[go: up one dir, main page]

CN114218534B - Method, device, equipment and storage medium for checking offline package - Google Patents

Method, device, equipment and storage medium for checking offline package Download PDF

Info

Publication number
CN114218534B
CN114218534B CN202111523893.4A CN202111523893A CN114218534B CN 114218534 B CN114218534 B CN 114218534B CN 202111523893 A CN202111523893 A CN 202111523893A CN 114218534 B CN114218534 B CN 114218534B
Authority
CN
China
Prior art keywords
hash value
offline package
offline
algorithm
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111523893.4A
Other languages
Chinese (zh)
Other versions
CN114218534A (en
Inventor
易宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An International Smart City Technology Co Ltd
Original Assignee
Ping An International Smart City Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An International Smart City Technology Co Ltd filed Critical Ping An International Smart City Technology Co Ltd
Priority to CN202111523893.4A priority Critical patent/CN114218534B/en
Publication of CN114218534A publication Critical patent/CN114218534A/en
Application granted granted Critical
Publication of CN114218534B publication Critical patent/CN114218534B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/128Restricting unauthorised execution of programs involving web programs, i.e. using technology especially used in internet, generally interacting with a web browser, e.g. hypertext markup language [HTML], applets, java

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to the field of artificial intelligence, and discloses a method, a device, equipment and a storage medium for verifying an offline package, which are used for improving the accuracy of offline package verification. The offline package verification method comprises the following steps: calling a first algorithm to generate a public and private key according to the offline package acquisition request; acquiring offline package information of an offline package to be updated, calculating a first hash value through a second algorithm, and encrypting the first hash value through the first algorithm according to a public key and a private key to obtain a hash ciphertext; analyzing the offline package information to obtain a download address; downloading the offline package according to the downloading address to obtain a target offline package, and generating a second hash value according to a second algorithm; decrypting the hash ciphertext to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result; if the matching is successful, decompressing the target offline package and operating the target offline package. In addition, the invention also relates to a blockchain technology, and the target offline package can be stored in a blockchain node.

Description

Method, device, equipment and storage medium for checking offline package
Technical Field
The present invention relates to the field of artificial intelligence, and in particular, to a method, apparatus, device, and storage medium for verifying an offline package.
Background
In recent years, mobile internet application programs (apps) are widely used, and play an irreplaceable role in promoting economic and social development, service folks and the like; meanwhile, the behaviors of illegal stealing of personal information, misuse of personal information and even resale of personal information are endless, information leakage is serious, and personal information security is greatly threatened. As the state advances the App specialized renovation action deeply, regulatory authorities, participants in various industries, and end users are increasingly concerned about the security problem of apps.
At present, hybrid has become a main mode of developing an App for enterprises, and the mode of mixed development through an h5 offline package has the advantages of being suitable for different platforms such as android, ios and the like, timely in updating and the like, reduces the workload of development, and can realize new addition or timely updating of service functions of the App without upgrading the App. But this approach also exposes some security issues, off-line packets are likely to be tampered with by an attacker and malicious code is implanted, and App downloading and executing an unverified off-line packet may cause App information disclosure, exposing user privacy data.
Disclosure of Invention
The invention provides a method, a device, equipment and a storage medium for checking an offline package, which are used for improving the accuracy of the offline package checking.
The first aspect of the present invention provides a method for checking an offline packet, where the method for checking an offline packet includes: receiving an offline package acquisition request sent by a preset mobile internet application program, and calling a preset first algorithm according to the offline package acquisition request to generate a public key and a private key corresponding to the offline package acquisition request, wherein the public key and the private key comprise a public key and a private key; acquiring offline package information corresponding to an offline package to be updated from a preset local cache, calculating a first hash value corresponding to the offline package information through a preset second algorithm, and carrying out encryption processing on the first hash value according to the public and private key and through the first algorithm to obtain a hash ciphertext corresponding to the first hash value; storing the public and private key and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information; downloading the offline package according to the downloading address to obtain a target offline package, and generating a hash value corresponding to the target offline package according to the second algorithm to obtain a second hash value; decrypting the hash ciphertext through the first algorithm and the public and private key to obtain the first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline packet and operating the target offline packet.
Optionally, in a first implementation manner of the first aspect of the present invention, the receiving an offline package obtaining request sent by a preset mobile internet application, and calling a preset first algorithm according to the offline package obtaining request to generate a public key and a private key corresponding to the offline package obtaining request, includes: receiving an offline package acquisition request sent by a preset mobile internet application program; matching a first algorithm corresponding to the offline package acquisition request according to the offline package acquisition request; and generating a public and private key corresponding to the offline package acquisition request through the first algorithm.
Optionally, in a second implementation manner of the first aspect of the present invention, the obtaining, from a preset local cache, offline packet information corresponding to an offline packet to be updated, calculating, by using a preset second algorithm, a first hash value corresponding to the offline packet information, and performing encryption processing on the first hash value according to the public-private key and by using the first algorithm, to obtain a hash ciphertext corresponding to the first hash value, where the method includes: acquiring offline package information corresponding to an offline package to be updated from a preset local cache based on the offline package acquisition request; inputting the offline package information into a preset second algorithm to calculate a hash value, and obtaining a first hash value corresponding to the offline package information; and encrypting the first hash value based on a private key in the public and private keys through the first algorithm to obtain a hash ciphertext corresponding to the first hash value.
Optionally, in a third implementation manner of the first aspect of the present invention, the storing the public and private key and the hash ciphertext, and analyzing the offline packet information to obtain a download address corresponding to the offline packet information includes: assembling the public and private key, the offline package information and the hash ciphertext to obtain an offline package message, and returning the offline package message to the mobile Internet application program; and analyzing the offline package information to obtain a download address corresponding to the offline package information.
Optionally, in a fourth implementation manner of the first aspect of the present invention, the downloading the offline packet according to the download address to obtain a target offline packet, and generating a hash value corresponding to the target offline packet according to the second algorithm to obtain a second hash value, includes: acquiring a download resource based on the download address, and downloading an offline package corresponding to the offline package information according to the download resource to obtain a target offline package; and calculating a hash value corresponding to the target offline packet through the second algorithm to obtain a second hash value.
Optionally, in a fifth implementation manner of the first aspect of the present invention, decrypting the hashed ciphertext through the first algorithm and the public key to obtain the first hash value, and matching the first hash value with the second target hash value to obtain a matching result, where the matching result includes: analyzing the hash ciphertext through a public key in the public and private keys and the first algorithm to obtain the first hash value; and matching the first hash value with the second hash value in a preset local cache to obtain a matching result, wherein the matching result comprises that the first hash value and the second hash value are successfully matched and the first hash value and the second hash value are unsuccessfully matched.
Optionally, in a sixth implementation manner of the first aspect of the present invention, the method for checking an offline packet further includes: if the matching result is that the first hash value and the second hash value are not successfully matched, the first hash value and the second hash value are not successfully matched to generate prompt information; and sending the prompt information to the mobile Internet application program for early warning.
The second aspect of the present invention provides a verification device for an offline packet, where the verification device for an offline packet includes: the receiving module is used for receiving an offline package acquisition request sent by a preset mobile internet application program, and calling a preset first algorithm according to the offline package acquisition request to generate a public key and a private key corresponding to the offline package acquisition request, wherein the public key and the private key comprise a public key and a private key; the processing module is used for acquiring offline package information corresponding to an offline package to be updated from a preset local cache, calculating a first hash value corresponding to the offline package information through a preset second algorithm, and carrying out encryption processing on the first hash value according to the public and private key and through the first algorithm to obtain a hash ciphertext corresponding to the first hash value; the analysis module is used for storing the public and private keys and the hash ciphertext and analyzing the offline package information to obtain a download address corresponding to the offline package information; the downloading module is used for downloading the offline package according to the downloading address to obtain a target offline package, and generating a hash value corresponding to the target offline package according to the second algorithm to obtain a second hash value; the matching module is used for decrypting the hash ciphertext through the first algorithm and the public and private key to obtain the first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and the decompression module is used for decompressing the target offline packet and running the target offline packet if the matching result is that the first hash value and the second hash value are successfully matched.
