HK1095229B - A method of control and management of application programs in terminals - Google Patents
A method of control and management of application programs in terminals Download PDFInfo
- Publication number
- HK1095229B HK1095229B HK07102465.5A HK07102465A HK1095229B HK 1095229 B HK1095229 B HK 1095229B HK 07102465 A HK07102465 A HK 07102465A HK 1095229 B HK1095229 B HK 1095229B
- Authority
- HK
- Hong Kong
- Prior art keywords
- program
- verification
- application program
- key
- information
- Prior art date
Links
Description
Technical Field
The present invention relates generally to terminal devices of a network, and more particularly to a method of implementing control and management of applications in a terminal device.
Background
It is well known that Windows operating systems and Windows operating system based applications for Personal Computers (PCs) are often pirated. For this reason, software developers have taken some corresponding measures. For example, microsoft corporation proposed Microsoft Product Activation (MPA) technology to associate genuine software with the hardware of the installed PC for protecting its Windows and Office from piracy. Once the software is installed on one machine, it cannot be reinstalled on another machine. The specific method comprises the following steps: the software is provided with a product ID, activation operation is required in the installation process, and hardware information such as a display card, a network card, memory configuration and the like of the machine is combined with the product ID to generate an installation ID. The user can obtain a confirmation ID from Microsoft through the installation ID, and the operating system can be activated through the confirmation ID.
It is also known that unauthorized playback and copying of multimedia content (e.g., audiovisual artifacts) can occur. To this end, multimedia content providers have adopted several approaches. One of them is Digital Rights Management (DRM) technology. DRM technology protects digital content by encrypting the digital content and attaching usage rules. Wherein the usage rules can conclude whether the user is eligible to play the digital content. Usage rules may generally prevent content from being copied or limit the number of plays of content. The operating system and multimedia middleware are responsible for enforcing these rules.
Similar to the above situation, in a network, a problem arises in that an application is not used illegally in terminal devices, including, for example, but not limited to: set-top boxes, home multimedia gateways, mobile phones, palm computers, and the like. Therefore, it is very important to protect the benefits of network operators, prevent illegal applications from running in these terminal devices, and ensure the safe and controllable development of services.
The applications running in the terminal devices of the conventional network are downloaded from the network side or written manually from the peripheral I/O devices of the terminal devices. The server side on the network side ensures the legality of the application program, that is, the legality and the security of the application program in the terminal equipment are managed by the server side, and the safety premise is that the terminal equipment cannot download the application program which is not authenticated by the server. Authenticating the legitimacy of an application written via an I/O device can generally only be done by trusting the writer of the application or by not allowing the application to be written via the I/O device. These methods have a problem in that once a hacker writes illegal applications into the terminal device by a special means, the terminal cannot perform operation-level controllable management on the applications.
As the purpose of the MPA technique described above is to protect the software from piracy, rather than to prevent unauthorized application software from being launched on the set-top box, MPA technique cannot be used directly for the controlled running of the set-top box software. Specifically, there are some reasons for this: 1. the technology can only be used in a Windows operating system, and the set-top box generally mainly adopts an open source operating system such as Linux. 2. The application process of the technology is matched by a user, and the user tells Microsoft of the installation ID, acquires the confirmation ID and inputs the confirmation ID by himself. The method for intervening in the installation process is complex in operation and is not suitable for the set-top box user.
The application object of the aforementioned DRM technology is multimedia contents, not an executable program. No enterprise or individual currently applies DRM technology to the controlled manageability of software operations. In addition, the running of DRM requires both the support of the operating system and multimedia middleware.
In order to solve the problem of managing the terminal devices issued by the operators, one way is to adopt a Trusted Platform Module (TPM) technology. A TPM is a hardware device that interfaces with a platform motherboard to verify identity and to process variables used by a computer or device in a trusted computing environment. The TPM and the data stored therein are separate from all other components of the platform. The TPM itself is a small control and management system that acts as a source of trust in the operation of the platform. All security certification and security calling of the system are completed by the TPM, and a complete trust chain relation of network-application software-operating system-hardware-user is established. Under the action of trust transmission, the integrity check of a security mechanism is realized, so that the credibility of each link is ensured, and the credibility of the whole system is further ensured.
The TPM adopts a hardware mode, and can be added to the whole operating environment only by specially modifying the hardware I/O layout of the motherboard, so that it cannot provide security support for the existing motherboard, and a design for supporting the existing motherboard needs to be specially added to the next generation motherboard. In addition, due to the adoption of a mode of a hardware chip, different devices are required to be customized and developed, and the cost is higher.
In view of the above, it is necessary to develop a simple and inexpensive method for enabling the network side to control and manage the application running in the terminal device.
Disclosure of Invention
In order to solve the above problems in the prior art, an object of the present invention is to provide a simple and inexpensive method, thereby enabling a network side to control and manage an application running in a terminal device. According to the present invention, a method for controlling and managing an application program in a terminal device is provided, wherein the terminal device employs an open source operating system, the method comprising the steps of:
partially or completely encrypting the application program in advance in a verification server at a network side, and generating and adding corresponding preset information for the application program;
downloading the encrypted application program to the terminal equipment through a network;
modifying a program loader in the terminal equipment operating system in advance to extract verification information from the application program before generating an execution environment for running the application program;
the program loader transmits the extracted verification information to the verification server on the network side for verification and the network side returns a verification result; and
based on the verification result, decrypting the application program by the loader in the terminal and running the application program in the terminal.
Preferably, the encrypting the application program in advance in the verification server on the network side partially or completely includes: and setting and storing a program key for each application program by the verification server, and partially or completely encrypting the executable program by using the program key.
Preferably, the step of generating preset information for the application program includes: and generating a program fingerprint code for the application program passing the validity verification by the verification server, and adding a feature code into the head of the program to serve as the preset information.
Preferably, the fingerprint code is generated by the information of the program itself, wherein the program fingerprint code is verified by a fifth generation information-summary algorithm or other verification algorithms; and the feature code may be specified by the network side or the program developer, and preferably may include a serial number or a version number of the executable program, or a combination of the two.
Preferably, the step of extracting the verification information from the application program by the program loader in the terminal device operating system includes: and extracting a program feature code from the header of the application program file and using the program feature code and the equipment identification number of the terminal equipment as verification information, wherein the equipment identification number is provided by a network side.
Preferably, the method further comprises: the program loader in the terminal equipment encrypts the verification information by using an equipment key of the equipment, wherein the equipment key is provided by a network side and is stored in the verification server and the terminal equipment of the network side; and sending the encrypted verification information to a verification server on the network side.
Preferably, the method further comprises: the checking server at the network side checks whether the application program is authorized or not according to the checking information and returns a checking result, wherein: if the verification is not passed, the verification result is error information, and the result of the verification information is encrypted by using an equipment key, wherein the equipment key is provided by a network side and is stored in the verification server and the terminal equipment; if the verification is passed, the verification result contains a program key and a program fingerprint code, and the program key and the program fingerprint code are encrypted using the device key.
Preferably, the method further comprises: checking a checking result by the terminal equipment, wherein: if the decryption check result is negative, the terminal equipment refuses to start the application program; and if the decryption verification result is positive, the terminal device uses the device key to solve the program key and the program fingerprint code; comparing the calculated program fingerprint code with the decoded program fingerprint code; and if the program key is the same as the application key, the program loader of the terminal equipment decrypts the application program by using the program key and runs the application program in the terminal equipment.
Preferably, the method further comprises the step that the terminal device stores the program key and the fingerprint code of the running application program, and when the program is run again, the application program can be directly decrypted by using the stored program key without accessing the verification server.
The method of the invention better solves the problem that the application program in the prior network terminal equipment is uncontrollable, has the advantages of low construction cost, simple realization and convenient management, and has the following beneficial effects:
in the whole encryption process, the channel is encrypted by using the common device key of the terminal device and the verification server, so that the channel security is ensured, and the information used for decryption can safely reach the terminal device.
And encrypting the program by using the program key to ensure that the program can only run in the terminal equipment which accords with the running process.
And the program fingerprint code is verified by using a fifth generation information-abstract algorithm or other verification algorithms, so that the terminal equipment can only run the application program which is verified by a relevant party.
The authenticated user name and user password are used to simplify the encryption process, so that the encryption and decryption process only needs to be transmitted once, and the burden of the server is greatly reduced.
Drawings
The features, advantages and benefits of the present invention will become more apparent and apparent from the detailed description set forth below when taken in conjunction with the drawings, in which:
FIG. 1 is a schematic diagram of an application program verification according to the present invention;
fig. 2 is a schematic flow chart of encrypting, verifying and decrypting an application according to the present invention.
Detailed Description
The following description of the preferred embodiments of the present invention is provided to explain the present invention in detail by referring to the figures.
The invention focuses on two aspects, one of which modifies a program loader of an open source operating system of terminal equipment so as to communicate with a network side check server before generating an actual application program running space, and utilizes the network side to check the application program and correctly run the program according to a check result; the two application programs are partially or completely encrypted in advance, and corresponding preset information is generated and added so that the application programs cannot run before being authenticated by the verification server.
The following describes an embodiment of the present invention with reference to fig. 1. Fig. 1 shows a schematic diagram of a structure for verifying an application according to the present invention. The illustrated communication system includes one or more network terminal devices 101 and a verification server 102 on the network side, and for the sake of simplicity, only one network terminal device 101 is illustrated in fig. 1. In the network terminal 101, one or more applications, for example applications 1, 2.. n, may be run. In addition, a program loader 1012 is also included in the operating system in the network terminal device 101, and in order to achieve manageability of the running level of the application program, the program loader in the operating system may be modified to check the application program before actually loading and generating the running program execution environment. To this end, the operating system preferably employs an open source system that is modifiable by source code. Included in the check server 102 are a check agent module 1022 and a check database 1024. The check agent module 1022 exchanges data with the check database 1024. Preferably, when implementing the method of the present invention, for the verified application, the verification server 102 located on the network side establishes a mapping table of the verification value and the application. The validity of the application program is checked on the server side by transmitting information necessary for the check through a secure channel between the network terminal apparatus 101 and the check server 102. The secure channel between the network terminal 101 and the verification server 102 is used for transmitting verification information and verification results. Only the application program passing the verification can generate the RAM program execution environment 1014 in the terminal device.
According to the invention, the corresponding application 1, 2.. n, for example, application 1, is partially or completely encrypted beforehand in the network-side verification server 102 and corresponding preset information is generated and added for the application. Wherein, the verification server 102 sets and stores a program key Ks for each application program, and partially encrypts the executable program by using the program key Ks. And the verification server 102 generates a program fingerprint code for the application program and adds a feature code in the head of the application program, wherein the program fingerprint code and the feature code are used as the preset information. For example, the fingerprint code is generated through information of the program itself, wherein the program fingerprint code is generated through a fifth generation information-abstract algorithm or other verification algorithms, and is verified, and the terminal device can only run the application program which is verified by the relevant party. And the feature code may be specified by the network side or the program developer and include a serial number or version number of the executable program, or a combination of both.
The encrypted application is downloaded to the terminal apparatus 101 via a network, or the application is written in the terminal apparatus via an I/O device.
The program loader 1012 in the terminal device operating system is modified in advance to extract the verification information from the application program before generating the execution environment for running the application program. And extracting a program feature code from the application program file header and the equipment identification number of the terminal equipment as verification information, wherein the equipment identification number is provided by a network side.
The extracted verification information is transmitted by the program loader 1012 to the verification server 102 on the network side for verification and the verification result is returned by the network side, wherein a security protection mechanism is adopted for a communication channel between the program loader 1012 and the network side.
The program loader 1012 in the network terminal apparatus 101 encrypts the verification information using the apparatus key of the apparatus, and based on the verification result, decrypts the application program by the loader 1012 in the terminal and runs the application program in the terminal; and sending the encrypted verification information to the verification server 102 on the network side.
The verification server 102 on the network side verifies whether the application program is authorized according to the verification information, and returns a verification result, wherein: if the verification is not passed, the verification result is error information, and the result of the verification information is encrypted by using a device key Kc, wherein the device key Kc is provided by a network side and is stored in the terminal device 101 and the verification server 102; if the verification is passed, the verification result contains the program key Ks and the program fingerprint code, and the program key Ks and the program fingerprint code are encrypted using the device key Kc. Therefore, the channel is encrypted by using the device key Kc shared by the terminal device and the verification server, so that the channel security is ensured, and the information used for decryption can safely reach the terminal device.
In addition, the terminal device 101 also checks the verification result, wherein: if the decryption check result is negative, the terminal apparatus 101 refuses to start the application; and if the decryption check result is positive, the terminal apparatus 101 uses the apparatus key Kc to solve the program key Ks and the program fingerprint code; comparing the calculated program fingerprint code with the decoded program fingerprint code; if the two are the same, indicating that the program key Ks is authentic, the program loader 1012 of the terminal apparatus 101 decrypts the application program using the program key Ks and runs the application program in the terminal apparatus.
In addition, according to the preferred embodiment of the present invention, the terminal apparatus 101 stores the program key Ks and the fingerprint code of the application program that has been run, and when the program is run again, the application program can be decrypted directly using the stored program key Ks without accessing the verification server.
Fig. 2 is a flow chart of encryption, verification and decryption according to the present invention. If the terminal device runs a certain application program and the program key of the application program is not stored in the terminal, the specific flow is as follows:
in step 1: the verification server verifies the content related to the program through validity verification, namely the program, generates a program fingerprint code (such as a fifth generation information-summary algorithm) for the application program to be controlled, adds a characteristic code in the head of the program, and encrypts a part of executable code.
In step 2: the application program is downloaded to the terminal device.
In step 3: and the program loader of the terminal equipment operating system loads the application program. By modifying the loading process of the program loader on the running application, before the program running environment is generated, the feature code (such as the serial number of the executable program, or the version number + the serial number) included in the program file header and the device identification number may be first extracted. Wherein the extracted feature code and the device identification number are preferably used as verification information.
In step 4: the program loader of the terminal equipment encrypts the program feature code and the equipment identification number serving as verification information by using an equipment key Kc and then sends the verification information to the verification server. Wherein the device key Kc is possessed by the terminal device in advance.
And in step 5: the verification server verifies whether the application program is authorized according to the verification information and returns a verification result, wherein the verification result has two conditions:
5.1) if the verification is not passed, the verification result is error information, and the result of the verification information is encrypted by using the device key Kc. Kc is used only for encrypting the channel.
5.2) if the verification is passed, the verification result comprises a program key Ks, a program fingerprint code and the like, and the program key Ks and the program fingerprint code are encrypted by a device key Kc.
In step 6: the terminal device checks the check result.
6.1) if the decryption check result is negative, the terminal equipment refuses to start the application program.
6.2) if the decryption verification result is positive, the terminal equipment uses the equipment key Kc to solve the program key Ks and the program fingerprint code, compares the calculated program fingerprint code with the solved program fingerprint code, and if the two codes are the same, the program key Ks is credible. The program loader of the terminal device decrypts the application program using the program key Ks and runs it.
Preferably, the terminal device stores the program key Ks and the fingerprint code of the running application program, and when the program is run again, the program can be directly decrypted without accessing the verification server.
Claims (9)
1. A method for controlling and managing an application program in a terminal device, wherein the terminal device employs an open source operating system, the method comprising the steps of:
partially or completely encrypting the application program in advance in a verification server at a network side, and generating and adding corresponding preset information for the application program;
downloading the encrypted application program to the terminal equipment through a network;
modifying a program loader in the terminal equipment operating system in advance to extract verification information from the application program before generating an execution environment for running the application program;
the program loader transmits the extracted verification information to the verification server on the network side for verification and the network side returns a verification result; and
based on the verification result, decrypting the application program by the loader in the terminal and running the application program in the terminal.
2. The method of claim 1, wherein the pre-encrypting the application program in the verification server on the network side partially or completely comprises:
and setting and storing a program key for each application program by the verification server, and partially or completely encrypting the executable program by using the program key.
3. The method of claim 1, wherein the generating of the preset information for the application program comprises:
and generating a program fingerprint code for the application program passing the validity verification by the verification server, and adding a feature code into the head of the program to serve as the preset information.
4. The method of claim 3, wherein,
generating the fingerprint code through the information of the program, wherein the program fingerprint code is verified by using a fifth generation information-abstract algorithm or other verification algorithms; and
the feature code may be specified by the network side or the program developer, and may include a serial number or a version number of the executable program, or a combination of both.
5. The method of claim 1, wherein the step of extracting the verification information from the application program by a program loader in the terminal device operating system comprises:
and extracting a program feature code from the header of the application program file and using the program feature code and the equipment identification number of the terminal equipment as verification information, wherein the equipment identification number is provided by a network side.
6. The method of claim 1 or 5, further comprising:
the program loader in the terminal equipment encrypts the verification information by using an equipment key of the equipment, wherein the equipment key is provided by a network side and is stored in the verification server and the terminal equipment of the network side; and
and sending the encrypted verification information to a verification server at the network side.
7. The method of claim 1, further comprising:
the checking server at the network side checks whether the application program is authorized or not according to the checking information and returns a checking result, wherein:
if the verification is not passed, the verification result is error information, and the result of the verification information is encrypted by using an equipment key, wherein the equipment key is provided by a network side and is stored in the verification server and the terminal equipment;
if the verification is passed, the verification result contains a program key and a program fingerprint code, and the program key and the program fingerprint code are encrypted using the device key.
8. The method of claim 1 or 7, further comprising the step of the terminal device checking the check result, wherein:
if the decryption check result is negative, the terminal equipment refuses to start the application program; and
if the decryption verification result is positive, the terminal equipment uses the equipment key to solve the program key and the program fingerprint code; comparing the calculated program fingerprint code with the decoded program fingerprint code; and if the program key is the same as the application key, the program loader of the terminal equipment decrypts the application program by using the program key and runs the application program in the terminal equipment.
9. The method of claim 8, further comprising: the terminal device stores the program key and the fingerprint code of the running application program, and when the program is run again, the stored program key can be directly used for decrypting the application program without accessing the verification server.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2005100687645A CN1863038B (en) | 2005-05-12 | 2005-05-12 | Method for controlling and managing applications in terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK1095229A1 HK1095229A1 (en) | 2007-04-27 |
| HK1095229B true HK1095229B (en) | 2011-07-29 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11870758B2 (en) | Systems and methods for application identification | |
| KR100946042B1 (en) | Method and system for running tamper-resident applications and computer readable storage media | |
| CN1581118B (en) | Safety equipment, information processing terminal, integrated circuit, application device and method | |
| CN104318135B (en) | A kind of Java code Safety actuality loading method based on credible performing environment | |
| US20010056533A1 (en) | Secure and open computer platform | |
| US8321924B2 (en) | Method for protecting software accessible over a network using a key device | |
| US20020116632A1 (en) | Tamper-resistant computer system | |
| US7152245B2 (en) | Installation of black box for trusted component for digital rights management (DRM) on computing device | |
| US20060195689A1 (en) | Authenticated and confidential communication between software components executing in un-trusted environments | |
| EP2051181A1 (en) | Information terminal, security device, data protection method, and data protection program | |
| CN111475782B (en) | API (application program interface) key protection method and system based on SGX (generalized Standard X) software extension instruction | |
| KR20110093468A (en) | User terminal device, server and control method thereof | |
| US20060150246A1 (en) | Program execution control device, OS, client terminal, server, program execution control system, program execution control method and computer program execution control program | |
| CN1863038B (en) | Method for controlling and managing applications in terminal equipment | |
| CN108923910B (en) | A tamper-proof method for mobile application APK | |
| KR20150072007A (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
| CN119766650A (en) | System upgrading method, device, electronic equipment and readable storage medium | |
| CN115277082B (en) | Verification method and device for third party application | |
| HK1095229B (en) | A method of control and management of application programs in terminals | |
| CN107862209B (en) | File encryption and decryption method, mobile terminal and device with storage function | |
| KR102854414B1 (en) | Authentication methods and authentication systems that restrict unauthorized installation of software products | |
| KR101738604B1 (en) | System and method for preventing illegal use of library | |
| WO2019136736A1 (en) | Software encryption terminal, payment terminal, and software package encryption and decryption method and system | |
| KR101099056B1 (en) | Cas client download and verification method in downloadable conditional access system | |
| CN116170140A (en) | User key protection method, device, storage medium and system |