[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2016188231A1 - Verification method and apparatus - Google Patents

Verification method and apparatus Download PDF

Info

Publication number
WO2016188231A1
WO2016188231A1 PCT/CN2016/078486 CN2016078486W WO2016188231A1 WO 2016188231 A1 WO2016188231 A1 WO 2016188231A1 CN 2016078486 W CN2016078486 W CN 2016078486W WO 2016188231 A1 WO2016188231 A1 WO 2016188231A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
terminal
server
verification information
verification
Prior art date
Application number
PCT/CN2016/078486
Other languages
French (fr)
Chinese (zh)
Inventor
刘浩
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016188231A1 publication Critical patent/WO2016188231A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity

Definitions

  • This application relates to, but is not limited to, communication technology.
  • the end user can select an application with a security identifier to download through the application store.
  • the application with the security identifier is verified by a digital certificate authority (CA), and the developer is authenticated and issued.
  • CA digital certificate authority
  • the application for the certificate, that is, the application with the security identity is a secure application.
  • an application downloaded by a terminal user from a non-app store channel or an application store without a security identifier may be a non-secure application, and the non-secure application may arbitrarily transmit the information stored in the terminal device, thereby causing the terminal device to Less secure.
  • This document provides a verification method and device to improve the security of the terminal device.
  • a verification method that includes:
  • the application is installed to the terminal according to the verification information.
  • the method further includes:
  • the determining whether to install the application includes:
  • the application is closed while the network permissions of the application are closed.
  • the method further includes:
  • the unverified application including at least the application
  • the verification information of the application is acquired by the second server according to the application.
  • the verification information includes:
  • a public key corresponding to the application the public key being used to install the application to a terminal.
  • a verification device comprising:
  • a first obtaining module configured to: acquire an application from the first server
  • a second obtaining module configured to: obtain, according to the application, verification information of the application by using a second server;
  • the processing module is configured to: install the application to the terminal according to the verification information.
  • the processing module is further configured to: determine whether the terminal is connected to the network; if yes, notify the second obtaining module to execute, according to the application, the verification information of the application by using the second server If not, then determine if the application is installed.
  • processing module is further configured to: if it is determined to install the application, close the network permission of the application while installing the application.
  • the processing module is further configured to: determine that the terminal is connected to a network; acquire an unverified application, the unverified application includes at least the application; send prompt information to the terminal, The prompt information is used to prompt whether to verify the unverified application; if the unverified application is verified, notifying the second obtaining module to execute, according to the application, acquiring the Application verification information.
  • the verification information includes:
  • a public key corresponding to the application the public key being used to install the application to a terminal.
  • a computer readable storage medium storing computer executable instructions for performing the method of any of the above.
  • the embodiment of the present invention includes acquiring an application from a first server, acquiring, according to the application, verification information of the application by using a second server, and installing the application according to the verification information. To the terminal.
  • the security verification of the application by the third party is implemented, thereby ensuring that the application for installing the terminal is safe and reliable, thereby improving the security of the terminal device.
  • FIG. 1 is a schematic flow chart of an embodiment of a verification method according to the present invention.
  • FIG. 2 is a schematic flow chart of an embodiment of a verification method according to the present invention.
  • FIG. 3 is a schematic structural diagram of an embodiment of a verification apparatus according to the present invention.
  • the verification method provided by the embodiment of the present invention may be applied to acquire an application from a first server, And when you are ready to install the app.
  • the verification method provided in this embodiment may be performed by a verification device, which may be integrated in a terminal device or may be separately configured, where the terminal device may be a mobile terminal, a portable android device (Pad) or a computer.
  • the verification device can be implemented in software and/or hardware. The verification method and apparatus provided in this embodiment will be described in detail below.
  • FIG. 1 is a schematic flowchart of an embodiment of a verification method according to the present invention. As shown in FIG. 1 , the verification method provided by the present invention includes:
  • Step 101 Obtain an application from the first server.
  • This embodiment can acquire an application through any channel.
  • Step 102 Acquire, according to the application, verification information of the application by using a second server.
  • the second server in this embodiment may be a server disposed in the cloud, where the second server is not the same server as the first server.
  • the verification information is information about the reliability and security of the application, and the verification information may include, for example, developer information for developing the application, a public key to install the application, or at least an application name. One or a combination thereof.
  • Step 103 Install the application to the terminal according to the verification information.
  • the authentication information obtained by a third party that is, a server that does not issue the application
  • the verification information includes information about the reliability and security of the application, and the security of the application can be determined through
  • the public key included in the verification information can be installed to the terminal.
  • the application is acquired from the first server; according to the application, the verification information of the application is acquired by the second server; and the application is installed to the terminal according to the verification information. .
  • the security verification of the application by the third party is implemented, thereby ensuring that the application for installing the terminal is safe and reliable, thereby improving the security of the terminal device.
  • the method further includes:
  • the terminal may send a prompt message to install the application.
  • the network permission of the application is closed while the application is installed, or the terminal is connected to the network, and the second server is executed according to the application. Obtain verification information for the application.
  • the method further includes:
  • the unverified application including at least the application
  • the verification information of the application is acquired by the second server according to the application.
  • a public key corresponding to the application the public key being used to install the application to a terminal.
  • the application installation needs to obtain the NetworkInfo object through the Connectivity Manager object, and then, through the State, determine whether the network is available. If the network connection is not available, the user is prompted to cancel the installation or cancel the application network function to continue the installation. If the user chooses to cancel the application network function to continue the installation, the Package Manager Service cancels the extracted android.permission.INTERNET when the application is installed, restricts the application access network function to prevent leakage of data, and records the unverified application information. Implement Receiver to obtain CONNECTIVITY_ACTION. After judging that the network connection is available, query whether there are still unchecked applications, and prompt the user to verify these applications.
  • the system obtains the application developer and the application name, and obtains the corresponding public key through the system specified cloud. Signify the application against the public key. After the verification is successful, the user is prompted to apply the developer and the application name, and the application network permission is activated. If the verification fails, the user is prompted to uninstall the application. If the network connection is available, go directly to the public key for verification process.
  • the verification method provided by the embodiment of the present invention includes:
  • Step 201 Obtain an application from the first server.
  • This embodiment can acquire an application through any channel.
  • Step 202 Determine whether the terminal is connected to a network.
  • step 203 is performed; if yes, step 208 is performed.
  • Step 203 Determine whether the application is installed.
  • step 204 If yes, go to step 204. If no, cancel the installation of the application.
  • Step 204 Close the network permission of the application while installing the application.
  • the application is closed while the network permissions of the application are closed.
  • Step 205 Determine that the terminal is connected to a network.
  • Step 206 Acquire an unverified application.
  • the unverified application is an application that has been installed at the terminal but has not been verified.
  • the unverified application includes at least the application, and the unverified application may further include an application that has not been previously verified.
  • Step 207 Determine whether to verify the unverified application.
  • the prompt information is used to prompt whether to verify the unverified application. If it is determined that the unverified application is verified, step 208 is performed, and if it is determined that the unverified application is not verified, the unverified application is uninstalled.
  • Step 208 Acquire, according to the application, verification information of the application by using a second server.
  • the verification information is information about the reliability and security of the application, for example, the test
  • the license information may include at least one or a combination of developer information for developing the application, a public key to install the application, or an application name.
  • Step 209 Determine, according to the verification information, whether the verification is successful. If yes, execute step 210. If the verification fails, cancel the installation according to the verification information and prompt the user.
  • the verification information for example, a public key
  • the application can be installed. If the matching fails, the installation is cancelled and the user is prompted.
  • Step 210 Install the application to the terminal.
  • the security verification of the application by the third party is implemented, thereby ensuring that the application installed to the terminal is safe and reliable, thereby improving the security of the terminal device.
  • the embodiment of the invention further provides a computer readable storage medium storing computer executable instructions for executing the above verification method.
  • FIG. 3 is a schematic structural diagram of an embodiment of a verification apparatus according to the present invention.
  • the verification apparatus provided by the embodiment of the present invention includes: a first acquisition module 31, a second acquisition module 32, and a processing module 33. among them,
  • the first obtaining module 31 is configured to: acquire an application from the first server;
  • the second obtaining module 32 is configured to: obtain, according to the application, the verification information of the application by using the second server;
  • the processing module 33 is configured to: install the application to the terminal according to the verification information.
  • the application is acquired from the first server; according to the application, the verification information of the application is acquired by the second server; and the application is installed to the terminal according to the verification information. .
  • the security verification of the application by the third party is implemented, thereby ensuring that the application for installing the terminal is safe and reliable, thereby improving the security of the terminal device.
  • the processing module 33 is further configured to: determine whether the terminal is connected to the network; if yes, notify the second obtaining module 32 to execute, according to the application, acquire the device through the second server. Describe the verification information of the application; if not, determine whether to install the application Use the program.
  • the processing module 33 is further configured to: if it is determined to install the application, close the network permission of the application while installing the application.
  • the processing module 33 is further configured to: determine that the terminal is connected to a network; acquire an unverified application, the unverified application includes at least the application; and send the terminal to the terminal a prompting information, the prompting information is used to prompt whether to verify the unverified application; if the unverified application is verified, the second obtaining module 32 is notified to execute according to the application, The second server acquires verification information of the application.
  • the verification information includes:
  • a public key corresponding to the application the public key being used to install the application to a terminal.
  • the security verification of the application by the third party is implemented, thereby ensuring that the application installed to the terminal is safe and reliable, thereby improving the security of the terminal device.
  • all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
  • the devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
  • the device/function module/functional unit in the above embodiment When the device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium.
  • the above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
  • the security verification of the application program by the third party is implemented, thereby ensuring that the application program for installing the terminal is safe and reliable, thereby improving the security of the terminal device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Multimedia (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)

Abstract

A verification method and apparatus. The method comprises: acquiring an application program from a first server (101); acquiring, according to the application program, verification information about the application program by means of a second server (102); and installing, according to the verification information, the application program on a terminal (103).

Description

一种验证方法及装置Verification method and device 技术领域Technical field
本申请涉及但不限于通信技术。This application relates to, but is not limited to, communication technology.
背景技术Background technique
随着通信技术的迅猛发展,终端用户可以通过互联网获得很多应用程序,并安装在终端进行使用。With the rapid development of communication technology, end users can obtain many applications through the Internet and install them in the terminal for use.
通常,终端用户可以通过应用商店选择带有安全标识的应用程序进行下载,带有安全标识的应用程序是通过数字证书认证中心(Certificate Authority,简称CA)验证的,开发者真实身份验证并有签发证书的应用程序,也就是说,带有安全标识的应用程序是一种安全的应用程序。Generally, the end user can select an application with a security identifier to download through the application store. The application with the security identifier is verified by a digital certificate authority (CA), and the developer is authenticated and issued. The application for the certificate, that is, the application with the security identity is a secure application.
然而,终端用户从非应用商店的渠道或应用商店下载的不带有安全标识的应用程序可能是非安全应用程序,非安全应用程序可以将终端设备中存储的信息任意发送出去,从而导致终端设备的安全性较低。However, an application downloaded by a terminal user from a non-app store channel or an application store without a security identifier may be a non-secure application, and the non-secure application may arbitrarily transmit the information stored in the terminal device, thereby causing the terminal device to Less secure.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
本文提供了一种验证方法及装置,用以提高终端设备的安全性。This document provides a verification method and device to improve the security of the terminal device.
一种验证方法,包括:A verification method that includes:
从第一服务器获取应用程序;Obtain an application from the first server;
根据所述应用程序,通过第二服务器获取所述应用程序的验证信息;Acquiring the verification information of the application by using the second server according to the application;
根据所述验证信息,将所述应用程序安装到所述终端。The application is installed to the terminal according to the verification information.
可选的,所述根据所述应用程序,通过第二服务器获取所述应用程序的验证信息之前,还包括:Optionally, before the obtaining, by the second server, the verification information of the application, according to the application, the method further includes:
确定所述终端是否连接网络; Determining whether the terminal is connected to the network;
若是,则执行根据所述应用程序,通过第二服务器获取所述应用程序的验证信息;If yes, executing, according to the application, obtaining, by the second server, verification information of the application;
若否,则确定是否安装所述应用程序。If not, it is determined whether the application is installed.
可选的,所述确定是否安装所述应用程序,包括:Optionally, the determining whether to install the application includes:
若确定安装所述应用程序,则安装所述应用程序的同时关闭所述应用程序的网络权限。If it is determined that the application is installed, the application is closed while the network permissions of the application are closed.
可选的,所述安装所述应用程序的同时关闭所述应用程序的网络权限之后,还包括:Optionally, after the installing the application and simultaneously closing the network permission of the application, the method further includes:
确定所述终端与网络连接;Determining that the terminal is connected to a network;
获取未验证应用程序,所述未验证应用程序至少包括所述应用程序;Obtaining an unverified application, the unverified application including at least the application;
向所述终端发送提示信息,所述提示信息用以提示是否对所述未验证应用程序进行验证;Sending prompt information to the terminal, the prompt information being used to prompt whether to verify the unverified application;
若对未验证的所述应用程序进行验证,则执行根据所述应用程序,通过第二服务器获取所述应用程序的验证信息。If the unverified application is verified, the verification information of the application is acquired by the second server according to the application.
可选的,所述验证信息包括:Optionally, the verification information includes:
与所述应用程序对应的公钥,所述公钥用于将所述应用程序安装到终端。A public key corresponding to the application, the public key being used to install the application to a terminal.
一种验证装置,包括:A verification device comprising:
第一获取模块,设置为:从第一服务器获取应用程序;a first obtaining module, configured to: acquire an application from the first server;
第二获取模块,设置为:根据所述应用程序,通过第二服务器获取所述应用程序的验证信息;a second obtaining module, configured to: obtain, according to the application, verification information of the application by using a second server;
处理模块,设置为:根据所述验证信息,将所述应用程序安装到所述终端。The processing module is configured to: install the application to the terminal according to the verification information.
可选的,所述处理模块,还设置为:确定所述终端是否连接网络;若是,则通知所述第二获取模块执行根据所述应用程序,通过第二服务器获取所述应用程序的验证信息;若否,则确定是否安装所述应用程序。Optionally, the processing module is further configured to: determine whether the terminal is connected to the network; if yes, notify the second obtaining module to execute, according to the application, the verification information of the application by using the second server If not, then determine if the application is installed.
可选的,所所述处理模块,还设置为:若确定安装所述应用程序,则安装所述应用程序的同时关闭所述应用程序的网络权限。 Optionally, the processing module is further configured to: if it is determined to install the application, close the network permission of the application while installing the application.
可选的,所述处理模块,还设置为:确定所述终端与网络连接;获取未验证应用程序,所述未验证应用程序至少包括所述应用程序;向所述终端发送提示信息,所述提示信息用以提示是否对所述未验证应用程序进行验证;若对未验证的所述应用程序进行验证,则通知所述第二获取模块执行根据所述应用程序,通过第二服务器获取所述应用程序的验证信息。Optionally, the processing module is further configured to: determine that the terminal is connected to a network; acquire an unverified application, the unverified application includes at least the application; send prompt information to the terminal, The prompt information is used to prompt whether to verify the unverified application; if the unverified application is verified, notifying the second obtaining module to execute, according to the application, acquiring the Application verification information.
可选的,所述验证信息包括:Optionally, the verification information includes:
与所述应用程序对应的公钥,所述公钥用于将所述应用程序安装到终端。A public key corresponding to the application, the public key being used to install the application to a terminal.
一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行上述任一项的方法。A computer readable storage medium storing computer executable instructions for performing the method of any of the above.
与相关技术相比,本发明实施例包括从第一服务器获取应用程序;根据所述应用程序,通过第二服务器获取所述应用程序的验证信息;根据所述验证信息,将所述应用程序安装到所述终端。实现了通过第三方对应用程序进行安全性验证,从而保证了安装该终端的应用程序是安全可靠的,进而提高了终端设备的安全性。Compared with the related art, the embodiment of the present invention includes acquiring an application from a first server, acquiring, according to the application, verification information of the application by using a second server, and installing the application according to the verification information. To the terminal. The security verification of the application by the third party is implemented, thereby ensuring that the application for installing the terminal is safe and reliable, thereby improving the security of the terminal device.
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图概述BRIEF abstract
图1为本发明验证方法一实施例的流程示意图;1 is a schematic flow chart of an embodiment of a verification method according to the present invention;
图2为本发明验证方法二实施例的流程示意图;2 is a schematic flow chart of an embodiment of a verification method according to the present invention;
图3为本发明验证装置一实施例的结构示意图。FIG. 3 is a schematic structural diagram of an embodiment of a verification apparatus according to the present invention.
本发明的实施方式Embodiments of the invention
下文中将结合附图对本发明的实施方式进行详细说明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other.
本发明实施例提供的验证方法可以应用于从第一服务器获取应用程序, 并准备安装该应用程序时。本实施例提供的验证方法可以通过验证装置来执行,该验证装置可以集成在终端设备中,或者单独设置,其中,该终端设备可以是移动终端、平板电脑(portable android device,简称Pad)或计算机,该验证装置可以采用软件和/或硬件的方式来实现。以下对本实施例提供的验证方法及装置进行详细地说明。The verification method provided by the embodiment of the present invention may be applied to acquire an application from a first server, And when you are ready to install the app. The verification method provided in this embodiment may be performed by a verification device, which may be integrated in a terminal device or may be separately configured, where the terminal device may be a mobile terminal, a portable android device (Pad) or a computer. The verification device can be implemented in software and/or hardware. The verification method and apparatus provided in this embodiment will be described in detail below.
图1为本发明验证方法一实施例的流程示意图,如图1所示,本发明提供的验证方法,包括:FIG. 1 is a schematic flowchart of an embodiment of a verification method according to the present invention. As shown in FIG. 1 , the verification method provided by the present invention includes:
步骤101、从第一服务器获取应用程序。Step 101: Obtain an application from the first server.
本实施例可以通过任何渠道获取应用程序。This embodiment can acquire an application through any channel.
步骤102、根据所述应用程序,通过第二服务器获取所述应用程序的验证信息。Step 102: Acquire, according to the application, verification information of the application by using a second server.
本实施例中的第二服务器可以是设置在云端的服务器,其中,第二服务器与上述第一服务器不是同一个服务器。The second server in this embodiment may be a server disposed in the cloud, where the second server is not the same server as the first server.
该验证信息是对该应用程序的可靠性和安全性的信息,举例来讲,该验证信息可以包括开发该应用程序的开发者信息、安装该应用程序的公钥、或者应用程序名称中的至少一项或其组合。The verification information is information about the reliability and security of the application, and the verification information may include, for example, developer information for developing the application, a public key to install the application, or at least an application name. One or a combination thereof.
步骤103、根据所述验证信息,将所述应用程序安装到所述终端。Step 103: Install the application to the terminal according to the verification information.
举例来讲,通过第三方,即非下发该应用程序的服务器获得的验证信息,并且该验证信息包括对该应用程序的可靠性和安全性的信息,可以确定该应用程序的安全性,通过该验证信息中包括的公钥,可以将该应用程序安装到终端。For example, the authentication information obtained by a third party, that is, a server that does not issue the application, and the verification information includes information about the reliability and security of the application, and the security of the application can be determined through The public key included in the verification information can be installed to the terminal.
在本实施例中,通过从第一服务器获取应用程序;根据所述应用程序,通过第二服务器获取所述应用程序的验证信息;根据所述验证信息,将所述应用程序安装到所述终端。实现了通过第三方对应用程序进行安全性验证,从而保证了安装该终端的应用程序是安全可靠的,进而提高了终端设备的安全性。In this embodiment, the application is acquired from the first server; according to the application, the verification information of the application is acquired by the second server; and the application is installed to the terminal according to the verification information. . The security verification of the application by the third party is implemented, thereby ensuring that the application for installing the terminal is safe and reliable, thereby improving the security of the terminal device.
在上述实施例的基础上,所述根据所述应用程序,通过第二服务器获取所述应用程序的验证信息之前,还包括: On the basis of the foregoing embodiment, before the obtaining, by the second server, the verification information of the application, the method further includes:
确定所述终端是否连接网络;Determining whether the terminal is connected to the network;
若是,则执行根据所述应用程序,通过第二服务器获取所述应用程序的验证信息;If yes, executing, according to the application, obtaining, by the second server, verification information of the application;
若否,则确定是否安装所述应用程序。If not, it is determined whether the application is installed.
举例来讲,可以向终端发送是否安装所述应用程序的提示信息。For example, the terminal may send a prompt message to install the application.
若确定安装所述应用程序,则安装所述应用程序的同时关闭所述应用程序的网络权限,或者,将所述终端与网络连接的同时,执行所述根据所述应用程序,通过第二服务器获取所述应用程序的验证信息。If it is determined that the application is installed, the network permission of the application is closed while the application is installed, or the terminal is connected to the network, and the second server is executed according to the application. Obtain verification information for the application.
在上述实施例的基础上,所述安装所述应用程序的同时关闭所述应用程序的网络权限之后,还包括:On the basis of the foregoing embodiment, after the installation of the application program and the closing of the network permission of the application program, the method further includes:
将所述终端与网络连接;Connecting the terminal to a network;
获取未验证应用程序,所述未验证应用程序至少包括所述应用程序;Obtaining an unverified application, the unverified application including at least the application;
向所述终端发送提示信息,所述提示信息用以提示是否对所述未验证应用程序进行验证;Sending prompt information to the terminal, the prompt information being used to prompt whether to verify the unverified application;
若对未验证的所述应用程序进行验证,则执行根据所述应用程序,通过第二服务器获取所述应用程序的验证信息。If the unverified application is verified, the verification information of the application is acquired by the second server according to the application.
本实施例中的验证信息可包括:The verification information in this embodiment may include:
与所述应用程序对应的公钥,所述公钥用于将所述应用程序安装到终端。A public key corresponding to the application, the public key being used to install the application to a terminal.
举例来讲,在终端侧,以Android系统为例,应用程序安装时需要通过Connectivity Manager对象获取NetworkInfo对象,接着,通过State判断网络是否可用。如果网络连接不可用,提示用户是取消安装还是取消应用网络功能继续安装。如果用户选择取消应用网络功能继续安装,则Package Manager Service在安装应用时把提取到的android.permission.INTERNET取消掉,限制应用访问网络功能防止泄露数据,并记录此未经校验的应用信息。实现Receiver获取CONNECTIVITY_ACTION,在判断网络连接可用后,查询是否还有未经校验的应用,并提示用户校验这些应用。用户选择校验应用 后,系统获取应用开发者及应用名称,通过系统指定云端获取对应公钥。根据公钥对应用进行签名验证。校验成功后提示用户应用开发者及应用名称,并开通应用网络权限。如果校验不通过,提示用户卸载应用。如果网络连接可用则直接进入获取公钥进行校验流程。For example, on the terminal side, taking the Android system as an example, the application installation needs to obtain the NetworkInfo object through the Connectivity Manager object, and then, through the State, determine whether the network is available. If the network connection is not available, the user is prompted to cancel the installation or cancel the application network function to continue the installation. If the user chooses to cancel the application network function to continue the installation, the Package Manager Service cancels the extracted android.permission.INTERNET when the application is installed, restricts the application access network function to prevent leakage of data, and records the unverified application information. Implement Receiver to obtain CONNECTIVITY_ACTION. After judging that the network connection is available, query whether there are still unchecked applications, and prompt the user to verify these applications. User selects verification application After that, the system obtains the application developer and the application name, and obtains the corresponding public key through the system specified cloud. Signify the application against the public key. After the verification is successful, the user is prompted to apply the developer and the application name, and the application network permission is activated. If the verification fails, the user is prompted to uninstall the application. If the network connection is available, go directly to the public key for verification process.
图2为本发明验证方法二实施例的流程示意图,如图2所示,本发明实施例提供的验证方法,包括:2 is a schematic flowchart of a second embodiment of the verification method of the present invention. As shown in FIG. 2, the verification method provided by the embodiment of the present invention includes:
步骤201、从第一服务器获取应用程序。Step 201: Obtain an application from the first server.
本实施例可以通过任何渠道获取应用程序。This embodiment can acquire an application through any channel.
步骤202、确定所述终端是否连接网络。Step 202: Determine whether the terminal is connected to a network.
若否,则执行步骤203;若是,则执行步骤208。If no, step 203 is performed; if yes, step 208 is performed.
步骤203、确定是否安装所述应用程序。Step 203: Determine whether the application is installed.
若是,则执行步骤204,若否,则取消安装应用程序。If yes, go to step 204. If no, cancel the installation of the application.
步骤204、安装所述应用程序的同时关闭所述应用程序的网络权限。Step 204: Close the network permission of the application while installing the application.
在网络没有连接的场景下,安装所述应用程序的同时关闭所述应用程序的网络权限。In the scenario where the network is not connected, the application is closed while the network permissions of the application are closed.
步骤205、确定所述终端与网络连接。Step 205: Determine that the terminal is connected to a network.
步骤206、获取未验证应用程序。Step 206: Acquire an unverified application.
在本实施例中,该未验证应用程序是已安装在终端,但未被验证的应用程序。所述未验证应用程序至少包括所述应用程序,所述未验证应用程序还可以包括之前未验证的应用程序。In this embodiment, the unverified application is an application that has been installed at the terminal but has not been verified. The unverified application includes at least the application, and the unverified application may further include an application that has not been previously verified.
步骤207、确定是否对未验证应用程序进行验证。Step 207: Determine whether to verify the unverified application.
向所述终端发送提示信息,所述提示信息用以提示是否对所述未验证应用程序进行验证。若确定对未验证应用程序进行验证,则执行步骤208,若确定不对未验证应用程序进行验证,则卸载该未验证的应用程序。Sending prompt information to the terminal, the prompt information is used to prompt whether to verify the unverified application. If it is determined that the unverified application is verified, step 208 is performed, and if it is determined that the unverified application is not verified, the unverified application is uninstalled.
步骤208、根据所述应用程序,通过第二服务器获取所述应用程序的验证信息。Step 208: Acquire, according to the application, verification information of the application by using a second server.
该验证信息是对该应用程序的可靠性和安全性的信息,举例来讲,该验 证信息可以包括开发该应用程序的开发者信息、安装该应用程序的公钥、或者应用程序名称中的至少一项或其组合。The verification information is information about the reliability and security of the application, for example, the test The license information may include at least one or a combination of developer information for developing the application, a public key to install the application, or an application name.
步骤209、根据所述验证信息,判断是否验证成功,若是,则执行步骤210,若验证失败,则根据所述验证信息,取消安装并提示用户。Step 209: Determine, according to the verification information, whether the verification is successful. If yes, execute step 210. If the verification fails, cancel the installation according to the verification information and prompt the user.
根据所述验证信息(例如公钥)与所述应用程序进行匹配,若匹配成功,则验证成功,可以安装该应用程序,若匹配失败,则取消安装并提示用户。Matching the verification information (for example, a public key) with the application. If the matching is successful, the verification is successful, and the application can be installed. If the matching fails, the installation is cancelled and the user is prompted.
步骤210、将所述应用程序安装到所述终端。Step 210: Install the application to the terminal.
在本实施例中,实现了通过第三方对应用程序进行安全性验证,从而保证了安装到该终端的应用程序是安全可靠的,进而提高了终端设备的安全性。In this embodiment, the security verification of the application by the third party is implemented, thereby ensuring that the application installed to the terminal is safe and reliable, thereby improving the security of the terminal device.
本发明实施例还提供一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行上述验证方法。The embodiment of the invention further provides a computer readable storage medium storing computer executable instructions for executing the above verification method.
图3为本发明验证装置一实施例的结构示意图,如图3所示,本发明实施例提供的验证装置,包括:第一获取模块31、第二获取模块32和处理模块33。其中,FIG. 3 is a schematic structural diagram of an embodiment of a verification apparatus according to the present invention. As shown in FIG. 3, the verification apparatus provided by the embodiment of the present invention includes: a first acquisition module 31, a second acquisition module 32, and a processing module 33. among them,
第一获取模块31,设置为:从第一服务器获取应用程序;The first obtaining module 31 is configured to: acquire an application from the first server;
第二获取模块32,设置为:根据所述应用程序,通过第二服务器获取所述应用程序的验证信息;The second obtaining module 32 is configured to: obtain, according to the application, the verification information of the application by using the second server;
处理模块33,设置为:根据所述验证信息,将所述应用程序安装到所述终端。The processing module 33 is configured to: install the application to the terminal according to the verification information.
在本实施例中,通过从第一服务器获取应用程序;根据所述应用程序,通过第二服务器获取所述应用程序的验证信息;根据所述验证信息,将所述应用程序安装到所述终端。实现了通过第三方对应用程序进行安全性验证,从而保证了安装该终端的应用程序是安全可靠的,进而提高了终端设备的安全性。In this embodiment, the application is acquired from the first server; according to the application, the verification information of the application is acquired by the second server; and the application is installed to the terminal according to the verification information. . The security verification of the application by the third party is implemented, thereby ensuring that the application for installing the terminal is safe and reliable, thereby improving the security of the terminal device.
在上述实施例的基础上,所述处理模块33,还设置为:确定所述终端是否连接网络;若是,则通知所述第二获取模块32执行根据所述应用程序,通过第二服务器获取所述应用程序的验证信息;若否,则确定是否安装所述应 用程序。On the basis of the foregoing embodiment, the processing module 33 is further configured to: determine whether the terminal is connected to the network; if yes, notify the second obtaining module 32 to execute, according to the application, acquire the device through the second server. Describe the verification information of the application; if not, determine whether to install the application Use the program.
在上述实施例的基础上,所述处理模块33,还设置为:若确定安装所述应用程序,则安装所述应用程序的同时关闭所述应用程序的网络权限。On the basis of the foregoing embodiment, the processing module 33 is further configured to: if it is determined to install the application, close the network permission of the application while installing the application.
在上述实施例的基础上,所述处理模块33,还设置为:确定所述终端与网络连接;获取未验证应用程序,所述未验证应用程序至少包括所述应用程序;向所述终端发送提示信息,所述提示信息用以提示是否对所述未验证应用程序进行验证;若对未验证的所述应用程序进行验证,则通知所述第二获取模块32执行根据所述应用程序,通过第二服务器获取所述应用程序的验证信息。On the basis of the foregoing embodiment, the processing module 33 is further configured to: determine that the terminal is connected to a network; acquire an unverified application, the unverified application includes at least the application; and send the terminal to the terminal a prompting information, the prompting information is used to prompt whether to verify the unverified application; if the unverified application is verified, the second obtaining module 32 is notified to execute according to the application, The second server acquires verification information of the application.
在上述实施例的基础上,所述验证信息包括:Based on the foregoing embodiment, the verification information includes:
与所述应用程序对应的公钥,所述公钥用于将所述应用程序安装到终端。A public key corresponding to the application, the public key being used to install the application to a terminal.
在本实施例中,实现了通过第三方对应用程序进行安全性验证,从而保证了安装到该终端的应用程序是安全可靠的,进而提高了终端设备的安全性。In this embodiment, the security verification of the application by the third party is implemented, thereby ensuring that the application installed to the terminal is safe and reliable, thereby improving the security of the terminal device.
本领域普通技术人员可以理解上述实施例的全部或部分步骤可以使用计算机程序流程来实现,所述计算机程序可以存储于一计算机可读存储介质中,所述计算机程序在相应的硬件平台上(如系统、设备、装置、器件等)执行,在执行时,包括方法实施例的步骤之一或其组合。One of ordinary skill in the art will appreciate that all or a portion of the steps of the above-described embodiments can be implemented using a computer program flow, which can be stored in a computer readable storage medium, such as on a corresponding hardware platform (eg, The system, device, device, device, etc. are executed, and when executed, include one or a combination of the steps of the method embodiments.
可选地,上述实施例的全部或部分步骤也可以使用集成电路来实现,这些步骤可以被分别制作成一个个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。Alternatively, all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
上述实施例中的装置/功能模块/功能单元可以采用通用的计算装置来实现,它们可以集中在单个的计算装置上,也可以分布在多个计算装置所组成的网络上。The devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
上述实施例中的装置/功能模块/功能单元以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。上述提到的计算机可读取存储介质可以是只读存储器,磁盘或光盘等。When the device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. The above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
虽然本发明所揭露的实施方式如上,但所述的内容仅为便于理解本发明 而采用的实施方式,并非用以限定本发明。任何本发明所属领域内的技术人员,在不脱离本发明所揭露的精神和范围的前提下,可以在实施的形式及细节上进行任何的修改与变化,但本发明的专利保护范围,仍须以所附的权利要求书所界定的范围为准。Although the embodiments disclosed herein are as above, the description is merely for facilitating understanding of the present invention. The embodiments employed are not intended to limit the invention. Any modification and variation in the form and details of the embodiments may be made by those skilled in the art without departing from the spirit and scope of the invention. The scope defined by the appended claims shall prevail.
工业实用性Industrial applicability
通过本发明实施例,实现了通过第三方对应用程序进行安全性验证,从而保证了安装该终端的应用程序是安全可靠的,进而提高了终端设备的安全性。 Through the embodiment of the invention, the security verification of the application program by the third party is implemented, thereby ensuring that the application program for installing the terminal is safe and reliable, thereby improving the security of the terminal device.

Claims (10)

  1. 一种验证方法,包括:A verification method that includes:
    从第一服务器获取应用程序;Obtain an application from the first server;
    根据所述应用程序,通过第二服务器获取所述应用程序的验证信息;Acquiring the verification information of the application by using the second server according to the application;
    根据所述验证信息,将所述应用程序安装到所述终端。The application is installed to the terminal according to the verification information.
  2. 根据权利要求1所述的方法,其中,所述根据所述应用程序,通过第二服务器获取所述应用程序的验证信息之前,还包括:The method of claim 1, wherein the obtaining, according to the application, the verification information of the application by the second server, further comprises:
    确定所述终端是否连接网络;Determining whether the terminal is connected to the network;
    若是,则执行根据所述应用程序,通过第二服务器获取所述应用程序的验证信息;If yes, executing, according to the application, obtaining, by the second server, verification information of the application;
    若否,则确定是否安装所述应用程序。If not, it is determined whether the application is installed.
  3. 根据权利要求2所述的方法,其中,所述确定是否安装所述应用程序,包括:The method of claim 2, wherein the determining whether to install the application comprises:
    若确定安装所述应用程序,则安装所述应用程序的同时关闭所述应用程序的网络权限。If it is determined that the application is installed, the application is closed while the network permissions of the application are closed.
  4. 根据权利要求3所述的方法,其中,所述安装所述应用程序的同时关闭所述应用程序的网络权限之后,还包括:The method according to claim 3, wherein after the installing the application and simultaneously closing the network permission of the application, the method further comprises:
    确定所述终端与网络连接;Determining that the terminal is connected to a network;
    获取未验证应用程序,所述未验证应用程序至少包括所述应用程序;Obtaining an unverified application, the unverified application including at least the application;
    向所述终端发送提示信息,所述提示信息用以提示是否对所述未验证应用程序进行验证;Sending prompt information to the terminal, the prompt information being used to prompt whether to verify the unverified application;
    若对未验证的所述应用程序进行验证,则执行根据所述应用程序,通过第二服务器获取所述应用程序的验证信息。If the unverified application is verified, the verification information of the application is acquired by the second server according to the application.
  5. 根据权利要求1-4任一项所述的方法,其中,所述验证信息包括:The method of any one of claims 1 to 4, wherein the verification information comprises:
    与所述应用程序对应的公钥,所述公钥用于将所述应用程序安装到终端。 A public key corresponding to the application, the public key being used to install the application to a terminal.
  6. 一种验证装置,包括:A verification device comprising:
    第一获取模块,设置为:从第一服务器获取应用程序;a first obtaining module, configured to: acquire an application from the first server;
    第二获取模块,设置为:根据所述应用程序,通过第二服务器获取所述应用程序的验证信息;a second obtaining module, configured to: obtain, according to the application, verification information of the application by using a second server;
    处理模块,设置为:根据所述验证信息,将所述应用程序安装到所述终端。The processing module is configured to: install the application to the terminal according to the verification information.
  7. 根据权利要求6所述的装置,其中,所述处理模块,还设置为:确定所述终端是否连接网络;若是,则通知所述第二获取模块执行根据所述应用程序,通过第二服务器获取所述应用程序的验证信息;若否,则确定是否安装所述应用程序。The device according to claim 6, wherein the processing module is further configured to: determine whether the terminal is connected to a network; if yes, notify the second obtaining module to perform obtaining by the second server according to the application The verification information of the application; if not, determining whether to install the application.
  8. 根据权利要求7所述的装置,其中,所所述处理模块,还设置为:若确定安装所述应用程序,则安装所述应用程序的同时关闭所述应用程序的网络权限。The apparatus according to claim 7, wherein the processing module is further configured to: if it is determined to install the application, close the network permission of the application while installing the application.
  9. 根据权利要求8所述的装置,其中,所述处理模块,还设置为:确定所述终端与网络连接;获取未验证应用程序,所述未验证应用程序至少包括所述应用程序;向所述终端发送提示信息,所述提示信息用以提示是否对所述未验证应用程序进行验证;若对未验证的所述应用程序进行验证,则通知所述第二获取模块执行根据所述应用程序,通过第二服务器获取所述应用程序的验证信息。The apparatus according to claim 8, wherein the processing module is further configured to: determine that the terminal is connected to a network; acquire an unverified application, the unverified application at least including the application; The terminal sends a prompt message, where the prompt information is used to prompt whether to verify the unverified application; if the unverified application is verified, the second obtaining module is notified to execute according to the application, The verification information of the application is obtained by the second server.
  10. 根据权利要求6-9任一项所述的装置,其中,所述验证信息包括:The apparatus of any one of claims 6-9, wherein the verification information comprises:
    与所述应用程序对应的公钥,所述公钥用于将所述应用程序安装到终端。 A public key corresponding to the application, the public key being used to install the application to a terminal.
PCT/CN2016/078486 2015-10-19 2016-04-05 Verification method and apparatus WO2016188231A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510680660.3A CN106599619A (en) 2015-10-19 2015-10-19 Verification method and device
CN201510680660.3 2015-10-19

Publications (1)

Publication Number Publication Date
WO2016188231A1 true WO2016188231A1 (en) 2016-12-01

Family

ID=57392469

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/078486 WO2016188231A1 (en) 2015-10-19 2016-04-05 Verification method and apparatus

Country Status (2)

Country Link
CN (1) CN106599619A (en)
WO (1) WO2016188231A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106919425A (en) * 2017-02-28 2017-07-04 上海传英信息技术有限公司 A kind of method that application program installs optimization
WO2019214687A1 (en) * 2018-05-09 2019-11-14 BBPOS Limited Terminal hardware configuration system
US11062299B2 (en) 2017-10-24 2021-07-13 BBPOS Limited System and method for indicating entry of personal identification number

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102289633A (en) * 2011-09-02 2011-12-21 广东欧珀移动通信有限公司 Method for managing dynamic permission of application program under Android platform
CN102378170A (en) * 2010-08-27 2012-03-14 中国移动通信有限公司 Method, device and system of authentication and service calling
US20140032350A1 (en) * 2009-11-19 2014-01-30 Adobe Systems Incorporated Method and system for activating a software application while provisioning services for the application
CN104392168A (en) * 2014-11-27 2015-03-04 上海斐讯数据通信技术有限公司 Application program verification method
CN104639506A (en) * 2013-11-13 2015-05-20 中国电信股份有限公司 Terminal and application program installation controlling method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140032350A1 (en) * 2009-11-19 2014-01-30 Adobe Systems Incorporated Method and system for activating a software application while provisioning services for the application
CN102378170A (en) * 2010-08-27 2012-03-14 中国移动通信有限公司 Method, device and system of authentication and service calling
CN102289633A (en) * 2011-09-02 2011-12-21 广东欧珀移动通信有限公司 Method for managing dynamic permission of application program under Android platform
CN104639506A (en) * 2013-11-13 2015-05-20 中国电信股份有限公司 Terminal and application program installation controlling method and system
CN104392168A (en) * 2014-11-27 2015-03-04 上海斐讯数据通信技术有限公司 Application program verification method

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106919425A (en) * 2017-02-28 2017-07-04 上海传英信息技术有限公司 A kind of method that application program installs optimization
US11062299B2 (en) 2017-10-24 2021-07-13 BBPOS Limited System and method for indicating entry of personal identification number
US11663584B2 (en) 2017-10-24 2023-05-30 Stripe, Inc. System and method for indicating entry of personal identification number
US12039519B2 (en) 2017-10-24 2024-07-16 Stripe, Inc. System and method for indicating entry of personal identification number
WO2019214687A1 (en) * 2018-05-09 2019-11-14 BBPOS Limited Terminal hardware configuration system
CN112384913A (en) * 2018-05-09 2021-02-19 环汇系统有限公司 Terminal hardware configuration system
US11809528B2 (en) 2018-05-09 2023-11-07 Stripe, Inc. Terminal hardware configuration system
CN112384913B (en) * 2018-05-09 2024-10-18 斯追普公司 Terminal hardware configuration system

Also Published As

Publication number Publication date
CN106599619A (en) 2017-04-26

Similar Documents

Publication Publication Date Title
US20210091963A1 (en) System and method for managing installation of an application package requiring high-risk permission access
US9032493B2 (en) Connecting mobile devices, internet-connected vehicles, and cloud services
US11218478B1 (en) Security platform
US10878066B2 (en) System and method for controlled access to application programming interfaces
EP3061027B1 (en) Verifying the security of a remote server
US9807607B2 (en) Secure remote user device unlock
CN104104672B (en) The method that dynamic authorization code is established in identity-based certification
US20140282992A1 (en) Systems and methods for securing the boot process of a device using credentials stored on an authentication token
US8533811B2 (en) Developer phone registration
US20160378970A1 (en) Automatic discovery and installation of secure boot certificates
BRPI0209741B1 (en) secure application deployment and execution in a wireless environment
EP3659058B1 (en) Devices and methods for key attestation with multiple device certificates
US20150339482A1 (en) Intra-application permissions on an electronic device
WO2017084569A1 (en) Method for acquiring login credential in smart terminal, smart terminal, and operating systems
US10412079B2 (en) NFC device, software installation method, software uninstallation method, computer program and article of manufacture
WO2017036048A1 (en) Terminal system updating method and system
WO2016188231A1 (en) Verification method and apparatus
US8819427B2 (en) Device specific secure licensing
US20090204544A1 (en) Activation by trust delegation
Angelogianni et al. How many FIDO protocols are needed? Surveying the design, security and market perspectives
US10523668B2 (en) Authentication method with enhanced security based on eye recognition and authentication system thereof
WO2019071828A1 (en) Method for detecting secondary packaging of application installation package, storage medium, device, and system
CN107770143B (en) Method and device for verifying client validity
JP2015125473A (en) Portable terminal, authentication system, authentication method and authentication program
KR102201218B1 (en) Access control system and method to security engine of mobile terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16799120

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16799120

Country of ref document: EP

Kind code of ref document: A1