Android application biometric authentication security method based on static detection

A biometric authentication and static detection technology, which is applied in the field of information security, can solve problems such as large security threats and misuse of Android biometric authentication interfaces, and achieve accurate analysis results and efficient analysis performance

Active Publication Date: 2022-02-22
UNIV OF ELECTRONIC SCI & TECH OF CHINA
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Similarly, the open source biometric authentication dependency library developed by a third party or the biometric authentication dependency library developed internal

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android application biometric authentication security method based on static detection
  • Android application biometric authentication security method based on static detection
  • Android application biometric authentication security method based on static detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] Such as figure 1 As shown, this embodiment relates to a biometric authentication security method for Android applications based on static detection, using multi-threaded parallel detection and asynchronous processing methods, combining biometric authentication interface security analysis with third-party biometric authentication dependent library identification and security Performance analysis runs in parallel and is developed and implemented in Java. It only needs to be compiled locally and packaged into jar format to be used on any platform. In the actual implementation, it is convenient to analyze and check a large number of applications in batches by configuring batch inspection scripts for various commonly used platforms (Windows, Linux, and macOS), and the final analysis results are stored in the form of a database, which is convenient for various analysis The tool performs further analysis on the batch inspection system report.

[0034] This embodiment specific...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an Android application biometric authentication security method based on static detection. The method comprises the following steps: extracting static resource files from a to-be-detected application installation package, and collecting to obtain application basic information; decompiling a DEX file in the application installation package by using a Soot analysis tool and a Soot-infoflow-android Android static analysis tool through reverse engineering, obtaining a Jimple intermediate language, and loading the application installation package to a global memory space; through a static analysis technology, performing biometric authentication interface security analysis and third-party dependency library identification analysis on the use condition of an biometric authentication interface of an application program, so as to eliminate misuse of the biometric authentication interface and misuse of the biometric authentication interface matched with a cryptographic object; obtaining the implementation security of the biometric authentication interface of the application and/or the use security of the biometric authentication interface of a biometric authentication dependency library used by the application through asynchronous callback. According to the invention, whether a security risk that Android biometric authentication can be bypassed exists in an App or not can be automatically identified, and security vulnerabilities caused by misuse of an Android biometric authentication interface by an Android App or a third-party biometric authentication dependency library used by the Android App are supported to be efficiently analyzed in batches.

Description

technical field [0001] The invention relates to a technology in the field of information security, in particular to a biometric authentication security method for Android applications based on static detection. Background technique [0002] Existing Android applications begin to use the biometric authentication interface provided by the system to provide users with convenient and fast biometric authentication instead of traditional password authentication. However, the misuse of the biometric authentication interface may lead to high-privileged attackers easily bypassing biometric authentication, so that biometric authentication of applications can be completed without passwords and legal biometric information. Similarly, the open source biometric authentication dependency library developed by a third party or the biometric authentication dependency library developed internally may have the misuse of the Android biometric authentication interface, and compared with the forme...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/32G06F8/53
CPCG06F21/32G06F8/53
Inventor 王超张小松李卷孺
Owner UNIV OF ELECTRONIC SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap