CN102065077B - Method and system for distributing application software to terminal - Google Patents
Method and system for distributing application software to terminal Download PDFInfo
- Publication number
- CN102065077B CN102065077B CN 201010542441 CN201010542441A CN102065077B CN 102065077 B CN102065077 B CN 102065077B CN 201010542441 CN201010542441 CN 201010542441 CN 201010542441 A CN201010542441 A CN 201010542441A CN 102065077 B CN102065077 B CN 102065077B
- Authority
- CN
- China
- Prior art keywords
- developer
- test
- certificate
- application
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000012360 testing method Methods 0.000 claims abstract description 164
- 238000011161 development Methods 0.000 claims abstract description 78
- 238000009434 installation Methods 0.000 claims description 70
- 238000013475 authorization Methods 0.000 claims description 47
- 238000003860 storage Methods 0.000 claims description 12
- 238000000926 separation method Methods 0.000 claims description 5
- 238000012546 transfer Methods 0.000 claims description 4
- 230000008878 coupling Effects 0.000 claims description 3
- 238000010168 coupling process Methods 0.000 claims description 3
- 238000005859 coupling reaction Methods 0.000 claims description 3
- 238000004321 preservation Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 description 9
- 238000012856 packing Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 239000007795 chemical reaction product Substances 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- HAAITRDZHUANGT-UHFFFAOYSA-N 1-[2-[(7-chloro-1-benzothiophen-3-yl)methoxy]-2-(2,4-dichlorophenyl)ethyl]imidazole;nitric acid Chemical compound O[N+]([O-])=O.ClC1=CC(Cl)=CC=C1C(OCC=1C2=CC=CC(Cl)=C2SC=1)CN1C=NC=C1 HAAITRDZHUANGT-UHFFFAOYSA-N 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000013011 mating Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000004804 winding Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a method and a system for distributing application software to terminal. The method comprises the following steps: an application development terminal registers a developer to be a user of a developer community; the application development terminal develops the application software; a developer test terminal tests the application software; and the application development terminal packages the application software passing the test and submits the packaged software to the developer community. The system and method is not limited to specific terminal products, has higher generality and higher safety, and can be constructed into a manageable, operational, safe and controllable application software distribution system by an operator; and by means of the method, application software distribution can be controlled in the stages of application software development and test by the developer, thus achieving higher controllability.
Description
Technical field
The present invention relates to a kind of terminal application software distribution method and system, belong to the intelligent terminal technical field.
Background technology
Intelligent terminal refers to the terminal equipments such as smart mobile phone, E-book reader.The safety problem of intelligent terminal mainly comprises that the safety, Internet resources of the safety, terminal resource (such as picture pick-up device, sound pick-up outfit, user's ID card, network access device, memory device etc.) of user data (such as contact person, account, password, photo etc.) are (such as the safety resources such as the contact person of online storage, photo) etc.
Developing of application software on the too busy to get away intelligent terminal of the development of intelligent terminal.Application software is by various software suppliers or Software for Design personnel design, for security consideration, the user needs believable application software download path, and for this situation, many terminal equipment business, system manufacturer or operators provide the technical scheme of multiple management and control application software distribution.
For example, the software store technical scheme of American apple company is one of scheme solved the application software distribution.The developer of Apple's terminal software to Apple, after Apple examine successfully, is placed on the application software upload of exploitation in software store to application software, for the terminal use of Apple download and.The auditing result of the intelligent terminal users to trust Apple of Apple, the downloading application software from the software store of Apple that can feel at ease.
Again for example, the software store technical scheme of U.S. Google is also one of scheme solved the application software distribution.With the relevant programme of Apple, compare, Google does not examine developer's application software.Therefore, the user of Google's terminal can not trust the application software on the software store of Google fully.
Although existing application software distribution approach has solved the distribution problem of application software to a certain extent, but such scheme can only be for the particular terminal product of specific company, and other company can not be used, therefore do not there is versatility, its scope of application is very limited.
Summary of the invention
The invention provides a kind of terminal application software distribution method and system, in order to versatility and the fail safe that improves software dispatch.
One aspect of the present invention provides a kind of terminal application software distribution method, comprising:
By the application and development terminal, the developer is registered as to the user of developer community;
By described application and development terminal development application software;
Test described application software by the developer test terminal;
By described application and development terminal, the application software by test is packed and submitted to described developer community.
The present invention provides a kind of terminal application software dissemination system on the other hand, comprising: application and development terminal, developer test terminal and developer's community server, wherein:
Described application and development terminal is for being registered as the developer user of developer community Application and Development software;
Described developer test terminal is for testing described application software;
Described application and development terminal is also packed for the application software to by described test and is submitted to described developer's community server;
The described application software that described developer's community server is submitted to by the application and development terminal for preservation is for download.
The present invention, without being defined in specific end product, has higher versatility and fail safe, can by operator build can manage, can run, the application software controllable distribution system of safety; And the method just can be controlled the distribution of application software from the stage of developer's development& testing application software, therefore there is higher controllability.
The accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, below will the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The layering schematic diagram that Fig. 1 is four layers of controlled software dispatch architecture of the present invention;
The flow chart that Fig. 2 is terminal application software distribution method embodiment of the present invention;
The concrete steps signaling diagram that Fig. 3 is step 100 shown in Fig. 2;
The concrete steps flow chart that Fig. 4 A is step 300 shown in Fig. 2;
The concrete steps flow chart that Fig. 4 B is step 310 shown in Fig. 4 A;
The concrete steps flow chart that Fig. 4 C is step 330 shown in Fig. 4 A;
The concrete steps flow chart that Fig. 4 D is step 350 shown in Fig. 4 A;
Fig. 5 A is the data format schematic diagram of the rear test formed of packing described in step 320 shown in Fig. 4 A with installation kit;
Fig. 5 B is corresponding indexed format schematic diagram in data format shown in Fig. 5 A;
The structural representation that Fig. 6 is terminal application software dissemination system embodiment of the present invention;
A kind of optional structural representation that Fig. 7 is application and development terminal 10 shown in Fig. 6;
A kind of optional structural representation that Fig. 8 is developer's community server 30 shown in Fig. 6;
The optional structural representation of the another kind that Fig. 9 is application and development terminal 10 shown in Fig. 6;
The optional structural representation that Figure 10 is developer test terminal 20 shown in Fig. 6.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the present invention clearer, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making under the creative work prerequisite the every other embodiment obtained, belong to the scope of protection of the invention.
Paper is four layers of controlled software dispatch architecture that the described method of the present embodiment builds, and as shown in Figure 1, comprising:
1, security operation system layer
This layer mainly comprises the Digital signature service system.The Digital signature service system is the basic safety devices in application controllable distribution security system.The Digital signature service system provides certificate and cipher key management services, developer's certificate signature and the service for checking credentials, application software signature and the service for checking credentials for the developer community.
2, business system layer
This layer mainly comprises the developer community.At business system layer, a plurality of developers community can be arranged.A Digital signature service system can provide the security control service for a plurality of developers community simultaneously.Developer's community management developer's information comprises: developer's descriptor, developer's certificate, developer's key, developer's end message, developer's class information etc.
3, terminating layer
This layer mainly comprises developer test terminal and application and development terminal.The developer develops terminal application software by the application and development terminal, uses the terminal application software of developer test terminal test development.The application and development terminal that the developer community is the developer provides application safety to control service.
4, client layer
This layer mainly comprises developer and the user (user) of terminal application software.The developer can have a plurality of developers test terminal or a plurality of application and development terminal.The user can have a plurality of user terminals.User terminal can be identical with the developer test terminal.The developer uses developer's application and development terminal development terminal application software, uses developer test terminal Test Application software.The user uses terminal application software on user terminal.
In above-mentioned four layers of controlled software dispatch architecture, use each functional entity of certificates identified.Use Digital signature service system certificate (also referred to as the root certificate) sign Digital signature service system.Use certificates identified developer community, developer community.Use the developer of developer's certificates identified terminal application software, the user of user's certificates identified terminal application software.Use root certificate signature developer community certificate.Use the certificate signature developer of developer community certificate.User certificate can be by the root certificate signature, also can be by developer community certificate signature.Specifically can use common certificate format, for example X509.Corresponding with certificate, the PKI of related functional entities and private key.The Digital signature service system generates and manages PKI and the private key of oneself.The PKI that developer community, developer, user's certificate is corresponding and private key can be generated by the Digital signature service system, then by secure way, are distributed to corresponding functional entity.Wherein, all certificates are used identical key and digest algorithm.In certificate, the key algorithm and the digest algorithm that need sign to use.
The flow chart that Fig. 2 is terminal application software distribution method embodiment of the present invention, as shown in the figure, the method comprises the steps:
Step 100, the developer becomes the user of developer community by the application and development endpoint registration.
By this step, described developer can obtain developer's certificate and key.
Step 200, by application and development terminal development application software.
Particularly, the developer can use application programming instrument editor, compiling, link and the Test Application software of application and development terminal, and uses application and development terminal editor and power of test file.
Step 300, by developer test terminal Test Application software.
Particularly, the developer is on the developer test terminal before Test Application software, before perhaps to the developer community, submitting application software to, can first to the application Software package, generate the test installation kit, then test is pushed to developer test terminal or developer community with installation kit.This test is with comprising application software, ability file and signature file in installation kit.
Step 400, packed and submitted to the developer community the application software by test by the application and development terminal.
After this, user terminal can arrive the download of corresponding developer community and obtain application software, to realize the distribution of terminal application software.
The distribution method of the described terminal application software of the present embodiment, without being defined in specific end product, has higher versatility and fail safe, can by operator build can manage, can run, the application software controllable distribution system of safety; And the method just can be controlled the distribution of application software from the stage of developer's development& testing application software, therefore there is higher controllability.
As shown in Figure 3, above-mentioned steps 100 can specifically comprise the steps:
Step 101, the developer sends application for registration to the application and development terminal.
Step 102, the application and development terminal cryptographic algorithm according to a preconcerted arrangement application information that Generates Certificate.
