CN108229144B

Movatterモバイル変換

Info

Publication number: CN108229144B
Application number: CN201810031252.9A
Authority: CN
Inventors: 赵荣辉; 罗玉海; 曾检生
Original assignee: PAX Computer Technology Shenzhen Co Ltd
Current assignee: PAX Computer Technology Shenzhen Co Ltd
Priority date: 2018-01-12
Filing date: 2018-01-12
Publication date: 2020-04-03
Anticipated expiration: 2038-01-12
Also published as: CN108229144A

Abstract

Translated fromChinese

本申请适用于信息安全技术领域，提供了一种应用程序的验证方法、终端设备及存储介质，包括：在所述应用程序安装完成时，对所述应用程序的核心组件进行加密生成密文，并将生成的密文存储在预设的存储空间，在预设的触发机制下，对所述应用程序的核心组件重新加密生成密文，并将重新生成的密文与所述存储空间中存储的密文进行匹配，若匹配失败，则禁止所述应用程序运行或强制停止运行中的所述应用程序，通过本申请可以对安装之后的应用程序进行合法性验证。

The present application is applicable to the technical field of information security, and provides an application verification method, a terminal device and a storage medium, including: when the application is installed, encrypting the core components of the application to generate a ciphertext, and store the generated ciphertext in a preset storage space, under the preset trigger mechanism, re-encrypt the core components of the application to generate the ciphertext, and store the regenerated ciphertext with the storage space If the matching fails, the application program is prohibited from running or the running application program is forcibly stopped, and the application program can be used to verify the validity of the installed application program.

Description

Verification method of application program, terminal equipment and storage medium

Technical Field

The present application belongs to the technical field of information security, and in particular, to a verification method for an application program, a terminal device, and a storage medium.

Background

Android is a linux-based operating system with free and open source codes, and is mainly used for mobile devices such as smart phones and tablet computers. With the rapid development of the internet, a large number of application programs based on the android system are born.

The Android system application program is usually subjected to security verification during installation, and after the installation is completed, verification of the installed application program is not provided any more. However, applications may also be tampered with by an attack after installation is complete. Therefore, the existing application program verification method cannot play a role in verifying the validity of the installed application program.

Disclosure of Invention

In view of this, embodiments of the present application provide an application program verification method, a terminal device, and a storage medium, so as to solve the problem that the validity of an application program cannot be verified after the application program is installed.

A first aspect of an embodiment of the present application provides a method for verifying an application program, including:

when the application program is installed, encrypting the core component of the application program to generate a ciphertext, and storing the generated ciphertext in a preset storage space;

under a preset trigger mechanism, re-encrypting the core component of the application program to generate a ciphertext, and matching the re-generated ciphertext with the ciphertext stored in the storage space;

and if the matching fails, forbidding the application program to run or forcibly stopping the running application program.

A second aspect of an embodiment of the present application provides a terminal device, including:

the ciphertext generating module is used for encrypting the core component of the application program to generate a ciphertext when the application program is installed, and storing the generated ciphertext in a preset storage space;

the matching module is used for encrypting the core component of the application program again to generate a ciphertext under a preset trigger mechanism and matching the regenerated ciphertext with the ciphertext stored in the storage space;

and the processing module is used for forbidding the application program to run or forcibly stopping the running application program if the matching fails.

A third aspect of an embodiment of the present application provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the method provided in the first aspect of the embodiment of the present application when executing the computer program.

A fourth aspect of embodiments of the present application provides a computer-readable storage medium storing a computer program which, when executed by one or more processors, performs the steps of the method provided by the first aspect of embodiments of the present application.

A fifth aspect of embodiments of the present application provides a computer program product comprising a computer program that, when executed by one or more processors, performs the steps of the method provided by the first aspect of embodiments of the present application.

In the embodiment of the application, when the application is installed, the core component of the application is encrypted to generate a ciphertext, the generated ciphertext is stored in a preset storage space, the core component of the application is encrypted again to generate the ciphertext under a preset trigger mechanism, the regenerated ciphertext is matched with the ciphertext stored in the storage space, if the matching fails, the application is prohibited from running or the application in running is stopped forcibly, because the core component of the application is encrypted to generate the ciphertext and stored in the preset storage space as a standard ciphertext when the application is installed, the core component of the application can be encrypted to generate the ciphertext in the same way after the application is installed, and then the ciphertext generated by the current core component of the application is matched with the standard ciphertext, if the matching is successful, it indicates that the current core component of the application program is not tampered by the attack, and if the matching is failed, it indicates that the current core component of the application program is tampered by the attack, it is necessary to set a prohibition on the running of the application program or a forced stop of the running application program, so that after the application program is installed, the validity of the application program can be effectively verified, and the attack behavior of the hacked application program on the terminal device is avoided.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.

Fig. 1 is a schematic implementation flow diagram of a verification method for an application according to an embodiment of the present application;

fig. 2 is a schematic flow chart illustrating an implementation of a verification method for an application according to another embodiment of the present application;

fig. 3 is a schematic block diagram of a terminal device provided in an embodiment of the present application;

fig. 4 is a schematic block diagram of a terminal device according to another embodiment of the present application.

Detailed Description

In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.

It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.

It is also to be understood that the terminology used in the description of the present application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of the present application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.

It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.

As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".

In order to explain the technical solution described in the present application, the following description will be given by way of specific examples.

Fig. 1 is a schematic implementation flow diagram of a verification method for an application program according to an embodiment of the present application, and as shown in the figure, the method may include the following steps:

step S101, when the installation of the application program is completed, encrypting the core component of the application program to generate a ciphertext, and storing the generated ciphertext in a preset storage space.

In the embodiment of the application, security authentication can be performed before the application is installed, and if the authentication passes, the application is installed, so that the application can be determined not to be hacked during installation, and when the application is installed, a core component of the application is encrypted to generate a ciphertext, and the generated ciphertext is stored in a preset storage space. In practical application, any time after the installation of the application program is completed can be set. In order to ensure that the core component corresponding to the ciphertext stored in the preset storage space is not tampered by an attack, the core component of the application program can be encrypted to generate the ciphertext when the installation of the application program is completed.

The core components include, but are not limited to: and the method comprises the steps of applying a dynamic library, a base.apk file under a data directory, a dex file, a parameter file and a javascript script file. Of course, other files that are preset may also be included.

The preset storage space may be a plurality of preset storage blocks, each storage block, after data (e.g., ciphertext) is written, sets an application program associated with the data stored in the storage block for the storage block, and sets the storage block to be non-writable; when the application program related to the data stored in the storage block is uninstalled, the storage block is set to allow deletion, namely, the data stored in the storage block can be deleted; after deleting the data stored in the memory block, the memory block is set to allow writing, i.e., writable data (the ciphertext of the core component of the other application or the ciphertext of the core component of the application to be downloaded again). Similarly, after rewriting data (e.g., ciphertext), the application associated with the data stored in the memory block is set while the memory block is set as non-writable, … ….

And step S102, under a preset trigger mechanism, re-encrypting the core component of the application program to generate a ciphertext, and matching the re-generated ciphertext with the ciphertext stored in the storage space.

In an embodiment of the present application, the preset trigger mechanism includes: and when a starting instruction of the application program is detected and/or a trigger instruction of a preset time interval in the running process of the application program is detected. Namely, the re-encrypting the core component of the application program to generate the ciphertext under the preset trigger mechanism includes:

when a starting instruction of the application program is detected, re-encrypting the core component of the application program to generate a ciphertext;

and/or, during the running process of the application program, re-encrypting the core component of the application program at a preset time interval to generate a ciphertext.

Of course, in practical applications, during the running process of the application program, the core component of the application program may be re-encrypted at regular time to generate the ciphertext.

Since the regenerated ciphertext needs to be matched with the ciphertext stored in the storage space, the process of encrypting the core component of the application program again to generate the ciphertext is consistent with the process of encrypting the core component of the application program to generate the ciphertext when the application program is installed.

And step S103, if the matching fails, the application program is prohibited from running or the running application program is forcibly stopped.

In the embodiment of the application, if the core component of the application is re-encrypted to generate the ciphertext when the starting instruction of the application is detected, the application is prohibited from being started and operated after the matching fails; and if the core component of the application program is re-encrypted at a preset time interval to generate a ciphertext in the running process of the application program, forcibly stopping the running application program.

After the matching fails, prompt information can be displayed through a visual interface, and the prompt information is used for prompting that the application program is tampered by attack.

And if the matching is successful, the core component of the application program is not tampered by the attack.

In the embodiment of the application, if the core component of the application is re-encrypted to generate the ciphertext when the starting instruction of the application is detected, the application is started after matching is successful; and if the core component of the application program is re-encrypted at a preset time interval to generate a ciphertext in the running process of the application program, maintaining the current running state of the application program after matching is successful.

The embodiment of the application encrypts the core component of the application program to generate a ciphertext and stores the ciphertext in a preset storage space as a standard ciphertext when the application program is installed, after the application program is installed, the core components of the application program can be encrypted in the same way to generate a ciphertext, then matching the cipher text generated by the current core component of the application program with the standard cipher text, if the matching is successful, if the matching fails, the current core component of the application program is tampered with by the attack, the running of the application program needs to be prohibited or the running application program needs to be forcibly stopped, therefore, after the application program is installed, the validity of the application program can be effectively verified, and the attack behavior of the hacked and tampered application program on the terminal equipment is avoided.

Fig. 2 is a flowchart illustrating a verification method for an application according to another embodiment of the present application, where the method may include the following steps:

step S201, when receiving an installation instruction of an application program, performs signature authentication on the application program.

In the embodiment of the application, a verification process is also provided when the application is installed, so as to ensure that the installed application is an application which is not tampered by an attack. For example, the private key in the RSA key pair is signed, and the public key is verified to verify the application software publisher, so that in practical application, the system can be protected by fixing the public key to install only the application program signed by the trusted person.

Step S202, if the signature authentication of the application program passes, the application program is installed.

Step S203, when the installation of the application program is completed, calculating a hash value for the core component by an application protection program stored in a system partition, wherein the system partition is set to be unwritable.

In the embodiment of the application, the system partition is a partition in an Android system, the middle layer of the Android system is in the system partition, and the system partition can be set to be unwritable by a system kernel, so that the system partition cannot be tampered even if a root right is obtained after an application layer attack. The application protection program exists in the system partition code space, so the application protection program cannot be tampered. And acquiring the core component of the application software through the application protection program which cannot be tampered, and calculating the hash value of the core component.

Step S204, when the installation of the application program is completed, an encryption node provided by a system kernel is called through the application protection program, and the encryption node is set to be called by the application protection program.

In the embodiment of the application, the encryption node provided by the system kernel is called by the application protection program which cannot be tampered, the encryption node may be set to be called only by the application protection program, and of course, to ensure sufficient security, the encryption node may also be set to be called only once. And an encryption node provided by a system kernel adopts a symmetric key encryption algorithm, a key is unique and secret for each terminal device, and if the encryption node is set to be only called by the application protection program, an intermediate layer of the android system cannot be obtained. Firstly, the application protection program cannot be tampered, and secondly, the encryption node can only be called by the application protection program which cannot be tampered, so that the safety of an encryption algorithm is guaranteed.

Step S205, encrypt the hash value by the encryption node to generate a ciphertext, and store the generated ciphertext in a preset storage space.

In the embodiment of the application, the hash value obtained according to the core component of the application program is encrypted through a secure encryption algorithm to generate the ciphertext, so that the security and the uniqueness of the generated ciphertext are ensured. Therefore, even if the attack program tampers the core component of the application program through the root authority, the attack program cannot call the encryption node provided by the system kernel, so that the attack program cannot recalculate the ciphertext generated by the tampered core component, once the application protection program regenerates the ciphertext according to the tampered core component, matching fails, and at this time, the application program is only prohibited from starting or forcibly stopped from running.

In addition, even if the attack program tampers the ciphertext stored in the preset storage space through the root authority, the attack program cannot recalculate the ciphertext corresponding to the tampered core component because the attack program cannot call the encrypted node provided by the system kernel. Therefore, the ciphertext in the preset storage space cannot be updated in the way expected by the attack program.

Of course, in practical application, the core component may be directly encrypted by the encryption node to generate the ciphertext, without obtaining the hash value according to the core component first and then encrypting the hash value by the encryption node to generate the ciphertext.

And step S206, under a preset trigger mechanism, re-encrypting the core component of the application program to generate a ciphertext, and matching the re-generated ciphertext with the ciphertext stored in the storage space.

The content of the step is the same as that of step S102, and the description of step S102 may be specifically referred to, which is not repeated herein.

Step S207, if the matching fails, prohibiting the application program from running or forcibly stopping the running application program, unloading the application program in the terminal equipment, downloading the application program from a preset downloading node, and installing the re-downloaded application program.

In this embodiment of the application, if only the application program in the operation or the forced stop of the operation of the application program is prohibited, the application program is not usable, and after the application program in the operation or the forced stop of the operation of the application program is prohibited, the application program in the terminal device may be uninstalled, the application program may be downloaded from a preset download node, and a newly downloaded application program may be installed. Of course, the step of installing the newly downloaded application may be performed in the manner described with reference to step S201 to step S205.

In the embodiment of the application, the application protection program stored in the system partition which is set to be unwritable calculates the hash value of the core component, and the encryption node which can be called only by the application protection program is called by the application protection program to encrypt the hash value to generate the ciphertext serving as the standard ciphertext, so that the standard ciphertext has safety and uniqueness. In this way, after the core component of the application program regenerates the ciphertext, the regenerated ciphertext is matched with the standard ciphertext, so that the application program is not tampered by attack under the condition of successful matching, and the application program is tampered by attack under the condition of failed matching.

It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.

Fig. 3 is a schematic block diagram of a terminal device according to an embodiment of the present application, and only a part related to the embodiment of the present application is shown for convenience of description.

Theterminal device 3 may be a software unit, a hardware unit, or a combination of software and hardware unit built in an existing terminal device such as a mobile phone and a notebook, may be integrated into the existing terminal device such as a mobile phone and a notebook as an independent pendant, and may exist as an independent terminal device.

Theterminal device 3 includes:

theciphertext generating module 31 is configured to encrypt the core component of the application program to generate a ciphertext when the application program is installed, and store the generated ciphertext in a preset storage space;

thematching module 32 is configured to re-encrypt the core component of the application program to generate a ciphertext under a preset trigger mechanism, and match the re-generated ciphertext with the ciphertext stored in the storage space;

and theprocessing module 33 is configured to prohibit the application program from running or forcibly stop the running application program if the matching fails.

Optionally, thematching module 32 is further configured to:

Optionally, theciphertext generating module 31 includes:

a hashvalue calculation unit 311 for calculating a hash value for the core component by an application protection program stored in a system partition set to be unwritable;

an encryptednode calling unit 312, configured to call, by the application protection program, an encrypted node provided by a system kernel, where the encrypted node is set to be called by the application protection program;

aciphertext generating unit 313, configured to encrypt the hash value by the encryption node to generate a ciphertext.

Optionally, theterminal device 3 further includes:

thesignature authentication module 34 is configured to perform signature authentication on the application program when receiving an installation instruction of the application program;

and theinstallation module 35 is configured to install the application program if the signature authentication of the application program passes.

Optionally, theprocessing module 33 is further configured to:

and if the matching fails, displaying prompt information through a visual interface, wherein the prompt information is used for prompting that the application program is attacked and tampered.

Optionally, the core component includes: and the method comprises the steps of applying a dynamic library, a base.apk file under a data directory, a dex file, a parameter file and a javascript script file.

It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional units and modules is merely used as an example, and in practical applications, the foregoing function distribution may be performed by different functional units and modules as needed, that is, the internal structure of the terminal device is divided into different functional units or modules to perform all or part of the above-described functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the above-mentioned apparatus may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

Fig. 4 is a schematic block diagram of a terminal device according to another embodiment of the present application. As shown in fig. 4, theterminal device 4 of this embodiment includes: one ormore processors 40, amemory 41, and acomputer program 42 stored in thememory 41 and executable on theprocessors 40. Theprocessor 40 implements the steps in the above embodiments of the authentication method for each application program when executing thecomputer program 42, such as the steps S101 to S103 shown in fig. 1. Alternatively, theprocessor 40, when executing thecomputer program 42, implements the functions of the modules/units in the terminal device embodiments described above, such as the functions of themodules 31 to 33 shown in fig. 3.

Illustratively, thecomputer program 42 may be partitioned into one or more modules/units that are stored in thememory 41 and executed by theprocessor 40 to accomplish the present application. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of thecomputer program 42 in theterminal device 4. For example, thecomputer program 42 may be divided into a ciphertext generation module, a matching module, and a processing module.

The ciphertext generating module is used for encrypting the core component of the application program to generate a ciphertext when the installation of the application program is finished, and storing the generated ciphertext in a preset storage space;

the matching module is used for encrypting the core component of the application program again to generate a ciphertext under a preset trigger mechanism, and matching the regenerated ciphertext with the ciphertext stored in the storage space;

Other modules or units can refer to the description of the embodiment shown in fig. 3, and are not described again here.

The terminal device includes, but is not limited to, aprocessor 40, and amemory 41. Those skilled in the art will appreciate that fig. 4 is only one example of aterminal device 4 and does not constitute a limitation ofterminal device 4 and may include more or fewer components than shown, or some components may be combined, or different components, for example, the terminal device may also include an input device, an output device, a network access device, a bus, etc.

TheProcessor 40 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

Thememory 41 may be an internal storage unit of theterminal device 4, such as a hard disk or a memory of theterminal device 4. Thememory 41 may also be an external storage device of theterminal device 4, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on theterminal device 4. Further, thememory 41 may also include both an internal storage unit and an external storage device of theterminal device 4. Thememory 41 is used for storing the computer program and other programs and data required by the terminal device. Thememory 41 may also be used to temporarily store data that has been output or is to be output.

In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

In the embodiments provided in the present application, it should be understood that the disclosed terminal device and method may be implemented in other ways. For example, the above-described terminal device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical function division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow in the method of the embodiments described above can be realized by a computer program, which can be stored in a computer-readable storage medium and can realize the steps of the embodiments of the methods described above when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain other components which may be suitably increased or decreased as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media which may not include electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.

The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.