WO2023142852A1 - Method for controlling application program installation permissions in device, and control system - Google Patents

Method for controlling application program installation permissions in device, and control system Download PDF

Info

Publication number
WO2023142852A1
WO2023142852A1 PCT/CN2022/142897 CN2022142897W WO2023142852A1 WO 2023142852 A1 WO2023142852 A1 WO 2023142852A1 CN 2022142897 W CN2022142897 W CN 2022142897W WO 2023142852 A1 WO2023142852 A1 WO 2023142852A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
terminal
application
verification certificate
subject
Prior art date
Application number
PCT/CN2022/142897
Other languages
French (fr)
Chinese (zh)
Inventor
聂鹤宇
林喆
曹亮
黄晓芹
Original Assignee
上海商米科技集团股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海商米科技集团股份有限公司 filed Critical 上海商米科技集团股份有限公司
Publication of WO2023142852A1 publication Critical patent/WO2023142852A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Definitions

  • the present invention mainly relates to the field of information security, in particular to a control method and control system for application program installation permissions in equipment.
  • Scenario 1 The purchasing user is also responsible for POS operation, and the purchasing user has the right to control the POS application installation authority;
  • Scenario 2 The purchasing user has multiple operating partners, and each operating partner has the right to control the application installation permissions of their own POS;
  • Scenario 3 The purchasing user has multiple operating partners, and each operating partner has the right to control the application installation permissions of their own POS, and all of them are allowed to install the purchasing user's application;
  • Scenario 4 Two partners jointly operate POS, and have the right to control POS application installation permissions at the same time, but the application market and application signing tools are independent of each other;
  • the technical problem to be solved by the present invention is to provide a control method and control system for application program installation authority in a device, which can provide a unified management scheme for differentiated installation authority, and meet the different requirements of different users installing in the same device.
  • the present invention provides a method for controlling application program installation permissions in a device, wherein the device has a root certificate, or the root certificate and a secondary certificate issued according to the root certificate, including the following steps :
  • the signature tool issues an identity verification certificate corresponding to the first subject to the first terminal according to the root certificate or the secondary certificate in response to a request sent by the first terminal associated with the unique first subject; as well as
  • the signing tool issues an application verification certificate to the second terminal associated with the first terminal or with the unique second subject according to the identity verification certificate, wherein the person who owns the application verification certificate
  • the first terminal or the second terminal that issued the certificate is allowed to install the verified application program in the device through the application program verification certificate.
  • the control method further includes Applying for the operation of verifying the certificate to the second terminal associated with the second subject, or the second terminal and one or more third terminals associated with one or more third subjects according to the application program issuing a subsidiary verification certificate, wherein while the first terminal is allowed to install the verified application in the device through the application verification certificate, the second terminal, or the second terminal.
  • the second terminal and the third terminal are also adapted to install the verified application in the device through the subsidiary verification certificate.
  • the control method further includes Applying for an operation to issue a subsidiary verification certificate to one or more third terminals associated with one or more third parties based on said application verification certificate, wherein said second terminal is allowed to pass said application While the verification certificate installs the signed-verified application in the device, the one or more third terminals are also allowed to install the signed-verified application in the device through the subsidiary verification certificate program.
  • it further includes configuring the root certificate, or the root certificate and the secondary certificate issued according to the root certificate in the device by the zeroth terminal associated with the zeroth subject, and An initial verification certificate issued according to the root certificate or the secondary certificate is configured in the device, and the zeroth terminal is allowed to install the verified verification certificate in the device before leaving the factory through the initial verification certificate. application.
  • the identity verification certificate is invalidated after the application verification certificate is issued.
  • the initial verification certificate is invalidated after the identity verification certificate is issued, and the identity verification certificate is invalidated after the application verification certificate is issued.
  • the signature tool issues the application program verification certificate to the second terminal associated with the second subject, when issuing the identity verification certificate to the first terminal Before the certificate, it also includes deploying a first signing tool in the first terminal, the first terminal is adapted to manage the key used to verify the application verification certificate through the signing tool, and the second The two terminals are also adapted to manage, through the first signing tool, keys for verifying the application program and the attached verification certificate.
  • the signature tool issues the application verification certificate to the second terminal associated with the second subject, it further includes:
  • the first terminal Before issuing the identity verification certificate to the first terminal, it also includes deploying a first signature tool in the first terminal, and the first terminal is adapted to use the first signature tool to manage signature verification the key for the application verification certificate; and
  • the second terminal Before issuing the application program verification certificate to the second terminal, it also includes deploying a second signature tool in the second terminal, and the second terminal is adapted to manage the A key to sign the application and the accompanying verification certificate.
  • the first terminal or the second terminal having the application verification certificate installs the verified certificate in the device through the application verification certificate
  • the application program includes the following steps:
  • the first terminal or the second terminal uploads the application verification certificate and the signed file through the network, and the device downloads the verification certificate and the signed file through the network;
  • Install the application verification certificate in the device use the application verification certificate to verify the legality of the signed file, and if it is legal, install the signed file in the device to include s application.
  • another aspect of the present invention also proposes a control system for application program installation permissions in a device, where the device has a root certificate, or the root certificate and a dual level certificate, comprising: a signing tool, a first terminal associated with a unique first subject, or the first terminal and a second terminal associated with a unique second subject, wherein the signing tool is configured to respond to the According to the request sent by the first terminal, issue the identity verification certificate corresponding to the first subject to the first terminal according to the root certificate or the secondary certificate; the signature tool is also configured to, based on the application Operation, issuing an application verification certificate to a second terminal associated with the first terminal or with a unique second subject based on the identity verification certificate, wherein the first user who owns the application verification certificate The terminal or the second terminal is allowed to install the verified application in the device through the application verification certificate.
  • it further includes one or more third terminals associated with a third subject, wherein if the signature tool issues the application to the first terminal associated with the first subject The program verifies the certificate, and the signature tool is further configured to, based on the application operation of the first subject, send the verification certificate to the second terminal associated with the second subject or the second subject according to the application program verification certificate.
  • Second terminal and one or more third terminals associated with one or more third parties issue a subsidiary verification certificate, wherein said first terminal is allowed to verify the certificate by said application installed in said device
  • the second terminal, or the second terminal and the third terminal are also adapted to install the signed-verified application in the device through the subsidiary verification certificate while the signed-verified application program is passed program;
  • the signing tool issues the application verification certificate to the second terminal associated with the second subject
  • the signing tool is further configured to, based on the application operation of the second subject, according to the application issuing said subsidiary verification certificate to one or more third terminals associated with said one or more third principals, wherein said second terminal is allowed to verify the certificate by said application program While the signed-verified application program is installed in the device, the one or more third terminals are also allowed to install the signed-verified application program in the device through the subsidiary verification certificate.
  • the present invention further includes a zeroth terminal associated with the zeroth subject, the zeroth terminal is configured to configure the root certificate in the device, or the root certificate and the issued by the secondary certificate, the zeroth terminal is also configured not to configure the initial verification certificate issued according to the root certificate or the secondary certificate in the device, the zeroth terminal is allowed to pass the initial verification
  • the signed certificate installs the verified application in the device before leaving the factory.
  • the method and system for controlling application program installation rights in devices provides a unified application program installation rights differentiated management solution for multiple entities such as actual purchasers of devices and other operators, and satisfies the needs of device manufacturers, purchasers, and operators. Due to the diversity of users, the complex installation authority control requirements are generated according to different actual operation modes. On the other hand, the multi-level certificate and application program signature verification method provided by the solution of the present invention are safe and reliable, and the signature tool is easy to install and use. On the basis of ensuring safety, the maintenance cost is reduced and the management efficiency is improved.
  • FIG. 1 is a schematic flowchart of a method for controlling application program installation authority in a device according to an embodiment of the present invention
  • Fig. 2 is a logical schematic diagram of certificate levels in a method for controlling application program installation authority in a device according to an embodiment of the present invention
  • Fig. 3 is a conceptual schematic diagram of the implementation principle of a method for controlling application program installation permissions in a device according to an embodiment of the present invention.
  • Fig. 4 is a system block diagram of a control system for application program installation permissions in a device according to an embodiment of the present invention.
  • orientation words such as “front, back, up, down, left, right", “horizontal, vertical, vertical, horizontal” and “top, bottom” etc. indicate the orientation Or positional relationship is generally based on the orientation or positional relationship shown in the drawings, and is only for the convenience of describing the application and simplifying the description. In the absence of a contrary statement, these orientation words do not indicate or imply the device or element referred to It must have a specific orientation or be constructed and operated in a specific orientation, so it should not be construed as limiting the protection scope of the present application; the orientation words “inner and outer” refer to the inner and outer relative to the outline of each component itself.
  • spatially relative terms may be used here, such as “on !, “over !, “on the surface of !, “above”, etc., to describe The spatial positional relationship between one device or feature shown and other devices or features. It will be understood that the spatially relative terms are intended to encompass different orientations of the device in use or operation in addition to the orientation depicted in the figures. For example, if the device in the figures is turned over, devices described as “above” or “above” other devices or configurations would then be oriented “beneath” or “above” the other devices or configurations. under other devices or configurations”. Thus, the exemplary term “above” can encompass both an orientation of “above” and “beneath”. The device may be otherwise oriented (rotated 90 degrees or at other orientations) and the spatially relative descriptions used herein interpreted accordingly.
  • control method 10 proposes a control method 10 (hereinafter referred to as "control method 10") of application program installation authority in a device with reference to FIG. 1 .
  • the control method 10 can provide a unified and differentiated management solution for installation rights to meet the different requirements of different users for installation in the same device.
  • FIG. 1 in the present application uses a flowchart to illustrate the operations performed by the system according to the embodiment of the present application. It should be understood that the preceding or following operations are not necessarily performed in an exact order. Instead, various steps may be processed in reverse order or concurrently. At the same time, other operations are either added to these procedures, or a certain step or steps are removed from these procedures.
  • the following describes the control method 10 of the present invention in detail according to FIG. 1 .
  • a root certificate or a root certificate and a secondary certificate issued according to the root certificate.
  • the root certificate will continue to issue the next level of certificates in accordance with the following steps, and if the device has a root certificate and a secondary certificate issued based on the root certificate, the secondary certificate will be issued by the root certificate.
  • Level certificates continue to issue certificates to the next level according to the following steps. In such a setting, the security of the root certificate can be better protected.
  • the root certificate or the secondary certificate can be built into the firmware program of the device before the device leaves the factory, or according to actual needs, it can be installed before the steps of the control method 10 proposed below need to be executed.
  • the present invention There is no limit to this.
  • step 11 is that the signing tool responds to the request sent by the first terminal associated with the unique first subject, and issues the identity verification certificate corresponding to the first subject to the first terminal according to the root certificate or the secondary certificate .
  • Step 12 is an application-based operation.
  • the signature tool issues an application verification certificate to the second terminal associated with the first terminal or the unique second subject according to the identity verification certificate.
  • the first terminal or the second terminal having the application program verification certificate is allowed to install the verified application program in the device through the application program verification certificate.
  • the first subject in the above step 11 can be the actual purchaser of the POS device.
  • the actual purchaser can simultaneously As the operator of the device, it can also be assigned to other partners to operate the device simultaneously or independently, thus, the corresponding second entity can be the operating partner of the purchasing user.
  • the actual purchaser (first subject) of the POS device when there is a need to configure the application installation authority in the device, he sends a request to the signing tool at his terminal, and the signing tool uses the root certificate or
  • the secondary certificate issues an identity verification certificate corresponding to the first subject to the first terminal, which means that the first subject at this time is given the right to control the installation authority.
  • the private key of the secondary certificate can be used to sign the identity verification certificate to generate an identity verification certificate, which contains the private key used for signing with the secondary certificate The public key that matches the key.
  • the first subject has control over the issuance of the next-level certificate.
  • the first subject can issue application verification certificates to itself or other subjects through the signature tool according to the needs of the actual application scenario. visa certificate. That is, it corresponds to issuing an application verification certificate to the first terminal or the second terminal associated with the unique second subject in step 12 .
  • the application verification certificate after the application verification certificate is issued in step 12, it also includes making the identity verification Steps for signing certificate invalidation.
  • the identity verification Steps for signing certificate invalidation.
  • only the principal with the application verification certificate can be allowed to install the application in the device through the terminal where it is located. It can be understood that such a configuration is more suitable for the application scenario where the direct purchaser of the device and the subsequent operator (the subject who needs to install the application program in the device) are relatively independent.
  • the purchasing user (the first subject) passes its identity ( After the identity verification certificate) has issued the application verification certificate to the operator (second entity), the identity verification certificate owned by the purchasing user will become invalid, which ensures that when the device is actually used by the subsequent operator, the purchasing user will not Furthermore, it has the authority to issue a unified application program verification certificate to other subjects, which fundamentally guarantees the security of the device when used by the operator.
  • step 11 and step 12 each of the first subject and the second subject is unique, which means that in the control method 10 of the present invention, for the same device, the The number of subjects is definite and unique. Such a setting can better protect the security and controllability of devices with relatively high security requirements when using permission configuration.
  • the above-mentioned control method 10 with steps 11 and 12 can already solve the requirements of devices (such as commonly used POS machines) for device control rights in most application scenarios.
  • the control method further includes, based on the application operation of the first subject, according to the application verification certificate
  • the certificate issues a subsidiary verification certificate to the second terminal associated with the second subject, or the second terminal and one or more third terminals associated with one or more third subjects, wherein the first terminal is allowed to pass the application
  • the program verification certificate is installing the signed-verified application program in the device, the second terminal, or the second terminal and the third terminal are also suitable for installing the signed-verified application program in the device through the subsidiary verification certificate.
  • the holder of the application verification certificate is the first subject, which means that the direct purchaser of the device has the requirement to install the application in the device after purchasing the device.
  • the first terminal corresponding to the first subject has the right to install the application program in the device.
  • the first subject wants to allow other operating partners to install the application in the device, it can apply for a subsidiary verification certificate from the signature tool again, and issue it to the second subject or one or more parties outside the second subject.
  • a third subject It can be understood that, for the sake of consistency and completeness of the scheme, the name of "second subject" is continued to be used here according to the above-mentioned embodiment with reference to FIG. 1 .
  • the first terminal corresponding to the first subject can issue a subsidiary verification certificate to any trusted subject other than the first subject.
  • the number of subjects with subsidiary verification certificates does not exceed 3 or does not exceed 5, and specific modifications can be made according to changes in actual application scenario requirements.
  • the control method further includes, based on the application operation of the second subject, sending the application verification certificate to one or more third subjects
  • the associated one or more third terminals issue a subsidiary verification certificate, wherein, while the second terminal is allowed to install the verified application in the device through the application verification certificate, the one or more third terminals It is also allowed to install authenticated applications on the device through the attached authentication certificate.
  • FIG. 2 shows a schematic diagram of issuing certificates for a subject with an identity verification certificate C1 and two devices 21 and 22 in an embodiment of the present invention.
  • the certificates of each level are described as follows sequentially from top to bottom as indicated by the arrows.
  • Root certificate located at the top of the certificate chain, used to verify the lower-level certificate, built in the firmware program of the device, and can be set as undeletable and shielded;
  • Secondary certificate Issued by the private key of the root certificate, it is used to verify the lower-level certificates. Similar to the root certificate, the secondary certificate is built into the firmware program of the device, and can also be set as undeletable and shielded;
  • Identity verification certificate C1 issued by the private key of the secondary certificate and used to verify the lower-level certificate. According to the setting of the present invention, only one C1 is allowed in the same device;
  • Application verification certificate C2 issued by the private key of C1, it is used to verify the lower-level certificate and the application program that the subject who owns C2 wants to install in the device;
  • Subsidiary verification certificate C2sub Issued by the private key of C2, it is used to verify the application program that the subject who owns C2sub wants to install in the device.
  • the first subject can deploy lower-level certificates in different devices, and the same private key of C1 can issue multiple C2s, but only one C2 is allowed for the same device.
  • each of the device 21 and the device 22 has an independent C2, but the two C2s can be issued by the corresponding C1 of the same first subject.
  • the control method of the present invention also includes a combination with the first The zeroth terminal associated with the zero subject configures the root certificate, or the root certificate and the secondary certificate issued based on the root certificate in the device, and configures the initial verification certificate issued based on the root certificate or the secondary certificate in the device, and the zeroth terminal is Allows installation of authenticated apps on pre-shipment devices via initial authentication certificates.
  • the above-mentioned zeroth subject may be the manufacturer/manufacturer of the equipment.
  • stage S1 before the device leaves the factory, the zeroth terminal where the manufacturer is located installs the root certificate and the secondary certificate in the firmware program of the device.
  • the manufacturer can apply for the initial verification certificate through the terminal where the manufacturer is located, and install the verified certificate in the device through the initial verification certificate.
  • the devices in stage S1 can also be considered as "manufacturer mode". At this time, the installation authority of the application program in the device is controlled by the manufacturer.
  • stage S2 when the device is delivered to the purchasing user, if the user has a demand for installing an application program in the device at this time, then enter into stage S2.
  • the first subject purchasing user obtains the identity verification certificate C1 after applying, and thus gives the first subject to reissue the next-level certificate (application program installed in the distribution device) Permission control) function. Since this stage S2 does not involve the steps of installing the application program in the device through a legal certificate, it can be simply understood that the stage S2 is an "intermediate mode", and its main function is to provide the purchaser of the device (that is, the first subject) ) issues the authentication certificate C1 to give it control over the installation permissions. From then on, the first subject can issue a lower-level certificate to itself or other subjects according to the needs of its actual application scenarios, thereby providing a legal and reliable channel for installing applications in the device.
  • the device can be divided into single-certificate mode and multi-certificate mode depending on whether the auxiliary verification certificate C2sub is included. That is, if the first subject or the second subject that owns the application verification certificate C2 wants to further issue a subsidiary verification certificate C2sub to other subjects (such as a third subject) other than itself, the device can be considered as a multi-certificate mode, otherwise it is single-certificate mode.
  • the device can flexibly switch between single-certificate mode and multi-certificate mode.
  • the initial verification certificate is invalidated, and after issuing the application After the program verifies the certificate, invalidate the identity verification certificate.
  • the identity verification certificate C1 also becomes invalid. Only the terminal where the subject of the program verification certificate C2 and the subsidiary verification certificate C2sub is located has the qualification to legally install the application program in the device.
  • the control method of the present invention can fully cover the needs of different subjects installing application programs in the same device, each Layers of certificates are intertwined, and different certificate usage modes can be flexibly converted according to different needs of users. It has high security, high reliability, and has a strong advantage in versatility.
  • the signature tool of the present invention has a complete account management system, and different subjects may have different authority to sign and issue certificates.
  • both the C1 public key and private key are generated by the signature tool, and the private key of the secondary certificate issues the C1 public key certificate.
  • the process is that the private key of the secondary certificate signs the C1 public key
  • the C1 public key certificate is generated; the C2 public key and private key are both generated by the signature artifact, and the C1 private key issues the C2 public key certificate.
  • Key certificate; C2sub public key and private key are generated by the signature tool, and the C2 private key issues the C2sub public key certificate.
  • the process is to generate the C2sub public key certificate after the C2 private key in the FSK signs the C2sub public key.
  • the signature tool issues the application program verification certificate C2 to the second terminal associated with the second subject, before issuing the identity verification certificate C1 to the first terminal, the first Deploy the first signature tool in the terminal, the first terminal is suitable for managing the key for the signature verification application program verification certificate C2 through the signature tool, and the second terminal is also suitable for managing the signature verification application program through the first signature tool and the key of the subsidiary verification certificate C2sub.
  • the key management of the second terminal is entrusted to the first signature tool corresponding to the first terminal, which saves the work task of redeploying the signature tool in the second terminal.
  • the present invention is not limited thereto.
  • the second terminal corresponding to the second subject may also deploy a signature tool by itself and independently manage keys.
  • a signature tool before issuing the identity verification certificate to the first terminal, it also includes deploying a first signature tool in the first terminal, and the first terminal is suitable for managing the signature verification through the first signature tool The key of the application program verification certificate; and before issuing the application program verification certificate to the second terminal, it also includes deploying a second signing tool in the second terminal, and the second terminal is suitable for managing through the second signing tool The key to sign the application and the accompanying verification certificate.
  • the first terminal or the second terminal having the application verification certificate passes the application verification certificate on the device
  • the installation of the application program after signature verification includes the following steps: submit the file to be signed to the signature tool by the first terminal or the second terminal; use the corresponding key to sign the file to be signed by the signature tool, wherein the file to be signed contains the information of the application program to be installed; returns the signed file to the first terminal or the second terminal; the first terminal or the second terminal uploads the application verification certificate and the signed file through the network, and the device downloads it through the network Verify the certificate and the signed file; and install the application verification certificate in the device, use the application verification certificate to verify the legitimacy of the signed file, and if it is legal, install the application contained in the signed file on the device program.
  • control system 40 for application program installation authority in a device (hereinafter referred to as "control system 40")
  • the device has a root certificate, or a root certificate and a secondary certificate issued based on the root certificate.
  • the control system 40 mainly includes a signature tool 400 , a first terminal 41 , a second terminal 42 , a third terminal 43 , and a zeroth terminal 44 .
  • each of the first terminal 41 and the second terminal 42 is associated with a unique first subject and a unique second subject, and there may be one or more third terminals 43 .
  • the signature tool 400 is configured to issue an identity verification certificate corresponding to the first subject to the first terminal 41 according to the root certificate or the secondary certificate in response to the request sent by the first terminal 41 .
  • the signing tool 400 is also configured to, based on the operation of the application, issue an application verification certificate to the second terminal 42 associated with the first terminal 41 or the unique second subject according to the identity verification certificate, wherein the owner of the application
  • the first terminal 41 or the second terminal 42 of the program verification certificate is allowed to install the verified application in the device through the application verification certificate.
  • the control system includes one or more third terminals 43 associated with the third subject, wherein, in such an embodiment, if the signature tool issues an application to the first terminal 41 associated with the first subject
  • the program verifies the certificate
  • the signature tool 400 is further configured to, based on the application operation of the first subject, verify the certificate according to the application program to the second terminal 42 associated with the second subject, or the second terminal 42 and one or more third parties
  • One or more third terminals 43 associated with the three subjects issue a subsidiary verification certificate, wherein, while the first terminal 41 is allowed to install the verified application in the device through the application verification certificate, the second terminal 42, or the second terminal 42 and the third terminal 43 are also suitable for installing the verified application program in the device through the attached verification certificate.
  • the signing tool 400 issues an application verification certificate to the second terminal 42 associated with the second subject
  • the signing tool 400 is also configured to, based on the application operation of the second subject, send the application verification certificate to one or more One or more third 43 terminals associated with the third subject issue a subsidiary verification certificate, wherein, when the second terminal 42 is allowed to install the verified application in the device through the application verification certificate, one or A plurality of third terminals 43 are also allowed to install verified applications in the device through the attached verification certificate.
  • a zeroth terminal 44 associated with the zeroth subject is also included, and the zeroth terminal 44 is configured to configure a root certificate, or a root certificate and a secondary certificate issued according to the root certificate in the device, and the zeroth terminal 44 is also configured not to configure the initial verification certificate issued by the root certificate or secondary certificate in the device, and the zeroth terminal 44 is allowed to install the verified application program in the device before leaving the factory through the initial verification certificate.
  • the purpose of the control method and control system for application program installation authority in equipment in the present invention is to abstract the requirements of different subjects such as equipment manufacturers, equipment purchasers, and equipment operators, and to establish an application program security authority based on the PKI (Public Key Infrastructure) specification
  • PKI Public Key Infrastructure
  • the differentiated management scheme unifies scheme design and management standards. For manufacturers, purchasers, and operators, it not only meets the needs of complex application scenarios, but also reduces production and operating costs.
  • the solution of the present invention can satisfy the scenario where one device allows multiple operators to simultaneously have the right to control the application installation authority, but the application market and the application signature private key are independent of each other.
  • Traditional certificate design patterns are not possible.
  • the present invention solves the problems of too many certificate levels, complex relationships among certificates, and complicated relationships between certificates and customers or operators, and difficult management. This solution can meet the control requirements for application installation permissions in devices in hundreds of different application scenarios through only 2-3 levels of certificate issuance, and is highly universal.
  • POS equipment As an example. This is because in the actual use scenarios of POS equipment, users of POS equipment often have the need for anti-cutting machines, especially when POS equipment is put on the market for transactions, it is safe. Sex is also a primary consideration. Therefore, the POS device is an ideal application object of the control method and control system of the present invention, but the present invention is not limited thereto. Any equipment with similar or identical requirements can adopt the control method and control system of the present invention, and the scope of protection of the present invention should not vary with the specific types of equipment objects applied.
  • the processor can be one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DAPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), processors , a controller, a microcontroller, a microprocessor, or a combination thereof.
  • ASICs Application Specific Integrated Circuits
  • DSPs Digital Signal Processors
  • DAPDs Digital Signal Processing Devices
  • PLDs Programmable Logic Devices
  • FPGAs Field Programmable Gate Arrays
  • aspects of the present application may be embodied as a computer product comprising computer readable program code on one or more computer readable media.
  • computer-readable media may include, but are not limited to, magnetic storage devices (e.g., hard disk, floppy disk, magnetic tape%), optical disks (e.g., compact disk CD, digital versatile disk DVD%), smart cards, and flash memory devices ( For example, cards, sticks, key drives).
  • a computer readable medium may contain a propagated data signal embodying a computer program code, for example, in baseband or as part of a carrier wave.
  • the propagated signal may take many forms, including electromagnetic, optical, etc., or a suitable combination.
  • the computer-readable medium can be any computer-readable medium, except computer-readable storage media, that can communicate, propagate, or transfer the program for use by being coupled to an instruction execution system, apparatus, or device.
  • Program code on a computer readable medium may be transmitted over any suitable medium, including radio, electrical cables, fiber optic cables, radio frequency signals, or the like, or combinations of any of the foregoing.
  • numbers describing the quantity of components and attributes are used. It should be understood that such numbers used in the description of the embodiments use the modifiers "about”, “approximately” or “substantially” in some examples. grooming. Unless otherwise stated, “about”, “approximately” or “substantially” indicates that the stated figure allows for a variation of ⁇ 20%. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximations that can vary depending upon the desired characteristics of individual embodiments. In some embodiments, numerical parameters should take into account the specified significant digits and adopt the general digit reservation method. Although the numerical ranges and parameters used in some embodiments of the present application to confirm the breadth of the scope are approximate values, in specific embodiments, such numerical values are set as precisely as practicable.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