Wherein, described certificate request information comprises the information such as hardware identifier of developer's title, developer's description, PKI, private key, developer test terminal.The hardware identifier of described developer test terminal can be CPU sequence number, hard disk sequence number, network equipment number, user's ID card device number of associated terminal etc., the summary perhaps generated by these hardware devices number etc., while being used for testing in the developer test terminal, application is installed engine and is identified the foundation whether tested application can be installed to the developer test terminal.Therefore, requiring application and development terminal and the application of developer test terminal that engine is installed uses identical algorithm to generate hardware identification number.The PKI that developer's certificate is corresponding and private key can be generated by the Digital signature service system, then by secure way, are distributed to developer's application and development terminal.The cryptographic algorithm of described agreement can adopt the elliptic curve cipher coding, and (Elliptic Curves Cryptography, be called for short: ECC) algorithm and public key encryption algorithm (RSA) scheduling algorithm, these algorithms can be arranged by the Digital signature service system.
Step 103, the application and development terminal sends the certificate request that comprises above-mentioned certificate request information to the developer community.
Step 104, the developer community judges whether to accept developer's application for registration according to described certificate request, if accept, according to described certificate request information and with the agreement of Digital signature service system, generate developer's certificate, otherwise go to step 108.
Wherein, the content of described developer's certificate at least comprises:
1) certificate format and version, can adopt X.509 form;
2) certificate coding method, can be used the BASE64 coded system;
3) signature algorithm, (Wireless LANAuthentication and Privacy Infrastructure, be called for short: WAPI) ECC algorithm can to use WLAN authentication and privacy infrastructure;
4) digest algorithm, can adopt miniature nomography (SHA-1);
5) certificate serial number, generated by the Digital signature service system, can be random number;
6) certificate subject, the level of security, developer that can comprise hardware identifier string (can be a plurality of), the developer of country sign, developer's type, developer test terminal is in the account of developer community etc., for convenience of explanation, in the present embodiment by the hardware identifier string of the above-mentioned developer test terminal that comprises in developer's certificate referred to as the first hardware identifier string;
7) signature mechanism of certificate sign, be also the sign of developer community;
8) certificate profile, for detection of developer's certificate.
The PKI that developer's certificate is corresponding is stored in developer's certificate.The private key that developer's certificate is corresponding is stored in the safe storage place of application and development terminal, and can store in the mode of encrypting.The application and development terminal provides safe storage and accesses method and the facility of the private key that developer's certificate is corresponding.
Step 105, the developer community service system signature developer certificate that asks for an autograph.
Step 106, the Digital signature service system is signed to developer's certificate, and the developer's certificate after signature is fed back to the developer community.
Wherein, the Digital signature service system can be used developer community certificate and corresponding private key signature developer's certificate, also can use root certificate and corresponding private key signature developer's certificate.If generate corresponding PKI and the private key of developer's certificate by the Digital signature service system, can feed back to the developer community to described PKI and private key in the lump.
Concrete signature process can comprise: the certificate request Information generation developer certificate A that the Digital signature service system provides according to the developer community; The Digital signature service system, using the content of developer's certificate A as input source, (for example, SHA-1) is calculated the summary of developer's certificate, is obtained the A that makes a summary by the digest algorithm of arranging; The Digital signature service system is used the private key (or private key corresponding to root certificate) that developer community certificate is corresponding, and by the digest algorithm of arranging, (for example, ECC) cryptographic digest A obtains the B that makes a summary; The place that the Digital signature service system joins the agreement of developer's certificate A to summary B, obtain developer's certificate B.Now, developer's certificate B is the developer's certificate after signature.
Step 107, the information such as the developer's certificate after developer community storage signature, developer's PKI.
If generate corresponding PKI and the private key of developer's certificate by the Digital signature service system, the developer community also needs to store described developer's private key.
Step 108, developer community feedback certificate request result is to the application and development terminal.
Particularly, if the developer is registered and existing developer's certificate, the developer community in step 104 refusal developer's certificate request, correspondingly certificate request result in this step shows the certificate request failure; If successfully apply for to certificate by step 105~107, certificate request result in this step shows that certificate request successfully.
Step 109, the certificate request result of application and development terminal storage developer community.
If the developer accepts community developer's certificate request, store developer's certificate and the information such as corresponding PKI and private key.
Step 110, the application and development terminal is fed back the application for registration result to the developer.
Particularly, if the certificate request success, this application for registration result is the application for registration success; If the certificate request failure, this application for registration result is the application for registration failure.
As shown in Figure 4 A, above-mentioned steps 300 can specifically comprise the steps:
Step 310, the application and development terminal generates signature file according to described application software.
Particularly, can be by the signature strapping tool rule according to a preconcerted arrangement of application and development terminal, and the information such as application software, ability file, developer's certificate, developer's private key, generate signature file.The content of signature file at least comprises:
1) the relevant content of developer's certificate: the coded system of the type of developer's certificate, developer's certificate, developer's certificate content, developer's certificate is as signing certificate;
2) the relevant content of developer community certificate: the coded system of the type of developer community certificate, developer community certificate, developer community certificate content, developer community certificate is as certificate trusty;
3) the application software relevant content of making a summary: coded system, sign and the clip Text of application software summary;
4) the relevant content of ability document: the coded system of ability document, sign and clip Text;
5) the relevant content of digest algorithm: the digest algorithm sign, the digest algorithm used in signature file is identical;
6) the signature file relevant content of making a summary: coded system, the clip Text of signature file summary.
Signature file can be used extend markup language, and (Extens ible Markup Language is called for short: XML) document format.In specific embodiment, can use the describing method in following table, as follows:
1) signature file is used the XML document form, the UTF-8 coding;
2) certificate is used the X509 form, the BASE64 coding;
3) digest algorithm is used the WAPI-SHA1 algorithm, the BASE64 coding;
4) cryptographic algorithm of signature is used the ECC algorithm, BASE 64 codings.
Specific coding thes contents are as follows:
<?xml?version=″1.0″encoding=″utf-8″?>
<!--developer's certificate-->
<SignCert?type=″x509″encoding=″base64″>......</SignCert>
<!--developer community certificate-->
<TrustCert?type=″x509″encoding=″base64″>......</TrustCert>
<!--application software summary and ability document-->
<Digests?encoding=″base64″>
<DigestValue?name=″application″>......</DigestValue>
<DigestValue?name=″menifest″>......</DigestValue>
</Digests>
<!--digest algorithm-->
<Algorithm?name=″WAPI-SHA1″/>
<!--signature file summary-->
<Signature?encoding=″base64″algorithm=”ECC ”
>......</Signature>
</Signed>
Step 320, generate the test installation kit according to described signature file.
Particularly, the signature strapping tool of application and development terminal becomes a file to application software, ability file, signature file by the principle combinations of agreement, and the file of combination is called application software package, when test, also referred to as the test installation kit.This test can be followed successively by by the data of installation kit storage: application of software data bag, ability file data bag, signature file packet, application of software data bag index, ability file data bag index, signature file packet index, index quantity, version number.
As shown in Figure 5A, its corresponding indexed format as shown in Figure 5 B for the data format of the test use installation kit that packing forms afterwards.This data format both had been applicable to the application software of packing, and the authorization file also is applicable to pack.
As shown in Figure 5A, after data are packaged, the overall data bag is divided into four parts: data field, index area, index quantity and version number.Wherein: data field is stored packet successively, for example, when the packing application software, data area stores application of software data, ability file data, signature file data.These data can be compressed, and also can not compress.Packet in data field is order in no particular order; Index area is stored the index information of packet in data field successively, each index consists of 16 bytes, as shown in Figure 5 B, store successively the type (4 byte), packet of packet byte offsets (4 byte), the byte length (4 byte) of packet, the reserve bytes (4 byte) apart from the file header of overall data bag.The type of packet can define according to service needed, and for example, packet can be application software, ability file, signature file, purchase information etc.; The number of the index comprised in index quantity storage overall data bag; The version number of version number's storage overall data bag.
Step 330, generate test authorization file according to described test with installation kit.
Particularly, can generate above-mentioned test authorization file by the test mandate instrument of application and development terminal.This test at least comprises by the content of authorization file:
1) the relevant content of developer's certificate: the coded system of the type of developer's certificate, developer's certificate, developer's certificate content, developer's certificate is as signing certificate;
2) buy the relevant content of digest of information: coded system, sign and the clip Text of buying informative abstract;
3) the relevant content of digest algorithm: the digest algorithm sign, the digest algorithm used in signature file is identical.
The authorization file can be used the XML document form.In specific embodiment, can use the describing method in following table, as follows:
1) the authorization file is used the XML document form, the UTF-8 coding;
2) certificate is used the X509 form, the BASE64 coding;
3) digest algorithm is used the WAPI-SHA1 algorithm, the BASE64 coding;
4) cryptographic algorithm of signature is used the ECC algorithm, the BASE64 coding.
Specific coding thes contents are as follows:
<?xml?version=″1.0″encoding=″utf-8″?>
<!--developer's certificate-->
<SignCert?type=″x509″encoding=″base64″>......</SignCert>
<!--buying Information Signature-->
<Digests?encoding=″base64″algorithm=”ECC”>
<DigestValue?name=″license″>......</DigestValue>
</Digests>
<!--digest algorithm-->
<Algorithm?name=″WAPI-SHA1″/>
</Signed>
Step 340, give described developer test terminal with installation kit and described test by the authorization file transfer by described test.
Particularly, can be transferred to the developer test terminal by modes such as pushing or copy.
Step 350 after the legitimacy and validity of confirming described authorization file, installs and tests described test installation kit on described developer test terminal.
Particularly, can engine be installed by the application of developer test terminal installs described test with installation kit and verifies developer's certificate.Wherein, it is by developer's signature by the judgement of the signing certificate in authorization file authorization file that engine is installed in application, or by other functional entity signature.The type that comprises certificate in signing certificate.If signing certificate be can't help developer signature, do not think that test is with installing.Test should be identical with the signing certificate in the installation kit signature file with the signing certificate in the authorization file and test.In signing certificate, the information that comprises certificate issuance mechanism.Application is installed engine and is verified described developer's certificate by the described mechanism of signing and issuing.Specifically can confirm by the signature in checking developer certificate legitimacy and the validity of described authorization file.
As shown in Figure 4 B, above-mentioned steps 310 can comprise:
Specifically can, using the content of application software all or in part as input source, by the digest algorithm of agreement, generate the application software summary.
Specifically can be using the content of ability file all or in part as input source, by the digest algorithm of agreement, generative capacity document.
Specifically can be using the summary of the summary of application software and ability file series winding as input source, digest algorithm by agreement, generation signature file summary, then, cryptographic algorithm by agreement, use developer's encrypted private key signature file summary, and the summary after encrypting is made a summary as new signature file.In whole application controllable distribution system, digest algorithm is consistent, can use the SHA-1 algorithm.In whole application controllable distribution system, cryptographic algorithm is consistent, can use the ECC algorithm.
As shown in Figure 4 C, above-mentioned steps 330 can comprise:
Wherein, this purchase information also can be described as use information.
Particularly, according to the part or all of content of buying information as input source, digest algorithm by agreement, generate and buy informative abstract, then by the summary cryptographic algorithm of arranging, use developer's encrypted private key to buy informative abstract, and the purchase informative abstract after an encryption is as the summary of the information of purchase.
As shown in Figure 4 D, above-mentioned steps 350 can comprise:
Step 351, with isolating application software, ability file and signature file installation kit, and find corresponding installation kit sign from described test.
Wherein, checkout is used the content of installation kit with installation kit and discrete testing, and with aforementioned signature application software, and the process of packing application software is identical, but reversed in order.Described installation kit sign is generated by the application programming instrument of application and development terminal, can adopt overall user ID (GUI) mode to generate, to guarantee the uniqueness of installation kit sign.
Step 352, search corresponding test authorization file according to described installation kit sign.
Wherein, test can be placed on same catalogue with installation kit and test with the authorization file, and uses identical name, but has different extension name.Application is installed engine when searching test with the authorization file, directly the test authorization file by the directory search same name at installation kit place in test.
Step 353, checked with the authorization file described test, identical with signing certificate in described signature file and while being developer's certificate with the signing certificate in the authorization file when this test, continues execution step 354; Otherwise perform step 357.
Particularly, can check that whether this test is complete with the authorization file, one make peace effectively, and whether legal.Wherein, check the method for this test with the authorization file, identical by the process of authorization file with this test of signature, but execution sequence is contrary.
Step 354 is isolated the first hardware identifier string from described developer's certificate, and obtains the second hardware identifier string of described developer test terminal.
Wherein, similar process shown in concrete obtaining step and Fig. 3 repeats no more herein.
Step 355, judge whether described the first hardware identifier string and described the second hardware identifier string mate, and when not mating, shows that this test can not install with installation kit in this developer test terminal, causes installing unsuccessfully, performs step 357; Otherwise continue execution step 356.
Step 356, install described application software and ability file.
Wherein, the concrete grammar of application software being installed is not done restriction herein.During the erectility file, ability file or its appearance be copied to the place of agreement.
Step 357, show installation results.
If successful installation, show the installation results that test is successful; If install unsuccessfully, show the installation results of test crash.
The structural representation that Fig. 6 is terminal application software dissemination system embodiment of the present invention, this system can realize the described method of above-mentioned each embodiment of the method.As shown in the figure, this system at least comprises: application and development terminal 10, developer test terminal 20 and developer's community server 30, and its operation principle is as follows:
The developer uses and the developer is registered as to the user of developer community by described application and development terminal 10, and Application and Development software; By this step, can obtain developer's certificate and key, particularly, the developer can use application programming instrument editor, compiling, link and the Test Application software of application and development terminal 10, and uses application and development terminal editor and power of test file.
The developer is by the described application software of developer test terminal 20 test.Particularly, the developer is on the developer test terminal before Test Application software, before perhaps to the developer community, submitting application software to, can first to the application Software package, generate the test installation kit, then test is pushed to developer test terminal or developer community with installation kit.This test is with comprising application software, ability file and signature file in installation kit.
After this, described developer is also packed by 10 pairs of application software by described test of application and development terminal and is submitted to described developer's community server 30, and the described application software of being submitted to by application and development terminal 10 by these developer's community server 30 preservations is for user terminal downloads.Thereby realize the distribution of terminal application software.
In addition, as shown in Figure 6, described system can further include Digital signature service system 40; As shown in Figure 7, described application and development terminal 10 can specifically comprise: encrypting module 11, certificate request module 12, memory module 13 and result feedback module 14; As shown in Figure 8, described developer's community server 30 comprises: certificates constructing module 31 and certificate feedback module 32, and the operation principle of its registration process is described as follows:
After described application and development terminal 10 receives the application for registration that comes from the developer, encrypting module 11 cryptographic algorithm according to a preconcerted arrangement of application and development terminal 10 application information that Generates Certificate, the explanation of relevant certificate request information can, referring to the related description of above-mentioned steps 102, repeat no more herein; Certificate request module 12 sends to described developer's community server 30 certificate request that comprises described certificate request information; Certificates constructing module 31 in described developer's community server 30 generates developer's certificate according to described certificate request information and with the agreement of Digital signature service system 40, after being signed by described developer's certificate of 40 pairs of certificates constructing modules 31 of described Digital signature service system, by certificate feedback module 32, the developer's certificate after described Digital signature service system 40 signatures is fed back to described application and development terminal 10.
After this, memory module 13 storages of application and development terminal 10 come from developer's certificate of described developer's community server, and feed back the application for registration results by result feedback module 14 to described developer's community server 30, thus the registration process of completing.
As shown in Figure 9, described application and development terminal 10 can specifically comprise: signature file generation module 15, installation kit generation module 16, license file generation module 17 and transport module 18; As shown in figure 10, described developer test terminal 20 comprises: separation module 21, search module 22, checking module 23, identification string processing module 24, judge module 25 and installation module 26.Test process to application software is described as follows:
Signature file generation module 15 in application and development terminal 10 generates signature file according to described application software.Particularly, can be by the signature strapping tool rule according to a preconcerted arrangement of application and development terminal, and the information such as application software, ability file, developer's certificate, developer's private key, generate signature file.The content of relevant signature file can, referring to the related description of above-mentioned steps 310, repeat no more herein.
The described signature file that installation kit generation module 16 generates according to signature file generation module 15 generates the test installation kit.Relevant this test can, with reference to the related description of above-mentioned steps 320, repeat no more with installation kit herein.The described test that license file generation module 17 generates according to the installation kit generation module generates test authorization file with installation kit.Relevant this test can, with reference to the related description of above-mentioned steps 330, repeat no more with the authorization file herein.
The described test that the described test that transport module 18 generates installation kit generation module 16 generates with installation kit and license file generation module 17 uses the authorization file transfer to described developer test terminal 20.
After this, separation module 21 in this developer test terminal 20 from described test with isolating application software, ability file and signature file installation kit, and find corresponding installation kit to identify, wherein, checkout is used the content of installation kit with installation kit and discrete testing, with aforementioned signature application software, and the process of packing application software is identical, but reversed in order.Described installation kit sign is generated by the application programming instrument of application and development terminal, can adopt overall user ID (GUI) mode to generate, to guarantee the uniqueness of installation kit sign.
23 pairs of described tests of checking module are checked with the authorization file; When checking module 23 checks out that described test is identical with signing certificate in described signature file and while being developer's certificate with the signing certificate in the authorization file, isolated the first hardware identifier string by identification string processing module 24 from described developer's certificate, and obtain the second hardware identifier string of described developer test terminal.Particularly, can check that whether this test is complete with the authorization file, one make peace effectively, and whether legal.Wherein, check the method for this test with the authorization file, identical by the process of authorization file with this test of signature, but execution sequence is contrary.
The dissemination system of the described terminal application software of the present embodiment, without being defined in specific end product, has higher versatility and fail safe, can by operator build can manage, can run, the application software controllable distribution system of safety; And the method just can be controlled the distribution of application software from the stage of developer's development& testing application software, therefore there is higher controllability.
One of ordinary skill in the art will appreciate that: realize that the hardware that all or part of step of said method embodiment can be relevant by program command completes, aforesaid program can be stored in a computer read/write memory medium, this program, when carrying out, is carried out the step that comprises said method embodiment; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CDs.
Finally it should be noted that: above embodiment only, in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment, the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: its technical scheme that still can put down in writing aforementioned each embodiment is modified, or part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (4)
1. a terminal application software distribution method is characterized in that comprising:
By the application and development terminal, the developer is registered as to the user of developer community;
By described application and development terminal development application software;
Test described application software by the developer test terminal;
By described application and development terminal, the application software by test is packed and submitted to described developer community;
Wherein, the described user who the developer is registered as to the developer community by the application and development terminal comprises:
After described application and development terminal receives the application for registration that comes from the developer, the application information that Generates Certificate of cryptographic algorithm according to a preconcerted arrangement, and send the certificate request that comprises described certificate request information to the developer community;
Described developer community generates developer's certificate according to described certificate request information and with the agreement of Digital signature service system, and described developer's certificate comprises the first hardware identifier string;
Described Digital signature service system is signed to developer's certificate;
Described developer community feeds back to described application and development terminal by the developer's certificate after signature;
The described developer's certificate of described application and development terminal storage also feeds back the application for registration result to described developer community;
Describedly test described application software by the developer test terminal and comprise:
Described application and development terminal generates signature file according to described application software;
Generate the test installation kit according to described signature file;
Generate test authorization file according to described test with installation kit;
Give described developer test terminal with installation kit and described test by the authorization file transfer by described test;
After the legitimacy and validity of confirming described authorization file, install and test described test installation kit on described developer test terminal;
Describedly install and test described test comprise with installation kit on described developer test terminal:
With isolating application software, ability file and signature file installation kit, and find corresponding installation kit sign from described test;
Search corresponding test authorization file according to described installation kit sign;
Described test is checked with the authorization file, when this test identical with signing certificate in described signature file and while being developer's certificate with the signing certificate in the authorization file, isolate described the first hardware identifier string from described developer's certificate, and obtain the second hardware identifier string of described developer test terminal;
Judge whether described the first hardware identifier string and described the second hardware identifier string mate, when coupling, described application software and ability file are installed.
2. method according to claim 1 is characterized in that described application and development terminal generates signature file according to described application software and comprises:
Generate the summary of described application software;
Generate the summary of described application software respective capabilities file;
Calculate the signing messages of the summary of the summary of described application software and described ability file;
Generate signature file according to described signing messages.
3. method according to claim 1 is characterized in that describedly generating test according to described test with installation kit and comprising with the authorization file:
Generate purchase information according to described test with installation kit;
By digest algorithm and the summary cryptographic algorithm of agreement, generate the summary of the described purchase information after encrypting;
Generate described test authorization file according to the summary of described purchase information by the rule of arranging.
4. a terminal application software dissemination system, is characterized in that comprising application and development terminal, developer test terminal and developer's community server, wherein:
Described application and development terminal is for being registered as the developer user of developer community Application and Development software;
Described developer test terminal is for testing described application software;
Described application and development terminal is also packed for the application software to by described test and is submitted to described developer's community server;
The described application software that described developer's community server is submitted to by the application and development terminal for preservation is for download;
Wherein, described system also comprises the Digital signature service system, wherein:
Described application and development terminal comprises:
Encrypting module, after when described application and development terminal, receiving the application for registration that comes from the developer, the application information that Generates Certificate of cryptographic algorithm according to a preconcerted arrangement;
The certificate request module, for sending the certificate request that comprises described certificate request information to described developer's community server;
Memory module, come from developer's certificate of described developer's community server for storage, described developer's certificate comprises the first hardware identifier string;
The result feedback module, for feeding back the application for registration result to described developer's community server;
Described developer's community server comprises:
The certificates constructing module, for generating developer's certificate according to described certificate request information and with the agreement of Digital signature service system;
The certificate feedback module, feed back to described application and development terminal for the developer's certificate by after described Digital signature service system signature;
Described Digital signature service system is signed for described developer's certificate that the certificates constructing module is generated;
Described application and development terminal also comprises:
The signature file generation module, for generating signature file according to described application software;
The installation kit generation module, generate the test installation kit for the described signature file generated according to the signature file generation module;
The license file generation module, generate test authorization file for the described test generated according to the installation kit generation module with installation kit;
Transport module, the described test generated with installation kit and license file generation module for the described test that the installation kit generation module is generated uses the authorization file transfer to described developer test terminal;
Described developer test terminal comprises:
Separation module, for from described test, with installation kit, isolating application software, ability file and signature file, and find corresponding installation kit sign;
Search module, for according to the isolated described installation kit sign of separation module, searching corresponding test authorization file;
Checking module, for being checked with the authorization file described test;
The identification string processing module, identical with signing certificate in described signature file and while being developer's certificate with the signing certificate of authorization file for check out described test when checking module, isolate described the first hardware identifier string from described developer's certificate, and obtain the second hardware identifier string of described developer test terminal;
Whether judge module, mate for judging described the first hardware identifier string and described the second hardware identifier string;
Installation module, while for judge module, judging described the first hardware identifier string and described the second hardware identifier string coupling, install described application software and ability file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010542441 CN102065077B (en) | 2010-11-11 | 2010-11-11 | Method and system for distributing application software to terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010542441 CN102065077B (en) | 2010-11-11 | 2010-11-11 | Method and system for distributing application software to terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102065077A CN102065077A (en) | 2011-05-18 |
| CN102065077B true CN102065077B (en) | 2013-12-18 |
Family
ID=44000178
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010542441 Active CN102065077B (en) | 2010-11-11 | 2010-11-11 | Method and system for distributing application software to terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102065077B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102271130B (en) * | 2011-07-22 | 2014-09-10 | 四川长虹电器股份有限公司 | Method for safely delivering and distributing software |
| CN102546604B (en) * | 2011-12-22 | 2014-12-24 | 四川长虹电器股份有限公司 | Security control method of intelligent television application program |
| KR101373550B1 (en) * | 2012-01-11 | 2014-03-13 | (주)마상소프트 | System for platform system based on network |
| CN103106140A (en) * | 2013-01-24 | 2013-05-15 | Tcl集团股份有限公司 | Intelligent display device testing information display method |
| CN103198250B (en) * | 2013-03-11 | 2016-03-09 | 青岛海信传媒网络技术有限公司 | The checking method of intelligent television application program |
| CN104063668B (en) * | 2013-03-21 | 2018-07-27 | 深圳富泰宏精密工业有限公司 | Program installation kit signature system and method |
| CN103235906B (en) * | 2013-03-27 | 2016-01-13 | 广东欧珀移动通信有限公司 | A kind of application program encryption, decryption method and encryption, decryption device |
| CN105487908B (en) * | 2015-12-22 | 2020-05-19 | 中软信息系统工程有限公司 | Safe application software ecological service method |
| CN109309645A (en) * | 2017-07-26 | 2019-02-05 | 中国人民解放军装备学院 | A kind of software distribution security guard method |
| CN107864038B (en) * | 2017-10-25 | 2020-08-04 | 中国平安人寿保险股份有限公司 | Certificate management method, device, equipment and computer readable storage medium |
| CN111046376B (en) * | 2018-10-11 | 2022-05-17 | 中国人民解放军战略支援部队航天工程大学 | Distribution auditing method and device based on installation package |
| CN110865802A (en) * | 2019-11-28 | 2020-03-06 | 山东浪潮商用系统有限公司 | Tax interface rapid development method based on micro-service architecture |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6226784B1 (en) * | 1998-10-14 | 2001-05-01 | Mci Communications Corporation | Reliable and repeatable process for specifying developing distributing and monitoring a software system in a dynamic environment |
| CN101339595A (en) * | 2008-05-20 | 2009-01-07 | 北京深思洛克数据保护中心 | Device for operation by using permission control software |
| CN101404053A (en) * | 2008-05-04 | 2009-04-08 | 北京深思洛克软件技术股份有限公司 | Method for preventing repeatedly issuing software permission |
| CN101789967A (en) * | 2010-01-12 | 2010-07-28 | 重庆大学 | Remote test service system based on electronic commerce and use method thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU4676800A (en) * | 1999-04-26 | 2000-11-10 | Dodots, Inc. | Apparatus and method for delivering internet content |
-
2010
- 2010-11-11 CN CN 201010542441 patent/CN102065077B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6226784B1 (en) * | 1998-10-14 | 2001-05-01 | Mci Communications Corporation | Reliable and repeatable process for specifying developing distributing and monitoring a software system in a dynamic environment |
| CN101404053A (en) * | 2008-05-04 | 2009-04-08 | 北京深思洛克软件技术股份有限公司 | Method for preventing repeatedly issuing software permission |
| CN101339595A (en) * | 2008-05-20 | 2009-01-07 | 北京深思洛克数据保护中心 | Device for operation by using permission control software |
| CN101789967A (en) * | 2010-01-12 | 2010-07-28 | 重庆大学 | Remote test service system based on electronic commerce and use method thereof |
Non-Patent Citations (4)
| Title |
|---|
| 《基于PKI/CA架构的加密签名系统设计与实现》;黄君毅;《万方数据-中山大学硕士学位论文》;20050520;第2、3、5、6章 * |
| 孙青,蒋伟,陈波.《代码签名技术及应用探讨》.《电脑编程技巧与维护》.2009,第21-26页. * |
| 康金辉.《基于数字校园网的客户端软件分发方法》.《陕西理工学院学报(自然科学版)》.2008,第24卷(第4期),全文. * |
| 黄君毅.《基于PKI/CA架构的加密签名系统设计与实现》.《万方数据-中山大学硕士学位论文》.2005,第2、3、5、6章. |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102065077A (en) | 2011-05-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102065077B (en) | Method and system for distributing application software to terminal | |
| CN102035653B (en) | Controllable distributing method and system used in software examining and verifying stage | |
| CN108197891B (en) | Electronic signing device and method based on block chain | |
| CN102024127B (en) | Control platform, user terminal, distribution system and method of application software | |
| US20100257370A1 (en) | Apparatus And Method for Supporting Content Exchange Between Different DRM Domains | |
| JP5196883B2 (en) | Information security apparatus and information security system | |
| EP1817687B1 (en) | Apparatus and method for supporting content exchange between different drm domains | |
| CN111131278B (en) | Data processing method and device, computer storage medium and electronic equipment | |
| CN111464315B (en) | Digital signature processing method, device, computer equipment and storage medium | |
| US8214646B2 (en) | Bundle verification | |
| CN109754226B (en) | Data management method, device and storage medium | |
| CN104426658A (en) | Method and device for performing identity authentication on application on mobile terminal | |
| JP2022541835A (en) | Methods and apparatus, electronic devices, storage media and computer programs for processing data requests | |
| CN111210217A (en) | Data processing method, device and storage medium | |
| CN115705601A (en) | Data processing method and device, computer equipment and storage medium | |
| CN116541046B (en) | Energy storage system upgrading method and device, computer equipment and readable storage medium | |
| KR101858562B1 (en) | Security system for selling and using e-training contents | |
| CN115409511B (en) | Personal information protection system based on block chain | |
| CN111147471A (en) | Terminal network access authentication method, device, system and storage medium | |
| CN112994882B (en) | Authentication method, device, medium and equipment based on block chain | |
| CN113221074B (en) | Offline authorization method | |
| CN114124922B (en) | Application distribution method based on block chain | |
| CN115935379A (en) | Service processing method, device, equipment and computer readable storage medium | |
| JP2022020604A (en) | Decentralized electronic contract certification platform | |
| CN106156625A (en) | The method of a kind of plug-in unit signature and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |