Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Service signature method and device compatible with Android application

A service provider and Android technology, applied in the computer field, can solve problems such as the inability to retain user data, the stripping of digital signatures of developers or distributors, and the small namespace of signature file names, etc.

Active Publication Date: 2014-10-08
中国软件评测中心(工业和信息化部软件与集成电路促进中心)
View PDF4 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] (1) For the same Android application package, the dual-signature and single-signature packages will be considered by the Android operating system to be released by different developers, which will cause two release versions of the same program to be unable to share Preserve user data when updates are installed;
[0005] (2) Using the traditional application package developer signature mechanism, if multiple signers use the default key alias name, such as CERT, the digital signature of the original signer will be replaced during the second signature
In addition, due to the naming rules of .SF files and .RSA files when signing traditional Android applications, the first eight characters of the key alias are capitalized, resulting in a relatively small namespace for signature file names, which is prone to collisions
[0006] Furthermore, the same Android application is often released in multiple different channels, but the above-mentioned defects of the traditional application package developer’s signature mechanism will cause the multi-channel and different versions of the same application to be unable to retain user data on the user’s mobile phone It is also easy to cause the developer or channel provider's digital signature to be unintentionally stripped, which will eventually lead to confusion in Android application management and a decline in user experience.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Service signature method and device compatible with Android application
  • Service signature method and device compatible with Android application
  • Service signature method and device compatible with Android application

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0071] Assume that the private key of a business of the server is prikey, the business certificate is cert, the domain name of the server is www.cstc.org.cn, the business name of the service is "Application Reinforcement", the corresponding pinyin abbreviation is YYJG, and the application package sample to be signed The structure of the .apk is as follows:

[0072] sample.apk

[0073]

[0074]

[0075] Among them, there are three files AndroidManifest.xml, resources.arsc, classes.dex and three directories in the root directory of the application package sample.apk: assets, META-INF, res, and four files MANIFEST.MF in the directory META-INF , CERT.SF, CERT.RSA, others.plus, there is a file resource.xml in the directory res.

[0076] Specifically, the process of service signing is as follows: First, enumerate all files in the apk application package except the developer’s signature file, that is, .MF file, .SF file, and .RSA file, and obtain the list of data files to be d...

Embodiment 2

[0090] After using Example 1 to process the service signature of the application, it is assumed that the application package has been tampered with after it is released, and a file bug.file is added to the asset directory. It is assumed that the channel monitoring business verifies its service signature. The verification process is: channel monitoring The business service signature verification module parses the application package apk file, finds the corresponding service signature file storage directory META-INF / CN / ORG / CSTC / WWW / , and finds the summary file list QDJC.list from this directory; secondly, enumerates For all files outside the META-INF directory in the application package, check whether there are files other than the content of the summary file list in the enumerated files. Because the application has been tampered with, a file bug.file has been added to the asset directory, and the service signature verification failed;

Embodiment 3

[0092] After using Example 1 to process the service signature of the application, assuming that the application package has been tampered with after it is released, a file bug.file is added to the META-INF directory, assuming that the channel monitoring service verifies its service signature, and the verification process is as follows: The service signature verification module of the channel monitoring business analyzes the application package apk file, finds the corresponding service signature file storage directory META-INF / CN / ORG / CSTC / WWW / , and finds the summary file list QDJC.list from this directory; first, Enumerate all files outside the META-INF directory in the application package, check whether there are any files other than the contents of the summary file list in the enumerated files, and no such files are found here; secondly, read the files listed in the list file Summarize all data files, and form a string MSG of all data file summary information; secondly, read t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a service signature method compatible with Android application. The service signature method compatible with Android application comprises the steps of S1 making a list of all of application program software package data files except developer signatures and finishing service signature operation compatible with the Android application; S2 performing verification on the service signatures compatible with the Android application by using a service self identification certificate or a certificate public key. The service signature method compatible with the Android application performs digital signature on the same Android application program package, does not conflict with a developer signature of an application program and can reserve user data when different release versions type application programs obtained through multi-party re-signature are updated and installed. In addition, service-side signature data are stored in catalogues related to service-side domain names and service names, different service-side signature data are not interfered, different service signatures are not influenced, and the problem that signature file names of a traditional application signature mechanism are easily bumped is fundamentally solved. The invention further discloses a service signature device compatible with the Android application.

Description

technical field [0001] The present invention relates to the field of computer technology, in particular to a service signature method and device compatible with Android applications. Background technique [0002] Digital signature is an information security technology based on message digest operation and asymmetric encryption operation to ensure the integrity, authentication and non-repudiation of information transmission. Digital signature technology has been widely used in social life, and the digital signature of Android applications is a typical application scenario of the above technology. [0003] Specifically, the operation process of Android application digital signature at this stage is: use the digest algorithm to calculate each information file in the Android application package except the META-INF directory into a fixed-length hash value, and combine the hash value and the corresponding The file names are sequentially stored in the META-INF / MANIFEST.MF file; co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/32G06F21/51
Inventor 罗文骆俊瑞黄子河刘法旺杨玚严宏君马会丽庞思铭
Owner 中国软件评测中心(工业和信息化部软件与集成电路促进中心)
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com