A method for controlling application program installation permissions in a device, and a control system, the device having therein a root certificate, or a root certificate and a secondary certificate issued according to the root certificate. The control method comprises the following steps: in response to a request sent by a first terminal associated with a unique first entity, a signature tool issues, to the first terminal and according to the root certificate or the secondary certificate, an identity signature verification certificate corresponding to the first entity; based on an application operation and according to the identity signature verification certificate, the signature tool issues an application program signature verification certificate to the first terminal or to a second terminal associated with a unique second entity, wherein a first terminal or second terminal which has an application program signature verification certificate is allowed to use the application program signature verification certificate to install a verified application program in the device. The control method and control system provide a unified scheme for managing installation permission differentiation, and satisfy the different installation requirements of various entities used in the same device.

Description

设备中应用程序安装权限的控制方法和控制***Control method and control system for application program installation authority in device 技术领域technical field
本发明主要涉及信息安全领域,尤其涉及一种设备中应用程序安装权限的控制方法和控制***。The present invention mainly relates to the field of information security, in particular to a control method and control system for application program installation permissions in equipment.
背景技术Background technique
对于一些多主体共享或共同运营的设备来说,如何控制针对同一设备的不同主体的使用权限是在设备使用过程中常需要考虑的问题。以最常见的POS(Point of Sale,销售终端)设备为例,在POS设备的实际应用场景中,在POS设备的购买用户、POS设备的运营者之间有复杂的组合场景,例如:For some devices that are shared or jointly operated by multiple subjects, how to control the use rights of different subjects for the same device is a problem that often needs to be considered during the use of the device. Taking the most common POS (Point of Sale) equipment as an example, in the actual application scenarios of POS equipment, there are complex combination scenarios between the purchaser of the POS equipment and the operator of the POS equipment, for example:
情景一:购买用户同时负责POS运营,购买用户拥有POS的应用安装权限控制权;Scenario 1: The purchasing user is also responsible for POS operation, and the purchasing user has the right to control the POS application installation authority;
情景二:购买用户有多个运营合作伙伴,每个运营合作伙伴拥有各自POS的应用安装权限控制权;Scenario 2: The purchasing user has multiple operating partners, and each operating partner has the right to control the application installation permissions of their own POS;
情景三:购买用户有多个运营合作伙伴,每个运营合作伙伴拥有各自POS的应用安装权限控制权,且都允许安装购买用户的应用程序;Scenario 3: The purchasing user has multiple operating partners, and each operating partner has the right to control the application installation permissions of their own POS, and all of them are allowed to install the purchasing user's application;
情景四:两个合作伙伴联合运营POS,同时拥有POS的应用安装权限控制权,但应用市场和应用签名工具相互独立;Scenario 4: Two partners jointly operate POS, and have the right to control POS application installation permissions at the same time, but the application market and application signing tools are independent of each other;
……...
通过上述的列举可以发现,想要实现POS设备的购买用户或运营者希望统一控制POS中应用程序安装的权限是比较困难的。另一方面,对POS生产商来说,由于每个购买用户都可能具有上述不同的组合场景,进而又演变为成千上百种需求不同的应用场景。在此基础上,对于POS设备生产商来说,往往还有多款POS设备型号。在这样的需求之下,如果通过定制POS程序实现以上需求,工作量十分可怕,并且上千上万种复杂的组合使维护成本成指数级上升。因此,领域内尚缺少一种可以解决复杂的组合需求场景的应用程序安装权限的控制方案。From the above enumeration, it can be found that it is relatively difficult for the purchaser or operator of the POS device to uniformly control the authority to install the application program in the POS. On the other hand, for POS manufacturers, because each purchasing user may have the above-mentioned different combination scenarios, it has evolved into thousands of application scenarios with different requirements. On this basis, for POS equipment manufacturers, there are often a variety of POS equipment models. Under such requirements, if the above requirements are realized by customizing the POS program, the workload will be terrible, and thousands of complex combinations will increase the maintenance cost exponentially. Therefore, there is still a lack of a control scheme for application program installation permissions that can solve complex combination requirements scenarios.
发明内容Contents of the invention
本发明要解决的技术问题是提供一种设备中应用程序安装权限的控制方法和控制***,可以提供统一的安装权限差异化管理方案,满足不同使用主体在同一设备中安装的不同需求。The technical problem to be solved by the present invention is to provide a control method and control system for application program installation authority in a device, which can provide a unified management scheme for differentiated installation authority, and meet the different requirements of different users installing in the same device.
为解决上述技术问题,本发明提供了一种设备中应用程序安装权限的控制方法,所述设备中具有根证书、或所述根证书和根据所述根证书颁发的二级证书,包括如下步骤:In order to solve the above-mentioned technical problems, the present invention provides a method for controlling application program installation permissions in a device, wherein the device has a root certificate, or the root certificate and a secondary certificate issued according to the root certificate, including the following steps :
签名工具响应于与唯一的第一主体关联的第一终端发出的请求,根据所述根证书或所述二级证书向所述第一终端颁发与所述第一主体对应的身份验签证书;以及The signature tool issues an identity verification certificate corresponding to the first subject to the first terminal according to the root certificate or the secondary certificate in response to a request sent by the first terminal associated with the unique first subject; as well as
基于申请的操作,所述签名工具根据所述身份验签证书向与所述第一终端或与唯一的第二主体关联的第二终端颁发应用程序验签证书,其中,拥有所述应用程序验签证书的所述第一终端或所述第二终端被允许通过所述应用程序验签证书在所述设备中安装经过验签后的应用程序。Based on the operation of the application, the signing tool issues an application verification certificate to the second terminal associated with the first terminal or with the unique second subject according to the identity verification certificate, wherein the person who owns the application verification certificate The first terminal or the second terminal that issued the certificate is allowed to install the verified application program in the device through the application program verification certificate.
在本发明的一实施例中,若所述签名工具向与所述第一主体关联的所述第一终端颁发所述应用程序验签证书,所述控制方法还包括基于所述第一主体的申请操作,根据所述应用程序验签证书向与所述第二主体关联的所述第二终端、或所述第二终端和与一个或多个第三主体关联的一个或多个第三终端颁发附属验签证书,其中,在所述第一终端被允许通过所述应用程序验签证书在所述设备中安装经过验签后的应用程序的同时,所述第二终端、或所述第二终端和所述第三终端也适于通过所述附属验签证书在所述设备中安装经过验签后的应用程序。In an embodiment of the present invention, if the signature tool issues the application verification certificate to the first terminal associated with the first subject, the control method further includes Applying for the operation of verifying the certificate to the second terminal associated with the second subject, or the second terminal and one or more third terminals associated with one or more third subjects according to the application program issuing a subsidiary verification certificate, wherein while the first terminal is allowed to install the verified application in the device through the application verification certificate, the second terminal, or the second terminal The second terminal and the third terminal are also adapted to install the verified application in the device through the subsidiary verification certificate.
在本发明的一实施例中,若所述签名工具向与所述第二主体关联的所述第二终端颁发所述应用程序验签证书,所述控制方法还包括基于所述第二主体的申请操作,根据所述应用程序验签证书向与一个或多个第三主体关联的一个或多个第三终端颁发附属验签证书,其中,在所述第二终端被允许通过所述应用程序验签证书在所述设备中安装经过验签后的应用程序的同时,所述一个或多个第三终端也被允许通过所述附属验签证书在所述设备中安装经过验签后的应用程序。In an embodiment of the present invention, if the signature tool issues the application verification certificate to the second terminal associated with the second subject, the control method further includes Applying for an operation to issue a subsidiary verification certificate to one or more third terminals associated with one or more third parties based on said application verification certificate, wherein said second terminal is allowed to pass said application While the verification certificate installs the signed-verified application in the device, the one or more third terminals are also allowed to install the signed-verified application in the device through the subsidiary verification certificate program.
在本发明的一实施例中,还包括由与第零主体关联的第零终端在所述设备中配置所述根证书、或所述根证书和根据所述根证书颁发的二级证书,并在所述设备中配置根据所述根证书或所述二级证书颁发的初始验签证书,所述第零终端被允许通过所述初始验签证书在出厂前的设备中安装经过验签后的应用程序。In an embodiment of the present invention, it further includes configuring the root certificate, or the root certificate and the secondary certificate issued according to the root certificate in the device by the zeroth terminal associated with the zeroth subject, and An initial verification certificate issued according to the root certificate or the secondary certificate is configured in the device, and the zeroth terminal is allowed to install the verified verification certificate in the device before leaving the factory through the initial verification certificate. application.
在本发明的一实施例中,在颁发所述应用程序验签证书后,使所述身份验签证书失效。In an embodiment of the present invention, the identity verification certificate is invalidated after the application verification certificate is issued.
在本发明的一实施例中,在颁发所述身份验签证书后,使所述初始验签证书失效,且在颁发所述应用程序验签证书后,使所述身份验签证书失效。In an embodiment of the present invention, the initial verification certificate is invalidated after the identity verification certificate is issued, and the identity verification certificate is invalidated after the application verification certificate is issued.
在本发明的一实施例中,若所述签名工具向与所述第二主体关联的所述第二终端颁发所述应用程序验签证书,在向所述第一终端颁发所述身份验签证书之前,还包括在所述第一终端中部署第一签名工具,所述第一终端适于通过所述签名工具管理用于验签所述应用程序验签证书的密钥,且所述第二终端也适于通过所述第一签名工具管理用于验签所述应用程序和所述附属验签证书的密钥。In an embodiment of the present invention, if the signature tool issues the application program verification certificate to the second terminal associated with the second subject, when issuing the identity verification certificate to the first terminal Before the certificate, it also includes deploying a first signing tool in the first terminal, the first terminal is adapted to manage the key used to verify the application verification certificate through the signing tool, and the second The two terminals are also adapted to manage, through the first signing tool, keys for verifying the application program and the attached verification certificate.
在本发明的一实施例中,若所述签名工具向与所述第二主体关联的所述第二终端颁发所述应用程序验签证书,还包括:In an embodiment of the present invention, if the signature tool issues the application verification certificate to the second terminal associated with the second subject, it further includes:
在向所述第一终端颁发所述身份验签证书之前,还包括在所述第一终端中部署第一签名工具,所述第一终端适于通过所述第一签名工具管理用于验签所述应用程序验签证书的密钥;以及Before issuing the identity verification certificate to the first terminal, it also includes deploying a first signature tool in the first terminal, and the first terminal is adapted to use the first signature tool to manage signature verification the key for the application verification certificate; and
在向所述第二终端颁发所述应用程序验签证书之前,还包括在所述第二终端中部署第二签名工具,所述第二终端适于通过所述第二签名工具管理用于验签所述应用程序和所述附属验签证书的密钥。Before issuing the application program verification certificate to the second terminal, it also includes deploying a second signature tool in the second terminal, and the second terminal is adapted to manage the A key to sign the application and the accompanying verification certificate.
在本发明的一实施例中,还包括拥有所述应用程序验签证书的所述第一终端或所述第二终端通过所述应用程序验签证书在所述设备中安装经过验签后的应用程序,具体包括如下步骤:In an embodiment of the present invention, it also includes that the first terminal or the second terminal having the application verification certificate installs the verified certificate in the device through the application verification certificate The application program includes the following steps:
由所述第一终端或所述第二终端向所述签名工具提交待签名文件;submitting the file to be signed to the signing tool by the first terminal or the second terminal;
通过所述签名工具使用密钥对所述待签名文件签名,其中,所述待签名文件中包含待安装的应用程序的信息;Signing the file to be signed using a key using the signature tool, wherein the file to be signed contains information about the application program to be installed;
向所述第一终端或所述第二终端返回签名后的文件;returning the signed file to the first terminal or the second terminal;
所述第一终端或所述第二终端通过网络上传所述应用程序验签证书和所述签名后的文件,且所述设备通过网络下载所述验签证书和所述签名后的文件;以及The first terminal or the second terminal uploads the application verification certificate and the signed file through the network, and the device downloads the verification certificate and the signed file through the network; and
在所述设备中安装所述应用程序验签证书,利用所述应用程序验签证书验证所述签名后的文件的合法性,若合法则在所述设备中安装所述签名后的文件中包含的应用程序。Install the application verification certificate in the device, use the application verification certificate to verify the legality of the signed file, and if it is legal, install the signed file in the device to include s application.
为了解决上述的技术问题,本发明的另一方面还提出了一种设备中应用程序安装权限的控制***,所述设备中具有根证书、或所述根证书和根据所述根证书颁发的二级证书,包括:签名工具,与唯一的第一主体关联的第一终端、或所述第一终端和与唯一的第二主体关联的第二终端,其中,所述签名工具配置为响应于所述第一终端发出的请求,根据所述根证书或所述二级证书向所述第一终端颁发与所述第一主体对应的身份验签证书;所述签名工具还配置为,基于申请的操作,根据所述身份验签证书向与所述第一终端或与唯一的第二主体关联的第二终端颁发应用程序验签证书,其中,拥有所述应用程序验签证书的所述第一终端或所述第二终端被允许通过所述应用程序验签证书在所述设备中安装经过验签后的应用程序。In order to solve the above-mentioned technical problems, another aspect of the present invention also proposes a control system for application program installation permissions in a device, where the device has a root certificate, or the root certificate and a dual level certificate, comprising: a signing tool, a first terminal associated with a unique first subject, or the first terminal and a second terminal associated with a unique second subject, wherein the signing tool is configured to respond to the According to the request sent by the first terminal, issue the identity verification certificate corresponding to the first subject to the first terminal according to the root certificate or the secondary certificate; the signature tool is also configured to, based on the application Operation, issuing an application verification certificate to a second terminal associated with the first terminal or with a unique second subject based on the identity verification certificate, wherein the first user who owns the application verification certificate The terminal or the second terminal is allowed to install the verified application in the device through the application verification certificate.
在本发明的一实施例中,还包括一个或多个与第三主体关联的第三终端,其中,若所述签名工具向与所述第一主体关联的所述第一终端颁发所述应用程序验签证书,所述签名工具还配置为,基于所述第一主体的申请操作,根据所述应用程序验签证书向与所述第二主体关联的所述第二终端、或所述第二终端和与一个或多个第三主体关联的一个或多个第三终端颁发附属验签证书,其中,在所述第一终端被允许通过所述应用程序验签证书在所述设备中安装经过验签后的应用程序的同时,所述第二终端、或所述第二终端和所述第三终端也适于通过所述附属验签证书在所述设备中安装经过验签后的应用程序;In an embodiment of the present invention, it further includes one or more third terminals associated with a third subject, wherein if the signature tool issues the application to the first terminal associated with the first subject The program verifies the certificate, and the signature tool is further configured to, based on the application operation of the first subject, send the verification certificate to the second terminal associated with the second subject or the second subject according to the application program verification certificate. Second terminal and one or more third terminals associated with one or more third parties issue a subsidiary verification certificate, wherein said first terminal is allowed to verify the certificate by said application installed in said device The second terminal, or the second terminal and the third terminal are also adapted to install the signed-verified application in the device through the subsidiary verification certificate while the signed-verified application program is passed program;
若所述签名工具向与所述第二主体关联的所述第二终端颁发所述应用程序验签证书,所述签名工具还配置为,基于所述第二主体的申请操作,根据所述应用程序验签证书向与所述一个或多个第三主体关联的一个或多个第三终端颁发所述附属验签证书,其中,在所述第二终端被允许通过所述应用程序验签证书在所述设备中安装经过验签后的应用程序的同时,所述一个或多个第三终端也被允许通过所述附属验签证书在所述设备中安装经过验签后的应用程序。If the signing tool issues the application verification certificate to the second terminal associated with the second subject, the signing tool is further configured to, based on the application operation of the second subject, according to the application issuing said subsidiary verification certificate to one or more third terminals associated with said one or more third principals, wherein said second terminal is allowed to verify the certificate by said application program While the signed-verified application program is installed in the device, the one or more third terminals are also allowed to install the signed-verified application program in the device through the subsidiary verification certificate.
在本发明的一实施例中,还包括与第零主体关联的第零终端,所述第零终端配置为在所述设备中配置所述根证书、或所述根证书和根据所述根证书颁发的二级证书,所述第零终端还配置未在所述设备中配置根据所述根证书或所述二级证书颁发的初始验签证书,所述第零终端被允许通过所述初始验签证书在出厂前的设备中安装经过验签后的应用程序。与现有技术相比,本发明具有以下优点:In an embodiment of the present invention, it further includes a zeroth terminal associated with the zeroth subject, the zeroth terminal is configured to configure the root certificate in the device, or the root certificate and the issued by the secondary certificate, the zeroth terminal is also configured not to configure the initial verification certificate issued according to the root certificate or the secondary certificate in the device, the zeroth terminal is allowed to pass the initial verification The signed certificate installs the verified application in the device before leaving the factory. Compared with the prior art, the present invention has the following advantages:
本发明的设备中应用程序安装权限的控制方法和***,为设备的实际购买用户 和其他运营商等多方主体提供了统一的应用程序安装权限差异化管理方案,满足设备生产厂商、购买客户、运营者多样性的根据实际不同的运营模式所产生的复杂的安装权限的控制需求。另一方面,本发明的方案提供的多级证书和应用程序验签方式安全可信,签名工具便于安装和使用,在保证安全性的基础上,降低了维护成本,提高了管理效率。The method and system for controlling application program installation rights in devices according to the present invention provides a unified application program installation rights differentiated management solution for multiple entities such as actual purchasers of devices and other operators, and satisfies the needs of device manufacturers, purchasers, and operators. Due to the diversity of users, the complex installation authority control requirements are generated according to different actual operation modes. On the other hand, the multi-level certificate and application program signature verification method provided by the solution of the present invention are safe and reliable, and the signature tool is easy to install and use. On the basis of ensuring safety, the maintenance cost is reduced and the management efficiency is improved.
附图概述Figure overview
本发明的特征、性能由以下的实施例及其附图进一步描述。包括附图是为提供对本申请进一步的理解,它们被收录并构成本申请的一部分,附图示出了本申请的实施例,并与本说明书一起起到解释本发明原理的作用。附图中:Features and performances of the present invention are further described by the following examples and accompanying drawings. The accompanying drawings are included to provide a further understanding of the present application, and they are included and constitute a part of the present application. The accompanying drawings show the embodiments of the present application, and together with the description, serve to explain the principle of the present invention. In the attached picture:
图1是本发明一实施例的一种设备中应用程序安装权限的控制方法的流程示意图;FIG. 1 is a schematic flowchart of a method for controlling application program installation authority in a device according to an embodiment of the present invention;
图2是本发明一实施例的一种设备中应用程序安装权限的控制方法中证书层级逻辑示意图;Fig. 2 is a logical schematic diagram of certificate levels in a method for controlling application program installation authority in a device according to an embodiment of the present invention;
图3是本发明一实施例的一种设备中应用程序安装权限的控制方法的实现原理的概念示意图;以及Fig. 3 is a conceptual schematic diagram of the implementation principle of a method for controlling application program installation permissions in a device according to an embodiment of the present invention; and
图4是本发明一实施例的一种设备中应用程序安装权限的控制***的***框图。Fig. 4 is a system block diagram of a control system for application program installation permissions in a device according to an embodiment of the present invention.
本发明的较佳实施方式Preferred Embodiments of the Invention
为了更清楚地说明本申请的实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单的介绍。显而易见地,下面描述中的附图仅仅是本申请的一些示例或实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图将本申请应用于其他类似情景。除非从语言环境中显而易见或另做说明,图中相同标号代表相同结构或操作。In order to more clearly illustrate the technical solutions of the embodiments of the present application, the following briefly introduces the drawings that need to be used in the description of the embodiments. Obviously, the accompanying drawings in the following description are only some examples or embodiments of the present application, and those skilled in the art can also apply the present application to other similar scenarios. Unless otherwise apparent from context or otherwise indicated, like reference numerals in the figures represent like structures or operations.
如本申请和权利要求书中所示,除非上下文明确提示例外情形,“一”、“一个”、“一种”和/或“该”等词并非特指单数,也可包括复数。一般说来,术语“包括”与“包含”仅提示包括已明确标识的步骤和元素,而这些步骤和元素不构成一个排它性的罗列,方法或者设备也可能包含其他的步骤或元素。As indicated in this application and claims, the terms "a", "an", "an" and/or "the" do not refer to the singular and may include the plural unless the context clearly indicates an exception. Generally speaking, the terms "comprising" and "comprising" only suggest the inclusion of clearly identified steps and elements, and these steps and elements do not constitute an exclusive list, and the method or device may also contain other steps or elements.
除非另外具体说明,否则在这些实施例中阐述的部件和步骤的相对布置、数字表达式和数值不限制本申请的范围。同时,应当明白,为了便于描述,附图中所示出的各个部分的尺寸并不是按照实际的比例关系绘制的。对于相关领域普通技术人员已知的技术、方法和设备可能不作详细讨论,但在适当情况下,所述技术、方法和设备应当被视为授权说明书的一部分。在这里示出和讨论的所有示例中,任何具体值应被解释为仅仅是示例性的,而不是作为限制。因此,示例性实施例的其它示例可以具有不同的值。应注意到:相似的标号和字母在下面的附图中表示类似项,因此,一旦某一项在一个附图中被定义,则在随后的附图中不需要对其进行进一步讨论。The relative arrangements of components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present application unless specifically stated otherwise. At the same time, it should be understood that, for the convenience of description, the sizes of the various parts shown in the drawings are not drawn according to the actual proportional relationship. Techniques, methods and devices known to those of ordinary skill in the relevant art may not be discussed in detail, but where appropriate, such techniques, methods and devices should be considered part of the Authorized Specification. In all examples shown and discussed herein, any specific values should be construed as illustrative only, and not as limiting. Therefore, other examples of the exemplary embodiment may have different values. It should be noted that like numerals and letters denote like items in the following figures, therefore, once an item is defined in one figure, it does not require further discussion in subsequent figures.
在本申请的描述中,需要理解的是,方位词如“前、后、上、下、左、右”、“横向、竖向、垂直、水平”和“顶、底”等所指示的方位或位置关系通常是基于附图所示的方位或位置关系,仅是为了便于描述本申请和简化描述,在未作相反说明的情况下,这些方位词并不指示和暗示所指的装置或元件必须具有特定的方位或者以特定的方位构造和操作,因此不能理解为对本申请保护范围的限制;方位词“内、外”是指相对于各部件本身的轮廓的内外。In the description of the present application, it should be understood that orientation words such as "front, back, up, down, left, right", "horizontal, vertical, vertical, horizontal" and "top, bottom" etc. indicate the orientation Or positional relationship is generally based on the orientation or positional relationship shown in the drawings, and is only for the convenience of describing the application and simplifying the description. In the absence of a contrary statement, these orientation words do not indicate or imply the device or element referred to It must have a specific orientation or be constructed and operated in a specific orientation, so it should not be construed as limiting the protection scope of the present application; the orientation words "inner and outer" refer to the inner and outer relative to the outline of each component itself.
为了便于描述,在这里可以使用空间相对术语,如“在……之上”、“在……上方”、“在……上表面”、“上面的”等,用来描述如在图中所示的一个器件或特征与其他器件或特征的空间位置关系。应当理解的是,空间相对术语旨在包含除了器件在图中所描述的方位之外的在使用或操作中的不同方位。例如,如果附图中的器件被倒置,则描述为“在其他器件或构造上方”或“在其他器件或构造之上”的器件之后将被定位为“在其他器件或构造下方”或“在其他器件或构造之下”。因而,示例性术语“在……上方”可以包括“在……上方”和“在……下方”两种方位。该器件也可以其他不同方式定位(旋转90度或处于其他方位),并且对这里所使用的空间相对描述作出相应解释。For the convenience of description, spatially relative terms may be used here, such as "on ...", "over ...", "on the surface of ...", "above", etc., to describe The spatial positional relationship between one device or feature shown and other devices or features. It will be understood that the spatially relative terms are intended to encompass different orientations of the device in use or operation in addition to the orientation depicted in the figures. For example, if the device in the figures is turned over, devices described as "above" or "above" other devices or configurations would then be oriented "beneath" or "above" the other devices or configurations. under other devices or configurations”. Thus, the exemplary term "above" can encompass both an orientation of "above" and "beneath". The device may be otherwise oriented (rotated 90 degrees or at other orientations) and the spatially relative descriptions used herein interpreted accordingly.
此外,需要说明的是,使用“第一”、“第二”等词语来限定零部件,仅仅是为了便于对相应零部件进行区别,如没有另行声明,上述词语并没有特殊含义,因此不能理解为对本申请保护范围的限制。此外,尽管本申请中所使用的术语是从公知公用的术语中选择的,但是本申请说明书中所提及的一些术语可能是申请人按他或她的判断来选择的,其详细含义在本文的描述的相关部分中说明。此外,要求 不仅仅通过所使用的实际术语,而是还要通过每个术语所蕴含的意义来理解本申请。In addition, it should be noted that the use of words such as "first" and "second" to define components is only for the convenience of distinguishing corresponding components. To limit the protection scope of this application. In addition, although the terms used in this application are selected from well-known and commonly used terms, some terms mentioned in the specification of this application may be selected by the applicant according to his or her judgment, and their detailed meanings are listed in this article described in the relevant section of the description. Furthermore, it is required that this application be understood not only by the actual terms used, but also by the meaning implied by each term.
本发明的一实施例参照图1提出了一种设备中应用程序安装权限的控制方法10(以下简称“控制方法10”)。控制方法10可以提供统一的安装权限差异化管理方案,满足不同使用主体在同一设备中安装的不同需求。An embodiment of the present invention proposes a control method 10 (hereinafter referred to as "control method 10") of application program installation authority in a device with reference to FIG. 1 . The control method 10 can provide a unified and differentiated management solution for installation rights to meet the different requirements of different users for installation in the same device.
本申请中图1使用了流程图用来说明根据本申请的实施例的***所执行的操作。应当理解的是,前面或下面操作不一定按照顺序来精确地执行。相反,可以按照倒序或同时处理各种步骤。同时,或将其他操作添加到这些过程中,或从这些过程移除某一步或数步操作。FIG. 1 in the present application uses a flowchart to illustrate the operations performed by the system according to the embodiment of the present application. It should be understood that the preceding or following operations are not necessarily performed in an exact order. Instead, various steps may be processed in reverse order or concurrently. At the same time, other operations are either added to these procedures, or a certain step or steps are removed from these procedures.
下面根据图1,对本发明的控制方法10做出详细说明。首先,在控制方法10所涉及的设备中,具有根证书、或根证书和根据根证书颁发的二级证书。这意味着,如果只具有根证书,则由根证书继续按照下文的步骤向下颁发下一层级的证书,而如果设备中具有根证书和根据该根证书颁发的二级证书,则由该二级证书根据下文的步骤继续向下颁发下一级的证书,在这样的设定中,可以更好的保护根证书的安全性。另一方面,根证书或者二级证书可以是在设备出厂前就内置在设备的固件程序中,或者根据实际的需求,在需要执行下文所提出的控制方法10各步骤之前再行安装,本发明不对此做出限制。The following describes the control method 10 of the present invention in detail according to FIG. 1 . First, in the device involved in the control method 10, there is a root certificate, or a root certificate and a secondary certificate issued according to the root certificate. This means that if there is only a root certificate, the root certificate will continue to issue the next level of certificates in accordance with the following steps, and if the device has a root certificate and a secondary certificate issued based on the root certificate, the secondary certificate will be issued by the root certificate. Level certificates continue to issue certificates to the next level according to the following steps. In such a setting, the security of the root certificate can be better protected. On the other hand, the root certificate or the secondary certificate can be built into the firmware program of the device before the device leaves the factory, or according to actual needs, it can be installed before the steps of the control method 10 proposed below need to be executed. The present invention There is no limit to this.
如图1所示,步骤11为签名工具响应于与唯一的第一主体关联的第一终端发出的请求,根据根证书或二级证书向第一终端颁发与第一主体对应的身份验签证书。As shown in Figure 1, step 11 is that the signing tool responds to the request sent by the first terminal associated with the unique first subject, and issues the identity verification certificate corresponding to the first subject to the first terminal according to the root certificate or the secondary certificate .
步骤12为基于申请的操作,签名工具根据身份验签证书向与第一终端或与唯一的第二主体关联的第二终端颁发应用程序验签证书。并且,拥有应用程序验签证书的第一终端或第二终端被允许通过应用程序验签证书在设备中安装经过验签后的应用程序。 Step 12 is an application-based operation. The signature tool issues an application verification certificate to the second terminal associated with the first terminal or the unique second subject according to the identity verification certificate. Moreover, the first terminal or the second terminal having the application program verification certificate is allowed to install the verified application program in the device through the application program verification certificate.
结合设备的实际应用场景,如该设备为市场上常见的POS设备,上述步骤11中的第一主体可以是POS设备的实际购买用户,如上文在背景技术部分介绍的,该实际购买用户可以同时作为该设备的运营者,也可以分配给其他的合作伙伴同时或独立的运营该设备,由此,对应的第二主体可以是该购买用户的运营伙伴。在这样的设定下,作为POS设备的实际购买用户(第一主体),当具有在设备中配置应用程序安装权限的需求时,在其终端向签名工具发出请求,由签名工具根据根证书或二级证书向该第一终端颁发与第一主体对应的身份验签证书,这意味着,此时 的第一主体被赋予了安装权限的控制权。示例性的,如使用二级证书颁发该身份验签证书,可以使用二级证书的私钥对身份验签证书签名后生成身份验签证书,其中包含有与该二级证书用于签名的私钥相匹配的公钥。Combined with the actual application scenario of the device, if the device is a common POS device in the market, the first subject in the above step 11 can be the actual purchaser of the POS device. As described above in the background technology section, the actual purchaser can simultaneously As the operator of the device, it can also be assigned to other partners to operate the device simultaneously or independently, thus, the corresponding second entity can be the operating partner of the purchasing user. Under such a setting, as the actual purchaser (first subject) of the POS device, when there is a need to configure the application installation authority in the device, he sends a request to the signing tool at his terminal, and the signing tool uses the root certificate or The secondary certificate issues an identity verification certificate corresponding to the first subject to the first terminal, which means that the first subject at this time is given the right to control the installation authority. Exemplarily, if a secondary certificate is used to issue the identity verification certificate, the private key of the secondary certificate can be used to sign the identity verification certificate to generate an identity verification certificate, which contains the private key used for signing with the secondary certificate The public key that matches the key.
进一步的,获得了身份验签证书后的第一主体具有了下一级证书颁发的控制权,此时的第一主体可以根据实际应用场景的需要,通过签名工具向自己或其他主体颁发应用程序验签证书。也就是对应步骤12中的向第一终端或与唯一的第二主体关联的第二终端颁发应用程序验签证书。Furthermore, after obtaining the identity verification certificate, the first subject has control over the issuance of the next-level certificate. At this time, the first subject can issue application verification certificates to itself or other subjects through the signature tool according to the needs of the actual application scenario. visa certificate. That is, it corresponds to issuing an application verification certificate to the first terminal or the second terminal associated with the unique second subject in step 12 .
优选地,为了更好的实现控制方法10对于设备应用程序安装权限控制的精准性和安全性,在本发明的一些实施例中,在步骤12中颁发应用程序验签证书后,还包括使身份验签证书失效的步骤。这意味着,在此之后,只有具有应用程序验签证书的主体可以通过其所在的终端被允许在设备中安装应用程序。可以理解的是,这样的配置更加适合于设备的直接购买者和后续的运营者(需要在设备中安装应用程序的主体)相对独立的应用场景,当购买用户(第一主体)通过其身份(体现为具有身份验签证书)向运营者(第二主体)颁发了应用程序验签证书后,购买用户所拥有的身份验签证书失效,保证了该设备在后续运营者实际使用时,购买用户不再具有权限向其他的主体颁发统一的应用程序验签证书,从根本上保障了该设备在运营者使用时的安全性。Preferably, in order to better realize the accuracy and security of the control method 10 for device application installation permission control, in some embodiments of the present invention, after the application verification certificate is issued in step 12, it also includes making the identity verification Steps for signing certificate invalidation. This means that, after that, only the principal with the application verification certificate can be allowed to install the application in the device through the terminal where it is located. It can be understood that such a configuration is more suitable for the application scenario where the direct purchaser of the device and the subsequent operator (the subject who needs to install the application program in the device) are relatively independent. When the purchasing user (the first subject) passes its identity ( After the identity verification certificate) has issued the application verification certificate to the operator (second entity), the identity verification certificate owned by the purchasing user will become invalid, which ensures that when the device is actually used by the subsequent operator, the purchasing user will not Furthermore, it has the authority to issue a unified application program verification certificate to other subjects, which fundamentally guarantees the security of the device when used by the operator.
需要说明的是在步骤11和步骤12中都提到了,第一主体和第二主体各自均是唯一的,这意味着,在本发明的控制方法10中,对于同一个设备,具有控制权限的主体数量是确定且唯一的。这样的设定,对于对安全性要求相对较高的设备来说,可以更好地保护其在使用权限配置时的安全性和可控性。如上所述的具有步骤11和步骤12的控制方法10已经可以解决设备(如常用的POS机)在大部分的应用场景中对于设备控制权限的需求。It should be noted that it is mentioned in step 11 and step 12 that each of the first subject and the second subject is unique, which means that in the control method 10 of the present invention, for the same device, the The number of subjects is definite and unique. Such a setting can better protect the security and controllability of devices with relatively high security requirements when using permission configuration. The above-mentioned control method 10 with steps 11 and 12 can already solve the requirements of devices (such as commonly used POS machines) for device control rights in most application scenarios.
然而,虽然具有很高的安全性,可以理解的是,由此也会带来一定的局限性。基于此,在本发明的一些优选的实施例中,在上述仅具有第一主体或第二主体的基础上,还引入了对于一个或多个第三主体所对应终端以及相应的安装权限的配置。However, although it has high security, it is understandable that certain limitations will also be brought about by it. Based on this, in some preferred embodiments of the present invention, on the basis of having only the first subject or the second subject, the configuration of terminals corresponding to one or more third subjects and corresponding installation permissions is also introduced .
示例性的,在本发明的一些实施例中,若签名工具向与第一主体关联的第一终端颁发应用程序验签证书,控制方法还包括基于第一主体的申请操作,根据应用程序验签证书向与第二主体关联的第二终端、或第二终端和与一个或多个第三主体 关联的一个或多个第三终端颁发附属验签证书,其中,在第一终端被允许通过应用程序验签证书在设备中安装经过验签后的应用程序的同时,第二终端、或第二终端和第三终端也适于通过附属验签证书在设备中安装经过验签后的应用程序。下面对于这一配置流程作出详细的说明。Exemplarily, in some embodiments of the present invention, if the signature tool issues an application verification certificate to the first terminal associated with the first subject, the control method further includes, based on the application operation of the first subject, according to the application verification certificate The certificate issues a subsidiary verification certificate to the second terminal associated with the second subject, or the second terminal and one or more third terminals associated with one or more third subjects, wherein the first terminal is allowed to pass the application While the program verification certificate is installing the signed-verified application program in the device, the second terminal, or the second terminal and the third terminal are also suitable for installing the signed-verified application program in the device through the subsidiary verification certificate. The following is a detailed description of this configuration process.
首先,在这样的实施例中,应用程序验签证书的持有者为第一主体,这意味着,设备的直接购买用户在购买设备后,其本身具有在设备中安装应用程序的需求,因此,经向签名工具申请后,第一主体对应的第一终端具有在设备中安装应用程序的权限。此时,若第一主体想要允许其他的运营合作伙伴在设备中安装应用程序,可以再次向签名工具申请附属验签证书,并颁发给第二主体或在第二主体之外的一个或多个第三主体。可以理解的是,为了方案的一致性和完整性,这里根据上述的参照图1的实施例,延续使用了“第二主体”的名称。实际上,若第一主体对应的第一终端同时拥有了应用程序验签证书后,可以向第一主体之外的任一信任的主体颁发附属验签证书,从而在上述参照图1所述的控制方法10的基础上,进一步拓展本方案适用的复杂应用场景,以获得更好的普适性。示例性的,在本发明的一些实施例中,拥有附属验签证书的主体个数不超过3个或不超过5个,具体可以根据实际应用场景需求的变化做出变型。First, in such an embodiment, the holder of the application verification certificate is the first subject, which means that the direct purchaser of the device has the requirement to install the application in the device after purchasing the device. After applying to the signing tool, the first terminal corresponding to the first subject has the right to install the application program in the device. At this time, if the first subject wants to allow other operating partners to install the application in the device, it can apply for a subsidiary verification certificate from the signature tool again, and issue it to the second subject or one or more parties outside the second subject. a third subject. It can be understood that, for the sake of consistency and completeness of the scheme, the name of "second subject" is continued to be used here according to the above-mentioned embodiment with reference to FIG. 1 . In fact, if the first terminal corresponding to the first subject has the application verification certificate at the same time, it can issue a subsidiary verification certificate to any trusted subject other than the first subject. On the basis of method 10, further expand the complex application scenarios applicable to this solution to obtain better universality. Exemplarily, in some embodiments of the present invention, the number of subjects with subsidiary verification certificates does not exceed 3 or does not exceed 5, and specific modifications can be made according to changes in actual application scenario requirements.
相似的,若签名工具向与第二主体关联的第二终端颁发应用程序验签证书,控制方法还包括基于第二主体的申请操作,根据应用程序验签证书向与一个或多个第三主体关联的一个或多个第三终端颁发附属验签证书,其中,在第二终端被允许通过应用程序验签证书在设备中安装经过验签后的应用程序的同时,一个或多个第三终端也被允许通过附属验签证书在设备中安装经过验签后的应用程序。这意味着,在设备的直接购买用户并非需要在设备中安装应用程序的主体时,通过经申请由签名工具向第二主体颁发应用程序验签证书,第一主体将证书颁发的控制权转移至第二主体,由此,当第二主体在使用设备的过程中,有了向其他的主体(运营伙伴)许可安装应用程序的需求时,可以经申请向其他的主体颁发附属验签证书,并由此实现更复杂的应用场景。Similarly, if the signature tool issues an application verification certificate to the second terminal associated with the second subject, the control method further includes, based on the application operation of the second subject, sending the application verification certificate to one or more third subjects The associated one or more third terminals issue a subsidiary verification certificate, wherein, while the second terminal is allowed to install the verified application in the device through the application verification certificate, the one or more third terminals It is also allowed to install authenticated applications on the device through the attached authentication certificate. This means that when the direct purchaser of the device is not the subject who needs to install the application in the device, the first subject transfers the control of certificate issuance to The second subject, therefore, when the second subject has a need to allow other subjects (operating partners) to install applications during the process of using the device, it can issue a subsidiary verification certificate to other subjects upon application, and This enables more complex application scenarios.
为了更好的解释上述的证书颁发逻辑,图2示出了在本发明的一实施例中,针对一具有身份验签证书C1的主体以及两个设备21和22颁发证书的逻辑示意图。示例性的根据图2,各层级的证书按照箭头所示由上至下层级顺序由依次说明如下。In order to better explain the above certificate issuing logic, FIG. 2 shows a schematic diagram of issuing certificates for a subject with an identity verification certificate C1 and two devices 21 and 22 in an embodiment of the present invention. Exemplarily, according to FIG. 2 , the certificates of each level are described as follows sequentially from top to bottom as indicated by the arrows.
1)根证书:位于证书链最顶端,用于验签下级的证书,内置在设备的固件程序中,可以设置为不可删除和屏蔽;1) Root certificate: located at the top of the certificate chain, used to verify the lower-level certificate, built in the firmware program of the device, and can be set as undeletable and shielded;
2)二级证书:由根证书私钥颁发,用于验签下级的证书,与根证书相似的,二级证书内置在设备的固件程序中,也可以设置为不可删除和屏蔽;2) Secondary certificate: Issued by the private key of the root certificate, it is used to verify the lower-level certificates. Similar to the root certificate, the secondary certificate is built into the firmware program of the device, and can also be set as undeletable and shielded;
3)身份验签证书C1:由二级证书的私钥颁发,用于验签下级的证书,根据本发明的设定,同一设备中只允许存在一个C1;3) Identity verification certificate C1: issued by the private key of the secondary certificate and used to verify the lower-level certificate. According to the setting of the present invention, only one C1 is allowed in the same device;
4)应用程序验签证书C2:由C1的私钥颁发,用于验签下级的证书以及拥有C2的主体想要在设备中安装的应用程序;以及4) Application verification certificate C2: issued by the private key of C1, it is used to verify the lower-level certificate and the application program that the subject who owns C2 wants to install in the device; and
5)附属验签证书C2sub:由C2的私钥颁发,用于验签拥有C2sub的主体想要在设备中安装的应用程序。5) Subsidiary verification certificate C2sub: Issued by the private key of C2, it is used to verify the application program that the subject who owns C2sub wants to install in the device.
根据图2可以看出的是,第一主体可以在不同的设备中均部署下级的证书,同一个C1的私钥可以颁发多个C2,但是对于同一个设备仅允许存在一个C2。具体的,对于设备21和设备22,各自均具有独立的C2,但是这两个C2均可以由同一个第一主体对应的C1颁发。另一方面,针对同一个设备C2sub可以有一个或多个,本发明不对此做出限制。如此设定的原因和更多的细节在上文中已经详细说明,在此不再赘述。It can be seen from FIG. 2 that the first subject can deploy lower-level certificates in different devices, and the same private key of C1 can issue multiple C2s, but only one C2 is allowed for the same device. Specifically, each of the device 21 and the device 22 has an independent C2, but the two C2s can be issued by the corresponding C1 of the same first subject. On the other hand, there may be one or more C2subs for the same device, which is not limited in the present invention. The reasons for such setting and more details have been described in detail above, and will not be repeated here.
由图2可以清楚的看出,本发明的控制方法将设备使用的具体场景做了详细的调查和研究,并设计了适用于多种复杂场景的如图2所示的证书层级。在严格保证安全性的同时,拓展了现有技术对于同一设备中多主体安装应用程序的可行性。It can be clearly seen from Fig. 2 that the control method of the present invention has made detailed investigation and research on specific scenarios of equipment use, and designed a certificate hierarchy as shown in Fig. 2 applicable to various complex scenarios. While strictly ensuring security, it expands the feasibility of existing technologies for multi-agent installation applications in the same device.
进一步的,为了更全面的覆盖设备从出厂到使用全过程中可能产生的不同主体对于同一设备中安装应用程序的需求,在本发明的一些实施例中,本发明的控制方法还包括由与第零主体关联的第零终端在设备中配置根证书、或根证书和根据根证书颁发的二级证书,并在设备中配置根据根证书或二级证书颁发的初始验签证书,第零终端被允许通过初始验签证书在出厂前的设备中安装经过验签后的应用程序。示例性的,上述第零主体在本发明的一些实施例中可以是设备的生产/出产厂商。Furthermore, in order to more comprehensively cover the needs of different subjects for installing application programs in the same device that may be generated during the whole process of the device from factory to use, in some embodiments of the present invention, the control method of the present invention also includes a combination with the first The zeroth terminal associated with the zero subject configures the root certificate, or the root certificate and the secondary certificate issued based on the root certificate in the device, and configures the initial verification certificate issued based on the root certificate or the secondary certificate in the device, and the zeroth terminal is Allows installation of authenticated apps on pre-shipment devices via initial authentication certificates. Exemplarily, in some embodiments of the present invention, the above-mentioned zeroth subject may be the manufacturer/manufacturer of the equipment.
为了更好的说明在这样的实施例中本方案实现的原理逻辑,下面参照图3,对具有第零主体、第一主体、第二主体以及第三主体的实施例的实现原理做出进一步说明。In order to better illustrate the principle and logic of this solution in such an embodiment, the implementation principle of the embodiment with the zeroth subject, the first subject, the second subject and the third subject will be further explained below with reference to Figure 3 .
根据图3,根据设备从出厂到使用以及使用的不同时间节点,按照从阶段S1~S3 的顺序进行说明。首先,在阶段S1,设备出厂前,由厂商所在的第零终端在设备的固件程序中安装根证书和二级证书。同时,考虑到厂商在设备中安装应用程序的需求,在此阶段S1中,可以由厂商通过其所在的终端申请初始验签证书,并通过该初始验签证书在设备中安装经过验签后的应用程序。为了更好的理解本方案,也可以将处于阶段S1中的设备认为是“厂商模式”。此时的设备中应用程序的安装权限被厂商所控制。According to FIG. 3 , according to different time nodes from factory to use and use of the equipment, the description will be made in the order from stages S1 to S3. First, in stage S1, before the device leaves the factory, the zeroth terminal where the manufacturer is located installs the root certificate and the secondary certificate in the firmware program of the device. At the same time, considering the requirement of the manufacturer to install the application program in the device, in this stage S1, the manufacturer can apply for the initial verification certificate through the terminal where the manufacturer is located, and install the verified certificate in the device through the initial verification certificate. application. For a better understanding of this solution, the devices in stage S1 can also be considered as "manufacturer mode". At this time, the installation authority of the application program in the device is controlled by the manufacturer.
进一步的,当设备交付给购买用户使用时,若此时用户产生了要在设备中安装应用程序的需求,则进入到阶段S2。按照上述参照图1和图2说明的,由第一主体(购买用户)经过申请后获得身份验签证书C1,并由此赋予了第一主体再次颁发下一级证书(分配设备中应用程序安装权限的控制权)的功能。由于在此阶段S2中,并没有涉及在设备中通过合法证书安装应用程序的步骤,因此可以简单理解阶段S2为“中间模式”,其主要的作用是为了向设备的购买用户(即第一主体)颁发身份验签证书C1以对其赋予安装权限的控制权。自此,第一主体可以根据其实际应用场景的需要而向其自己或者其他主体颁发下一级的证书,从而为在设备中安装应用程序提供合法可靠的渠道。Further, when the device is delivered to the purchasing user, if the user has a demand for installing an application program in the device at this time, then enter into stage S2. According to the above description with reference to Figure 1 and Figure 2, the first subject (purchasing user) obtains the identity verification certificate C1 after applying, and thus gives the first subject to reissue the next-level certificate (application program installed in the distribution device) Permission control) function. Since this stage S2 does not involve the steps of installing the application program in the device through a legal certificate, it can be simply understood that the stage S2 is an "intermediate mode", and its main function is to provide the purchaser of the device (that is, the first subject) ) issues the authentication certificate C1 to give it control over the installation permissions. From then on, the first subject can issue a lower-level certificate to itself or other subjects according to the needs of its actual application scenarios, thereby providing a legal and reliable channel for installing applications in the device.
最后,在设备中安装应用程序的实际使用过程中,根据应用场景需求的不同,可以以是否包含附属验签证书C2sub分为单证书模式和多证书模式。也即,拥有应用程序验签证书C2的第一主体或第二主体如想要进一步向除自身外的其他主体(如第三主体)颁发附属验签证书C2sub,则设备可以被认为是多证书模式,否则是单证书模式。而当拥有应用程序验签证书C2的主体想要收回其他主体的对设备安装应用程序的权限,由于其拥有的证书层级相对于附属验签证书C2sub的层级更高,还可以吊销颁发的C2sub,从而使设备灵活的在单证书模式和多证书模式之间切换。Finally, in the actual use process of installing the application program in the device, according to the different requirements of the application scenario, it can be divided into single-certificate mode and multi-certificate mode depending on whether the auxiliary verification certificate C2sub is included. That is, if the first subject or the second subject that owns the application verification certificate C2 wants to further issue a subsidiary verification certificate C2sub to other subjects (such as a third subject) other than itself, the device can be considered as a multi-certificate mode, otherwise it is single-certificate mode. And when the subject who owns the application verification certificate C2 wants to withdraw the authority of other subjects to install the application on the device, since the level of the certificate it owns is higher than that of the subsidiary verification certificate C2sub, it can also revoke the issued C2sub. In this way, the device can flexibly switch between single-certificate mode and multi-certificate mode.
相似的,为了更好的保证在具有第零主体的方案中设备安装程序权限控制的安全性,在这样的实施例中,在颁发身份验签证书后,使初始验签证书失效,且在颁发应用程序验签证书后,使身份验签证书失效。参照图3,也即在从阶段S1步入阶段S2后,第零主体的初始验签证书失效,而在由阶段S2步入阶段S3后,身份验签证书C1也失效,此时仅具有应用程序验签证书C2和附属验签证书C2sub的主体所在终端,才具有在设备中合法安装应用程序的资格。Similarly, in order to better ensure the security of the device installation program authority control in the scheme with the zeroth subject, in such an embodiment, after the identity verification certificate is issued, the initial verification certificate is invalidated, and after issuing the application After the program verifies the certificate, invalidate the identity verification certificate. Referring to Figure 3, that is, after entering stage S2 from stage S1, the initial verification certificate of the zeroth subject becomes invalid, and after entering stage S3 from stage S2, the identity verification certificate C1 also becomes invalid. Only the terminal where the subject of the program verification certificate C2 and the subsidiary verification certificate C2sub is located has the qualification to legally install the application program in the device.
通过以上的说明可知,在具有第零主体、第一主体、第二主体和第三主体的实施例中,本发明的控制方法可以全方面覆盖不同主体在同一设备中安装应用程序的需求,各层级的证书层层相扣,根据用户的不同需求灵活的转化不同的证书使用模式,安全性高,可靠性高,且通用性也具有很强大的优势。It can be seen from the above description that in the embodiment with the zeroth subject, the first subject, the second subject and the third subject, the control method of the present invention can fully cover the needs of different subjects installing application programs in the same device, each Layers of certificates are intertwined, and different certificate usage modes can be flexibly converted according to different needs of users. It has high security, high reliability, and has a strong advantage in versatility.
更具体的,参照图3,本发明的签名工具有完整的账号管理体系,对于不同主体可以有不同的签名和颁发证书的权限。示例性的,以本发明一实施例为例,C1公钥和私钥都是由签名工具生成的,二级证书私钥颁发C1公钥证书,过程是二级证书私钥对C1公钥签名后生成C1公钥证书;C2公钥和私钥都是由签名工件生成的,C1私钥颁发C2公钥证书,过程是签名工具中的C1私钥私钥对C2公钥签名后生成C2公钥证书;C2sub公钥和私钥都是由签名工具生成的,C2私钥颁发C2sub公钥证书,过程是FSK中的C2私钥对C2sub公钥签名后生成C2sub公钥证书。More specifically, referring to FIG. 3 , the signature tool of the present invention has a complete account management system, and different subjects may have different authority to sign and issue certificates. Exemplarily, taking an embodiment of the present invention as an example, both the C1 public key and private key are generated by the signature tool, and the private key of the secondary certificate issues the C1 public key certificate. The process is that the private key of the secondary certificate signs the C1 public key After that, the C1 public key certificate is generated; the C2 public key and private key are both generated by the signature artifact, and the C1 private key issues the C2 public key certificate. Key certificate; C2sub public key and private key are generated by the signature tool, and the C2 private key issues the C2sub public key certificate. The process is to generate the C2sub public key certificate after the C2 private key in the FSK signs the C2sub public key.
因此,在本发明的一些实施例中,若签名工具向与第二主体关联的第二终端颁发应用程序验签证书C2,在向第一终端颁发身份验签证书C1之前,还包括在第一终端中部署第一签名工具,第一终端适于通过签名工具管理用于验签应用程序验签证书C2的密钥,且第二终端也适于通过第一签名工具管理用于验签应用程序和附属验签证书C2sub的密钥。这意味着,在这样的实施例中,第二终端的密钥管理托管至第一终端对应的第一签名工具,省去了在第二终端中重新部署签名工具的工作任务。但是本发明不以此为限。Therefore, in some embodiments of the present invention, if the signature tool issues the application program verification certificate C2 to the second terminal associated with the second subject, before issuing the identity verification certificate C1 to the first terminal, the first Deploy the first signature tool in the terminal, the first terminal is suitable for managing the key for the signature verification application program verification certificate C2 through the signature tool, and the second terminal is also suitable for managing the signature verification application program through the first signature tool and the key of the subsidiary verification certificate C2sub. This means that in such an embodiment, the key management of the second terminal is entrusted to the first signature tool corresponding to the first terminal, which saves the work task of redeploying the signature tool in the second terminal. But the present invention is not limited thereto.
相对应的,在本发明的一些其他的实施例中,第二主体对应的第二终端也可以自己部署签名工具并独立的管理密钥。示例性的,在这样的方案中,在向第一终端颁发身份验签证书之前,还包括在第一终端中部署第一签名工具,第一终端适于通过第一签名工具管理用于验签应用程序验签证书的密钥;以及在向第二终端颁发应用程序验签证书之前,还包括在第二终端中部署第二签名工具,第二终端适于通过第二签名工具管理用于验签应用程序和附属验签证书的密钥。Correspondingly, in some other embodiments of the present invention, the second terminal corresponding to the second subject may also deploy a signature tool by itself and independently manage keys. Exemplarily, in such a solution, before issuing the identity verification certificate to the first terminal, it also includes deploying a first signature tool in the first terminal, and the first terminal is suitable for managing the signature verification through the first signature tool The key of the application program verification certificate; and before issuing the application program verification certificate to the second terminal, it also includes deploying a second signing tool in the second terminal, and the second terminal is suitable for managing through the second signing tool The key to sign the application and the accompanying verification certificate.
为了更好的说明本发明控制方法的实用性,示例性的,在本发明的一些实施例中,还包括拥有应用程序验签证书的第一终端或第二终端通过应用程序验签证书在设备中安装经过验签后的应用程序,具体包括如下步骤:由第一终端或第二终端向签名工具提交待签名文件;通过签名工具使用相对应的密钥对待签名文件签名,其中,待签名文件中包含待安装的应用程序的信息;向第一终端或第二终端返回签 名后的文件;第一终端或第二终端通过网络上传应用程序验签证书和签名后的文件,且设备通过网络下载验签证书和签名后的文件;以及在设备中安装应用程序验签证书,利用应用程序验签证书验证签名后的文件的合法性,若合法则在设备中安装签名后的文件中包含的应用程序。In order to better illustrate the practicability of the control method of the present invention, as an example, in some embodiments of the present invention, it also includes that the first terminal or the second terminal having the application verification certificate passes the application verification certificate on the device The installation of the application program after signature verification includes the following steps: submit the file to be signed to the signature tool by the first terminal or the second terminal; use the corresponding key to sign the file to be signed by the signature tool, wherein the file to be signed contains the information of the application program to be installed; returns the signed file to the first terminal or the second terminal; the first terminal or the second terminal uploads the application verification certificate and the signed file through the network, and the device downloads it through the network Verify the certificate and the signed file; and install the application verification certificate in the device, use the application verification certificate to verify the legitimacy of the signed file, and if it is legal, install the application contained in the signed file on the device program.
与上述的设备中应用程序安装权限的控制方法相对应的,参照图4,本发明的另一方面还提出了一种设备中应用程序安装权限的控制***40(一下简称“控制***40”),该设备中具有根证书、或根证书和根据根证书颁发的二级证书。控制***40主要包括签名工具400、第一终端41、第二终端42、第三终端43、第零终端44。Corresponding to the above-mentioned method for controlling application program installation authority in a device, referring to FIG. 4 , another aspect of the present invention also proposes a control system 40 for application program installation authority in a device (hereinafter referred to as "control system 40") , the device has a root certificate, or a root certificate and a secondary certificate issued based on the root certificate. The control system 40 mainly includes a signature tool 400 , a first terminal 41 , a second terminal 42 , a third terminal 43 , and a zeroth terminal 44 .
具体的,第一终端41、第二终端42各自与唯一的第一主体和唯一的第二主体关联,第三终端43可以有一个或多个。其中,签名工具400配置为响应于第一终端41发出的请求,根据根证书或二级证书向第一终端41颁发与第一主体对应的身份验签证书。进一步的,签名工具400还配置为,基于申请的操作,根据身份验签证书向与第一终端41或与唯一的第二主体关联的第二终端42颁发应用程序验签证书,其中,拥有应用程序验签证书的第一终端41或第二终端42被允许通过应用程序验签证书在设备中安装经过验签后的应用程序。Specifically, each of the first terminal 41 and the second terminal 42 is associated with a unique first subject and a unique second subject, and there may be one or more third terminals 43 . Wherein, the signature tool 400 is configured to issue an identity verification certificate corresponding to the first subject to the first terminal 41 according to the root certificate or the secondary certificate in response to the request sent by the first terminal 41 . Further, the signing tool 400 is also configured to, based on the operation of the application, issue an application verification certificate to the second terminal 42 associated with the first terminal 41 or the unique second subject according to the identity verification certificate, wherein the owner of the application The first terminal 41 or the second terminal 42 of the program verification certificate is allowed to install the verified application in the device through the application verification certificate.
如图4所示,控制***中包括一个或多个与第三主体关联的第三终端43,其中,在这样的实施例中,若签名工具向与第一主体关联的第一终端41颁发应用程序验签证书,签名工具400还配置为,基于第一主体的申请操作,根据应用程序验签证书向与第二主体关联的第二终端42、或第二终端42和与一个或多个第三主体关联的一个或多个第三终端43颁发附属验签证书,其中,在第一终端41被允许通过应用程序验签证书在设备中安装经过验签后的应用程序的同时,第二终端42、或第二终端42和第三终端43也适于通过附属验签证书在设备中安装经过验签后的应用程序。而若签名工具400向与第二主体关联的第二终端42颁发应用程序验签证书,签名工具400还配置为,基于第二主体的申请操作,根据应用程序验签证书向与一个或多个第三主体关联的一个或多个第三43终端颁发附属验签证书,其中,在第二终端42被允许通过应用程序验签证书在设备中安装经过验签后的应用程序的同时,一个或多个第三终端43也被允许通过附属验签证书在设备中安装经过验签后的应用程序。As shown in FIG. 4 , the control system includes one or more third terminals 43 associated with the third subject, wherein, in such an embodiment, if the signature tool issues an application to the first terminal 41 associated with the first subject The program verifies the certificate, and the signature tool 400 is further configured to, based on the application operation of the first subject, verify the certificate according to the application program to the second terminal 42 associated with the second subject, or the second terminal 42 and one or more third parties One or more third terminals 43 associated with the three subjects issue a subsidiary verification certificate, wherein, while the first terminal 41 is allowed to install the verified application in the device through the application verification certificate, the second terminal 42, or the second terminal 42 and the third terminal 43 are also suitable for installing the verified application program in the device through the attached verification certificate. And if the signing tool 400 issues an application verification certificate to the second terminal 42 associated with the second subject, the signing tool 400 is also configured to, based on the application operation of the second subject, send the application verification certificate to one or more One or more third 43 terminals associated with the third subject issue a subsidiary verification certificate, wherein, when the second terminal 42 is allowed to install the verified application in the device through the application verification certificate, one or A plurality of third terminals 43 are also allowed to install verified applications in the device through the attached verification certificate.
最后,在控制***40中,还包括与第零主体关联的第零终端44,第零终端44配置为在设备中配置根证书、或根证书和根据根证书颁发的二级证书,第零终端44还配置未在设备中配置根据根证书或二级证书颁发的初始验签证书,第零终端44被允许通过初始验签证书在出厂前的设备中安装经过验签后的应用程序。Finally, in the control system 40, a zeroth terminal 44 associated with the zeroth subject is also included, and the zeroth terminal 44 is configured to configure a root certificate, or a root certificate and a secondary certificate issued according to the root certificate in the device, and the zeroth terminal 44 is also configured not to configure the initial verification certificate issued by the root certificate or secondary certificate in the device, and the zeroth terminal 44 is allowed to install the verified application program in the device before leaving the factory through the initial verification certificate.
可以理解的是,在图4示出的实施例中,具有完整的第零终端、第一终端、第二终端和一个或多个第三终端,但是可以理解的是,参照上文关于控制方法的说明,在本发明的方案中,在某些设备的使用模式下,可以不具有第三终端或第二终端。关于控制***40的其他细节可以参考上述关于控制方法部分的说明,在此不再赘述。It can be understood that, in the embodiment shown in FIG. 4 , there is a complete zeroth terminal, a first terminal, a second terminal and one or more third terminals, but it can be understood that referring to the control method described above Note, in the solution of the present invention, in some usage modes of the device, there may not be a third terminal or a second terminal. For other details about the control system 40, reference may be made to the above-mentioned description about the control method, which will not be repeated here.
本发明的设备中应用程序安装权限的控制方法和控制***目标在于抽象设备生产商、设备购买客户和设备运营者等不同主体需求,建立一种基于PKI(Public Key Infrastructure)规范的应用程序安全权限差异化管理方案,将方案设计统一、管理标准统一,对生产商、购买客户和运营者等主体来说,既满足了复杂的应用场景的需要,又降低了生产成本和运营成本。The purpose of the control method and control system for application program installation authority in equipment in the present invention is to abstract the requirements of different subjects such as equipment manufacturers, equipment purchasers, and equipment operators, and to establish an application program security authority based on the PKI (Public Key Infrastructure) specification The differentiated management scheme unifies scheme design and management standards. For manufacturers, purchasers, and operators, it not only meets the needs of complex application scenarios, but also reduces production and operating costs.
在现有技术中,虽然对于同一设备允许多个用户同时使用进行了一些改进,但是往往无法针对设备使用过程中所涉及的所有主体进行有针对性的、且较为完整的权限控制方案。特别的,相较于现有技术,本发明的方案可以满足一台设备同时允许多个运营者同时拥有应用安装权限控制权,但应用市场和应用签名私钥相互独立的场景,这对于简单和传统的证书设计模式是无法实现的。并且,本发明改进了证书层次过多,证书之间关系、证书与客户或者运营者关系复杂,管理难度大的问题。本方案仅通过2-3级的证书颁发层级,便能满足成百上千种不同应用场景中对于设备中应用程序安装权限的控制要求,普适性很高。In the prior art, although some improvements have been made to allow multiple users to use the same device at the same time, it is often impossible to implement a targeted and relatively complete permission control scheme for all subjects involved in the use of the device. In particular, compared with the prior art, the solution of the present invention can satisfy the scenario where one device allows multiple operators to simultaneously have the right to control the application installation authority, but the application market and the application signature private key are independent of each other. Traditional certificate design patterns are not possible. Moreover, the present invention solves the problems of too many certificate levels, complex relationships among certificates, and complicated relationships between certificates and customers or operators, and difficult management. This solution can meet the control requirements for application installation permissions in devices in hundreds of different application scenarios through only 2-3 levels of certificate issuance, and is highly universal.
需要说明的是,上文中部分实例以POS设备举例,这是因为在POS设备的实际使用场景中,POS设备的购买用户往往具有防切机的需求,尤其POS设备投放到市场上进行交易,安全性也是首先考虑的因素。因此,POS设备是本发明的控制方法和控制***较为理想的应用对象,但是本发明也不以此为限制。任何具有相似或相同需求的设备,均可以采用本发明的控制方法和控制***,本发明的保护范围也不应以所应用的设备对象的具体种类不同而产生变化。It should be noted that some of the above examples use POS equipment as an example. This is because in the actual use scenarios of POS equipment, users of POS equipment often have the need for anti-cutting machines, especially when POS equipment is put on the market for transactions, it is safe. Sex is also a primary consideration. Therefore, the POS device is an ideal application object of the control method and control system of the present invention, but the present invention is not limited thereto. Any equipment with similar or identical requirements can adopt the control method and control system of the present invention, and the scope of protection of the present invention should not vary with the specific types of equipment objects applied.
上文已对基本概念做了描述,显然,对于本领域技术人员来说,上述发明披 露仅仅作为示例,而并不构成对本申请的限定。虽然此处并没有明确说明,本领域技术人员可能会对本申请进行各种修改、改进和修正。该类修改、改进和修正在本申请中被建议,所以该类修改、改进、修正仍属于本申请示范实施例的精神和范围。The basic concepts have been described above, and obviously, for those skilled in the art, the above-mentioned disclosure of the invention is only used as an example, and does not constitute a limitation to the present application. Although not expressly stated here, various modifications, improvements and amendments to this application may be made by those skilled in the art. Such modifications, improvements, and amendments are suggested in this application, so such modifications, improvements, and amendments still belong to the spirit and scope of the exemplary embodiments of this application.
同时,本申请使用了特定词语来描述本申请的实施例。如“一个实施例”、“一实施例”、和/或“一些实施例”意指与本申请至少一个实施例相关的某一特征、结构或特点。因此,应强调并注意的是,本说明书中在不同位置两次或多次提及的“一实施例”或“一个实施例”或“一替代性实施例”并不一定是指同一实施例。此外,本申请的一个或多个实施例中的某些特征、结构或特点可以进行适当的组合。Meanwhile, the present application uses specific words to describe the embodiments of the present application. For example, "one embodiment", "an embodiment", and/or "some embodiments" refer to a certain feature, structure or characteristic related to at least one embodiment of the present application. Therefore, it should be emphasized and noted that two or more references to "an embodiment" or "an embodiment" or "an alternative embodiment" in different places in this specification do not necessarily refer to the same embodiment . In addition, certain features, structures or characteristics of one or more embodiments of the present application may be properly combined.
本申请的一些方面可以完全由硬件执行、可以完全由软件(包括固件、常驻软件、微码等)执行、也可以由硬件和软件组合执行。以上硬件或软件均可被称为“数据块”、“模块”、“引擎”、“单元”、“组件”或“***”。处理器可以是一个或多个专用集成电路(ASIC)、数字信号处理器(DSP)、数字信号处理器件(DAPD)、可编程逻辑器件(PLD)、现场可编程门阵列(FPGA)、处理器、控制器、微控制器、微处理器或者其组合。此外,本申请的各方面可能表现为位于一个或多个计算机可读介质中的计算机产品,该产品包括计算机可读程序编码。例如,计算机可读介质可包括,但不限于,磁性存储设备(例如,硬盘、软盘、磁带……)、光盘(例如,压缩盘CD、数字多功能盘DVD……)、智能卡以及闪存设备(例如,卡、棒、键驱动器……)。Some aspects of the present application may be entirely implemented by hardware, may be entirely implemented by software (including firmware, resident software, microcode, etc.), or may be implemented by a combination of hardware and software. The above hardware or software may be referred to as "block", "module", "engine", "unit", "component" or "system". The processor can be one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DAPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), processors , a controller, a microcontroller, a microprocessor, or a combination thereof. Additionally, aspects of the present application may be embodied as a computer product comprising computer readable program code on one or more computer readable media. For example, computer-readable media may include, but are not limited to, magnetic storage devices (e.g., hard disk, floppy disk, magnetic tape...), optical disks (e.g., compact disk CD, digital versatile disk DVD...), smart cards, and flash memory devices ( For example, cards, sticks, key drives...).
计算机可读介质可能包含一个内含有计算机程序编码的传播数据信号,例如在基带上或作为载波的一部分。该传播信号可能有多种表现形式,包括电磁形式、光形式等等、或合适的组合形式。计算机可读介质可以是除计算机可读存储介质之外的任何计算机可读介质,该介质可以通过连接至一个指令执行***、装置或设备以实现通讯、传播或传输供使用的程序。位于计算机可读介质上的程序编码可以通过任何合适的介质进行传播,包括无线电、电缆、光纤电缆、射频信号、或类似介质、或任何上述介质的组合。A computer readable medium may contain a propagated data signal embodying a computer program code, for example, in baseband or as part of a carrier wave. The propagated signal may take many forms, including electromagnetic, optical, etc., or a suitable combination. The computer-readable medium can be any computer-readable medium, except computer-readable storage media, that can communicate, propagate, or transfer the program for use by being coupled to an instruction execution system, apparatus, or device. Program code on a computer readable medium may be transmitted over any suitable medium, including radio, electrical cables, fiber optic cables, radio frequency signals, or the like, or combinations of any of the foregoing.
同理,应当注意的是,为了简化本申请披露的表述,从而帮助对一个或多个发明实施例的理解,前文对本申请实施例的描述中,有时会将多种特征归并至一个实施例、附图或对其的描述中。但是,这种披露方法并不意味着本申请对象所需要 的特征比权利要求中提及的特征多。实际上,实施例的特征要少于上述披露的单个实施例的全部特征。In the same way, it should be noted that in order to simplify the expression disclosed in the present application and help the understanding of one or more embodiments of the invention, in the foregoing description of the embodiments of the present application, sometimes multiple features are combined into one embodiment, drawings or descriptions thereof. This method of disclosure does not, however, imply that the subject matter of the application requires more features than are recited in the claims. Indeed, embodiment features are less than all features of a single foregoing disclosed embodiment.
一些实施例中使用了描述成分、属性数量的数字,应当理解的是,此类用于实施例描述的数字,在一些示例中使用了修饰词“大约”、“近似”或“大体上”来修饰。除非另外说明,“大约”、“近似”或“大体上”表明所述数字允许有±20%的变化。相应地,在一些实施例中,说明书和权利要求中使用的数值参数均为近似值,该近似值根据个别实施例所需特点可以发生改变。在一些实施例中,数值参数应考虑规定的有效数位并采用一般位数保留的方法。尽管本申请一些实施例中用于确认其范围广度的数值域和参数为近似值,在具体实施例中,此类数值的设定在可行范围内尽可能精确。In some embodiments, numbers describing the quantity of components and attributes are used. It should be understood that such numbers used in the description of the embodiments use the modifiers "about", "approximately" or "substantially" in some examples. grooming. Unless otherwise stated, "about", "approximately" or "substantially" indicates that the stated figure allows for a variation of ±20%. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximations that can vary depending upon the desired characteristics of individual embodiments. In some embodiments, numerical parameters should take into account the specified significant digits and adopt the general digit reservation method. Although the numerical ranges and parameters used in some embodiments of the present application to confirm the breadth of the scope are approximate values, in specific embodiments, such numerical values are set as precisely as practicable.
虽然本申请已参照当前的具体实施例来描述,但是本技术领域中的普通技术人员应当认识到,以上的实施例仅是用来说明本申请,在没有脱离本申请精神的情况下还可作出各种等效的变化或替换,因此,只要在本申请的实质精神范围内对上述实施例的变化、变型都将落在本申请的权利要求书的范围内。Although the present application has been described with reference to the current specific embodiments, those of ordinary skill in the art should recognize that the above embodiments are only used to illustrate the present application, and can also be made without departing from the spirit of the present application. Various equivalent changes or substitutions, therefore, as long as the changes and modifications to the above-mentioned embodiments are within the spirit of the present application, they will all fall within the scope of the claims of the present application.

Claims (12)

  1. 一种设备中应用程序安装权限的控制方法,所述设备中具有根证书、或所述根证书和根据所述根证书颁发的二级证书,其特征在于,包括如下步骤:A method for controlling application program installation authority in a device, wherein the device has a root certificate, or the root certificate and a secondary certificate issued according to the root certificate, characterized in that it includes the following steps:
    签名工具响应于与唯一的第一主体关联的第一终端发出的请求,根据所述根证书或所述二级证书向所述第一终端颁发与所述第一主体对应的身份验签证书;以及The signature tool issues an identity verification certificate corresponding to the first subject to the first terminal according to the root certificate or the secondary certificate in response to a request sent by the first terminal associated with the unique first subject; as well as
    基于申请的操作,所述签名工具根据所述身份验签证书向与所述第一终端或与唯一的第二主体关联的第二终端颁发应用程序验签证书,其中,拥有所述应用程序验签证书的所述第一终端或所述第二终端被允许通过所述应用程序验签证书在所述设备中安装经过验签后的应用程序。Based on the operation of the application, the signing tool issues an application verification certificate to the second terminal associated with the first terminal or with the unique second subject according to the identity verification certificate, wherein the person who owns the application verification certificate The first terminal or the second terminal that issued the certificate is allowed to install the verified application program in the device through the application program verification certificate.
  2. 如权利要求1所述的控制方法,其特征在于,The control method according to claim 1, characterized in that,
    若所述签名工具向与所述第一主体关联的所述第一终端颁发所述应用程序验签证书,所述控制方法还包括基于所述第一主体的申请操作,根据所述应用程序验签证书向与所述第二主体关联的所述第二终端、或所述第二终端和与一个或多个第三主体关联的一个或多个第三终端颁发附属验签证书,其中,在所述第一终端被允许通过所述应用程序验签证书在所述设备中安装经过验签后的应用程序的同时,所述第二终端、或所述第二终端和所述第三终端也适于通过所述附属验签证书在所述设备中安装经过验签后的应用程序。If the signature tool issues the application verification certificate to the first terminal associated with the first subject, the control method further includes, based on the application operation of the first subject, according to the application verification certificate issuing a subsidiary verification certificate to said second terminal associated with said second principal, or said second terminal and one or more third terminals associated with one or more third principals, wherein, in When the first terminal is allowed to verify the certificate through the application program and install the verified application program in the device, the second terminal, or the second terminal and the third terminal also It is adapted to install the authenticated application program in the device through the subsidiary authentication certificate.
  3. 如权利要求1所述的控制方法,其特征在于,The control method according to claim 1, characterized in that,
    若所述签名工具向与所述第二主体关联的所述第二终端颁发所述应用程序验签证书,所述控制方法还包括基于所述第二主体的申请操作,根据所述应用程序验签证书向与一个或多个第三主体关联的一个或多个第三终端颁发附属验签证书,其中,在所述第二终端被允许通过所述应用程序验签证书在所述设备中安装经过验签后的应用程序的同时,所述一个或多个第三终端也被允许通过所述附属验签证书在所述设备中安装经过验签后的应用程序。If the signature tool issues the application verification certificate to the second terminal associated with the second subject, the control method further includes, based on the application operation of the second subject, according to the application verification certificate issuing a subsidiary verification certificate to one or more third terminals associated with one or more third parties, wherein said second terminal is allowed to verify that the certificate is installed in said device by said application Simultaneously with the signed-verified application program, the one or more third terminals are also allowed to install the signed-verified application program in the device through the subsidiary verification certificate.
  4. 如权利要求3所述的控制方法,其特征在于,若所述签名工具向与所述第二主体关联的所述第二终端颁发所述应用程序验签证书,在向所述第一终端颁发所述身份验签证书之前,还包括在所述第一终端中部署第一签名工具,所述第一终端适于通过所述签名工具管理用于验签所述应用程序验签证书的密钥,且所述 第二终端也适于通过所述第一签名工具管理用于验签所述应用程序和所述附属验签证书的密钥。The control method according to claim 3, wherein if the signature tool issues the application program verification certificate to the second terminal associated with the second subject, when issuing the application verification certificate to the first terminal Before the identity verification certificate, it also includes deploying a first signature tool in the first terminal, and the first terminal is adapted to manage a key for verifying the application program verification certificate through the signature tool , and the second terminal is also adapted to manage, through the first signing tool, a key for verifying the application program and the subsidiary verification certificate.
  5. 如权利要求3所述的控制方法,其特征在于,若所述签名工具向与所述第二主体关联的所述第二终端颁发所述应用程序验签证书,还包括:The control method according to claim 3, wherein if the signature tool issues the application verification certificate to the second terminal associated with the second subject, further comprising:
    在向所述第一终端颁发所述身份验签证书之前,还包括在所述第一终端中部署第一签名工具,所述第一终端适于通过所述第一签名工具管理用于验签所述应用程序验签证书的密钥;以及Before issuing the identity verification certificate to the first terminal, it also includes deploying a first signature tool in the first terminal, and the first terminal is adapted to use the first signature tool to manage signature verification the key for the application verification certificate; and
    在向所述第二终端颁发所述应用程序验签证书之前,还包括在所述第二终端中部署第二签名工具,所述第二终端适于通过所述第二签名工具管理用于验签所述应用程序和所述附属验签证书的密钥。Before issuing the application program verification certificate to the second terminal, it also includes deploying a second signature tool in the second terminal, and the second terminal is adapted to manage the A key to sign the application and the accompanying verification certificate.
  6. 如权利要求1所述的控制方法,其特征在于,还包括拥有所述应用程序验签证书的所述第一终端或所述第二终端通过所述应用程序验签证书在所述设备中安装经过验签后的应用程序,具体包括如下步骤:The control method according to claim 1, further comprising installing the first terminal or the second terminal having the application verification certificate in the device through the application verification certificate The application program after signature verification includes the following steps:
    由所述第一终端或所述第二终端向所述签名工具提交待签名文件;submitting the file to be signed to the signing tool by the first terminal or the second terminal;
    通过所述签名工具使用密钥对所述待签名文件签名,其中,所述待签名文件中包含待安装的应用程序的信息;Signing the file to be signed using a key using the signature tool, wherein the file to be signed contains information about the application program to be installed;
    向所述第一终端或所述第二终端返回签名后的文件;returning the signed file to the first terminal or the second terminal;
    所述第一终端或所述第二终端通过网络上传所述应用程序验签证书和所述签名后的文件,且所述设备通过网络下载所述验签证书和所述签名后的文件;以及The first terminal or the second terminal uploads the application verification certificate and the signed file through the network, and the device downloads the verification certificate and the signed file through the network; and
    在所述设备中安装所述应用程序验签证书,利用所述应用程序验签证书验证所述签名后的文件的合法性,若合法则在所述设备中安装所述签名后的文件中包含的应用程序。Install the application verification certificate in the device, use the application verification certificate to verify the legality of the signed file, and if it is legal, install the signed file in the device to include s application.
  7. 如权利要求1~6任一项所述的控制方法,其特征在于,还包括由与第零主体关联的第零终端在所述设备中配置所述根证书、或所述根证书和根据所述根证书颁发的二级证书,并在所述设备中配置根据所述根证书或所述二级证书颁发的初始验签证书,所述第零终端被允许通过所述初始验签证书在出厂前的设备中安装经过验签后的应用程序。The control method according to any one of claims 1-6, further comprising configuring the root certificate in the device by the zeroth terminal associated with the zeroth subject, or the root certificate and the The secondary certificate issued by the above-mentioned root certificate, and the initial verification certificate issued according to the root certificate or the secondary certificate is configured in the device, and the zeroth terminal is allowed to pass the initial verification certificate when leaving the factory Install the verified application on the previous device.
  8. 如权利要求1所述的控制方法,其特征在于,在颁发所述应用程序验签 证书后,使所述身份验签证书失效。The control method according to claim 1, characterized in that, after the application program verification certificate is issued, the identity verification certificate is invalidated.
  9. 如权利要求7所述的控制方法,其特征在于,在颁发所述身份验签证书后,使所述初始验签证书失效,且在颁发所述应用程序验签证书后,使所述身份验签证书失效。The control method according to claim 7, wherein after the identity verification certificate is issued, the initial verification certificate is invalidated, and after the application verification certificate is issued, the identity verification certificate is invalidated. invalidated.
  10. 一种设备中应用程序安装权限的控制***,所述设备中具有根证书、或所述根证书和根据所述根证书颁发的二级证书,其特征在于,包括:A control system for application program installation permissions in a device, wherein the device has a root certificate, or the root certificate and a secondary certificate issued according to the root certificate, characterized in that it includes:
    签名工具,signature tool,
    与唯一的第一主体关联的第一终端、或所述第一终端和与唯一的第二主体关联的第二终端,其中,A first terminal associated with a unique first subject, or said first terminal and a second terminal associated with a unique second subject, wherein
    所述签名工具配置为响应于所述第一终端发出的请求,根据所述根证书或所述二级证书向所述第一终端颁发与所述第一主体对应的身份验签证书;The signature tool is configured to issue an identity verification certificate corresponding to the first subject to the first terminal according to the root certificate or the secondary certificate in response to a request sent by the first terminal;
    所述签名工具还配置为,基于申请的操作,根据所述身份验签证书向与所述第一终端或与唯一的第二主体关联的第二终端颁发应用程序验签证书,其中,拥有所述应用程序验签证书的所述第一终端或所述第二终端被允许通过所述应用程序验签证书在所述设备中安装经过验签后的应用程序。The signing tool is further configured to, based on the operation of the application, issue an application verification certificate to a second terminal associated with the first terminal or with a unique second subject according to the identity verification certificate, wherein, all The first terminal or the second terminal of the application verification certificate is allowed to install the verified application in the device through the application verification certificate.
  11. 如权利要求10所述的控制***,其特征在于,还包括一个或多个与第三主体关联的第三终端,其中,The control system according to claim 10, further comprising one or more third terminals associated with the third subject, wherein,
    若所述签名工具向与所述第一主体关联的所述第一终端颁发所述应用程序验签证书,所述签名工具还配置为,基于所述第一主体的申请操作,根据所述应用程序验签证书向与所述第二主体关联的所述第二终端、或所述第二终端和与一个或多个第三主体关联的一个或多个第三终端颁发附属验签证书,其中,在所述第一终端被允许通过所述应用程序验签证书在所述设备中安装经过验签后的应用程序的同时,所述第二终端、或所述第二终端和所述第三终端也适于通过所述附属验签证书在所述设备中安装经过验签后的应用程序;If the signing tool issues the application verification certificate to the first terminal associated with the first subject, the signing tool is further configured to, based on the application operation of the first subject, according to the application issuing a program verification certificate to said second terminal associated with said second principal, or said second terminal and one or more third terminals associated with one or more third principals, wherein , while the first terminal is allowed to install the verified application in the device through the application verification certificate, the second terminal, or the second terminal and the third The terminal is also adapted to install the authenticated application in said device by means of said affiliated authentication certificate;
    若所述签名工具向与所述第二主体关联的所述第二终端颁发所述应用程序验签证书,所述签名工具还配置为,基于所述第二主体的申请操作,根据所述应用程序验签证书向与所述一个或多个第三主体关联的一个或多个第三终端颁发所述附属验签证书,其中,在所述第二终端被允许通过所述应用程序验签证书在所述设备中安装经过验签后的应用程序的同时,所述一个或多个第三 终端也被允许通过所述附属验签证书在所述设备中安装经过验签后的应用程序。If the signing tool issues the application verification certificate to the second terminal associated with the second subject, the signing tool is further configured to, based on the application operation of the second subject, according to the application issuing said subsidiary verification certificate to one or more third terminals associated with said one or more third principals, wherein said second terminal is allowed to verify the certificate by said application program While the signed-verified application program is installed in the device, the one or more third terminals are also allowed to install the signed-verified application program in the device through the subsidiary verification certificate.
  12. 如权利要求10或11所述的控制***,其特征在于,还包括与第零主体关联的第零终端,所述第零终端配置为在所述设备中配置所述根证书、或所述根证书和根据所述根证书颁发的二级证书,所述第零终端还配置未在所述设备中配置根据所述根证书或所述二级证书颁发的初始验签证书,所述第零终端被允许通过所述初始验签证书在出厂前的设备中安装经过验签后的应用程序。The control system according to claim 10 or 11, further comprising a zeroth terminal associated with the zeroth subject, the zeroth terminal is configured to configure the root certificate or the root certificate in the device certificate and a secondary certificate issued according to the root certificate, the zeroth terminal is also configured not to configure an initial verification certificate issued according to the root certificate or the secondary certificate in the device, and the zeroth terminal The verified application program is allowed to be installed in the device before leaving the factory through the initial verification certificate.
PCT/CN2022/142897 2022-01-27 2022-12-28 Method for controlling application program installation permissions in device, and control system WO2023142852A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210100301.6A CN114491487A (en) 2022-01-27 2022-01-27 Control method and control system for installation authority of application program in equipment
CN202210100301.6 2022-01-27

Publications (1)

Publication Number Publication Date
WO2023142852A1 true WO2023142852A1 (en) 2023-08-03

Family

ID=81476777

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/142897 WO2023142852A1 (en) 2022-01-27 2022-12-28 Method for controlling application program installation permissions in device, and control system

Country Status (2)

Country Link
CN (1) CN114491487A (en)
WO (1) WO2023142852A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114491487A (en) * 2022-01-27 2022-05-13 上海商米科技集团股份有限公司 Control method and control system for installation authority of application program in equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102064939A (en) * 2009-11-13 2011-05-18 福建联迪商用设备有限公司 Method for authenticating point of sail (POS) file and method for maintaining authentication certificate
CN104753670A (en) * 2013-12-27 2015-07-01 ***股份有限公司 Multi-application safety management system based on an intelligent POS (Point of Sale) terminal and method thereof
CN110362990A (en) * 2019-05-31 2019-10-22 口碑(上海)信息技术有限公司 Using the security processing of installation, apparatus and system
US10728044B1 (en) * 2019-02-22 2020-07-28 Beyond Identity Inc. User authentication with self-signed certificate and identity verification and migration
CN112134711A (en) * 2020-09-24 2020-12-25 深圳市捷诚技术服务有限公司 Safety verification method and device for APK signature information and POS machine
CN112560017A (en) * 2020-12-21 2021-03-26 福建新大陆支付技术有限公司 Method for realizing APK unified signature by using three-level certificate authentication
CN114491487A (en) * 2022-01-27 2022-05-13 上海商米科技集团股份有限公司 Control method and control system for installation authority of application program in equipment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102064939A (en) * 2009-11-13 2011-05-18 福建联迪商用设备有限公司 Method for authenticating point of sail (POS) file and method for maintaining authentication certificate
CN104753670A (en) * 2013-12-27 2015-07-01 ***股份有限公司 Multi-application safety management system based on an intelligent POS (Point of Sale) terminal and method thereof
US10728044B1 (en) * 2019-02-22 2020-07-28 Beyond Identity Inc. User authentication with self-signed certificate and identity verification and migration
CN110362990A (en) * 2019-05-31 2019-10-22 口碑(上海)信息技术有限公司 Using the security processing of installation, apparatus and system
CN112134711A (en) * 2020-09-24 2020-12-25 深圳市捷诚技术服务有限公司 Safety verification method and device for APK signature information and POS machine
CN112560017A (en) * 2020-12-21 2021-03-26 福建新大陆支付技术有限公司 Method for realizing APK unified signature by using three-level certificate authentication
CN114491487A (en) * 2022-01-27 2022-05-13 上海商米科技集团股份有限公司 Control method and control system for installation authority of application program in equipment

Also Published As

Publication number Publication date
CN114491487A (en) 2022-05-13

Similar Documents

Publication Publication Date Title
US10454927B2 (en) Systems and methods for managing relationships among digital identities
TWI744373B (en) Embedding foundational root of trust using security algorithms
KR101215343B1 (en) Method and Apparatus for Local Domain Management Using Device with Local Domain Authority Module
JP4903188B2 (en) Method and apparatus for providing updatable key bindings for a trusted infrastructure partition (TPM)
CN105637915B (en) Method for assigning agent equipment from from the first device registry to the second device registry
CN105556892B (en) System and method for secure communication
US10922385B2 (en) Generating license files in an information handling system
TWI542183B (en) Dynamic platform reconfiguration by multi-tenant service providers
WO2023142852A1 (en) Method for controlling application program installation permissions in device, and control system
CN106462718A (en) Rapid data protection for storage devices
CN101490687A (en) Control system and method using identity objects
TW201423467A (en) Major management apparatus, authorized management apparatus, electronic apparatus for delegation management, and delegation management methods thereof
WO2016137397A2 (en) Multi-tenant cloud based systems and methods for secure semiconductor design-to-release manufacturing workflow and digital rights management
WO2013011902A1 (en) License management device, license management system, license management method, and program
JP2010518499A (en) Method for authenticating access to at least one automated component of an industrial facility
CN101026452B (en) System and method to update certificates in a computer
TW201902179A (en) Know your customer (kyc) data sharing system with privacy and method thereof
WO2012151973A1 (en) License management method and device
TWI699645B (en) Network framework for detection operation and information management method applied thereto
JP2009543210A5 (en)
US11893550B2 (en) System and method for hosting and remotely provisioning a payment HSM by way of out-of-band management
WO2022075563A1 (en) Electronic device for generating and authenticating identification information of hardware device, and operation method thereof
JPWO2015136964A1 (en) License information management apparatus, license information management method, and program
JP2006092382A (en) Method, system and program for managing software license
KR102393537B1 (en) Method and system for managing software license based on trusted execution environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22923637

Country of ref document: EP

Kind code of ref document: A1