Optionally, in a first implementation manner of the second aspect of the present invention, the receiving module is specifically configured to: receiving an offline package acquisition request sent by a preset mobile internet application program; matching a first algorithm corresponding to the offline package acquisition request according to the offline package acquisition request; and generating a public and private key corresponding to the offline package acquisition request through the first algorithm.
Optionally, in a second implementation manner of the second aspect of the present invention, the processing module is specifically configured to: acquiring offline package information corresponding to an offline package to be updated from a preset local cache based on the offline package acquisition request; inputting the offline package information into a preset second algorithm to calculate a hash value, and obtaining a first hash value corresponding to the offline package information; and encrypting the first hash value based on a private key in the public and private keys through the first algorithm to obtain a hash ciphertext corresponding to the first hash value.
Optionally, in a third implementation manner of the second aspect of the present invention, the parsing module is specifically configured to: assembling the public and private key, the offline package information and the hash ciphertext to obtain an offline package message, and returning the offline package message to the mobile Internet application program; and analyzing the offline package information to obtain a download address corresponding to the offline package information.
Optionally, in a fourth implementation manner of the second aspect of the present invention, the downloading module is specifically configured to: acquiring a download resource based on the download address, and downloading an offline package corresponding to the offline package information according to the download resource to obtain a target offline package; and calculating a hash value corresponding to the target offline packet through the second algorithm to obtain a second hash value.
Optionally, in a fifth implementation manner of the second aspect of the present invention, the matching module is specifically configured to: analyzing the hash ciphertext through a public key in the public and private keys and the first algorithm to obtain the first hash value; and matching the first hash value with the second hash value in a preset local cache to obtain a matching result, wherein the matching result comprises that the first hash value and the second hash value are successfully matched and the first hash value and the second hash value are unsuccessfully matched.
Optionally, in a sixth implementation manner of the second aspect of the present invention, the offline packet verification device further includes: the prompting module is used for generating prompting information when the matching result is that the first hash value and the second hash value are not successfully matched; and sending the prompt information to the mobile Internet application program for early warning.
A third aspect of the present invention provides an offline package verification apparatus, including: a memory and at least one processor, the memory having instructions stored therein; the at least one processor invokes the instructions in the memory to cause the offline packet verification device to perform the offline packet verification method described above.
A fourth aspect of the invention provides a computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the method of verification of an off-line package as described above.
According to the technical scheme provided by the invention, a first algorithm is called according to an offline package acquisition request to generate a public and private key; acquiring offline package information corresponding to an offline package to be updated, calculating a first hash value corresponding to the offline package information through a second algorithm, and carrying out encryption processing on the first hash value according to a public key and a private key through the first algorithm to obtain a hash ciphertext; storing the public and private key and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information; downloading the offline package according to the downloading address to obtain a target offline package, and generating a hash value corresponding to the target offline package according to a second algorithm to obtain a second hash value; decrypting the hash ciphertext through the first algorithm and the public and private key to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline packet and operating the target offline packet. The invention effectively distinguishes the authenticity of the off-line package of the mixed mode mobile application through the national encryption algorithm, and when the verification is successful, the invention runs safely, and the verification failure is terminated in time, thereby effectively improving the accuracy of the off-line package verification.
Drawings
FIG. 1 is a schematic diagram of an embodiment of a method for checking an offline package according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of another embodiment of a method for verifying an offline package according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an embodiment of an offline package verification device according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of another embodiment of an offline package verification device according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of an embodiment of an offline package verification device according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a method, a device, equipment and a storage medium for checking an offline package, which are used for improving the accuracy of the offline package checking. The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
For easy understanding, the following describes a specific flow of an embodiment of the present invention, referring to fig. 1, and a first embodiment of a method for checking an offline package in an embodiment of the present invention includes:
101. Receiving an offline package acquisition request sent by a preset mobile internet application program, and calling a preset first algorithm according to the offline package acquisition request to generate a public key and a private key corresponding to the offline package acquisition request, wherein the public key and the private key are included;
Specifically, when a user enters a mobile internet application (App), the mobile internet application initiates a request to a server to acquire information of an offline package. After receiving an instruction sent by the mobile internet application program, the server side firstly randomly generates a pair of public and private key pairs through a first algorithm (the first algorithm can be SM2 algorithm), and stores the public and private keys.
It can be understood that the execution body of the present invention may be a verification device of an offline package, and may also be a terminal or a server, which is not limited herein. The embodiment of the invention is described by taking a server as an execution main body as an example. The embodiment of the invention can acquire and process the related data based on the artificial intelligence technology. Wherein artificial intelligence (ARTIFICIAL INTELLIGENCE, AI) is the theory, method, technique, and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend, and expand human intelligence, sense the environment, acquire knowledge, and use knowledge to obtain optimal results. Artificial intelligence infrastructure technologies generally include technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and other directions. The server may be an independent server, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDN), and basic cloud computing services such as big data and artificial intelligence platforms.
102. Acquiring offline package information corresponding to an offline package to be updated from a preset local cache, calculating a first hash value corresponding to the offline package information through a preset second algorithm, and carrying out encryption processing on the hash value according to a public key and a private key through the first algorithm to obtain a hash ciphertext corresponding to the first hash value;
Specifically, the server encrypts the hash value of the offline packet through the stored private key and the first algorithm to generate a hash ciphertext. It should be noted that the second algorithm may be an SM3 algorithm, where the SM3 algorithm may be used for digital signature and verification in a commercial cryptographic application, and is an algorithm that is improved based on SHA-256, where the second algorithm uses a Merkle-Damgard structure, the message packet length is 512 bits, the digest value length is 256 bits, and the compression function of the second algorithm has a similar structure to the compression function of SHA-256, but the design of the second algorithm is more complex, for example, each round of the compression function uses 2 message words.
103. Storing the public and private key and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information;
Specifically, the server assembles an offline package message, including information such as a download address, a public key, a hash ciphertext and the like, and returns the information to the mobile internet application program, the server assembles the public and private key, the offline package information and the hash ciphertext to obtain the offline package message, and the server returns the offline package message to the mobile internet application program; and the server analyzes the offline package information to obtain a download address corresponding to the offline package information.
104. Downloading the offline package according to the downloading address to obtain a target offline package, and generating a hash value corresponding to the target offline package according to a second algorithm to obtain a second hash value;
Specifically, the server ensures the integrity and consistency of the offline package, the hash values calculated on the offline package by the second algorithm are consistent, and the hash values calculated on different offline packages are different. Therefore, the integrity of the offline package can be effectively verified, and the consistency of the offline package operated by the App and the server is ensured.
105. Decrypting the hash ciphertext through the first algorithm and the public and private key to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result;
specifically, the server analyzes the hash ciphertext through a public key and a first algorithm in the public key and the private key to obtain a first hash value; the server matches the first hash value and the second hash value in a preset local cache to obtain a matching result, wherein the matching result comprises that the first hash value and the second hash value are successfully matched and the first hash value and the second hash value are unsuccessfully matched.
106. And if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline packet and operating the target offline packet.
It should be noted that, the mixed mode mobile application: the mobile Internet application program between the mobile web application and the local mobile application is only one web page although the mobile web application program looks like a local mobile application, and the mobile web application program is accessed from inside, namely, a shell of a client is developed by using a local native, the bottom function API is provided by a native container in a certain way, then service logic is completed by an H5 page, and finally the native container loads the H5 page to complete the whole App. The H5 page can be loaded on line or loaded and operated in a manner of downloading an off-line package.
Further, the server stores the target offline package in a blockchain database, as is not limited herein.
In the embodiment of the invention, a first algorithm is called to generate a public and private key according to an offline package acquisition request; acquiring offline package information corresponding to an offline package to be updated, calculating a first hash value corresponding to the offline package information through a second algorithm, and carrying out encryption processing on the first hash value according to a public key and a private key through the first algorithm to obtain a hash ciphertext; storing the public and private key and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information; downloading the offline package according to the downloading address to obtain a target offline package, and generating a hash value corresponding to the target offline package according to a second algorithm to obtain a second hash value; decrypting the hash ciphertext through the first algorithm and the public and private key to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline packet and operating the target offline packet. The invention effectively distinguishes the authenticity of the off-line package of the mixed mode mobile application through the national encryption algorithm, and when the verification is successful, the invention runs safely, and the verification failure is terminated in time, thereby effectively improving the accuracy of the off-line package verification.
Referring to fig. 2, a second embodiment of a method for checking an offline packet according to an embodiment of the present invention includes:
201. receiving an offline package acquisition request sent by a preset mobile internet application program, and calling a preset first algorithm according to the offline package acquisition request to generate a public key and a private key corresponding to the offline package acquisition request, wherein the public key and the private key are included;
Optionally, the server receives an offline package acquisition request sent by a preset mobile internet application program; the server matches a first algorithm corresponding to the offline package acquisition request according to the offline package acquisition request; the server generates a public and private key corresponding to the offline package acquisition request through a first algorithm.
It should be noted that, the first algorithm: the SM2 elliptic curve public key cryptographic algorithm is a public key cryptographic algorithm and comprises an SM2-1 elliptic curve digital signature algorithm, an SM2-2 elliptic curve key exchange protocol and an SM2-3 elliptic curve public key encryption algorithm which are respectively used for realizing the functions of digital signature key negotiation, data encryption and the like. Elliptic curves are not ellipses, so-called elliptic curves because they are represented by a cubic equation, and the equation is similar to the equation for calculating the perimeter of an ellipse. In general, the cubic equation of an elliptic curve is formed as: y2+ axy +by=x3+cx2+dx+e; where a, b, c, d and e are real numbers meeting certain conditions, because the index in the equation is at most 3, we call the cubic equation, or the number of times of the equation is 3, the equation used by the first algorithm is: y2=x3+ax+b; the first algorithm is implemented as follows: (1) Selecting the element G of Ep (a, b) such that the order n of G is a large prime number; (2) the order of G refers to the minimum n value that satisfies ng=o; (3) Secret selecting integer k, calculating b=kg, then disclosing (p, a, B, G, B), B being a public key, secret k, k being a private key; encryption M: the message M is transformed into a point Pm in Ep (a, b) and then a random number r is chosen, the ciphertext cm= { rG, pm+rp }, if r is such that rG or rP is O, r is chosen again.
202. Acquiring offline package information corresponding to an offline package to be updated from a preset local cache, calculating a first hash value corresponding to the offline package information through a preset second algorithm, and carrying out encryption processing on the hash value according to a public key and a private key through the first algorithm to obtain a hash ciphertext corresponding to the first hash value;
Optionally, the server acquires offline package information corresponding to the offline package to be updated from a preset local cache based on the offline package acquisition request; the server inputs the offline package information into a preset second algorithm to calculate a hash value, and a first hash value corresponding to the offline package information is obtained; the server encrypts the first hash value based on a private key in the public and private keys through a first algorithm to obtain a hash ciphertext corresponding to the first hash value.
Specifically, the server acquires offline package information corresponding to an offline package to be updated from a preset local cache based on an offline package acquisition request; the server inputs the offline package information into a preset second algorithm to calculate a hash value, and a first hash value corresponding to the offline package information is obtained; the server encrypts the first hash value based on a private key in the public and private keys through a first algorithm to obtain a hash ciphertext corresponding to the first hash value. The second algorithm is a self-designed password hash algorithm in China through an SM3 password hash (hash and hash) algorithm, can be used for generating and verifying a digital signature and a verification message authentication code and generating a random number in commercial password application, and can meet the security requirements of various password applications.
203. Storing the public and private key and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information;
Optionally, the server assembles the public and private key, the offline package information and the hash ciphertext to obtain an offline package message, and returns the offline package message to the mobile internet application program; and the server analyzes the offline package information to obtain a download address corresponding to the offline package information.
Specifically, the server assembles an offline package message, including information such as a download address, a public key, a hash ciphertext and the like, and returns the information to the mobile internet application program, the mobile internet application program analyzes the offline package information returned by the service, the public key and the hash ciphertext are stored, the server assembles the public key, the private key, the offline package information and the hash ciphertext to obtain an offline package message, and the server returns the offline package message to the mobile internet application program; the server analyzes the offline package information to obtain a download address corresponding to the offline package information, and the device adds the processes of encrypting the private key of the server and decrypting the public key of the App to the hash value of the offline package, and meanwhile, the App can confirm the generation of the public key by the server, thereby preventing an attacker from forging the offline package file and the hash value midway.
204. Downloading the offline package according to the downloading address to obtain a target offline package, and generating a hash value corresponding to the target offline package according to a second algorithm to obtain a second hash value;
Optionally, the server acquires a download resource based on the download address, and downloads an offline package corresponding to the offline package information according to the download resource to obtain a target offline package; and the server calculates a hash value corresponding to the target offline packet through a second algorithm to obtain a second hash value.
Specifically, the server acquires a download resource based on a download address, and downloads an offline package corresponding to the offline package information according to the download resource to obtain a target offline package; the server calculates a hash value corresponding to the target offline package through a second algorithm to obtain a second hash value, effectively distinguishes the authenticity of the mixed mode mobile application offline package, and if the verification is successful, the server runs safely, and if the verification is failed, the server stops in time. The method and the system prevent serious safety accidents caused by the fact that the mobile Internet application program is forged by an operation attacker or malicious codes are implanted offline, ensure the information safety of the mobile Internet application program, and protect personal privacy data.
205. Decrypting the hash ciphertext through the first algorithm and the public and private key to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result;
Optionally, the server analyzes the hash ciphertext through a public key and a first algorithm in the public key and the private key to obtain a first hash value; the server matches the first hash value and the second hash value in a preset local cache to obtain a matching result, wherein the matching result comprises that the first hash value and the second hash value are successfully matched and the first hash value and the second hash value are unsuccessfully matched.
Specifically, the server analyzes the hash ciphertext through a public key and a first algorithm in the public key to obtain a first hash value, wherein Cm is analyzed: (pm+rp) -k (rG) =pm+ rkG-krG =pm; the security of the first algorithm is based on a mathematical problem "discrete logarithm problem ECDLP", i.e. consider the equation q=kp, wherein Q, P belongs to Ep (a, b), K < p, then: 1) p is known to q and p, and K is calculated to obtain a first hash value.
206. If the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline packet and operating the target offline packet;
it should be noted that, the mixed mode mobile application: the mobile Internet application program between the mobile web application and the local mobile application is only one web page although the mobile web application program looks like a local mobile application, and the mobile web application program is accessed from inside, namely, a shell of a client is developed by using a local native, the bottom function API is provided by a native container in a certain way, then service logic is completed by an H5 page, and finally the native container loads the H5 page to complete the whole App. The H5 page can be loaded on line or loaded and operated in a manner of downloading an off-line package.
207. If the matching result is that the first hash value and the second hash value are not successfully matched, the first hash value and the second hash value are unsuccessfully matched to generate prompt information;
208. and sending the prompt information to the mobile Internet application program for early warning.
Specifically, compared with the traditional mixed mode mobile application offline package processing scheme, the device increases the offline package verification process, and the mobile internet application program can effectively distinguish the authenticity of the offline package, so that the leakage of user information and privacy data caused by the operation of the offline package tampered with or embedded with malicious programs is prevented. Different from a processing scheme of simply checking the offline Bao Haxi or signing, the device adds a process of encrypting the private key of the server and decrypting the public key of the mobile Internet application program to the hash value of the offline package, and meanwhile, the mobile Internet application program can confirm the public key generated by the server, thereby preventing an attacker from forging the offline package file and the hash value halfway.
Further, the server stores the target offline package in a blockchain database, as is not limited herein.
In the embodiment of the invention, a first algorithm is called to generate a public and private key according to an offline package acquisition request; acquiring offline package information corresponding to an offline package to be updated, calculating a first hash value corresponding to the offline package information through a second algorithm, and carrying out encryption processing on the first hash value according to a public key and a private key through the first algorithm to obtain a hash ciphertext; storing the public and private key and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information; downloading the offline package according to the downloading address to obtain a target offline package, and generating a hash value corresponding to the target offline package according to a second algorithm to obtain a second hash value; decrypting the hash ciphertext through the first algorithm and the public and private key to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline packet and operating the target offline packet. The invention effectively distinguishes the authenticity of the off-line package of the mixed mode mobile application through the national encryption algorithm, and when the verification is successful, the invention runs safely, and the verification failure is terminated in time, thereby effectively improving the accuracy of the off-line package verification.
The method for checking the offline package in the embodiment of the present invention is described above, and the device for checking the offline package in the embodiment of the present invention is described below, referring to fig. 3, where a first embodiment of the device for checking the offline package in the embodiment of the present invention includes:
the receiving module 301 is configured to receive an offline package acquisition request sent by a preset mobile internet application, and call a preset first algorithm according to the offline package acquisition request to generate a public key and a private key corresponding to the offline package acquisition request, where the public key and the private key include a public key and a private key;
The processing module 302 is configured to obtain offline package information corresponding to an offline package to be updated from a preset local cache, calculate a first hash value corresponding to the offline package information through a preset second algorithm, and encrypt the first hash value according to the public and private key and through the first algorithm to obtain a hash ciphertext corresponding to the first hash value;
The parsing module 303 is configured to store the public and private key and the hash ciphertext, and parse the offline package information to obtain a download address corresponding to the offline package information;
The downloading module 304 is configured to download the offline packet according to the downloading address to obtain a target offline packet, and generate a hash value corresponding to the target offline packet according to the second algorithm to obtain a second hash value;
The matching module 305 is configured to decrypt the hash ciphertext through the first algorithm and the public/private key to obtain the first hash value, and match the first hash value with a second target hash value to obtain a matching result;
and the decompression module 306 is configured to decompress the target offline packet and run the target offline packet if the matching result is that the first hash value and the second hash value are successfully matched.
Further, the server stores the target offline package in a blockchain database, as is not limited herein.
In the embodiment of the invention, a first algorithm is called to generate a public and private key according to an offline package acquisition request; acquiring offline package information corresponding to an offline package to be updated, calculating a first hash value corresponding to the offline package information through a second algorithm, and carrying out encryption processing on the first hash value according to a public key and a private key through the first algorithm to obtain a hash ciphertext; storing the public and private key and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information; downloading the offline package according to the downloading address to obtain a target offline package, and generating a hash value corresponding to the target offline package according to a second algorithm to obtain a second hash value; decrypting the hash ciphertext through the first algorithm and the public and private key to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline packet and operating the target offline packet. The invention effectively distinguishes the authenticity of the off-line package of the mixed mode mobile application through the national encryption algorithm, and when the verification is successful, the invention runs safely, and the verification failure is terminated in time, thereby effectively improving the accuracy of the off-line package verification.
Referring to fig. 4, a second embodiment of an offline packet verification apparatus according to an embodiment of the present invention includes:
the receiving module 301 is configured to receive an offline package acquisition request sent by a preset mobile internet application, and call a preset first algorithm according to the offline package acquisition request to generate a public key and a private key corresponding to the offline package acquisition request, where the public key and the private key include a public key and a private key;
The processing module 302 is configured to obtain offline package information corresponding to an offline package to be updated from a preset local cache, calculate a first hash value corresponding to the offline package information through a preset second algorithm, and encrypt the first hash value according to the public and private key and through the first algorithm to obtain a hash ciphertext corresponding to the first hash value;
The parsing module 303 is configured to store the public and private key and the hash ciphertext, and parse the offline package information to obtain a download address corresponding to the offline package information;
The downloading module 304 is configured to download the offline packet according to the downloading address to obtain a target offline packet, and generate a hash value corresponding to the target offline packet according to the second algorithm to obtain a second hash value;
The matching module 305 is configured to decrypt the hash ciphertext through the first algorithm and the public/private key to obtain the first hash value, and match the first hash value with a second target hash value to obtain a matching result;
and the decompression module 306 is configured to decompress the target offline packet and run the target offline packet if the matching result is that the first hash value and the second hash value are successfully matched.
Optionally, the receiving module 301 is specifically configured to:
Receiving an offline package acquisition request sent by a preset mobile internet application program; matching a first algorithm corresponding to the offline package acquisition request according to the offline package acquisition request; and generating a public and private key corresponding to the offline package acquisition request through the first algorithm.
Optionally, the processing module 302 is specifically configured to:
Acquiring offline package information corresponding to an offline package to be updated from a preset local cache based on the offline package acquisition request; inputting the offline package information into a preset second algorithm to calculate a hash value, and obtaining a first hash value corresponding to the offline package information; and encrypting the first hash value based on a private key in the public and private keys through the first algorithm to obtain a hash ciphertext corresponding to the first hash value.
Optionally, the parsing module 303 is specifically configured to:
Assembling the public and private key, the offline package information and the hash ciphertext to obtain an offline package message, and returning the offline package message to the mobile Internet application program; and analyzing the offline package information to obtain a download address corresponding to the offline package information.
Optionally, the downloading module 304 is specifically configured to:
Acquiring a download resource based on the download address, and downloading an offline package corresponding to the offline package information according to the download resource to obtain a target offline package; and calculating a hash value corresponding to the target offline packet through the second algorithm to obtain a second hash value.
Optionally, the matching module 305 is specifically configured to:
Analyzing the hash ciphertext through a public key in the public and private keys and the first algorithm to obtain the first hash value; and matching the first hash value with the second hash value in a preset local cache to obtain a matching result, wherein the matching result comprises that the first hash value and the second hash value are successfully matched and the first hash value and the second hash value are unsuccessfully matched.
Optionally, the offline package verification device further includes:
a prompt module 307, configured to, if the matching result is that the matching of the first hash value and the second hash value is unsuccessful, generate prompt information if the matching of the first hash value and the second hash value is unsuccessful; and sending the prompt information to the mobile Internet application program for early warning.
Further, the server stores the target offline package in a blockchain database, as is not limited herein.
In the embodiment of the invention, a first algorithm is called to generate a public and private key according to an offline package acquisition request; acquiring offline package information corresponding to an offline package to be updated, calculating a first hash value corresponding to the offline package information through a second algorithm, and carrying out encryption processing on the first hash value according to a public key and a private key through the first algorithm to obtain a hash ciphertext; storing the public and private key and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information; downloading the offline package according to the downloading address to obtain a target offline package, and generating a hash value corresponding to the target offline package according to a second algorithm to obtain a second hash value; decrypting the hash ciphertext through the first algorithm and the public and private key to obtain a first hash value, and matching the first hash value with a second target hash value to obtain a matching result; and if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline packet and operating the target offline packet. The invention effectively distinguishes the authenticity of the off-line package of the mixed mode mobile application through the national encryption algorithm, and when the verification is successful, the invention runs safely, and the verification failure is terminated in time, thereby effectively improving the accuracy of the off-line package verification.
The above-mentioned fig. 3 and fig. 4 describe the offline package verification device in the embodiment of the present invention in detail from the point of view of the modularized functional entity, and the following describes the offline package verification device in the embodiment of the present invention in detail from the point of view of hardware processing.
Fig. 5 is a schematic structural diagram of an offline package verification device according to an embodiment of the present invention, where the offline package verification device 500 may have a relatively large difference due to different configurations or performances, and may include one or more processors (central processing units, CPU) 510 (e.g., one or more processors) and a memory 520, and one or more storage mediums 530 (e.g., one or more mass storage devices) storing application programs 533 or data 532. Wherein memory 520 and storage medium 530 may be transitory or persistent storage. The program stored on the storage medium 530 may include one or more modules (not shown), each of which may include a series of instruction operations in the verification device 500 for an offline package. Still further, the processor 510 may be configured to communicate with the storage medium 530 to execute a series of instruction operations in the storage medium 530 on the verification device 500 of the off-line package.
The offline package verification device 500 may also include one or more power supplies 540, one or more wired or wireless network interfaces 550, one or more input/output interfaces 560, and/or one or more operating systems 531, such as Windows Serve, mac OS X, unix, linux, freeBSD, and the like. It will be appreciated by those skilled in the art that the configuration of the verification device of the off-line package illustrated in fig. 5 does not constitute a limitation of the verification device of the off-line package, and may include more or fewer components than illustrated, or may combine certain components, or may have a different arrangement of components.
The invention also provides a verification device for the offline package, which comprises a memory and a processor, wherein the memory stores computer readable instructions, and the computer readable instructions, when executed by the processor, cause the processor to execute the steps of the verification method for the offline package in the above embodiments.
The present invention also provides a computer readable storage medium, which may be a non-volatile computer readable storage medium, or may be a volatile computer readable storage medium, in which instructions are stored which, when executed on a computer, cause the computer to perform the steps of the method for verifying an offline package.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created from the use of blockchain nodes, and the like.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The blockchain (Blockchain), essentially a de-centralized database, is a string of data blocks that are generated in association using cryptographic methods, each of which contains information from a batch of network transactions for verifying the validity (anti-counterfeit) of its information and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (8)

1. The method for checking the offline package is characterized by comprising the following steps of:
Receiving an offline package acquisition request sent by a preset mobile internet application program, and calling a preset first algorithm according to the offline package acquisition request to generate a public key and a private key corresponding to the offline package acquisition request, wherein the public key and the private key comprise a public key and a private key;
acquiring offline package information corresponding to an offline package to be updated from a preset local cache, calculating a first hash value corresponding to the offline package information through a preset second algorithm, and carrying out encryption processing on the first hash value according to the public and private key and through the first algorithm to obtain a hash ciphertext corresponding to the first hash value;
the obtaining the offline package information corresponding to the offline package to be updated from the preset local cache, calculating a first hash value corresponding to the offline package information through a preset second algorithm, and performing encryption processing on the first hash value according to the public and private key and through the first algorithm to obtain a hash ciphertext corresponding to the first hash value, including:
Acquiring offline package information corresponding to an offline package to be updated from a preset local cache based on the offline package acquisition request;
Inputting the offline package information into a preset second algorithm to calculate a hash value, and obtaining a first hash value corresponding to the offline package information;
Encrypting the first hash value based on a private key in the public and private keys through the first algorithm to obtain a hash ciphertext corresponding to the first hash value;
Storing the public and private key and the hash ciphertext, and analyzing the offline package information to obtain a download address corresponding to the offline package information;
downloading the offline package according to the downloading address to obtain a target offline package, and generating a hash value corresponding to the target offline package according to the second algorithm to obtain a second hash value;
Decrypting the hash ciphertext through the first algorithm and the public and private key to obtain the first hash value, and matching the first hash value with a second target hash value to obtain a matching result;
Decrypting the hash ciphertext through the first algorithm and the public and private key to obtain the first hash value, and matching the first hash value with a second target hash value to obtain a matching result, wherein the method comprises the following steps:
analyzing the hash ciphertext through a public key in the public and private keys and the first algorithm to obtain the first hash value;
Matching the first hash value and the second hash value in a preset local cache to obtain a matching result, wherein the matching result comprises that the first hash value and the second hash value are successfully matched and the first hash value and the second hash value are unsuccessfully matched;
and if the matching result is that the first hash value and the second hash value are successfully matched, decompressing the target offline packet and operating the target offline packet.
2. The method for verifying an offline package according to claim 1, wherein the receiving an offline package obtaining request sent by a preset mobile internet application program, and calling a preset first algorithm according to the offline package obtaining request, to generate a public key corresponding to the offline package obtaining request, includes:
receiving an offline package acquisition request sent by a preset mobile internet application program;
Matching a first algorithm corresponding to the offline package acquisition request according to the offline package acquisition request;
and generating a public and private key corresponding to the offline package acquisition request through the first algorithm.
3. The method for verifying the offline package according to claim 1, wherein storing the public and private keys and the hash ciphertext and parsing the offline package information to obtain the download address corresponding to the offline package information comprises:
Assembling the public and private key, the offline package information and the hash ciphertext to obtain an offline package message, and returning the offline package message to the mobile Internet application program;
And analyzing the offline package information to obtain a download address corresponding to the offline package information.
4. The method for verifying an offline package according to claim 1, wherein downloading the offline package according to the download address to obtain a target offline package, and generating a hash value corresponding to the target offline package according to the second algorithm to obtain a second hash value, includes:
Acquiring a download resource based on the download address, and downloading an offline package corresponding to the offline package information according to the download resource to obtain a target offline package;
and calculating a hash value corresponding to the target offline packet through the second algorithm to obtain a second hash value.
5. The method for checking an offline package according to any one of claims 1-4, further comprising:
if the matching result is that the first hash value and the second hash value are not successfully matched, the first hash value and the second hash value are not successfully matched to generate prompt information;
and sending the prompt information to the mobile Internet application program for early warning.
6. An offline package verification apparatus for performing the offline package verification method according to any one of claims 1-5, wherein the offline package verification apparatus comprises:
The receiving module is used for receiving an offline package acquisition request sent by a preset mobile internet application program, and calling a preset first algorithm according to the offline package acquisition request to generate a public key and a private key corresponding to the offline package acquisition request, wherein the public key and the private key comprise a public key and a private key;
The processing module is used for acquiring offline package information corresponding to an offline package to be updated from a preset local cache, calculating a first hash value corresponding to the offline package information through a preset second algorithm, and carrying out encryption processing on the first hash value according to the public and private key and through the first algorithm to obtain a hash ciphertext corresponding to the first hash value;
the analysis module is used for storing the public and private keys and the hash ciphertext and analyzing the offline package information to obtain a download address corresponding to the offline package information;
The downloading module is used for downloading the offline package according to the downloading address to obtain a target offline package, and generating a hash value corresponding to the target offline package according to the second algorithm to obtain a second hash value;
the matching module is used for decrypting the hash ciphertext through the first algorithm and the public and private key to obtain the first hash value, and matching the first hash value with a second target hash value to obtain a matching result;
and the decompression module is used for decompressing the target offline packet and running the target offline packet if the matching result is that the first hash value and the second hash value are successfully matched.
7. An offline pack verification device, wherein the offline pack verification device comprises: a memory and at least one processor, the memory having instructions stored therein;
the at least one processor invoking the instructions in the memory to cause the verification device of the offline package to perform the method of verification of an offline package of any of claims 1-5.
8. A computer readable storage medium having instructions stored thereon, which when executed by a processor, implement the method of verifying an offline package of any of claims 1-5.
CN202111523893.4A 2021-12-14 2021-12-14 Method, device, equipment and storage medium for checking offline package Active CN114218534B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111523893.4A CN114218534B (en) 2021-12-14 2021-12-14 Method, device, equipment and storage medium for checking offline package

