of the application backed up in the backup record to the requesting party, or sends update prompt information to the requesting party.
  • the method further includes:
  • the server compares whether the current signature information of the reported application is consistent with the historical signature information of the application backed up in the backup record;
  • the server sends the latest version of the application backed up in the backup record to the requestor or the user, or Send an update prompt message to the requestor or consumer.
  • the embodiment of the invention further provides an apparatus for loading code signatures by an application, comprising:
  • a receiving module configured to receive a code signing request sent by the requesting party, where the code signing request includes the identity information of the requesting party and an application to be signed;
  • a verification module configured to verify identity information of the requestor
  • a signing module configured to load a code signature of the application by using a signature private key authorized by a certificate authority after the identity information of the requester is verified;
  • the backup module is configured to back up the application after the signature and the current signature information of the application in the backup record.
  • the signature module is set to:
  • the application is loaded with a code signature by using a signature private key authorized by the certification authority, and the code signature of the application is encrypted according to the identification information of the application, the time of the signature, and the signature private key.
  • the backup module is set to:
  • the device that loads the code signature by the application further includes a sending module
  • the signing module is further configured to refuse to sign the application when the identity information verification of the requesting party fails;
  • the backup module is further configured to: search for historical signature information of the application in the backup record;
  • the sending module is configured to: when the historical signature information of the application is found, send the latest version of the application backed up in the backup record to the requester, or send update prompt information to the Requester.
  • the device that loads the code signature by the application further includes a comparison module
  • the receiving module is further configured to receive current signature information of the application reported by the requesting party or the user;
  • the comparing module is configured to compare whether the current signature information of the reported application is consistent with the historical signature information of the application backed up in the backup record;
  • the sending module is further configured to: when the reported current signature information is inconsistent with the backed up historical signature information, send the latest version of the application backed up in the backup record to the requesting party or the user, or send Update the prompt information to the requestor or consumer.
  • the embodiment of the invention further provides a computer storage medium, wherein the computer storage medium stores computer executable instructions, and the computer executable instructions are used to execute the above method.
  • the private key authorized by the certification authority is stored in the server, and the server loads the code signature on the application that needs to be signed, thereby preventing the illegal user from maliciously tampering or stealing the code signature, preventing the private key from being leaked, and also facilitating the code.
  • the unified management of signatures further enhances the security of signatures and ensures the secure dissemination and use of applications.
  • FIG. 1 is a flow chart of a method for loading code signatures of an application according to a first embodiment of the present invention
  • FIG. 2 is a flowchart of a method for loading code signatures of an application according to a second embodiment of the present invention
  • FIG. 3 is a flowchart of a method for loading code signatures of an application according to a third embodiment of the present invention.
  • FIG. 4 is a flowchart of a method for loading code signatures of an application according to a fourth embodiment of the present invention.
  • FIG. 5 is a flowchart of a method for loading code signatures of an application according to a fifth embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of an apparatus for loading code signatures of an application according to a first embodiment of the present invention
  • FIG. 7 is a schematic structural diagram of an apparatus for loading code signatures of an application according to a second embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of an apparatus for loading code signatures of an application according to a third embodiment of the present invention.
  • FIG. 1 is a flowchart of a method for loading code signatures of an application according to a first embodiment of the present invention.
  • the method for loading code signature of an application proposed in this embodiment includes:
  • Step S10 The server receives a code signing request sent by the requesting party;
  • the code signature of the application to be published is uniformly implemented by the server.
  • the application publisher needs to send a code signing request as a request direction server before the application is published, and the code signing request includes the identity information of the requesting party and the application to be signed.
  • the requesting party can network with the server for loading the signature in this embodiment through the terminal or the third-party server, and report the request.
  • Step S20 the server verifies the identity information of the requesting party
  • the server verifies the identity of the requesting party, verifies whether the requesting party is a legitimate user, and has a signature authority, that is, whether the authentication authority has authorized the development of the application to be signed.
  • Step S30 after the server verifies that the identity information of the requesting party is passed, the server loads the code signature of the application by using the signature private key authorized by the certificate authority;
  • the application After the server completes the authentication of the requesting party, the application is code signed with the signed private key.
  • the private key authorized by the certification authority is stored in the server, and the server loads the code signature on the application that needs to be signed, thereby preventing the malicious user from maliciously tampering or stealing the code. Signatures also facilitate the unified management of code signatures.
  • step S40 the server backs up the signed application and the current signature information of the application in the backup record.
  • the server After the signature is completed, the server backs up the information of the signature and the signed application.
  • the signature information of the backup includes the identification information of the application and the signed information, and may also include the original information before the signature if necessary.
  • the backed up information may be arranged in the order in which the signatures are loaded, or only the information in which the signatures are sequentially loaded in the last place is stored by means of the overlay update.
  • the signed application can be published directly through the server, or sent to the requesting party by the server, and then released by the requesting party.
  • the server loads the code signature on the application that needs to be signed, thereby preventing the malicious user from maliciously tampering or stealing the code signature, preventing the private key from being leaked, and also facilitating the Unified management of code signatures further enhances the security of signatures and ensures the secure dissemination and use of applications.
  • FIG. 2 is a flowchart of a method for loading code signatures of an application according to a second embodiment of the present invention. This embodiment includes all the steps in the embodiment shown in FIG. 1, and is specifically described in step S30. Step S30 includes:
  • Step S31 the server loads the code signature of the application by using the signature private key authorized by the certification authority, and encrypts the code signature of the application according to the identification information of the application, the time of the signature, and the signature private key.
  • the server loads the code signature of the application, and also uses the signature private key to encrypt the code signature of the application, adding a part of the encryption information to the code signature, because the application is added during the encryption.
  • the identification information and the time of the signature, even if the same application, the encrypted information loaded at different times is different, which is beneficial to further improve the security of the signature.
  • FIG. 3 is a flowchart of a method for loading code signatures of an application according to a third embodiment of the present invention. This embodiment includes all the steps in the embodiment shown in FIG. 1, and is specifically described in step S40. Step S40 includes:
  • Step S41 the server determines whether there is history signature information of the application in the backup record; if yes, step S42 is performed; if not, step S43 is performed;
  • the application that completes this signature may not be the first time to load the signature. If it is not the first-signed application, it has already been backed up in the server when the application was previously loaded with the signature, then the backup record of the server can be found. The backup file when the application was previously loaded with the signature.
  • Step S42 updating the application in the backup record to the signed application, and updating the historical signature information to the signature information;
  • the application and signature information in the backup record are updated to the content of the signature by overwriting the update.
  • Coverage update helps to save server storage space.
  • Step S43 creating a record of the application in the backup record according to the identification information of the application,
  • the record includes the identification information of the application and the current signature information, and the application corresponding to the signature is saved corresponding to the record of the application.
  • the application that completed the signature loading is the first time to load the signature, there is no information about the application in the backup record of the server, and a new record can be created in the backup record for recording the signed application. Identification information, signature information, and signed applications. After the next time the new code signature is loaded into the application, the application's identification information can be found and the corresponding signature information and application can be updated. In this embodiment, by copying the signature record, the code signature of the signed application and the application is uniformly managed, and the security of the application is improved.
  • FIG. 4 is a flowchart of a method for loading code signatures of an application according to a fourth embodiment of the present invention. This embodiment includes all the steps in the embodiment shown in FIG. 1, and the processing flow of the requester that fails the authentication is added. Optionally, after step S20, the method further includes:
  • Step S51 when the verification of the identity information of the requesting party fails, the server rejects the signature application
  • the application when verifying the identity of the requesting party, if the requesting party without the signature authority refuses to sign the uploaded application, the application cannot be released because the code signature cannot be loaded, even if it is released, due to the system in the user terminal.
  • the program cannot be verified by signature, can not be recognized by the system program, and can not run normally on the system, avoiding the harm of the illegal application to the terminal system.
  • Step S52 the server searches for the historical signature information of the application in the backup record
  • Step S53 when the historical signature information of the application is found, the server sends the latest version of the application backed up in the backup record to the requesting party, or sends the update prompt information to the requesting party.
  • the server can also find the application in the backup record that is the same as or similar to the application uploaded by the requester, and deliver the backed up application to the requester, since the backed up application is A code-signed application is loaded and is a secure application.
  • the requester can update the application on the requestor terminal or the third-party server to the application sent by the server to improve the security of the application.
  • the server can also send prompt information only to the requesting party, and the requesting party can choose whether to download and install the server backup. Use the program.
  • FIG. 5 is a flowchart of a method for loading code signatures of an application according to a fifth embodiment of the present invention. This embodiment includes all the steps in the embodiment shown in FIG. 1, and the processing flow of the reported application consistency verification is also added. Optionally, after step S40, the method further includes:
  • Step S61 The server receives current signature information of the application reported by the requesting party or the user;
  • an escalation program may be preset in the application, and the reporting procedure is triggered once the requesting party or the user's terminal connects to the Internet, and the requesting party or the user's terminal reports to the server. Signature information for the application installed on the terminal.
  • Step S62 The server compares whether the current signature information of the reported application is consistent with the historical signature information of the application backed up in the backup record;
  • Step S63 When the reported current signature information is inconsistent with the backed up historical signature information, the server sends the latest version of the application backed up in the backup record to the requesting party or the user, or sends the update prompt information to the requesting party or the user.
  • the server After receiving the reported signature information, the server compares it with the backup signature information to determine whether they are consistent. If they are consistent, the signature of the application has not been tampered with, and the application is secure. If not, the application is inconsistent.
  • the program may be at risk of the signature being tampered with, or the application is not the latest version currently released, it is necessary to update the application in the terminal.
  • the server can send the latest version of the application in the backup record to the requester or the consumer's terminal, or prompt the user to install the latest version, ensuring the security of the application.
  • FIG. 6 is a schematic structural diagram of an apparatus for loading code signatures of an application according to a first embodiment of the present invention.
  • the apparatus for loading code signature of the application proposed in this embodiment is set on the server, and includes:
  • the receiving module 10 is configured to receive a code signing request sent by the requesting party, where the code signing request includes the identity information of the requesting party and the application to be signed;
  • the verification module 20 is configured to verify the identity information of the requesting party
  • the signing module 30 is configured to be authenticated by the certification authority after the verification of the identity information of the requesting party is passed.
  • the signature private key of the right loads the code signature of the application;
  • the backup module 40 is configured to back up the signed application and the current signature information of the application in the backup record.
  • the code signature of the application to be published is uniformly implemented by the server.
  • the request direction server sends a code signing request, where the code signing request includes the identity information of the requesting party and the application to be signed.
  • the requesting party can network with the server for loading the signature in this embodiment through the terminal or the third-party server, and report the request.
  • the server verifies the identity of the requesting party, verifies whether the requesting party is a legitimate user, and has a signature authority, that is, whether the authentication authority has authorized the development of the application to be signed.
  • the application After the server completes the authentication of the requesting party, the application is code signed with the signed private key.
  • the private key authorized by the certification authority is stored in the server, and the server loads the code signature on the application that needs to be signed, thereby preventing the malicious user from maliciously tampering or stealing the code. Signatures also facilitate the unified management of code signatures.
  • the server After the signature is completed, the server backs up the information of the signature and the signed application.
  • the signature information of the backup includes the identification information of the application and the signed information, and may also include the original information before the signature if necessary.
  • the backed up information may be arranged in the order in which the signatures are loaded, or only the information in which the signatures are sequentially loaded in the last place is stored by means of the overlay update.
  • the signed application can be published directly through the server, or sent to the requesting party by the server, and then released by the requesting party.
  • the server loads the code signature on the application that needs to be signed, thereby preventing the malicious user from maliciously tampering or stealing the code signature, preventing the private key from being leaked, and also facilitating the Unified management of code signatures further enhances the security of signatures and ensures the secure dissemination and use of applications.
  • the signature module 30 is configured to:
  • the application is code-signed with the signature private key authorized by the certificate authority, and the code signature of the application is encrypted according to the identification information of the application, the time of the signature, and the signature private key.
  • the server is loading the code signature for the application while still
  • the signature of the application is used to encrypt the code of the application, and a part of the encrypted information is added to the code signature. Since the identification information of the application and the time of the signature are added during encryption, even the same application is used.
  • the encrypted information of the signatures loaded at different times is different, which is beneficial to further improve the security of the signature.
  • the backup module 40 is configured to:
  • the application in the backup record is updated to the signed application, and the historical signature information is updated to the signature information
  • the application record is created in the backup record according to the identification information of the application, and the record includes the identification information of the application and the current signature information, and the application corresponding to the signature is saved corresponding to the record of the application.
  • the application that completes this signature may not be the first time to load the signature. If it is not the first-signed application, it has already been backed up in the server when the application was previously loaded with the signature, then the backup record of the server can be found. The backup file when the application was previously loaded with the signature. After the previous backup record is found, the application and signature information in the backup record are updated to the content of the signature by overwriting the update. Coverage update helps to save server storage space.
  • the application that completed the signature loading is the first time to load the signature, there is no information about the application in the backup record of the server, and a new record can be created in the backup record for recording the signed application. Identification information, signature information, and signed applications. After the next time the new code signature is loaded into the application, the application's identification information can be found and the corresponding signature information and application can be updated. In this embodiment, by copying the signature record, the code signature of the signed application and the application is uniformly managed, and the security of the application is improved.
  • FIG. 7 is a schematic structural diagram of an apparatus for loading code signatures of an application according to a second embodiment of the present invention.
  • This embodiment includes all the modules in the embodiment shown in FIG. 6, in order to achieve identity
  • the sending module 50 is also added as follows:
  • the signature module 30 is further configured to reject the signature application when the identity information verification of the requester fails.
  • the backup module 40 is further configured to search for historical signature information of the application in the backup record;
  • the sending module 50 is configured to, when the historical signature information of the application is found, send the latest version of the application backed up in the backup record to the requesting party, or send the update prompt information to the requesting party.
  • the application when verifying the identity of the requesting party, if the requesting party without the signature authority refuses to sign the uploaded application, the application cannot be released because the code signature cannot be loaded, even if it is released, due to the system in the user terminal.
  • the program cannot be verified by signature, can not be recognized by the system program, and can not run normally on the system, avoiding the harm of the illegal application to the terminal system.
  • the server can also find the application in the backup record that is the same as or similar to the application uploaded by the requester, and deliver the backed up application to the requester, since the backed up application is A code-signed application is loaded and is a secure application.
  • the requester can update the application on the requestor terminal or the third-party server to the application sent by the server to improve the security of the application.
  • the server can also send a prompt message only to the requester, and the requester can choose whether to download and install the server backup application.
  • FIG. 8 is a schematic structural diagram of an apparatus for loading code signatures of an application according to a third embodiment of the present invention.
  • This embodiment includes all the modules in the embodiment shown in FIG. 6.
  • the comparison module 60 is also added, as follows:
  • the receiving module 10 is further configured to receive current signature information of the application reported by the requesting party or the user;
  • the comparison module 60 is configured to compare whether the current signature information of the reported application is consistent with the historical signature information of the application backed up in the backup record;
  • the sending module 50 is further configured to: when the reported current signature information is inconsistent with the backed up historical signature information, send the latest version of the application backed up in the backup record to the requesting party or the user, or send the update prompt information to the requesting party or User.
  • an escalation program may be preset in the application, and the reporting procedure is triggered once the requesting party or the user's terminal connects to the Internet, and the requesting party or the user's terminal reports to the server. Signature information for the application installed on the terminal.
  • the server After receiving the reported signature information, the server compares it with the backup signature information to determine whether they are consistent. If they are consistent, the signature of the application has not been tampered with, and the application is secure. If not, the application is inconsistent.
  • the program may be at risk of the signature being tampered with, or the application is not the latest version currently released, it is necessary to update the application in the terminal.
  • the server can send the latest version of the application in the backup record to the requester or the consumer's terminal, or prompt the user to install the latest version, ensuring the security of the application.
  • all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
  • the devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
  • each device/function module/functional unit in the above embodiment When each device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium.
  • the above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
  • the above technical solution avoids malicious users from maliciously tampering or stealing code signatures, prevents private keys from being leaked, and is also beneficial to unified management of code signatures, further improving signature security, and ensuring application security transmission and use.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

A method and apparatus for loading code signing on applications, the method comprises: receiving a code signing request sent by a requester (S10), the code signing request comprising identity information of the requester and applications to be signed; verifying the identity information of the requester (S20); after the identity information of the requester passes the verification, using signing private keys authorized by an authentication mechanism to load code signing on the applications (S30); and backing up the applications signed this time, and the signing information of the applications in a backup record (S40). In the technical solution described above, the private keys authorized by the authentication mechanism are stored in a server and the applications that need to be signed are loaded with code signing by the server in a unified way, thereby avoiding malicious tampering or illegal use of code signing by unauthorized users and also the leakage of the private keys, facilitating the unified management of code signing, further improving signing security, and ensuring secure transmission and usage of the applications.

Description

应用程序加载代码签名的方法和装置Method and device for loading code signature by application 技术领域Technical field
本文涉及互联网技术领域,特别涉及应用程序加载代码签名的方法和装置。This paper relates to the field of Internet technology, and in particular to a method and apparatus for loading code signatures by an application.
背景技术Background technique
随着终端技术的发展,越来越多的应用程序被开发和安装使用,在为广大用户提供方便的同时,也带来了许多安全风险。为了避免用户下载安装不安全的非法应用程序以造成终端安全问题,终端所安装的***程序对下载到终端上的应用程序进行验证,验证方式是由终端的***程序对下载的待安装应用程序的代码签名进行校验,以识别软件来源以及软件开发者的真实身份,代码签名通常是由终端***程序的认证机构授权给应用发布方,并由应用发布方加载在应用程序中。With the development of terminal technology, more and more applications are being developed and installed, which provides a lot of security risks for the convenience of users. In order to prevent the user from downloading and installing an unsafe illegal application to cause terminal security problems, the system program installed by the terminal verifies the application downloaded to the terminal, and the verification method is performed by the terminal system program on the downloaded application to be installed. The code signature is verified to identify the source of the software and the true identity of the software developer. The code signature is typically authorized by the certificate authority of the end system program to the application publisher and loaded by the application publisher in the application.
但是代码签名可能存在篡改的风险,应用发布方将他人开发的应用程序中原有的代码签名强制删除,再用自己拥有的代码签名重新覆盖后再进行发布,使应用程序的标识变为自己的标识,导致应用程序归属不明确。更有甚者,代码签名被非法发布方获得,就可能被非法发布方用来发布非法应用,对用户终端安全造成极大的威胁。However, the code signature may be at risk of tampering. The application publisher forcibly deletes the original code signature in the application developed by others, and then re-overwrites it with the code signature owned by itself, so that the identity of the application becomes its own identifier. , causing the application to be ambiguous. What's more, if the code signature is obtained by the illegal publisher, it may be used by the illegal publisher to publish the illegal application, which poses a great threat to the security of the user terminal.
发明内容Summary of the invention
本发明实施例的主要目的为提供一种应用程序加载代码签名的方法和装置,避免恶意篡改或盗用代码签名,提高应用程序的安全性。The main purpose of the embodiments of the present invention is to provide a method and apparatus for loading code signatures by an application program, to avoid malicious tampering or misappropriation of code signatures, and to improve application security.
本发明实施例提出一种应用程序加载代码签名的方法,包括步骤:The embodiment of the invention provides a method for an application to load a code signature, comprising the steps of:
服务器接收请求方发送的代码签名请求,所述代码签名请求包括所述请求方的身份信息和待签名的应用程序;Receiving, by the server, a code signing request sent by the requesting party, where the code signing request includes the identity information of the requesting party and an application to be signed;
服务器验证所述请求方的身份信息;The server verifies the identity information of the requesting party;
服务器在所述请求方的身份信息验证通过后,采用认证机构授权的签名 私钥对所述应用程序加载代码签名;After the server verifies the identity information of the requesting party, the server uses the signature authorized by the certification authority. The private key loads the code signature of the application;
服务器在备份记录中备份本次签名后的所述应用程序、以及所述应用程序的本次签名信息。The server backs up the signed application and the current signature information of the application in the backup record.
可选地,所述服务器采用认证机构授权的签名私钥对所述应用程序加载代码签名的步骤包括:Optionally, the step of loading, by the server, the code signature of the application by using a signature private key authorized by the certificate authority includes:
采用认证机构授权的签名私钥对所述应用程序加载代码签名,并根据所述应用程序的标识信息、本次签名的时间和签名私钥加密所述应用程序的代码签名。The application is loaded with a code signature by using a signature private key authorized by the certification authority, and the code signature of the application is encrypted according to the identification information of the application, the time of the signature, and the signature private key.
可选地,所述服务器在备份记录中备份本次签名后的所述应用程序、以及所述应用程序的本次签名信息的步骤包括:Optionally, the step of the server backing up the signed application and the current signature information of the application in the backup record includes:
判断所述备份记录中是否有所述应用程序的历史签名信息;Determining whether there is historical signature information of the application in the backup record;
如果是,则将所述备份记录中的所述应用程序更新为本次签名后的所述应用程序,将所述历史签名信息更新为所述本次签名信息;If yes, updating the application in the backup record to the application after the signature, and updating the historical signature information to the current signature information;
如果否,则根据所述应用程序的标识信息在所述备份记录中创建所述应用程序的记录,所述记录中包括所述应用程序的标识信息和本次签名信息,并对应于所述应用程序的记录保存本次签名后的所述应用程序。If not, creating a record of the application in the backup record according to the identification information of the application, where the record includes the identification information of the application and the current signature information, and corresponds to the application. The program's record saves the application after this signature.
可选地,所述方法还包括:Optionally, the method further includes:
当所述请求方的身份信息验证未通过时,服务器拒绝签名所述应用程序;When the identity information verification of the requester fails, the server refuses to sign the application;
服务器在所述备份记录中查找所述应用程序的历史签名信息;The server searches for the historical signature information of the application in the backup record;
当查找到所述应用程序的历史签名信息时,服务器将所述备份记录中备份的所述应用程序的最新版本发送至所述请求方,或发送更新提示信息至所述请求方。When the historical signature information of the application is found, the server sends the latest version of the application backed up in the backup record to the requesting party, or sends update prompt information to the requesting party.
可选地,所述方法还包括:Optionally, the method further includes:
所述服务器在备份记录中备份本次签名后的所述应用程序、以及所述应用程序的本次签名信息的步骤之后,After the server backs up the signed application and the current signature information of the application in the backup record,
接收请求方或使用方上报的所述应用程序的当前签名信息;Receiving current signature information of the application reported by the requesting party or the user;
服务器比较上报的所述应用程序的当前签名信息与所述备份记录中备份的所述应用程序的历史签名信息是否一致;The server compares whether the current signature information of the reported application is consistent with the historical signature information of the application backed up in the backup record;
当上报的当前签名信息与备份的历史签名信息不一致时,服务器将所述备份记录中备份的所述应用程序的最新版本发送至所述请求方或使用方,或 发送更新提示信息至所述请求方或使用方。When the reported current signature information is inconsistent with the backed up historical signature information, the server sends the latest version of the application backed up in the backup record to the requestor or the user, or Send an update prompt message to the requestor or consumer.
本发明实施例还提出一种应用程序加载代码签名的装置,包括:The embodiment of the invention further provides an apparatus for loading code signatures by an application, comprising:
接收模块,设置为接收请求方发送的代码签名请求,所述代码签名请求包括所述请求方的身份信息和待签名的应用程序;a receiving module, configured to receive a code signing request sent by the requesting party, where the code signing request includes the identity information of the requesting party and an application to be signed;
验证模块,设置为验证所述请求方的身份信息;a verification module, configured to verify identity information of the requestor;
签名模块,设置为在所述请求方的身份信息验证通过后,采用认证机构授权的签名私钥对所述应用程序加载代码签名;a signing module, configured to load a code signature of the application by using a signature private key authorized by a certificate authority after the identity information of the requester is verified;
备份模块,设置为在备份记录中备份本次签名后的所述应用程序、以及所述应用程序的本次签名信息。The backup module is configured to back up the application after the signature and the current signature information of the application in the backup record.
可选地,所述签名模块是设置为:Optionally, the signature module is set to:
采用认证机构授权的签名私钥对所述应用程序加载代码签名,并根据所述应用程序的标识信息、本次签名的时间和签名私钥加密所述应用程序的代码签名。The application is loaded with a code signature by using a signature private key authorized by the certification authority, and the code signature of the application is encrypted according to the identification information of the application, the time of the signature, and the signature private key.
可选地,所述备份模块是设置为:Optionally, the backup module is set to:
判断所述备份记录中是否有所述应用程序的历史签名信息;Determining whether there is historical signature information of the application in the backup record;
如果是,则将所述备份记录中的所述应用程序更新为本次签名后的所述应用程序,将所述历史签名信息更新为所述本次签名信息;If yes, updating the application in the backup record to the application after the signature, and updating the historical signature information to the current signature information;
如果否,则根据所述应用程序的标识信息在所述备份记录中创建所述应用程序的记录,所述记录中包括所述应用程序的标识信息和本次签名信息,并对应于所述应用程序的记录保存本次签名后的所述应用程序。If not, creating a record of the application in the backup record according to the identification information of the application, where the record includes the identification information of the application and the current signature information, and corresponds to the application. The program's record saves the application after this signature.
可选地,所述应用程序加载代码签名的装置,还包括发送模块;Optionally, the device that loads the code signature by the application, further includes a sending module;
所述签名模块还设置为,当所述请求方的身份信息验证未通过时,拒绝签名所述应用程序;The signing module is further configured to refuse to sign the application when the identity information verification of the requesting party fails;
所述备份模块还设置为,在所述备份记录中查找所述应用程序的历史签名信息;The backup module is further configured to: search for historical signature information of the application in the backup record;
所述发送模块,设置为当查找到所述应用程序的历史签名信息时,将所述备份记录中备份的所述应用程序的最新版本发送至所述请求方,或发送更新提示信息至所述请求方。The sending module is configured to: when the historical signature information of the application is found, send the latest version of the application backed up in the backup record to the requester, or send update prompt information to the Requester.
可选地,所述应用程序加载代码签名的装置,还包括比较模块; Optionally, the device that loads the code signature by the application, further includes a comparison module;
所述接收模块还设置为,接收请求方或使用方上报的所述应用程序的当前签名信息;The receiving module is further configured to receive current signature information of the application reported by the requesting party or the user;
所述比较模块设置为,比较上报的所述应用程序的当前签名信息与所述备份记录中备份的所述应用程序的历史签名信息是否一致;The comparing module is configured to compare whether the current signature information of the reported application is consistent with the historical signature information of the application backed up in the backup record;
所述发送模块还设置为,当上报的当前签名信息与备份的历史签名信息不一致时,将所述备份记录中备份的所述应用程序的最新版本发送至所述请求方或使用方,或发送更新提示信息至所述请求方或使用方。The sending module is further configured to: when the reported current signature information is inconsistent with the backed up historical signature information, send the latest version of the application backed up in the backup record to the requesting party or the user, or send Update the prompt information to the requestor or consumer.
本发明实施例还提出一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于执行上述的方法。The embodiment of the invention further provides a computer storage medium, wherein the computer storage medium stores computer executable instructions, and the computer executable instructions are used to execute the above method.
本发明实施例认证机构授权的私钥存放在服务器中,统一由服务器对需要签名的应用程序加载代码签名,避免了非法用户恶意篡改或盗用代码签名,防止私钥外泄,也有利于对代码签名的统一管理,进一步提高签名的安全性,确保应用程序安全传播与使用。In the embodiment of the present invention, the private key authorized by the certification authority is stored in the server, and the server loads the code signature on the application that needs to be signed, thereby preventing the illegal user from maliciously tampering or stealing the code signature, preventing the private key from being leaked, and also facilitating the code. The unified management of signatures further enhances the security of signatures and ensures the secure dissemination and use of applications.
附图概述BRIEF abstract
图1为本发明第一实施例的应用程序加载代码签名的方法流程图;1 is a flow chart of a method for loading code signatures of an application according to a first embodiment of the present invention;
图2为本发明第二实施例的应用程序加载代码签名的方法流程图;2 is a flowchart of a method for loading code signatures of an application according to a second embodiment of the present invention;
图3为本发明第三实施例的应用程序加载代码签名的方法流程图;3 is a flowchart of a method for loading code signatures of an application according to a third embodiment of the present invention;
图4为本发明第四实施例的应用程序加载代码签名的方法流程图;4 is a flowchart of a method for loading code signatures of an application according to a fourth embodiment of the present invention;
图5为本发明第五实施例的应用程序加载代码签名的方法流程图;FIG. 5 is a flowchart of a method for loading code signatures of an application according to a fifth embodiment of the present invention; FIG.
图6为本发明第一实施例的应用程序加载代码签名的装置结构示意图;6 is a schematic structural diagram of an apparatus for loading code signatures of an application according to a first embodiment of the present invention;
图7为本发明第二实施例的应用程序加载代码签名的装置结构示意图;FIG. 7 is a schematic structural diagram of an apparatus for loading code signatures of an application according to a second embodiment of the present invention; FIG.
图8为本发明第三实施例的应用程序加载代码签名的装置结构示意图。FIG. 8 is a schematic structural diagram of an apparatus for loading code signatures of an application according to a third embodiment of the present invention.
本发明的较佳实施方式Preferred embodiment of the invention
应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。 It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
如图1所示,图1为本发明第一实施例的应用程序加载代码签名的方法流程图。本实施例提出的应用程序加载代码签名的方法,包括:As shown in FIG. 1, FIG. 1 is a flowchart of a method for loading code signatures of an application according to a first embodiment of the present invention. The method for loading code signature of an application proposed in this embodiment includes:
步骤S10,服务器接收请求方发送的代码签名请求;Step S10: The server receives a code signing request sent by the requesting party;
本实施例中,为了提高代码签名的安全性,统一通过服务器实现对需要发布的应用程序加载代码签名。可选的,应用程序发布者需要发布应用程序前,作为请求方向服务器发送代码签名请求,代码签名请求中包括请求方的身份信息和待签名的应用程序。请求方可以通过终端或第三方服务器与本实施例中用于加载签名的服务器联网,并上报请求。In this embodiment, in order to improve the security of the code signature, the code signature of the application to be published is uniformly implemented by the server. Optionally, the application publisher needs to send a code signing request as a request direction server before the application is published, and the code signing request includes the identity information of the requesting party and the application to be signed. The requesting party can network with the server for loading the signature in this embodiment through the terminal or the third-party server, and report the request.
步骤S20,服务器验证请求方的身份信息;Step S20, the server verifies the identity information of the requesting party;
服务器对请求方的身份进行校验,验证该请求方是否为合法用户、是否具有签名权限,即是否已被认证机构授权允许开发该待签名的应用程序。The server verifies the identity of the requesting party, verifies whether the requesting party is a legitimate user, and has a signature authority, that is, whether the authentication authority has authorized the development of the application to be signed.
步骤S30,服务器在请求方的身份信息验证通过后,采用认证机构授权的签名私钥对应用程序加载代码签名;Step S30, after the server verifies that the identity information of the requesting party is passed, the server loads the code signature of the application by using the signature private key authorized by the certificate authority;
在服务器完成对请求方的身份验证后,采用签名私钥对应用程序加载代码签名。为了确保签名的安全性,防止私钥外泄,本实施例将认证机构授权的私钥存放在服务器中,统一由服务器对需要签名的应用程序加载代码签名,避免了非法用户恶意篡改或盗用代码签名,也有利于对代码签名的统一管理。After the server completes the authentication of the requesting party, the application is code signed with the signed private key. In order to ensure the security of the signature and prevent the private key from being leaked, in this embodiment, the private key authorized by the certification authority is stored in the server, and the server loads the code signature on the application that needs to be signed, thereby preventing the malicious user from maliciously tampering or stealing the code. Signatures also facilitate the unified management of code signatures.
步骤S40,服务器在备份记录中备份本次签名后的应用程序、以及应用程序的本次签名信息。In step S40, the server backs up the signed application and the current signature information of the application in the backup record.
在完成签名后,服务器对本次签名的信息和签名后的应用程序备份,备份的签名信息包括应用程序的标识信息和签名后的信息,必要时也可以包括签名前的原始信息。备份的信息可以按照加载签名的时间顺序排列,或通过覆盖更新的方式只存储最近依次加载签名的信息。已签名的应用程序可以直接通过服务器发布,或由服务器下发至请求方,再由请求方自行发布。After the signature is completed, the server backs up the information of the signature and the signed application. The signature information of the backup includes the identification information of the application and the signed information, and may also include the original information before the signature if necessary. The backed up information may be arranged in the order in which the signatures are loaded, or only the information in which the signatures are sequentially loaded in the last place is stored by means of the overlay update. The signed application can be published directly through the server, or sent to the requesting party by the server, and then released by the requesting party.
由于本实施例中认证机构授权的私钥存放在服务器中,统一由服务器对需要签名的应用程序加载代码签名,避免了非法用户恶意篡改或盗用代码签名,防止私钥外泄,也有利于对代码签名的统一管理,进一步提高签名的安全性,确保应用程序安全传播与使用。 Because the private key authorized by the certification authority is stored in the server in this embodiment, the server loads the code signature on the application that needs to be signed, thereby preventing the malicious user from maliciously tampering or stealing the code signature, preventing the private key from being leaked, and also facilitating the Unified management of code signatures further enhances the security of signatures and ensures the secure dissemination and use of applications.
如图2所示,图2为本发明第二实施例的应用程序加载代码签名的方法流程图。本实施例包括图1所示实施例中的所有步骤,具体对步骤S30详细说明,步骤S30包括:As shown in FIG. 2, FIG. 2 is a flowchart of a method for loading code signatures of an application according to a second embodiment of the present invention. This embodiment includes all the steps in the embodiment shown in FIG. 1, and is specifically described in step S30. Step S30 includes:
步骤S31,服务器采用认证机构授权的签名私钥对应用程序加载代码签名,并根据应用程序的标识信息、本次签名的时间和签名私钥加密应用程序的代码签名。Step S31, the server loads the code signature of the application by using the signature private key authorized by the certification authority, and encrypts the code signature of the application according to the identification information of the application, the time of the signature, and the signature private key.
为了确保签名的唯一性,服务器在为应用程序加载代码签名的同时,还采用签名私钥对应用程序的代码签名加密,在代码签名中增加一部分加密信息,由于在加密时还添加了应用程序的标识信息和本次签名的时间等因素,即使是同一款应用程序,在不同时间加载签名的加密信息都不相同,有利于进一步提高签名的安全性。In order to ensure the uniqueness of the signature, the server loads the code signature of the application, and also uses the signature private key to encrypt the code signature of the application, adding a part of the encryption information to the code signature, because the application is added during the encryption. The identification information and the time of the signature, even if the same application, the encrypted information loaded at different times is different, which is beneficial to further improve the security of the signature.
如图3所示,图3为本发明第三实施例的应用程序加载代码签名的方法流程图。本实施例包括图1所示实施例中的所有步骤,具体对步骤S40详细说明,步骤S40包括:As shown in FIG. 3, FIG. 3 is a flowchart of a method for loading code signatures of an application according to a third embodiment of the present invention. This embodiment includes all the steps in the embodiment shown in FIG. 1, and is specifically described in step S40. Step S40 includes:
步骤S41,服务器判断备份记录中是否有应用程序的历史签名信息;如果是,则执行步骤S42;如果否,则执行步骤S43;Step S41, the server determines whether there is history signature information of the application in the backup record; if yes, step S42 is performed; if not, step S43 is performed;
完成本次签名的应用程序可能并不是首次加载签名,如果不是首次签名的应用程序,则在该应用程序前一次加载签名时已经在服务器中有过备份,那么在服务器的备份记录就可以找到该应用程序前一次加载签名时的备份文件。The application that completes this signature may not be the first time to load the signature. If it is not the first-signed application, it has already been backed up in the server when the application was previously loaded with the signature, then the backup record of the server can be found. The backup file when the application was previously loaded with the signature.
步骤S42,将备份记录中的应用程序更新为本次签名后的应用程序,将历史签名信息更新为本次签名信息;Step S42, updating the application in the backup record to the signed application, and updating the historical signature information to the signature information;
在找到前一次的备份记录后,通过覆盖更新的方式,将备份记录中的应用程序和签名信息均更新为本次签名的内容。采用覆盖更新的方式有利于节约服务器的存储空间。After the previous backup record is found, the application and signature information in the backup record are updated to the content of the signature by overwriting the update. Coverage update helps to save server storage space.
步骤S43,根据应用程序的标识信息在备份记录中创建应用程序的记录, 记录中包括应用程序的标识信息和本次签名信息,并对应于应用程序的记录保存本次签名后的应用程序。Step S43, creating a record of the application in the backup record according to the identification information of the application, The record includes the identification information of the application and the current signature information, and the application corresponding to the signature is saved corresponding to the record of the application.
如果本次完成签名加载的应用程序是首次加载签名,则在服务器的备份记录中没有该应用程序的相关信息,可以在备份记录中创建一个新的记录,用于记录本次签名后的应用程序的标识信息、签名信息和签名后的应用程序。在下一次对该应用程序加载新的代码签名后,可通过该应用程序的标识信息查找到该应用程序的记录,并更新相应的签名信息和应用程序。本实施例通过备份签名记录,对已签名的应用程序和应用程序的代码签名统一管理,提高了应用程序的安全性。If the application that completed the signature loading is the first time to load the signature, there is no information about the application in the backup record of the server, and a new record can be created in the backup record for recording the signed application. Identification information, signature information, and signed applications. After the next time the new code signature is loaded into the application, the application's identification information can be found and the corresponding signature information and application can be updated. In this embodiment, by copying the signature record, the code signature of the signed application and the application is uniformly managed, and the security of the application is improved.
如图4所示,图4为本发明第四实施例的应用程序加载代码签名的方法流程图。本实施例包括图1所示实施例中的所有步骤,还增加了对身份验证不通过的请求方的处理流程,可选的是在步骤S20之后还包括:As shown in FIG. 4, FIG. 4 is a flowchart of a method for loading code signatures of an application according to a fourth embodiment of the present invention. This embodiment includes all the steps in the embodiment shown in FIG. 1, and the processing flow of the requester that fails the authentication is added. Optionally, after step S20, the method further includes:
步骤S51,当请求方的身份信息验证未通过时,服务器拒绝签名应用程序;Step S51, when the verification of the identity information of the requesting party fails, the server rejects the signature application;
本实施例在验证请求方身份时,对于没有签名权限的请求方拒绝签名此次上传的应用程序,则该应用程序由于无法加载代码签名而不能发布,即使发布了,由于在使用方终端的***程序无法通过签名校验,不能被***程序识别,进而不能在***上正常运行,避免了非法应用程序对终端***的危害。In the embodiment, when verifying the identity of the requesting party, if the requesting party without the signature authority refuses to sign the uploaded application, the application cannot be released because the code signature cannot be loaded, even if it is released, due to the system in the user terminal. The program cannot be verified by signature, can not be recognized by the system program, and can not run normally on the system, avoiding the harm of the illegal application to the terminal system.
步骤S52,服务器在备份记录中查找应用程序的历史签名信息;Step S52, the server searches for the historical signature information of the application in the backup record;
步骤S53,当查找到应用程序的历史签名信息时,服务器将备份记录中备份的应用程序的最新版本发送至请求方,或发送更新提示信息至请求方。Step S53, when the historical signature information of the application is found, the server sends the latest version of the application backed up in the backup record to the requesting party, or sends the update prompt information to the requesting party.
为进一步提高应用程序安全性,服务器还可以在备份记录中查找与请求方上传的应用程序相同或近似的应用程序,并将已备份的应用程序下发给请求方,由于已备份的应用程序是已加载代码签名的应用程序,且是安全的应用程序,请求方可将请求方终端或第三方服务器上的应用程序及时更新为服务器发送的应用程序,提高应用程序使用的安全性。当然,服务器也可以只向请求方发送提示信息,由请求方自行选择是否下载和安装服务器备份的应 用程序。To further improve application security, the server can also find the application in the backup record that is the same as or similar to the application uploaded by the requester, and deliver the backed up application to the requester, since the backed up application is A code-signed application is loaded and is a secure application. The requester can update the application on the requestor terminal or the third-party server to the application sent by the server to improve the security of the application. Of course, the server can also send prompt information only to the requesting party, and the requesting party can choose whether to download and install the server backup. Use the program.
如图5所示,图5为本发明第五实施例的应用程序加载代码签名的方法流程图。本实施例包括图1所示实施例中的所有步骤,还增加了对上报的应用程序一致性验证的处理流程,可选的是在步骤S40之后还包括:As shown in FIG. 5, FIG. 5 is a flowchart of a method for loading code signatures of an application according to a fifth embodiment of the present invention. This embodiment includes all the steps in the embodiment shown in FIG. 1, and the processing flow of the reported application consistency verification is also added. Optionally, after step S40, the method further includes:
步骤S61,服务器接收请求方或使用方上报的应用程序的当前签名信息;Step S61: The server receives current signature information of the application reported by the requesting party or the user;
为了进一步提高安全应用程序的使用,在应用程序中可预先设置一个上报程序,一旦请求方或使用方的终端连接互联网,即触发该上报程序,并由请求方或使用方的终端向服务器上报该终端上安装的应用程序的签名信息。In order to further improve the use of the security application, an escalation program may be preset in the application, and the reporting procedure is triggered once the requesting party or the user's terminal connects to the Internet, and the requesting party or the user's terminal reports to the server. Signature information for the application installed on the terminal.
步骤S62,服务器比较上报的应用程序的当前签名信息与备份记录中备份的应用程序的历史签名信息是否一致;Step S62: The server compares whether the current signature information of the reported application is consistent with the historical signature information of the application backed up in the backup record;
步骤S63,当上报的当前签名信息与备份的历史签名信息不一致时,服务器将备份记录中备份的应用程序的最新版本发送至请求方或使用方,或发送更新提示信息至请求方或使用方。Step S63: When the reported current signature information is inconsistent with the backed up historical signature information, the server sends the latest version of the application backed up in the backup record to the requesting party or the user, or sends the update prompt information to the requesting party or the user.
服务器在接收到上报的签名信息后,将其与备份的签名信息进行比较,判断是否一致,如果一致,则说明该应用程序的签名未被篡改,应用程序是安全的,如果不一致,则该应用程序可能存在签名被篡改的风险,或该应用程序不是当前发布的最新版本,有必要将终端中的应用程序更新。服务器可向请求方或使用方的终端发送备份记录中的最新版本的应用程序,或提示用户安装该最新版本,确保了应用程序使用的安全性。After receiving the reported signature information, the server compares it with the backup signature information to determine whether they are consistent. If they are consistent, the signature of the application has not been tampered with, and the application is secure. If not, the application is inconsistent. The program may be at risk of the signature being tampered with, or the application is not the latest version currently released, it is necessary to update the application in the terminal. The server can send the latest version of the application in the backup record to the requester or the consumer's terminal, or prompt the user to install the latest version, ensuring the security of the application.
如图6所示,图6为本发明第一实施例的应用程序加载代码签名的装置结构示意图。本实施例提出的应用程序加载代码签名的装置,设置在服务器上,包括:As shown in FIG. 6, FIG. 6 is a schematic structural diagram of an apparatus for loading code signatures of an application according to a first embodiment of the present invention. The apparatus for loading code signature of the application proposed in this embodiment is set on the server, and includes:
接收模块10,设置为接收请求方发送的代码签名请求,代码签名请求中包括有请求方的身份信息和待签名的应用程序;The receiving module 10 is configured to receive a code signing request sent by the requesting party, where the code signing request includes the identity information of the requesting party and the application to be signed;
验证模块20,设置为验证请求方的身份信息;The verification module 20 is configured to verify the identity information of the requesting party;
签名模块30,设置为在请求方的身份信息验证通过后,采用认证机构授 权的签名私钥对应用程序加载代码签名;The signing module 30 is configured to be authenticated by the certification authority after the verification of the identity information of the requesting party is passed. The signature private key of the right loads the code signature of the application;
备份模块40,设置为在备份记录中备份本次签名后的应用程序、以及应用程序的本次签名信息。The backup module 40 is configured to back up the signed application and the current signature information of the application in the backup record.
本实施例中,为了提高代码签名的安全性,统一通过服务器实现对需要发布的应用程序加载代码签名。可选的,应用程序发布者需要发布应用程序前,作为请求方向服务器发送代码签名请求,代码签名请求中包括有请求方的身份信息和待签名的应用程序。请求方可以通过终端或第三方服务器来与本实施例中用于加载签名的服务器联网,并上报请求。服务器对请求方的身份进行校验,验证该请求方是否为合法用户、是否具有签名权限,即是否已被认证机构授权允许开发该待签名的应用程序。In this embodiment, in order to improve the security of the code signature, the code signature of the application to be published is uniformly implemented by the server. Optionally, before the application publisher needs to publish the application, the request direction server sends a code signing request, where the code signing request includes the identity information of the requesting party and the application to be signed. The requesting party can network with the server for loading the signature in this embodiment through the terminal or the third-party server, and report the request. The server verifies the identity of the requesting party, verifies whether the requesting party is a legitimate user, and has a signature authority, that is, whether the authentication authority has authorized the development of the application to be signed.
在服务器完成对请求方的身份验证后,采用签名私钥对应用程序加载代码签名。为了确保签名的安全性,防止私钥外泄,本实施例将认证机构授权的私钥存放在服务器中,统一由服务器对需要签名的应用程序加载代码签名,避免了非法用户恶意篡改或盗用代码签名,也有利于对代码签名的统一管理。After the server completes the authentication of the requesting party, the application is code signed with the signed private key. In order to ensure the security of the signature and prevent the private key from being leaked, in this embodiment, the private key authorized by the certification authority is stored in the server, and the server loads the code signature on the application that needs to be signed, thereby preventing the malicious user from maliciously tampering or stealing the code. Signatures also facilitate the unified management of code signatures.
在完成签名后,服务器对本次签名的信息和签名后的应用程序备份,备份的签名信息包括应用程序的标识信息和签名后的信息,必要时也可以包括签名前的原始信息。备份的信息可以按照加载签名的时间顺序排列,或通过覆盖更新的方式只存储最近依次加载签名的信息。已签名的应用程序可以直接通过服务器发布,或由服务器下发至请求方,再由请求方自行发布。After the signature is completed, the server backs up the information of the signature and the signed application. The signature information of the backup includes the identification information of the application and the signed information, and may also include the original information before the signature if necessary. The backed up information may be arranged in the order in which the signatures are loaded, or only the information in which the signatures are sequentially loaded in the last place is stored by means of the overlay update. The signed application can be published directly through the server, or sent to the requesting party by the server, and then released by the requesting party.
由于本实施例中认证机构授权的私钥存放在服务器中,统一由服务器对需要签名的应用程序加载代码签名,避免了非法用户恶意篡改或盗用代码签名,防止私钥外泄,也有利于对代码签名的统一管理,进一步提高签名的安全性,确保应用程序安全传播与使用。Because the private key authorized by the certification authority is stored in the server in this embodiment, the server loads the code signature on the application that needs to be signed, thereby preventing the malicious user from maliciously tampering or stealing the code signature, preventing the private key from being leaked, and also facilitating the Unified management of code signatures further enhances the security of signatures and ensures the secure dissemination and use of applications.
可选的,签名模块30是设置为:Optionally, the signature module 30 is configured to:
采用认证机构授权的签名私钥对应用程序加载代码签名,并根据应用程序的标识信息、本次签名的时间和签名私钥加密应用程序的代码签名。The application is code-signed with the signature private key authorized by the certificate authority, and the code signature of the application is encrypted according to the identification information of the application, the time of the signature, and the signature private key.
为了确保签名的唯一性,服务器在为应用程序加载代码签名的同时,还 采用签名私钥对应用程序的代码签名加密,在代码签名中增加一部分加密信息,由于在加密时还添加了应用程序的标识信息和本次签名的时间等因素,即使是同一款应用程序,在不同时间加载签名的加密信息都不相同,有利于进一步提高签名的安全性。To ensure the uniqueness of the signature, the server is loading the code signature for the application while still The signature of the application is used to encrypt the code of the application, and a part of the encrypted information is added to the code signature. Since the identification information of the application and the time of the signature are added during encryption, even the same application is used. The encrypted information of the signatures loaded at different times is different, which is beneficial to further improve the security of the signature.
可选的,备份模块40是设置为:Optionally, the backup module 40 is configured to:
判断备份记录中是否有应用程序的历史签名信息;Determine whether there is historical signature information of the application in the backup record;
如果是,则将备份记录中的应用程序更新为本次签名后的应用程序,将历史签名信息更新为本次签名信息;If yes, the application in the backup record is updated to the signed application, and the historical signature information is updated to the signature information;
如果否,则根据应用程序的标识信息在备份记录中创建应用程序的记录,记录中包括应用程序的标识信息和本次签名信息,并对应于应用程序的记录保存本次签名后的应用程序。If not, the application record is created in the backup record according to the identification information of the application, and the record includes the identification information of the application and the current signature information, and the application corresponding to the signature is saved corresponding to the record of the application.
完成本次签名的应用程序可能并不是首次加载签名,如果不是首次签名的应用程序,则在该应用程序前一次加载签名时已经在服务器中有过备份,那么在服务器的备份记录就可以找到该应用程序前一次加载签名时的备份文件。在找到前一次的备份记录后,通过覆盖更新的方式,将备份记录中的应用程序和签名信息均更新为本次签名的内容。采用覆盖更新的方式有利于节约服务器的存储空间。The application that completes this signature may not be the first time to load the signature. If it is not the first-signed application, it has already been backed up in the server when the application was previously loaded with the signature, then the backup record of the server can be found. The backup file when the application was previously loaded with the signature. After the previous backup record is found, the application and signature information in the backup record are updated to the content of the signature by overwriting the update. Coverage update helps to save server storage space.
如果本次完成签名加载的应用程序是首次加载签名,则在服务器的备份记录中没有该应用程序的相关信息,可以在备份记录中创建一个新的记录,用于记录本次签名后的应用程序的标识信息、签名信息和签名后的应用程序。在下一次对该应用程序加载新的代码签名后,可通过该应用程序的标识信息查找到该应用程序的记录,并更新相应的签名信息和应用程序。本实施例通过备份签名记录,对已签名的应用程序和应用程序的代码签名统一管理,提高了应用程序的安全性。If the application that completed the signature loading is the first time to load the signature, there is no information about the application in the backup record of the server, and a new record can be created in the backup record for recording the signed application. Identification information, signature information, and signed applications. After the next time the new code signature is loaded into the application, the application's identification information can be found and the corresponding signature information and application can be updated. In this embodiment, by copying the signature record, the code signature of the signed application and the application is uniformly managed, and the security of the application is improved.
如图7所示,图7为本发明第二实施例的应用程序加载代码签名的装置结构示意图。本实施例包括图6所示实施例中的所有模块,为了实现对身份 验证不通过的请求方的处理,还增加了发送模块50,如下:As shown in FIG. 7, FIG. 7 is a schematic structural diagram of an apparatus for loading code signatures of an application according to a second embodiment of the present invention. This embodiment includes all the modules in the embodiment shown in FIG. 6, in order to achieve identity To verify the processing of the requesting party that failed, the sending module 50 is also added as follows:
签名模块30还设置为,当请求方的身份信息验证未通过时,拒绝签名应用程序;The signature module 30 is further configured to reject the signature application when the identity information verification of the requester fails.
备份模块40还设置为,在备份记录中查找应用程序的历史签名信息;The backup module 40 is further configured to search for historical signature information of the application in the backup record;
发送模块50,设置为当查找到应用程序的历史签名信息时,将备份记录中备份的应用程序的最新版本发送至请求方,或发送更新提示信息至请求方。The sending module 50 is configured to, when the historical signature information of the application is found, send the latest version of the application backed up in the backup record to the requesting party, or send the update prompt information to the requesting party.
本实施例在验证请求方身份时,对于没有签名权限的请求方拒绝签名此次上传的应用程序,则该应用程序由于无法加载代码签名而不能发布,即使发布了,由于在使用方终端的***程序无法通过签名校验,不能被***程序识别,进而不能在***上正常运行,避免了非法应用程序对终端***的危害。In the embodiment, when verifying the identity of the requesting party, if the requesting party without the signature authority refuses to sign the uploaded application, the application cannot be released because the code signature cannot be loaded, even if it is released, due to the system in the user terminal. The program cannot be verified by signature, can not be recognized by the system program, and can not run normally on the system, avoiding the harm of the illegal application to the terminal system.
为进一步提高应用程序安全性,服务器还可以在备份记录中查找与请求方上传的应用程序相同或近似的应用程序,并将已备份的应用程序下发给请求方,由于已备份的应用程序是已加载代码签名的应用程序,且是安全的应用程序,请求方可将请求方终端或第三方服务器上的应用程序及时更新为服务器发送的应用程序,提高应用程序使用的安全性。当然,服务器也可以只向请求方发送提示信息,由请求方自行选择是否下载和安装服务器备份的应用程序。To further improve application security, the server can also find the application in the backup record that is the same as or similar to the application uploaded by the requester, and deliver the backed up application to the requester, since the backed up application is A code-signed application is loaded and is a secure application. The requester can update the application on the requestor terminal or the third-party server to the application sent by the server to improve the security of the application. Of course, the server can also send a prompt message only to the requester, and the requester can choose whether to download and install the server backup application.
如图8所示,图8为本发明第三实施例的应用程序加载代码签名的装置结构示意图。本实施例包括图6所示实施例中的所有模块,为了实现对上报的应用程序一致性验证的处理,还增加了比较模块60,如下:As shown in FIG. 8, FIG. 8 is a schematic structural diagram of an apparatus for loading code signatures of an application according to a third embodiment of the present invention. This embodiment includes all the modules in the embodiment shown in FIG. 6. In order to implement the processing of the reported application consistency verification, the comparison module 60 is also added, as follows:
接收模块10还设置为,接收请求方或使用方上报的应用程序的当前签名信息;The receiving module 10 is further configured to receive current signature information of the application reported by the requesting party or the user;
比较模块60设置为,比较上报的应用程序的当前签名信息与备份记录中备份的应用程序的历史签名信息是否一致;The comparison module 60 is configured to compare whether the current signature information of the reported application is consistent with the historical signature information of the application backed up in the backup record;
发送模块50还设置为,当上报的当前签名信息与备份的历史签名信息不一致时,将备份记录中备份的应用程序的最新版本发送至请求方或使用方,或发送更新提示信息至请求方或使用方。 The sending module 50 is further configured to: when the reported current signature information is inconsistent with the backed up historical signature information, send the latest version of the application backed up in the backup record to the requesting party or the user, or send the update prompt information to the requesting party or User.
为了进一步提高安全应用程序的使用,在应用程序中可预先设置一个上报程序,一旦请求方或使用方的终端连接互联网,即触发该上报程序,并由请求方或使用方的终端向服务器上报该终端上安装的应用程序的签名信息。In order to further improve the use of the security application, an escalation program may be preset in the application, and the reporting procedure is triggered once the requesting party or the user's terminal connects to the Internet, and the requesting party or the user's terminal reports to the server. Signature information for the application installed on the terminal.
服务器在接收到上报的签名信息后,将其与备份的签名信息进行比较,判断是否一致,如果一致,则说明该应用程序的签名未被篡改,应用程序是安全的,如果不一致,则该应用程序可能存在签名被篡改的风险,或该应用程序不是当前发布的最新版本,有必要将终端中的应用程序更新。服务器可向请求方或使用方的终端发送备份记录中的最新版本的应用程序,或提示用户安装该最新版本,确保了应用程序使用的安全性。After receiving the reported signature information, the server compares it with the backup signature information to determine whether they are consistent. If they are consistent, the signature of the application has not been tampered with, and the application is secure. If not, the application is inconsistent. The program may be at risk of the signature being tampered with, or the application is not the latest version currently released, it is necessary to update the application in the terminal. The server can send the latest version of the application in the backup record to the requester or the consumer's terminal, or prompt the user to install the latest version, ensuring the security of the application.
以上所述仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above is only the preferred embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformations made by the description of the invention and the drawings are directly or indirectly applied to other related The technical field is equally included in the scope of patent protection of the present invention.
本领域普通技术人员可以理解上述实施例的全部或部分步骤可以使用计算机程序流程来实现,所述计算机程序可以存储于一计算机可读存储介质中,所述计算机程序在相应的硬件平台上(如***、设备、装置、器件等)执行,在执行时,包括方法实施例的步骤之一或其组合。One of ordinary skill in the art will appreciate that all or a portion of the steps of the above-described embodiments can be implemented using a computer program flow, which can be stored in a computer readable storage medium, such as on a corresponding hardware platform (eg, The system, device, device, device, etc. are executed, and when executed, include one or a combination of the steps of the method embodiments.
可选地,上述实施例的全部或部分步骤也可以使用集成电路来实现,这些步骤可以被分别制作成一个个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。Alternatively, all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
上述实施例中的各装置/功能模块/功能单元可以采用通用的计算装置来实现,它们可以集中在单个的计算装置上,也可以分布在多个计算装置所组成的网络上。The devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
上述实施例中的各装置/功能模块/功能单元以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。上述提到的计算机可读取存储介质可以是只读存储器,磁盘或光盘等。 When each device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. The above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
工业实用性Industrial applicability
上述技术方案避免了非法用户恶意篡改或盗用代码签名,防止私钥外泄,也有利于对代码签名的统一管理,进一步提高签名的安全性,确保应用程序安全传播与使用。 The above technical solution avoids malicious users from maliciously tampering or stealing code signatures, prevents private keys from being leaked, and is also beneficial to unified management of code signatures, further improving signature security, and ensuring application security transmission and use.

Claims (11)

  1. 一种应用程序加载代码签名的方法,包括步骤:A method for an application to load code signatures, including the steps of:
    服务器接收请求方发送的代码签名请求,所述代码签名请求包括所述请求方的身份信息和待签名的应用程序;Receiving, by the server, a code signing request sent by the requesting party, where the code signing request includes the identity information of the requesting party and an application to be signed;
    服务器验证所述请求方的身份信息;The server verifies the identity information of the requesting party;
    服务器在所述请求方的身份信息验证通过后,采用认证机构授权的签名私钥对所述应用程序加载代码签名;After the server verifies the identity information of the requesting party, the server loads the code signature of the application by using a signature private key authorized by the certificate authority;
    服务器在备份记录中备份本次签名后的所述应用程序、以及所述应用程序的本次签名信息。The server backs up the signed application and the current signature information of the application in the backup record.
  2. 根据权利要求1所述的应用程序加载代码签名的方法,其中,所述服务器采用认证机构授权的签名私钥对所述应用程序加载代码签名的步骤包括:The method for loading code signatures by an application according to claim 1, wherein the step of the server loading a code signature of the application by using a signature private key authorized by a certificate authority comprises:
    采用认证机构授权的签名私钥对所述应用程序加载代码签名,并根据所述应用程序的标识信息、本次签名的时间和签名私钥加密所述应用程序的代码签名。The application is loaded with a code signature by using a signature private key authorized by the certification authority, and the code signature of the application is encrypted according to the identification information of the application, the time of the signature, and the signature private key.
  3. 根据权利要求2所述的应用程序加载代码签名的方法,其中,所述服务器在备份记录中备份本次签名后的所述应用程序、以及所述应用程序的本次签名信息的步骤包括:The method for loading code signatures by an application according to claim 2, wherein the step of the server backing up the signed application and the current signature information of the application in the backup record comprises:
    判断所述备份记录中是否有所述应用程序的历史签名信息;Determining whether there is historical signature information of the application in the backup record;
    如果是,则将所述备份记录中的所述应用程序更新为本次签名后的所述应用程序,将所述历史签名信息更新为所述本次签名信息;If yes, updating the application in the backup record to the application after the signature, and updating the historical signature information to the current signature information;
    如果否,则根据所述应用程序的标识信息在所述备份记录中创建所述应用程序的记录,所述记录中包括所述应用程序的标识信息和本次签名信息,并对应于所述应用程序的记录保存本次签名后的所述应用程序。If not, creating a record of the application in the backup record according to the identification information of the application, where the record includes the identification information of the application and the current signature information, and corresponds to the application. The program's record saves the application after this signature.
  4. 根据权利要求2所述的应用程序加载代码签名的方法,所述方法还包 括:A method for loading code signatures by an application according to claim 2, said method further comprising include:
    当所述请求方的身份信息验证未通过时,服务器拒绝签名所述应用程序;When the identity information verification of the requester fails, the server refuses to sign the application;
    服务器在所述备份记录中查找所述应用程序的历史签名信息;The server searches for the historical signature information of the application in the backup record;
    当查找到所述应用程序的历史签名信息时,服务器将所述备份记录中备份的所述应用程序的最新版本发送至所述请求方,或发送更新提示信息至所述请求方。When the historical signature information of the application is found, the server sends the latest version of the application backed up in the backup record to the requesting party, or sends update prompt information to the requesting party.
  5. 根据权利要求3或4所述的应用程序加载代码签名的方法,所述方法还包括:The method of loading code signatures by an application according to claim 3 or 4, the method further comprising:
    所述服务器在备份记录中备份本次签名后的所述应用程序、以及所述应用程序的本次签名信息的步骤之后,接收请求方或使用方上报的所述应用程序的当前签名信息;After the server backs up the signed application and the current signature information of the application in the backup record, the server receives the current signature information of the application reported by the requesting party or the user;
    服务器比较上报的所述应用程序的当前签名信息与所述备份记录中备份的所述应用程序的历史签名信息是否一致;The server compares whether the current signature information of the reported application is consistent with the historical signature information of the application backed up in the backup record;
    当上报的当前签名信息与备份的历史签名信息不一致时,服务器将所述备份记录中备份的所述应用程序的最新版本发送至所述请求方或使用方,或发送更新提示信息至所述请求方或使用方。When the reported current signature information is inconsistent with the backed up historical signature information, the server sends the latest version of the application backed up in the backup record to the requestor or the user, or sends an update prompt message to the request. Party or consumer.
  6. 一种应用程序加载代码签名的装置,包括:An apparatus for loading code signatures by an application, comprising:
    接收模块,设置为接收请求方发送的代码签名请求,所述代码签名请求包括所述请求方的身份信息和待签名的应用程序;a receiving module, configured to receive a code signing request sent by the requesting party, where the code signing request includes the identity information of the requesting party and an application to be signed;
    验证模块,设置为验证所述请求方的身份信息;a verification module, configured to verify identity information of the requestor;
    签名模块,设置为在所述请求方的身份信息验证通过后,采用认证机构授权的签名私钥对所述应用程序加载代码签名;a signing module, configured to load a code signature of the application by using a signature private key authorized by a certificate authority after the identity information of the requester is verified;
    备份模块,设置为在备份记录中备份本次签名后的所述应用程序、以及所述应用程序的本次签名信息。 The backup module is configured to back up the application after the signature and the current signature information of the application in the backup record.
  7. 根据权利要求6所述的应用程序加载代码签名的装置,其中,The apparatus for loading code signatures of an application according to claim 6, wherein
    所述签名模块,是设置为采用认证机构授权的签名私钥对所述应用程序加载代码签名,并根据所述应用程序的标识信息、本次签名的时间和签名私钥加密所述应用程序的代码签名。The signing module is configured to load a code signature of the application by using a signature private key authorized by a certificate authority, and encrypt the application according to the identification information of the application, the time of the current signature, and the signature private key. Code signing.
  8. 根据权利要求7所述的应用程序加载代码签名的装置,其中,The apparatus for loading code signatures of an application according to claim 7, wherein
    所述备份模块,是设置为判断所述备份记录中是否有所述应用程序的历史签名信息;The backup module is configured to determine whether there is historical signature information of the application in the backup record;
    如果是,则将所述备份记录中的所述应用程序更新为本次签名后的所述应用程序,将所述历史签名信息更新为所述本次签名信息;If yes, updating the application in the backup record to the application after the signature, and updating the historical signature information to the current signature information;
    如果否,则根据所述应用程序的标识信息在所述备份记录中创建所述应用程序的记录,所述记录中包括所述应用程序的标识信息和本次签名信息,并对应于所述应用程序的记录保存本次签名后的所述应用程序。If not, creating a record of the application in the backup record according to the identification information of the application, where the record includes the identification information of the application and the current signature information, and corresponds to the application. The program's record saves the application after this signature.
  9. 根据权利要求7所述的应用程序加载代码签名的装置,还包括发送模块;The apparatus for loading code signatures of an application according to claim 7, further comprising a transmitting module;
    所述签名模块,还设置为当所述请求方的身份信息验证未通过时,拒绝签名所述应用程序;The signing module is further configured to refuse to sign the application when the identity information verification of the requesting party fails;
    所述备份模块,还设置为在所述备份记录中查找所述应用程序的历史签名信息;The backup module is further configured to search for historical signature information of the application in the backup record;
    所述发送模块,设置为当查找到所述应用程序的历史签名信息时,将所述备份记录中备份的所述应用程序的最新版本发送至所述请求方,或发送更新提示信息至所述请求方。The sending module is configured to: when the historical signature information of the application is found, send the latest version of the application backed up in the backup record to the requester, or send update prompt information to the Requester.
  10. 根据权利要求9所述的应用程序加载代码签名的装置,还包括比较模块;The apparatus for loading code signatures of an application according to claim 9, further comprising a comparison module;
    所述接收模块,还设置为接收请求方或使用方上报的所述应用程序的当 前签名信息;The receiving module is further configured to receive the application reported by the requesting party or the user Pre-signature information;
    所述比较模块,设置为比较上报的所述应用程序的当前签名信息与所述备份记录中备份的所述应用程序的历史签名信息是否一致;The comparing module is configured to compare whether the current signature information of the reported application is consistent with the historical signature information of the application backed up in the backup record;
    所述发送模块,还设置为当上报的当前签名信息与备份的历史签名信息不一致时,将所述备份记录中备份的所述应用程序的最新版本发送至所述请求方或使用方,或发送更新提示信息至所述请求方或使用方。The sending module is further configured to: when the reported current signature information is inconsistent with the backed up historical signature information, send the latest version of the application backed up in the backup record to the requesting party or the user, or send Update the prompt information to the requestor or consumer.
  11. 一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求1~5中任一项所述的方法。 A computer storage medium having stored therein computer executable instructions for performing the method of any one of claims 1 to 5.
PCT/CN2015/083878 2015-04-15 2015-07-13 Method and apparatus for loading code signing on applications WO2016165215A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510179073.6A CN106155663A (en) 2015-04-15 2015-04-15 The method and apparatus of application program loading code signature
CN201510179073.6 2015-04-15

Publications (1)

Publication Number Publication Date
WO2016165215A1 true WO2016165215A1 (en) 2016-10-20

Family

ID=57125521

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/083878 WO2016165215A1 (en) 2015-04-15 2015-07-13 Method and apparatus for loading code signing on applications

Country Status (2)

Country Link
CN (1) CN106155663A (en)
WO (1) WO2016165215A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789075B (en) * 2016-12-27 2019-12-24 艾体威尔电子技术(北京)有限公司 POS digital signature anti-cutting system
CN106712963A (en) * 2016-12-27 2017-05-24 艾体威尔电子技术(北京)有限公司 Anti-generator-tripping remote signature system and method of POS machine
CN108280947A (en) * 2017-11-29 2018-07-13 艾体威尔电子技术(北京)有限公司 A kind of system and method for POS machine remote de-locking
CN110780884B (en) * 2019-09-05 2022-04-12 腾讯科技(深圳)有限公司 Information processing method, device and equipment
CN112667996A (en) * 2020-12-28 2021-04-16 南方电网数字电网研究院有限公司 Transformer substation trusted management system, method and device and computer equipment
DE202022102514U1 (en) 2022-05-07 2022-05-20 Tanweer ALAM Cryptography-based intelligent system for security management of microcode signatures

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7272228B2 (en) * 2003-06-12 2007-09-18 International Business Machines Corporation System and method for securing code and ensuring proper execution using state-based encryption
CN101149773A (en) * 2007-08-27 2008-03-26 中国人民解放军空军电子技术研究所 Software real name authentication system and its safe checking method
CN102891843A (en) * 2012-09-18 2013-01-23 北京深思洛克软件技术股份有限公司 Method for authorizing application program at android client side through local service unit
CN103577206A (en) * 2012-07-27 2014-02-12 北京三星通信技术研究有限公司 Method and device for installing application software

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9280337B2 (en) * 2006-12-18 2016-03-08 Adobe Systems Incorporated Secured distribution of software updates
CN101399666A (en) * 2007-09-28 2009-04-01 ***股份有限公司 Safety control method and system for digital certificate of file
CN103685138B (en) * 2012-08-30 2016-12-21 卓望数码技术(深圳)有限公司 The authentication method of the Android platform application software that mobile interchange is online and system
KR101711021B1 (en) * 2013-09-09 2017-03-13 한국전자통신연구원 System for providing electric signature based on mobile trusted module and method thereof
CN104392168A (en) * 2014-11-27 2015-03-04 上海斐讯数据通信技术有限公司 Application program verification method
CN104486086B (en) * 2014-12-26 2017-10-20 北京奇虎科技有限公司 Digital signature method and mobile terminal and server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7272228B2 (en) * 2003-06-12 2007-09-18 International Business Machines Corporation System and method for securing code and ensuring proper execution using state-based encryption
CN101149773A (en) * 2007-08-27 2008-03-26 中国人民解放军空军电子技术研究所 Software real name authentication system and its safe checking method
CN103577206A (en) * 2012-07-27 2014-02-12 北京三星通信技术研究有限公司 Method and device for installing application software
CN102891843A (en) * 2012-09-18 2013-01-23 北京深思洛克软件技术股份有限公司 Method for authorizing application program at android client side through local service unit

Also Published As

Publication number Publication date
CN106155663A (en) 2016-11-23

Similar Documents

Publication Publication Date Title
US10338946B1 (en) Composable machine image
CN110597538B (en) Software upgrading method and OTA upgrading system based on OTA upgrading system
CN112417379B (en) Cluster license management method and device, authorization server and storage medium
US11012241B2 (en) Information handling system entitlement validation
WO2016165215A1 (en) Method and apparatus for loading code signing on applications
US20190280883A1 (en) Key-Attestation-Contingent Certificate Issuance
US8874922B2 (en) Systems and methods for multi-layered authentication/verification of trusted platform updates
US8856544B2 (en) System and method for providing secure virtual machines
US8364965B2 (en) Optimized integrity verification procedures
JP6357158B2 (en) Secure data processing with virtual machines
KR101740256B1 (en) Apparatus for mobile app integrity assurance and method thereof
EP2659373B1 (en) System and method for secure software update
US8966248B2 (en) Secure software file transfer systems and methods for vehicle control modules
US8898469B2 (en) Software feature authorization through delegated agents
US10686768B2 (en) Apparatus and method for controlling profile data delivery
WO2015184891A1 (en) Security management and control method, apparatus, and system for android system
US8856538B2 (en) Secured flash programming of secondary processor
US20130151848A1 (en) Cryptographic certification of secure hosted execution environments
US8175269B2 (en) System and method for enterprise security including symmetric key protection
US8341616B2 (en) Updating digitally signed active content elements without losing attributes associated with an original signing user
KR20210151926A (en) Version history management using blockchain
US7210034B2 (en) Distributed control of integrity measurement using a trusted fixed token
US20120213370A1 (en) Secure management and personalization of unique code signing keys
CN110619194B (en) Upgrade package encryption and decryption methods and devices
US20180063158A1 (en) Cryptographic evidence of persisted capabilities

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15888919

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15888919

Country of ref document: EP

Kind code of ref document: A1