CN112948807A - Application program validity verification method and device - Google Patents
Application program validity verification method and device Download PDFInfo
- Publication number
- CN112948807A CN112948807A CN202110156924.0A CN202110156924A CN112948807A CN 112948807 A CN112948807 A CN 112948807A CN 202110156924 A CN202110156924 A CN 202110156924A CN 112948807 A CN112948807 A CN 112948807A
- Authority
- CN
- China
- Prior art keywords
- verification
- application program
- code
- information
- validity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
本发明提供一种应用程序合法性验证方法及装置,响应于接收到验证代理服务器发送的应用程序验证请求,获取其中携带的验证标识和代码摘要信息,应用程序验证请求由终端设备发送给代理服务器,代码摘要信息和验证标识由终端设备获取;根据验证标识、代码摘要信息和本应用程序合法性验证装置生成的代码摘要信息和验证标识验证终端设备所安装的应用程序的合法性;本发明由终端设备自动识别应用程序的代码摘要信息,并将代码摘要信息通过验证代理服务器发给应用程序合法性验证装置,由应用程序合法性验证装置根据代码摘要信息对安装在终端设备上的应用程序的合法性进行验证,可以识别出第三方提供的伪造应用程序,提高应用程序的安全性和可靠性。
The present invention provides a method and device for verifying the validity of an application program. In response to receiving an application program verification request sent by a verification proxy server, the verification identification and code digest information carried therein are obtained, and the application program verification request is sent by a terminal device to the proxy server. , the code digest information and the verification ID are obtained by the terminal device; the validity of the application program installed by the terminal device is verified according to the verification ID, the code digest information and the code digest information and verification ID generated by the device for validating the validity of the application program; The terminal device automatically identifies the code digest information of the application, and sends the code digest information to the application legitimacy verification device through the verification proxy server. For legality verification, fake applications provided by third parties can be identified, and the security and reliability of applications can be improved.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a device for verifying the validity of an application program.
Background
A client APP (Application) of a mobile internet Application is typically installed on a terminal (e.g., a smartphone) of a user and accesses an Application server. Client APPs provided by application developers are called official APPs, but fake APPs provided by third parties often appear in the market, and damage is brought to normal operation of mobile internet applications. Counterfeit APP simulates the communication process between official APP and the application server, so that the server can be accessed, and if a user uses the counterfeit APP, a larger information security risk can be brought.
At present, a method for an application server to identify whether an APP used by a user is an official APP is as follows: a password is preset in an official APP, and when the APP communicates with a server, the password is used for validity verification. Although the APP generally adopts technologies such as code obfuscation, a third party cannot be effectively prevented from extracting the password from the APP installation file. Counterfeit APPs can also mimic the behavior of official APPs once the password is obtained. Therefore, the method for presetting the password in the APP still cannot ensure the security of the password.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a method and a device for verifying the validity of an application program.
In order to solve the technical problems, the invention adopts the following technical scheme:
the invention provides an application program validity verification method, which comprises the following steps:
responding to an application program verification request sent by a verification proxy server, and acquiring a verification identifier and code abstract information carried in the application program verification request, wherein the application program verification request is sent to the proxy server by a terminal device, and the code abstract information and the verification identifier are acquired by the terminal device;
and verifying the validity of the application program installed by the terminal equipment according to the verification identifier, the code abstract information and the verification identifier generated by the application program validity verifying device.
In some embodiments, the method further comprises the step of generating code digest information, the step of generating code digest information comprising: generating code abstract information according to the installation file of the application program;
after generating the code digest information, the method further comprises:
generating an installation package of the application program according to the code abstract information and the installation file of the application program;
and responding to the received installation package acquisition request sent by the terminal equipment, and sending the installation package to the terminal equipment.
In some embodiments, the generating code summary information according to the installation file of the application program includes:
processing a preset installation file of an application program to obtain a processing result;
the processing result is encrypted with a private key to generate code digest information.
In some embodiments, before receiving the application program authentication request sent by the authentication proxy server, the method further includes:
and responding to the received access request sent by the terminal equipment, generating a verification identifier, and sending the verification identifier to the terminal equipment.
In some embodiments, the verifying the validity of the application installed in the terminal device according to the verification identifier, the code digest information, and the code digest information and the verification identifier generated by the application validity verifying apparatus includes:
and determining that the application program is legal in response to the verification identifier being consistent with the verification identifier generated by the application program validity verification device and the code abstract information being consistent with the code abstract information generated by the application program validity verification device.
The invention also provides an application program validity verification method, which comprises the following steps:
in response to receiving a verification identifier sent by an application program validity verification device, code abstract information of an application program to be verified is determined;
and sending an application program verification request to a verification proxy server, wherein the application program verification request carries the code summary information, the verification identifier and the address of the application program validity verification device.
In some embodiments, after determining the code digest information of the application to be authenticated, before sending the application authentication request to the authentication proxy server, the method further includes:
establishing a secure connection with the verification proxy server, and performing bidirectional authentication with the verification proxy server;
the sending of the application authentication request to the authentication proxy server includes: and responding to the bidirectional authentication passing with the verification proxy server, and sending an application program verification request to the verification proxy server.
In some embodiments, the method for verifying the validity of the application program further includes:
in response to receiving an installation package of the application program sent by the application program validity verification device, code abstract information in the installation package is acquired;
decrypting the code abstract information by using a public key to obtain first abstract plaintext information;
processing a preset installation file in the installation package to obtain second abstract plaintext information;
and responding to the consistency of the first abstract plaintext information and the second abstract plaintext information, and installing a corresponding application program according to the installation package.
The invention also provides a device for verifying the validity of the application program, which comprises: the method comprises the following steps: the system comprises a receiving module, an obtaining module and a verification module, wherein the receiving module is used for receiving an application program verification request sent by a verification proxy server, and the application program verification request is sent to the proxy server by terminal equipment;
the acquisition module is used for acquiring an authentication identifier and code abstract information carried in the application program authentication request, wherein the code abstract information and the authentication identifier are acquired by the terminal equipment;
and the verification module is used for verifying the validity of the application program installed on the terminal equipment according to the verification identifier, the code abstract information and the verification identifier generated by the application program validity verification device.
The present invention also provides a terminal device, including: the system comprises a receiving module, a processing module and a sending module, wherein the receiving module is used for receiving a verification identifier sent by an application program validity verification device;
the processing module is used for determining code abstract information of the application program to be verified;
the sending module is used for sending an application program verification request to a verification proxy server, wherein the application program verification request carries the code abstract information, the verification identifier and the address of the application program validity verification device.
In the method for verifying the validity of the application program provided by the embodiment of the invention, the verification identifier and the code abstract information carried in the verification request are obtained in response to the application program verification request sent by the verification proxy server, the application program verification request is sent to the proxy server by the terminal equipment, and the code abstract information and the verification identifier are obtained by the terminal equipment; verifying the validity of the application program installed in the terminal equipment according to the verification identifier, the code abstract information and the verification identifier generated by the application program validity verifying device; the terminal equipment automatically identifies the code abstract information of the application program, and sends the code abstract information to the application program validity verification device through the verification proxy server, and the application program validity verification device verifies the validity of the application program installed on the terminal equipment according to the code abstract information, so that the forged application program provided by a third party can be identified, and the safety and the reliability of the application program are improved.
Drawings
FIG. 1 is a schematic diagram of a system architecture according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for verifying the validity of an application according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a process of generating code summary information according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a method for verifying the validity of an application according to another embodiment of the present invention;
FIG. 5 is a flowchart illustrating installation of an application according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an application validity verifying apparatus according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
The technical solution of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
In view of the above problems in the prior art, an embodiment of the present invention constructs an application validity verification system, as shown in fig. 1, where the system includes: the terminal equipment can be a mobile phone, an intelligent terminal and other terminals capable of installing an APP, and can send an application program verification request to the application program validity verification device through the verification proxy server; the application program validity verifying device may be an application server, and is configured to verify whether an APP source installed on the terminal device is legal (i.e., verify whether the APP source is an official APP). The operating system of the terminal device is configured to obtain the code summary information locally, send the code summary information to an SIM (Subscriber identity Module) card, and send the code summary information to the authentication proxy server by the SIM card.
An embodiment of the present invention provides an application program validity verification method, which is shown in fig. 1 and 2, and includes the following steps:
and step 21, in response to receiving the application program verification request sent by the verification proxy server, obtaining the verification identifier and the code summary information carried in the application program verification request.
The application program verification request is sent to the proxy server by the terminal equipment, and the code abstract information and the verification identification are acquired by the terminal equipment. It should be noted that the code summary information is obtained from the APP installation package by the terminal device when the APP is installed and is stored locally. When the APP is installed on the terminal equipment, the operating system of the terminal equipment can determine the identity information of the APP through the code abstract information.
In this step, the terminal device sends the code digest information, the verification identifier and the address of the application validity verification apparatus to the verification proxy server, and the verification proxy server sends the code digest information and the verification identifier to the corresponding application validity verification apparatus according to the address, so as to verify the validity of the corresponding APP installed on the terminal device by the application validity verification apparatus.
And step 22, verifying the validity of the application program installed in the terminal equipment according to the verification identifier, the code abstract information and the verification identifier generated by the application program validity verifying device.
In this step, the application validity verifying apparatus determines the validity of the corresponding APP by comparing the received verification identifier with the self-generated verification identifier, and comparing the received code digest information with the self-generated code digest information.
In the method for verifying the validity of the application program provided by the embodiment of the invention, the verification identifier and the code abstract information carried in the verification request are obtained in response to the application program verification request sent by the verification proxy server, the application program verification request is sent to the proxy server by the terminal equipment, and the code abstract information and the verification identifier are obtained by the terminal equipment; verifying the validity of the application program installed in the terminal equipment according to the verification identifier, the code abstract information and the verification identifier generated by the application program validity verifying device; the terminal equipment automatically identifies the code abstract information of the application program, and sends the code abstract information to the application program validity verification device through the verification proxy server, and the application program validity verification device verifies the validity of the application program installed on the terminal equipment according to the code abstract information, so that the forged application program provided by a third party can be identified, and the safety and the reliability of the application program are improved.
In some embodiments, the step of generating code summary information comprises the steps of: and generating code summary information according to the installation file of the application program.
In some embodiments, after generating the code digest information, the method for verifying the validity of the application program may further include the steps of: generating an installation package of the application program according to the code abstract information and the installation file of the application program; and responding to the received installation package acquisition request sent by the terminal equipment, and sending the installation package to the terminal equipment. That is to say, the APP installation package at least includes installation files and code summary information, and the application validity verification device issues the code summary information to the terminal device through the APP installation package, so as to verify the validity of the APP according to the code summary information in the following.
In some embodiments, the APP installation package may further include a digital certificate, where the digital certificate is generated by the application validity verification apparatus according to the public key, and is issued to the terminal device together with the APP installation package, so that the terminal device performs authentication with the verification proxy server according to the digital certificate.
In some embodiments, as shown in fig. 3, the generating code summary information according to the installation file of the application program includes the following steps:
and step 31, processing the preset installation file of the application program to obtain a processing result.
In some embodiments, the application program validity verifying apparatus performs a hash operation (for example, using SHA1 algorithm) on a predetermined installation file in the APP installation package to obtain a processing result, where the predetermined installation file may be a key installation file.
The results of the processing are encrypted with the private key to generate code digest information, step 32.
In this step, the application validity verification apparatus encrypts the processing result obtained in step 31 using the private key of the asymmetric key, thereby generating code digest information. In some embodiments, the encryption may be performed using an asymmetric key algorithm, such as an ECC (Error correction Code) algorithm, to obtain the Code digest information in the form of ciphertext. It should be noted that the private key is stored safely by the application program validity verifying device and is not exposed to the outside. The public key is used to generate a digital certificate, which may be included with the code digest information in the APP installation package.
In some embodiments, before receiving the application program verification request sent by the verification proxy server (i.e. step 21), the method further comprises the following steps: and generating a verification identifier in response to receiving the access request sent by the terminal equipment, and sending the verification identifier to the terminal equipment.
The verification identifier is used for identifying each verification operation, after the terminal equipment installs the APP, when the APP accesses the application program validity verification device, the application program validity verification device generates a verification identifier, and the verification identifier is returned to the terminal equipment. The verification identifier may be generated in various ways, and in some embodiments, a timestamp may be used as the verification identifier, a random number may be generated as the verification identifier, or an incremented counter may be maintained and the counter value may be used as the verification identifier. In some embodiments, other information may also be included in the verification identifier, for example, account information of the APP current user, and the like.
In some embodiments, the verifying the validity of the application installed in the terminal device according to the verification identifier, the code digest information, and the code digest information and verification identifier generated by the application validity verifying apparatus (i.e. step 22) includes the following steps: and determining that the application program is legal, namely the application program is official APP, in response to the fact that the verification identification is consistent with the verification identification generated by the application program validity verification device and the code abstract information is consistent with the code abstract information generated by the application program validity verification device.
Another embodiment of the present invention further provides an application program validity verification method, as shown in fig. 4, the method includes the following steps:
and step 41, responding to the received verification identification sent by the application program validity verification device, and determining the code summary information of the application program to be verified.
In this step, the APP of the terminal device receives the verification identifier sent by the application validity verification apparatus, and the APP sends an application verification request to the card access module in the operating system to request for APP verification, where the application verification request carries the verification identifier, and in some embodiments, the application verification request may also carry an address of the application validity verification apparatus. The card access module in the operating system identifies which APP the application verification request comes from, and queries the code digest of that APP from its stored APP code digest database. And the card access module in the operating system sends the received verification identifier, the inquired code abstract and the address of the application program validity verification device to an auxiliary verification card application in the SIM card of the terminal equipment.
And step 42, sending an application program verification request to the verification proxy server, wherein the application program verification request carries the code abstract, the verification identifier and the address of the application program validity verification device.
In this step, the auxiliary verification card application in the terminal device SIM card sends an application verification request carrying the code digest information, the verification identifier, and the address of the application validity verification apparatus to the verification proxy server.
In some embodiments, after determining the code digest information of the application to be authenticated (i.e., step 41), before sending an application authentication request to the authentication proxy server (i.e., step 42), the following steps are further included:
step 41', establish a secure connection with the authentication proxy server and perform a mutual authentication with the authentication proxy server.
In this step, the auxiliary verification card application in the SIM card of the terminal device may establish a Secure connection with the verification agent through a bip (bearer Independent Protocol) Protocol, such as CAT _ TP (Computer-Aided Translator transferring Platform), HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer), and the like. After the secure connection is established, the auxiliary authentication card application can perform bidirectional authentication with the authentication proxy server through modes such as pre-shared secret keys or digital certificates, and the like, so that reliable access from the SIM card is ensured.
Accordingly, the sending of the application authentication request to the authentication proxy server (i.e., step 42) includes the steps of: and sending an application program verification request to the verification proxy server in response to the bidirectional authentication passing with the verification proxy server. In this step, if the auxiliary verification card application in the terminal device SIM card and the verification proxy server perform bidirectional authentication, an application program verification request carrying the code digest, the verification identifier, and the address of the application program validity verification apparatus is sent to the verification proxy server.
The verification proxy server accesses the corresponding application program validity verification device according to the address of the application program validity verification device, namely, an application program verification request carrying a verification identifier and code summary information is sent to the corresponding application program validity verification device, so that the application program validity verification device verifies the validity of the corresponding APP.
In some embodiments, as shown in fig. 5, the method for verifying the validity of the application further includes the following steps:
and step 51, responding to the received installation package of the application program sent by the application program validity verification device, and acquiring code summary information in the installation package.
In this step, when the operating system of the terminal device installs the APP according to the APP installation package, the code abstract is extracted from the installation package. It should be noted that, if the APP installation package further includes a digital certificate, in this step, the digital certificate is also correspondingly extracted.
And step 52, decrypting the code digest information by using the public key to obtain first digest plaintext information, and processing a preset installation file in the installation package to obtain second digest plaintext information.
In some embodiments, the operating system of the terminal device decrypts the code digest information using the public key to obtain first digest plaintext information, and performs a hash operation (for example, using SHA1 algorithm) on a predetermined file in the APP installation package to obtain second digest plaintext information, where the predetermined installation file may be a key installation file.
And step 53, in response to the first abstract plaintext information and the second abstract plaintext information being consistent, installing the corresponding application program according to the installation package.
In this step, if the operating system of the terminal device determines that the first digest plaintext information is consistent with the second digest plaintext information, the APP is allowed to be installed. After the APP is installed, the operating system of the terminal device stores the code summary information (ciphertext), and correspondingly, the application program validity verification device also stores the code summary information locally after the code summary information is generated.
Based on the same technical concept, an embodiment of the present invention further provides an application validity verification apparatus, as shown in fig. 6, the application validity verification apparatus includes: the system comprises a receiving module 101, an obtaining module 102 and a verification module 103, wherein the receiving module 101 is configured to receive an application program verification request sent by a verification proxy server, and the application program verification request is sent to the proxy server by a terminal device.
The obtaining module 102 is configured to obtain a verification identifier and code digest information carried in the application verification request, where the code digest information and the verification identifier are obtained by the terminal device.
The verification module 103 is configured to verify the validity of the application installed in the terminal device according to the verification identifier, the code digest information, and the code digest information and the verification identifier generated by the application validity verification apparatus.
In some embodiments, the apparatus for verifying the validity of the application further includes a first generating module, a second generating module, and a sending module, where the first generating module is configured to generate the code summary information according to the installation file of the application.
And the second generation module is used for generating the installation package of the application program according to the code abstract information and the installation file of the application program after the first generation module generates the code abstract information.
The receiving module 101 is further configured to receive an installation package obtaining request sent by the terminal device.
The sending module is configured to send the installation package to the terminal device in response to the receiving module 101 receiving the installation package obtaining request sent by the terminal device.
In some embodiments, the first generating module is configured to process a predetermined installation file of the application program to obtain a processing result; the processing result is encrypted with a private key to generate code digest information.
In some embodiments, the apparatus for verifying validity of an application further includes a third generating module, where the third generating module is configured to generate a verification identifier in response to the receiving module 101 receiving an access request sent by a terminal device, and instruct the sending module to send the verification identifier to the terminal device.
In some embodiments, the verification module 103 is configured to determine that the application is legal in response to the verification identifier being consistent with the verification identifier generated by the application validity verification apparatus and the code digest information being consistent with the code digest information generated by the application validity verification apparatus.
Based on the same technical concept, an embodiment of the present invention further provides a terminal device, as shown in fig. 7, where the terminal device includes: the device comprises a receiving module 201, a first processing module 202 and a sending module 203, wherein the receiving module 201 is used for receiving a verification identifier sent by an application program validity verification device.
The first processing module 202 is configured to determine code digest information of an application to be verified.
The sending module 203 is configured to send an application program verification request to a verification proxy server, where the application program verification request carries the code digest information, the verification identifier, and an address of the application program validity verification apparatus.
In some embodiments, the terminal device further includes an authentication module, where the authentication module is configured to establish a secure connection with the verification proxy server and perform bidirectional authentication with the verification proxy server.
The sending module 203 is configured to send an application program verification request to the verification proxy server in response to the bidirectional authentication with the verification proxy server being passed.
In some embodiments, the terminal device further comprises a second processing module.
The receiving module 201 is further configured to receive an installation package of the application sent by the application validity verifying apparatus.
The second processing module is used for acquiring code abstract information in the installation package; decrypting the code abstract information by using a public key to obtain first abstract plaintext information; processing a preset installation file in the installation package to obtain second abstract plaintext information; and responding to the consistency of the first abstract plaintext information and the second abstract plaintext information, and installing a corresponding application program according to the installation package.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.
Claims (10)
1. An application program validity verification method, comprising:
responding to an application program verification request sent by a verification proxy server, and acquiring a verification identifier and code abstract information carried in the application program verification request, wherein the application program verification request is sent to the proxy server by a terminal device, and the code abstract information and the verification identifier are acquired by the terminal device;
and verifying the validity of the application program installed by the terminal equipment according to the verification identifier, the code abstract information and the verification identifier generated by the application program validity verifying device.
2. The method of claim 1, further comprising the step of generating code digest information, the step of generating code digest information comprising: generating code abstract information according to the installation file of the application program;
after generating the code digest information, the method further comprises:
generating an installation package of the application program according to the code abstract information and the installation file of the application program;
and responding to the received installation package acquisition request sent by the terminal equipment, and sending the installation package to the terminal equipment.
3. The method of claim 2, wherein generating code summary information from the installation file of the application comprises:
processing a preset installation file of an application program to obtain a processing result;
the processing result is encrypted with a private key to generate code digest information.
4. The method of claim 1, wherein prior to receiving the application authentication request sent by the authentication proxy server, further comprising:
and responding to the received access request sent by the terminal equipment, generating a verification identifier, and sending the verification identifier to the terminal equipment.
5. The method according to any one of claims 1-4, wherein said verifying the validity of the application installed in the terminal device according to the verification identifier, the code digest information, and the code digest information and verification identifier generated by the application validity verifying apparatus, comprises:
and determining that the application program is legal in response to the verification identifier being consistent with the verification identifier generated by the application program validity verification device and the code abstract information being consistent with the code abstract information generated by the application program validity verification device.
6. An application program validity verification method, comprising:
in response to receiving a verification identifier sent by an application program validity verification device, code abstract information of an application program to be verified is determined;
and sending an application program verification request to a verification proxy server, wherein the application program verification request carries the code summary information, the verification identifier and the address of the application program validity verification device.
7. The method of claim 6, wherein after determining code digest information for the application to be authenticated, and before sending an application authentication request to the authentication proxy server, further comprising:
establishing a secure connection with the verification proxy server, and performing bidirectional authentication with the verification proxy server;
the sending of the application authentication request to the authentication proxy server includes: and responding to the bidirectional authentication passing with the verification proxy server, and sending an application program verification request to the verification proxy server.
8. The method of claim 6, further comprising:
in response to receiving an installation package of the application program sent by the application program validity verification device, code abstract information in the installation package is acquired;
decrypting the code abstract information by using a public key to obtain first abstract plaintext information;
processing a preset installation file in the installation package to obtain second abstract plaintext information;
and responding to the consistency of the first abstract plaintext information and the second abstract plaintext information, and installing a corresponding application program according to the installation package.
9. An apparatus for verifying validity of an application program, comprising: the system comprises a receiving module, an obtaining module and a verification module, wherein the receiving module is used for receiving an application program verification request sent by a verification proxy server, and the application program verification request is sent to the proxy server by terminal equipment;
the acquisition module is used for acquiring an authentication identifier and code abstract information carried in the application program authentication request, wherein the code abstract information and the authentication identifier are acquired by the terminal equipment;
and the verification module is used for verifying the validity of the application program installed on the terminal equipment according to the verification identifier, the code abstract information and the verification identifier generated by the application program validity verification device.
10. A terminal device, comprising: the system comprises a receiving module, a processing module and a sending module, wherein the receiving module is used for receiving a verification identifier sent by an application program validity verification device;
the processing module is used for determining code abstract information of the application program to be verified;
the sending module is used for sending an application program verification request to a verification proxy server, wherein the application program verification request carries the code abstract information, the verification identifier and the address of the application program validity verification device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110156924.0A CN112948807A (en) | 2021-02-04 | 2021-02-04 | Application program validity verification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110156924.0A CN112948807A (en) | 2021-02-04 | 2021-02-04 | Application program validity verification method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112948807A true CN112948807A (en) | 2021-06-11 |
Family
ID=76242215
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110156924.0A Pending CN112948807A (en) | 2021-02-04 | 2021-02-04 | Application program validity verification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112948807A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103473498A (en) * | 2013-09-12 | 2013-12-25 | 深圳市文鼎创数据科技有限公司 | Application program security verification method and terminal |
| CN104123493A (en) * | 2014-07-31 | 2014-10-29 | 百度在线网络技术(北京)有限公司 | Method and device for detecting safety performance of application program |
| CN105095696A (en) * | 2015-06-25 | 2015-11-25 | 三星电子(中国)研发中心 | Method, system and apparatus for carrying out safety authentication on application programs |
| CN108229144A (en) * | 2018-01-12 | 2018-06-29 | 百富计算机技术(深圳)有限公司 | A kind of verification method of application program, terminal device and storage medium |
| CN111970122A (en) * | 2020-08-06 | 2020-11-20 | 中国联合网络通信集团有限公司 | Official APP identification method, mobile terminal and application server |
-
2021
- 2021-02-04 CN CN202110156924.0A patent/CN112948807A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103473498A (en) * | 2013-09-12 | 2013-12-25 | 深圳市文鼎创数据科技有限公司 | Application program security verification method and terminal |
| CN104123493A (en) * | 2014-07-31 | 2014-10-29 | 百度在线网络技术(北京)有限公司 | Method and device for detecting safety performance of application program |
| CN105095696A (en) * | 2015-06-25 | 2015-11-25 | 三星电子(中国)研发中心 | Method, system and apparatus for carrying out safety authentication on application programs |
| CN108229144A (en) * | 2018-01-12 | 2018-06-29 | 百富计算机技术(深圳)有限公司 | A kind of verification method of application program, terminal device and storage medium |
| CN111970122A (en) * | 2020-08-06 | 2020-11-20 | 中国联合网络通信集团有限公司 | Official APP identification method, mobile terminal and application server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109359691B (en) | Identity verification method and system based on block chain | |
| CN111949953B (en) | Identity authentication method, system and device based on block chain and computer equipment | |
| EP2255507B1 (en) | A system and method for securely issuing subscription credentials to communication devices | |
| CN109302369B (en) | Data transmission method and device based on key verification | |
| CN107612889B (en) | Method for preventing user information leakage | |
| CN104753674B (en) | A kind of verification method and equipment of application identity | |
| CN105915338B (en) | Generate the method and system of key | |
| CN108322416B (en) | Security authentication implementation method, device and system | |
| KR102137122B1 (en) | Security check method, device, terminal and server | |
| CN113285932B (en) | Method for obtaining edge service, server and edge device | |
| KR102591826B1 (en) | Apparatus and method for authenticating device based on certificate using physical unclonable function | |
| CN112437068B (en) | Authentication and key agreement method, device and system | |
| CN114143198A (en) | Firmware upgrading method | |
| CN111970122B (en) | Official APP identification method, mobile terminal and application server | |
| CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
| CN104901967A (en) | Registration method for trusted device | |
| CN112583588B (en) | Communication method and device and readable storage medium | |
| JP2009199147A (en) | Communication control method and communication control program | |
| KR20170111809A (en) | Bidirectional authentication method using security token based on symmetric key | |
| CN114244505A (en) | Safety communication method based on safety chip | |
| CN111404680B (en) | Password management method and device | |
| CN113079506A (en) | Network security authentication method, device and equipment | |
| CN115242471B (en) | Information transmission method, information transmission device, electronic equipment and computer readable storage medium | |
| KR101256114B1 (en) | Message authentication code test method and system of many mac testserver | |
| CN114398620B (en) | Single sign-on method, system, electronic device and readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210611 |
|
| RJ01 | Rejection of invention patent application after publication |