Current location - Quotes Website - Signature design - What does the security certificate of smart phone mean?
What does the security certificate of smart phone mean?
You may ask, what is the use of certificates? Certificates are used to sign software. Software can't be signed without a certificate, so what's the use of software signing?

First of all, we need to understand the function of signature. The third edition of S60 has greatly improved the security, and has stricter regulations on the installation and operation of third-party software in the system. Some operations involving mobile phone software and hardware security/personal information security are particularly restricted (for example, automatic startup of mobile phone startup is one of the restricted functions). In order to realize these "specially restricted" functions, the application must obtain a "signature". In other words, someone should be responsible for the safety of this operation! A program without any signature cannot be installed and run.

Signature: It refers to writing specific tag information in a specific field of an application, indicating that the software has passed the audit of the signer.

The signer is responsible for the security of the software. Among them, there are three kinds of signatures:

1.Symbian signature.

Which is the official signature of Symbian mobile phone operating system. Software that has passed Symbian security certification will get Symbian.

Sign. This software has the highest security level. Can be installed/run normally on the mobile phone/and can realize all the functions provided by the software.

Obtaining Symbian signature requires the software author to deal directly with Symbian officials. For various reasons,

Not all software authors have the ability to obtain this certification.

2. Signature of the author.

The author of the software signed his name when he released the software. This kind of software can be installed and run on your mobile phone (you may encounter a security warning and you can skip it). But those "specially restricted" functions cannot be realized. If a software doesn't involve this function at all, it is entirely possible for the software author to sign it himself. Another possibility is that although some functions of the software are within the scope of "special restrictions", they are not the main functions. The software author may also release an "author's signature version", which can normally use most functions, but will lose some specific functions. For example, there is such a version of the "incoming call" software that almost all functions can be used, but it can't be started automatically.

3. User signature. (It is the kind used in the certificate area now. At least read this paragraph. )

Strictly speaking, this should belong to the "developer signature". Because Symbian provides a kind of "development certificate" for software developers, the original intention is to let software developers do software testing. This "development certificate" is associated with the IMEI code of the machine used for testing. The software signed with this certificate can only be used on the machine corresponding to the IMEI code, not on other machines. Our so-called "self-signature" is actually in this way. To put it bluntly, you said you were developing software, you provided the IMEI code of your tester, and Symbian issued you a "development certificate". You use this certificate to sign your Test Software. You are responsible for your "development behavior"! That's all. In addition, the development certificate is valid for three years from the date of issuance. However, within the validity period of the certificate, there is no limit on the use time of the signed program.