Security-enhanced authorizing and authenticating method of mobile application

Abstract

The invention relates to a security-enhanced authorizing and authenticating method of mobile application. The security-enhanced authorizing and authenticating method of the mobile application, disclosed by the invention, comprises the following steps: registering, and acquiring basic information of the mobile application by a publishing system; pre-authorizing, generating a pre-authorizing code of the mobile application by utilizing the basic information, and embedding the pre-authorizing code in a mobile application program; performing enhanced publishing and authorizing, automatically detecting whether the pre-authorizing code and the basic information of the mobile application are correct or not by the publishing system, if so, automatically publishing, collecting practical feature information and a publishing code of the mobile application, and generating a security-enhanced authenticating code with the pre-authorizing code; reliably installing, acquiring the practical feature information, the pre-authorizing code and the publishing code of the mobile application while installing the mobile application so as to generate the security-enhanced authenticating code, and authenticating reliable installation; and reliably starting, in the event of starting the mobile application every time, detecting whether the pre-authorizing code is correct, and starting if the pre-authorizing code is correct. The invention provides a method for detecting the security reliability of the mobile application; and therefore, the problem that user information is stolen as the mobile application is maliciously tampered is effectively avoided.

Description

Technical field: [0001] The invention relates to the field of mobile application security, in particular to a method for enhancing authorization and authentication of mobile application security. Background technique: [0002] In real life, personal identity is mainly confirmed through various documents, such as: ID card, household registration book, etc. Various system resources of the computer, such as files, databases and application systems, also have password protection mechanisms. Terminal applications also need the protection of authorization and authentication mechanisms to ensure that these resources can be accessed into legitimate networks. [0003] For terminal applications developed based on the Android system, the signature file under the digital certificate file identifies the relationship between the terminal application and the terminal application owner, and cannot determine which applications can be connected to the work network, which applications can b...

AI Technical Summary

Problems solved by technology

[0005]1. The attribute information of the mobile application is relatively fixed, such as: package name or signature file. Once the mobile application is developed by the developer, the information will be long It will not be changed within a certain period of time, causing the attribute information of the mobile application to be easily leaked or stolen;

[0006]2. During the transmission of attribute information of mobile applications on the network, due to the lack of data access control strategies, there are many hidden dangers of insecurity. Attacks using attribute information or personnel identity information for verification are commonly used to eavesdrop on network data streams, information interception, etc.;

[0007]3. The traditional method of directly using the attribute information and personal identity information of mobile applications for authentication will not only produce the above-mentioned unsafe factors such as data stream eavesdropping and information interception In addition, the transmission of a large amount of unprocessed raw information on the network will also bring huge pressure to the network traffic, resulting in unsmooth communication, which may seriously cause network interruption;

[0008]4. Due to the lack of security policy control over mobile applications and the fact that applications developed based on Android are easily cracked, traditional process-based authorization and authentication methods Some of them are administrative audits that are independent of the mobile application, and do not go deep into the authorization level of the mobile application itself. Therefore, there are security risks in the authorization link of the mobile application itself, which leads to the traditional legality verification and verification of the mobile application. The strength of authorization can no longer meet the existing requirements in mobile office, especially for government mobile applications and enterprise mobile applications with confidentiality level;

[0009]5. After the mobile application is successfully released, it may also be tampered with, such as being embedded with malicious code. There are no restrictions and safety protection measures on the startup, which may easily cause safety hazards and be used by lawbreakers;

Images