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111523893.4A CN114218534B (en) 2021-12-14 2021-12-14 Method, device, equipment and storage medium for checking offline package

Publications (2)

Publication Number Publication Date
CN114218534A CN114218534A (en) 2022-03-22
CN114218534B true CN114218534B (en) 2024-07-09

Family

ID=80701585

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111523893.4A Active CN114218534B (en) 2021-12-14 2021-12-14 Method, device, equipment and storage medium for checking offline package

Country Status (1)

Country Link
CN (1) CN114218534B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108363580A (en) * 2018-03-12 2018-08-03 平安普惠企业管理有限公司 Application program installation method, device, computer equipment and storage medium
CN109451064A (en) * 2018-12-26 2019-03-08 深圳左邻永佳科技有限公司 Offline implementation method, device, computer equipment and the storage medium of web application

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105204906B (en) * 2015-09-29 2019-07-26 北京元心科技有限公司 The starting method and intelligent terminal of operating system
CN109067524B (en) * 2018-07-31 2020-07-10 杭州复杂美科技有限公司 Public and private key pair generation method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108363580A (en) * 2018-03-12 2018-08-03 平安普惠企业管理有限公司 Application program installation method, device, computer equipment and storage medium
CN109451064A (en) * 2018-12-26 2019-03-08 深圳左邻永佳科技有限公司 Offline implementation method, device, computer equipment and the storage medium of web application

Also Published As

Publication number Publication date
CN114218534A (en) 2022-03-22

Similar Documents

Publication Publication Date Title
US11153074B1 (en) Trust framework against systematic cryptographic
CN111666564B (en) Application program safe starting method and device, computer equipment and storage medium
CN103338215B (en) The method setting up TLS passage based on the close algorithm of state
CN109194625B (en) Client application protection method and device based on cloud server and storage medium
CN113014539A (en) Internet of things equipment safety protection system and method
CN109039657B (en) Key agreement method, device, terminal, storage medium and system
CN114143117B (en) Data processing method and device
CN113572741A (en) Method for realizing safe data transmission based on SM2-SM3-SM4 algorithm
CN101005357A (en) Method and system for updating certification key
CN111130798B (en) Request authentication method and related equipment
CN112559993A (en) Identity authentication method, device and system and electronic equipment
CN113014444A (en) Internet of things equipment production test system and safety protection method
CN113849797B (en) Method, device, equipment and storage medium for repairing data security hole
CN114584306A (en) Data processing method and related device
CN117240625A (en) Tamper-resistant data processing method and device and electronic equipment
CN117040750A (en) Certificate request file generation method and device, electronic equipment and storage medium
US12051061B2 (en) Method for operating a distributed database system, distributed database system, and industrial automation system
CN107026729B (en) Method and device for transmitting software
CN114666040B (en) Radio frequency identification authentication system and method based on quantum cryptography network
CN112073185B (en) Cloud game safety transmission method and device
CN117640109B (en) API (application program interface) secure access method and device, electronic equipment and storage medium
CN114218534B (en) Method, device, equipment and storage medium for checking offline package
CN111898101A (en) An applied safety device verification method and device
CN111628985A (en) Security access control method, security access control device, computer equipment and storage medium
US20220035924A1 (en) Service trust status

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant