CN106778102B - Android system-based application program encryption method and device - Google Patents
Android system-based application program encryption method and device Download PDFInfo
- Publication number
- CN106778102B CN106778102B CN201611225024.2A CN201611225024A CN106778102B CN 106778102 B CN106778102 B CN 106778102B CN 201611225024 A CN201611225024 A CN 201611225024A CN 106778102 B CN106778102 B CN 106778102B
- Authority
- CN
- China
- Prior art keywords
- module
- encryption
- soc
- application program
- authorization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an application program encryption method and device based on an Android system. When the Android-based system is started, the authorization service module is started and requests the encryption driving module to read the SOC characteristic information; the encryption driving module reads the SOC characteristic information in the SOC module, carries out secondary encryption on the information through an AES encryption algorithm and an exclusive OR encryption algorithm, and then sends the information to the authorization service module; the authorization service module decrypts the encrypted information by using an AES decryption algorithm and an exclusive OR decryption algorithm, judges whether the SOC module is authorized according to the decrypted information, and stores an authorization result so as to be inquired by the application program module; when the application program module runs, a detection authorization request is sent to the authorization service module, the authorization service module returns an authorization result to the application program module, and the application program module determines whether to exit running according to the authorization result. The invention realizes that the application program module can only run on the authorized hardware platform, thereby greatly improving the safety of the application program module.
Description
Technical Field
The invention relates to the field of Android systems, in particular to an application program encryption method and device based on an Android system.
Background
With the increasing popularization of intelligent terminals and the high-speed development of broadband networks, the mobile Internet era with the continuous enrichment of mobile applications and services as a sign brings more convenient and intelligent digital life for people, and gradually permeates into drops of offline life. However, the terminal system with both openness and flexibility and the potential information security problem in the application thereof may affect various links such as users and bearer networks.
Along with the universality of the application of the Android system, the development market of the Android application program is gradually hot, and a packing party obtains huge profits by cracking and decompiling the application program, inserting illegal means such as advertisements or charging codes and the like. The phenomenon can be seen frequently, and when an Android developer has a good creative effect and compiles very good application software release, a similar product can appear in the Android market very soon. Due to the openness of Android, the technology for preventing application program tampering and decompiling commonly used in the industry is transparent, and a cracker can tamper an Android application program and secondarily package the Android application program into own software by only a few steps. Thus, there is a lack of effective protection tools and methods for applications.
Disclosure of Invention
The invention aims to provide an application program encryption method and device based on an android system, and provides a scheme for preventing the application program from being stolen for a developer, so that the benefit of the developer is better protected, and the healthy development of mobile application is maintained.
The application program encryption method based on the Android system comprises the following steps: when the Android-based system is started, the authorization service module is started and requests the encryption driving module to read the SOC characteristic information; the encryption driving module reads the SOC characteristic information in the SOC module, carries out secondary encryption on the SOC characteristic information through an AES encryption algorithm and an exclusive-OR encryption algorithm, and then sends the SOC characteristic information to the authorization service module; the authorization service module reads the encryption information from the encryption driving module, decrypts the encryption information by using an AES decryption algorithm and an exclusive OR decryption algorithm, judges whether the SOC module is authorized according to the decrypted information, and stores the authorization result so as to be inquired by the application program module; when the application program module runs, a detection authorization request is sent to the authorization service module, the authorization service module returns an authorization result to the application program module, and the application program module determines whether to exit running according to the authorization result.
Preferably, the key of the exclusive-or decryption algorithm is the same as the key of the exclusive-or encryption algorithm.
Preferably, the key of the AES decryption algorithm is the same as the key of the AES encryption algorithm.
The Android system-based application encryption device provided by the invention comprises the following components: an SOC module storing SOC characteristic information; the encryption driving module reads the SOC characteristic information in the SOC module, performs secondary encryption on the SOC characteristic information through an AES encryption algorithm and an exclusive OR encryption algorithm, and then provides the SOC characteristic information to the authorization service module; the authorization service module reads the encryption information from the encryption driving module, decrypts the encryption information by using an AES decryption algorithm and an exclusive OR decryption algorithm, judges whether the SOC module is authorized according to the decrypted information, and stores an authorization result so as to inquire by the application program module; and the application program module is communicated with the authorization service module, sends a detection authorization request to the authorization service module and determines whether to exit the application program according to the returned result.
Preferably, the encryption driving module includes: a reading SOC information module for reading SOC characteristic information different from other SOC modules from the SOC module; the AES encryption algorithm module is used for carrying out AES encryption on the read SOC characteristic information; and the exclusive or encryption algorithm module is used for carrying out secondary encryption on the information encrypted by the AES encryption algorithm module so as to obtain encrypted SOC characteristic information.
Preferably, the authorization service module includes: an exclusive or decryption algorithm module for decrypting the encrypted SOC characteristic information read from the encryption driving module; the AES decryption algorithm module is used for decrypting the information decrypted by the exclusive OR decryption algorithm module by using the AES algorithm again; an application program interface module for defining a plurality of interfaces for interacting with the application program module.
Preferably, the application program module includes: the detection module is used for communicating with the authorization service module and sending a detection request to the authorization service module; and the function module is used for realizing the function of the application program and calling the detection module to detect.
Preferably, the SOC module, the encryption driving module, and the authorization service module include a processor of model CR800.
The Android system-based application program encryption method and device provided by the invention are characterized in that: the self-developed application program module acquires relevant SOC characteristic information from the authorization service module and verifies and processes the information, so that the safety of the application program module is ensured; the authorization service module provides various detection information for the application program module to use, so that the flexibility is high; the SOC characteristic information of the authorization service module is read from the encryption driving module and decrypted, so that the confidentiality is high; the encryption driving module carries out secondary encryption on the SOC characteristic information by adopting an AES encryption algorithm and an exclusive OR encryption algorithm, so that the security level is high; and the SOC characteristic information is acquired from the SOC module, so that the uniqueness of the SOC characteristic information is ensured.
Therefore, the Android system-based application program encryption method and device provided by the invention reduce extra operations of a developer and ensure that the original application function can normally run; the device can be used for preventing viruses or malicious applications from hiding codes of the viruses or malicious applications and avoiding code detection; the application cracking threshold is improved, so that the application can effectively prevent the safety risk caused by reverse engineering; the flexible protection scheme combination is provided, and both performance indexes and user experience are considered.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent from the detailed description presented hereinafter in conjunction with the drawings in which:
fig. 1 is a schematic structural diagram of an Android system-based application encryption device according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an encryption driving module in an Android system-based application encryption device according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an authorization service module in an Android system-based application encryption device according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an application module in an Android system-based application encryption device according to an embodiment of the present invention;
fig. 5 is a workflow diagram based on an Android system-based application encryption device according to one embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in detail below with reference to the attached drawings.
An application encryption device in an Android system according to an embodiment of the present invention is shown in fig. 1, and includes: SOC module 1-1, encryption driving module 1-2, authorization service module 1-3, application module 1-4.
An SOC (System on Chip) module is a high performance microprocessor, and the SOC module includes a high performance, high integration, ultra low power consumption 32-bit application processor Chip CR800 developed by Shanghai inter-cloud semiconductor technology. Each SOC module contains characteristic information which is different from other SOCs, and the characteristic information is used as a key element for distinguishing other hardware platforms.
The encryption driving module is an Android system driving module, reads characteristic information of the SOC processor, and provides the characteristic information for the authorization service module to read after secondary encryption through an AES (Advanced Encryption Standard ) encryption algorithm and an exclusive-OR encryption algorithm.
The authorization service module is a module for running a daemon in the background, and on one hand, reads the encryption information from the encryption driving module and decrypts the related information of the SOC by using a decryption algorithm; on the other hand, the method is also used as a server side supply application program module for inquiring the authorization information.
The application program module refers to various applications running on the Android system, a detection code is added in a key code section of each application, the detection code is used as a client to request authorization from the authorization service module, a plurality of sending request modes exist, authorization information can be detected every time the application program module runs to a key place, and if the authorization is not passed, the application program module directly exits. By adding detection mechanisms at a plurality of positions in the application code and adopting a plurality of request authorization modes, the analysis difficulty of the apk after decompiled can be increased, and the security is ensured.
An encryption driving module in an Android system-based application encryption device according to an embodiment of the present invention is shown in fig. 2, where the encryption driving module includes: the SOC information module 2-1, the AES encryption algorithm module 2-2 and the XOR encryption algorithm module 2-3 are read.
The reading SOC information module is used for reading key hardware information different from other SOC modules from the SOC modules; AES encryption algorithm module carries out AES encryption on the read SOC characteristic information, the system defines a plurality of groups of encryption keys, and one group of encryption keys is randomly selected for encryption each time; and the exclusive or encryption algorithm module performs secondary encryption on the AES encrypted information, so that the information security is further improved.
The structure of an authorization service module in an application encryption device according to an embodiment of the present invention is shown in fig. 3, the authorization service module including: the exclusive-or decryption algorithm module 3-1, the AES decryption algorithm module 3-2 and the application program interface module 3-3.
The exclusive-or decryption algorithm module is used for decrypting the hardware information read from the encryption drive, and the key of the exclusive-or decryption algorithm is identical to the key of the exclusive-or encryption algorithm. The AES decryption algorithm module decrypts the information decrypted by the exclusive-OR decryption algorithm module by using the AES decryption algorithm again, the key of the AES decryption algorithm is identical to the key of the AES encryption algorithm, firstly, the related information in the secret is read to obtain which set of AES encryption algorithm is adopted by the driving module, and then the corresponding AES key is selected to decrypt into a plaintext. The application program interface module is used for defining a plurality of interfaces for interacting with the application program, so that the application program adopts a plurality of calling interfaces to send requests to the authorization service module, thereby ensuring the safety.
As shown in fig. 4, an application module in an application encryption apparatus according to an embodiment of the present invention includes: a detection module 4-1 and a functional module 4-2.
The detection module is used for communicating with the authorization service module, can send various requests to the authorization service module, determines whether to exit operation according to the returned result, if the detection is passed, the application program continues to operate, and if the detection is not passed, the application program directly exits operation. Functional modules are functional implementations of the application itself that call detection modules for detection at multiple key places in the program code.
The workflow of the Android system-based application encryption device according to one embodiment of the present invention is as shown in fig. 5: when hardware based on the Android system starts to start, an authorization service module is started and operates in the background as a daemon, and the authorization service module requests an encryption driving module to read SOC characteristic information; the encryption driving module secondarily encrypts the read SOC characteristic information through an AES encryption algorithm and an exclusive OR encryption algorithm, and then sends the ciphertext to the authorization service module. The authorization service module carries out exclusive OR decryption algorithm and AES decryption algorithm on the obtained ciphertext to obtain plaintext, judges whether the ciphertext is an authorized hardware platform according to the obtained plaintext information, and stores the detection result. When the application program module runs, an authorization request is sent to the authorization service module, the authorization service module returns an authorization result to the application program module, the application program module determines whether to exit running according to the authorization result, if the application program module is authorized, the application program module continues to run, and if the application program module is not authorized, the application program module exits running.
As described above, although the present invention has been described with reference to the exemplary embodiments and the accompanying drawings, the present invention is not limited thereto, but various modifications and changes can be made by those skilled in the art to which the present invention pertains without departing from the spirit and scope of the present invention as claimed in the appended claims.
Claims (10)
1. An application program encryption method based on an Android system is characterized by comprising the following steps:
when the Android-based system is started, the authorization service module is started and requests the encryption driving module to read the SOC characteristic information;
the encryption driving module reads the SOC characteristic information in the SOC module, carries out secondary encryption on the SOC characteristic information through an AES encryption algorithm and an exclusive-OR encryption algorithm, and then sends the SOC characteristic information to the authorization service module;
the authorization service module reads the encryption information from the encryption driving module, decrypts the encryption information by using an AES decryption algorithm and an exclusive OR decryption algorithm, judges whether the SOC module is authorized according to the decrypted information, and stores the authorization result so as to be inquired by the application program module;
when the application program module runs, a detection authorization request is sent to the authorization service module, the authorization service module returns an authorization result to the application program module, and the application program module determines whether to exit running according to the authorization result.
2. The Android system-based application encryption method according to claim 1, wherein whether to exit the operation step is determined according to the authorization result in the application module, if the authorization result is authorized, the application module continues to operate, and if the authorization result is unauthorized, the application module exits the operation.
3. The Android system-based application encryption method of claim 1, wherein a key of the exclusive-or decryption algorithm is identical to a key of the exclusive-or encryption algorithm.
4. The Android system-based application encryption method of claim 1, wherein a key of an AES decryption algorithm is identical to a key of an AES encryption algorithm.
5. An application encryption device based on an Android system, which is characterized by comprising:
an SOC module storing SOC characteristic information;
the encryption driving module reads the SOC characteristic information in the SOC module, performs secondary encryption on the SOC characteristic information through an AES encryption algorithm and an exclusive OR encryption algorithm, and then provides the SOC characteristic information to the authorization service module;
the authorization service module reads the encryption information from the encryption driving module, decrypts the encryption information by using an AES decryption algorithm and an exclusive OR decryption algorithm, judges whether the SOC module is authorized according to the decrypted information, and stores an authorization result so as to inquire by the application program module;
and the application program module is communicated with the authorization service module, sends a detection authorization request to the authorization service module and determines whether to exit the application program according to the returned result.
6. The Android system-based application encryption device of claim 5, wherein the encryption driving module comprises:
a reading SOC information module for reading SOC characteristic information different from other SOC modules from the SOC module;
the AES encryption algorithm module is used for carrying out AES encryption on the read SOC characteristic information;
and the exclusive-or encryption algorithm module is used for carrying out exclusive-or encryption on the information encrypted by the AES encryption algorithm module so as to obtain encrypted SOC characteristic information.
7. The Android system-based application encryption device of claim 5, wherein the authorization service module comprises:
an exclusive or decryption algorithm module for decrypting the encrypted SOC characteristic information read from the encryption driving module;
the AES decryption algorithm module is used for decrypting the information decrypted by the exclusive OR decryption algorithm module by using the AES algorithm again;
an application program interface module for defining a plurality of interfaces for interacting with the application program module.
8. The Android system-based application encryption device of claim 5, wherein the application module comprises:
the detection module is used for communicating with the authorization service module and sending a detection request to the authorization service module;
and the function module is used for realizing the function of the application program and calling the detection module to detect.
9. The Android system based application encryption device of claim 5, wherein the SOC module includes a processor model CR800.
10. The Android system based application encryption device of claim 5, wherein the encryption driver module and the authorization service module comprise a processor of model CR800.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611225024.2A CN106778102B (en) | 2016-12-27 | 2016-12-27 | Android system-based application program encryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611225024.2A CN106778102B (en) | 2016-12-27 | 2016-12-27 | Android system-based application program encryption method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106778102A CN106778102A (en) | 2017-05-31 |
| CN106778102B true CN106778102B (en) | 2023-04-28 |
Family
ID=58921008
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611225024.2A Active CN106778102B (en) | 2016-12-27 | 2016-12-27 | Android system-based application program encryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106778102B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108399320B (en) * | 2018-02-24 | 2022-02-01 | 北京三快在线科技有限公司 | Method and device for controlling function operation in application |
| CN112836183B (en) * | 2020-12-31 | 2023-03-24 | 上海移为通信技术股份有限公司 | Authorization method, network device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101409592A (en) * | 2008-11-17 | 2009-04-15 | 普天信息技术研究院有限公司 | Method, system and device for realizing multi-application service based on conditional access card |
| CN102184366A (en) * | 2011-06-07 | 2011-09-14 | 郑州信大捷安信息技术有限公司 | External program security access architecture based on system on chip (SoC) and control method |
| CN105095696A (en) * | 2015-06-25 | 2015-11-25 | 三星电子(中国)研发中心 | Method, system and apparatus for carrying out safety authentication on application programs |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8843745B2 (en) * | 2011-04-26 | 2014-09-23 | Nalpeiron Inc. | Methods of authorizing a computer license |
-
2016
- 2016-12-27 CN CN201611225024.2A patent/CN106778102B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101409592A (en) * | 2008-11-17 | 2009-04-15 | 普天信息技术研究院有限公司 | Method, system and device for realizing multi-application service based on conditional access card |
| CN102184366A (en) * | 2011-06-07 | 2011-09-14 | 郑州信大捷安信息技术有限公司 | External program security access architecture based on system on chip (SoC) and control method |
| CN105095696A (en) * | 2015-06-25 | 2015-11-25 | 三星电子(中国)研发中心 | Method, system and apparatus for carrying out safety authentication on application programs |
Non-Patent Citations (1)
| Title |
|---|
| 许冬霞 ; .一种软件在线授权系统的安全模型.电脑知识与技术.2010,(第22期),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106778102A (en) | 2017-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8239679B2 (en) | Authentication method, client, server and system | |
| CN103906054B (en) | Method and system for authorization of software function modules of internet of things | |
| CN101005361B (en) | Server and software protection method and system | |
| CN101719205B (en) | Digital copyright management method and system | |
| CN101051904B (en) | Method for landing by account number cipher for protecting network application sequence | |
| CN100452075C (en) | Security control methods for date transmission process of software protection device and device thereof | |
| CN109684129B (en) | Data backup recovery method, storage medium, encryption machine, client and server | |
| CN111181928A (en) | Vehicle diagnosis method, server, and computer-readable storage medium | |
| CN102946392A (en) | URL (Uniform Resource Locator) data encrypted transmission method and system | |
| CN108062462B (en) | Software authorization authentication method and system | |
| CN108718233B (en) | Encryption method, computer equipment and storage medium | |
| CN101582896A (en) | Third-party network authentication system and authentication method thereof | |
| CN102999710B (en) | A kind of safety shares the method for digital content, equipment and system | |
| CN115374405A (en) | Software authorization method, license authorization method, device, equipment and storage medium | |
| CN106411520B (en) | Method, device and system for processing virtual resource data | |
| CN108667784B (en) | System and method for protecting internet identity card verification information | |
| CN112507296A (en) | User login verification method and system based on block chain | |
| CN115529192A (en) | Method, device, equipment and storage medium for secure transmission of network data | |
| CN103177225B (en) | A kind of data managing method and system | |
| CN116866333A (en) | Method and device for transmitting encrypted file, electronic equipment and storage medium | |
| CN116167020A (en) | Software authorization method and system | |
| CN110879875A (en) | Hardware encryption device, embedded system copyright protection system and method | |
| CN106778102B (en) | Android system-based application program encryption method and device | |
| CN108462699A (en) | Based on the encrypted Quick Response Code generation of sequential and verification method and system | |
| CN103336918B (en) | Electronic hard disk system authorization method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |