CN103368987A - Cloud server, application program verification, certification and management system and application program verification, certification and management method - Google Patents
Cloud server, application program verification, certification and management system and application program verification, certification and management method Download PDFInfo
- Publication number
- CN103368987A CN103368987A CN2012100848967A CN201210084896A CN103368987A CN 103368987 A CN103368987 A CN 103368987A CN 2012100848967 A CN2012100848967 A CN 2012100848967A CN 201210084896 A CN201210084896 A CN 201210084896A CN 103368987 A CN103368987 A CN 103368987A
- Authority
- CN
- China
- Prior art keywords
- application program
- audit
- description document
- cloud server
- suspicious actions
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides an application program verification, certification and management system comprising a cloud server and a mobile terminal; the cloud server is used for verifying an application program, acquiring suspicious behavior data of the application program in the verification process, recording the suspicious behavior data to obtain a verification result of the application program and generating a verification description file according to the verification result, wherein the verification description file includes certification data and the verification result of the application program; and the mobile terminal is used for downloading the verification description file of a specified application program from the cloud server and using a corresponding management strategy to carry out safety control on the specified application program according to the verification description file. The system has a reasonable multi-strategy management mechanism, can bring a better real-time safety protection effect and has good compatibility. The invention further provides a cloud server and an application program verification, certification and management method.
Description
Technical field
The present invention relates to the mobile communication technology field, audit authentication administrating system and the method for particularly a kind of Cloud Server, and a kind of application program.
Background technology
Along with the development of software and mobile communication technology, the system of mobile communication equipment (for example mobile phone) is also constantly upgrading.At present, the system of most of mobile communication equipment all needs strict signature authentication for installation and the use of application program.Particularly, the some of them system (for example, the Symbian system) introduced strict signature authentication system, use the application program of the system capability of limited accass, need to install through the sign system of the unrestricted any indicated release at other of ability of developer's signature and publisher.Through the application installation kit of developer's signature, through behind publisher's signature, use installation kit and change again, only having just can installation and operation in system through the application program of publisher's signature.Developer's signature of this system applies, proved developer's identity of application program, publisher's Signature Proof issue publisher's identity of this application, show also that simultaneously legitimacy, fail safe, the validity of publisher's application programs approves, that is to say, the signature of this system can only show that the identity of oneself approving this applications employing oneself issues, and not signing is exactly not approve.The application program of other systems (for example Android system) only need be signed and can install and use, can think, the signature of this system application can only show developer's identity, even developer's identity all can not show sometimes, when for example using debug certificate that SDK (Software Development Kit, software development kit) carries or other can not show the certificate of developer's identity.
The shortcoming that prior art exists is: (1) authentication result is single, only has approval, does not approve two kinds of results, and be the approval to the blanket information of all application programs, does not have the approval for application properties.(2) processing policy of mobile phone terminal application programs is single, without many policy management mechanisms, does not more implement targetedly the scheme of many tactical managements for current application program audit state.(3) poor compatibility, the result of authentication are independent, and the result of authentication and signed data need be kept in the front application program installation kit of authentication, can revise the file at authentication object place after the authentication application program, have generated new installation kit file.Before the authentication and the form of application program after the authentication variation has in fact occured, formed two kinds of Application Types, easily produce compatibility issue.
Summary of the invention
Purpose of the present invention is intended to solve at least one of above-mentioned technological deficiency.
For this reason, first purpose of the present invention has proposed a kind of audit authentication administrating system of application program, and this system has rational many policy management mechanisms, not only can bring better actual time safety protection effect, and compatible good.The second purpose of the present invention has proposed a kind of Cloud Server, has good collection and decision-making ability.The 3rd purpose of the present invention also proposed a kind of audit authentication and management method of application program, and the method adopts many policy management mechanisms, is conducive to bring better customer experience.
For achieving the above object, the embodiment of first aspect present invention has proposed a kind of audit authentication administrating system of application program, comprise: Cloud Server, the suspicious actions data that are used for examining application program and gather described application program at review process, described suspicious actions data are recorded to obtain auditing result corresponding to described application program, and according to described auditing result generation audit description document, wherein, described audit description document comprises verify data and the auditing result of described application program; And portable terminal, be used for from the described audit description document of described Cloud Server download specified application, and adopt corresponding management strategy to carry out security control according to described audit description document to described specified application.
Audit authentication administrating system according to the application program of the embodiment of the invention, so that portable terminal can adopt different targetedly processing policies to the application program that different behavioural characteristics and different credibilities are arranged, not only can bring better actual time safety protection effect, can also bring better user to experience.Simultaneously, the party system also can compatible existing application installation kit form, can be on the basis that does not change present application program or its installation kit form, seamless examines application program authentication application in the existing application standard, does not affect the life cycle management mechanism of application program.
The embodiment of second aspect present invention has proposed a kind of Cloud Server, comprising: acquisition module, for the suspicious actions data of acquisition applications program; Auditing module, be used for verifying that the signature of described application program is to confirm the legitimacy of described application program, and the essential information of verifying described application program is to confirm the software compatibility of described application program, generate the legal of described application program and compatibility specification information, and to described suspicious actions data analysis described application program is classified and estimates, and generate classified information and the evaluation information of described application program, with described legal and compatibility specification information, described classified information and described evaluation information merge to obtain described auditing result, and generate the audit description document according to described auditing result; Authentication module, be used for certificate of utility described audit description document is carried out digital signature identification to generate verify data, wherein, described verify data is used for identifying the source of described audit description document and application program description document, wherein, described application program description document is used for identifying the installation kit of described application program or described application program; Pushing module is used for generating described audit description document according to described auditing result and described verify data, and when receiving the request of data of portable terminal, described audit description document is pushed to described portable terminal.
According to the Cloud Server of the embodiment of the invention, not only can gather preferably corresponding data, also have very strong decision-making ability, can examine, authenticate the data that gather, and in time process according to actual conditions.
The embodiment of third aspect present invention has proposed a kind of audit authentication and management method of application program, comprises the steps:
Cloud Server is examined application program and gather the suspicious actions data of described application program in review process, and the auditing result that described suspicious actions data are recorded to generate, and according to described auditing result generation audit description document, wherein, described audit description document comprises verify data and the auditing result of described application program;
Portable terminal sends the data request signal of specified application to described Cloud Server, and the audit description document of downloading described specified application from described Cloud Server, and adopt corresponding management strategy to carry out security control according to described audit description document to described specified application.
Audit authentication and the management method of the application program that proposes according to the embodiment of the invention, the not source legitimacy of application program just of authentication, but also authenticated the security audit result's of application program legitimacy.Simultaneously, adopt rational many policy management mechanisms, can bring better actual time safety protection, and compatible good.In addition, the security audit result of application program has comprised the behavioural characteristic of application program, so that a lot of application programs have had the relevant information of safety such as some application behaviors when arriving portable terminal, be convenient to portable terminal and make more effectively security control.
The aspect that the present invention adds and advantage in the following description part provide, and part will become obviously from the following description, or recognize by practice of the present invention.
Description of drawings
Above-mentioned and/or the additional aspect of the present invention and advantage are from obviously and easily understanding becoming the description of embodiment below in conjunction with accompanying drawing, wherein:
Fig. 1 is the schematic diagram according to the audit authentication administrating system of the application program of the embodiment of the invention;
Fig. 2 is the schematic diagram according to the Cloud Server of the embodiment of the invention;
Fig. 3 is the audit authentication of according to an embodiment of the invention application program and the flow chart of management method;
Fig. 4 is the audit authentication of in accordance with another embodiment of the present invention application program and the particular flow sheet of management method; With
Fig. 5 sorts out the schematic diagram that changes according to application behavior before and after the audit of the audit authentication of the application program of the embodiment of the invention and management method.
Embodiment
The below describes embodiments of the invention in detail, and the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or the element with identical or similar functions from start to finish.Be exemplary below by the embodiment that is described with reference to the drawings, only be used for explaining the present invention, and can not be interpreted as limitation of the present invention.
In description of the invention, need to prove, unless otherwise prescribed and limit, term " installation ", " linking to each other ", " connection " should be done broad understanding, for example, can be mechanical connection or electrical connection, also can be the connection of two element internals, can be directly to link to each other, and also can indirectly link to each other by intermediary, for the ordinary skill in the art, can understand as the case may be the concrete meaning of above-mentioned term.
With reference to following description and accompanying drawing, these and other aspects of embodiments of the invention will be known.These describe and accompanying drawing in, specifically disclose some specific implementations in the embodiments of the invention, represent to implement some modes of the principle of embodiments of the invention, still should be appreciated that the scope of embodiments of the invention is not limited.On the contrary, embodiments of the invention comprise spirit and interior all changes, modification and the equivalent of intension scope that falls into additional claims.
With reference to Fig. 1, the audit of a kind of application program that first aspect present invention embodiment proposes authentication administrating system comprises Cloud Server 101 and portable terminal 102.Cloud Server 101 is used for the audit application program and gathers the suspicious actions data of described application program at review process, described suspicious actions data are recorded to obtain auditing result corresponding to described application program, and according to described auditing result generation audit description document, wherein, described audit description document comprises verify data and the auditing result of described application program, wherein, the audit description document comprises verify data and the auditing result of application program.Portable terminal 102 is used for downloading from Cloud Server 101 the audit description document of specified application, and adopts corresponding management strategy to carry out security control according to the audit description document to specified application.Wherein, the application program that can download first for the user of specified application or the built-in application program of operating system of portable terminal.Owing to not using this specified application before the user, its fail safe is not understood, therefore need to obtain from Cloud Server the relevant information of this specified application.
In one embodiment of the invention, at least a collection suspicious actions data of Cloud Server 101 in the following manner:
(1) utilize pseudo-terminal equipment to run application, the suspicious actions data in the Cloud Server 101 acquisition applications program operation process.In an example of the present invention, pseudo-terminal equipment can be simulator or true terminal (for example mobile phone).Pseudo-terminal equipment can integrated suspicious actions monitoring scheme the terminal system platform, thereby application programs gathers automatically, and carries out statistical analysis.Also can carry out further manual analysis to special case, finally obtain comparatively accurately suspicious actions data.Above-mentioned suspicious actions information can provide basis for estimation for the potential threat information of the application program that newly comes into the market.
(2) Cloud Server 101 gathers the suspicious actions data in user terminal (for example mobile phone) the use application program.Particularly, the suspicious actions data in the user terminal application programs gather, statistics and analysis, and in time are synchronized to Cloud Server 101.For the terminal system of integrated suspicious actions monitoring scheme, can also use in the process of mobile phone the user, constantly gather and analyze the suspicious actions data.
Simultaneously, Cloud Server 101 also is used for gathering the user to the initial classification information of suspicious actions data.Wherein, initial classification information can comprise the user to the result of determination of suspicious actions, and for example whether suspicious actions are malicious act or credible behavior.The judged result that the user uploads has very important effect for the data statistics of Cloud Server 101.Along with the increase of customer group, collection and the decision-making ability of each class behavior of user terminal application programs will be above the acquisition capacity of Cloud Server 101.
In one embodiment of the invention, the signature of Cloud Server 101 application programs and essential information verify to generate the legal of application program and compatibility specification information, and classify and estimate to generate classified information and the evaluation information of application program according to suspicious actions data application programs, and according to legal and compatibility specification information, classified information and evaluation information are merged to obtain auditing result.
The below specifically describes the review process of Cloud Server 101 application programs.
At first, the signature of Cloud Server 101 verifying application programs AppName.apk, the signature of application programs verifies to confirm the legitimacy of application program.Then whether, inquiring about this application program has record of bad behavior, and the essential information of checking AppName.apk checks the software compatibility.That is to say, the essential information of application programs verifies to confirm the software compatibility of application program, generates the legal and compatibility specification information of application program.After having checked compatibility, Cloud Server 101 carries out File Infector Virus scanning, particularly to the lib storehouse.Decompiling java code carries out API (Application Programming Interface, application programming interface) and calls inspection, for example calls hiding API.Subsequently, the safety of test application and start is moved the software function automatic test of whether success and application programs.Manually carry out the software function audit, and the content legitimacy is examined.Then, the application programs behavior detects, analyzes and judges.The mode that in this step, can adopt automation detection and manual examination and verification to combine.That is to say, the suspicious actions data analysis is classified with application programs and estimated, and generate classified information and the evaluation information of application program.Thereafter, Cloud Server 101 record statistical analysis and result of determination, as do not find malicious act, generate the audit scanning document of AppName.apk.That is to say, legal and compatibility specification information, classified information and evaluation information are merged to obtain auditing result, and auditing result is stored in the audit description document; Certificate of utility carries out digital signature identification with the generation verify data to the audit description document, and verify data is used for the source of sign audit description document.
After finishing above-mentioned review process, Cloud Server 101 generates classified information and the evaluation information of application program.
Specifically, application program can be divided into following a few class:
Suspicious actions: the suspicious actions of application program refer to that application program carries out might but not necessarily can be to the hurtful behavior of user benefit.Because the vital interests that each user is concerned about are different, whether an application behavior can damage user benefit really, also need the user to judge voluntarily according to the demand of oneself or in the situation that user license judged by the system help user, after judging, the behavior can be changed malicious act or credible behavior into.
Malicious act: the malicious act of application program refers to the behavior of the infringement user benefit that application program is carried out.Whether application behavior is malicious act, and needs are initiatively judged through the user or got by system help user judgement.
Credible behavior: the credible behavior of application program refers to can be to the hurtful behavior of user benefit in the application program suspicious actions capability set.Whether application behavior is credible behavior, and needs are initiatively judged through the user or got by system help user judgement.
Potential suspicious actions: though the potential suspicious actions of application program refer to not occur the suspicious actions that application program has the ability to carry out.In a single day potential suspicious actions of application program are proved and can be performed, and the behavior will become suspicious actions; Otherwise in a single day potential suspicious actions of application program are proved never and are performed, and the behavior also will no longer be potential suspicious actions.All potential suspicious actions of application program are not one and determine constant set, constantly clear and definite along with the real ability of application program, and it is more and more accurate that this set can become.
The suspicious actions capability set: the suspicious actions capability set of application program refers to the access ability to system resource that has according to application program, the set of inferring all suspicious actions that application program has the ability to carry out.The suspicious actions capability set is the union of suspicious actions and potential suspicious actions.The suspicious actions capability set of application program is not one and determines constant set, constantly clear and definite along with the real ability of application program, and it is more and more accurate that this set also can become.
Above-mentioned various types of application behavior has accurately model or rule definition.
The classified information that Cloud Server 101 classifies to obtain according to suspicious actions data application programs.Wherein, classified information is used for classification and the behavioural information corresponding to every class of records application program.As from the foregoing, the classified information of application program can be one or more of following type: credible behavior, potential suspicious actions, suspicious actions and malicious act.
Cloud Server 101 is estimated according to above-mentioned classified information application programs, the evaluation information of the program that is applied.Wherein, evaluation information comprises and is subjected to trust, examine, do not examine and distrust.
In one embodiment of the invention, Cloud Server 101 certificates of utility carry out digital signature identification to generate verify data to the audit description document, and wherein, verify data is used for the source of sign audit description document and application program description document.By audit description document and application program description document are carried out digital signature, can prove the source legitimacy of application program, and security audit result's that can the authentication application program legitimacy, and then the behavioral trait that has of proof application program and content legality, fail safe, standardization etc.
Wherein, verify data comprises the certificate information of summary info, authentication signature and the signature value of authentication signature.
The audit description document comprises following two kinds of forms:
(1) embedded: audit description document and verify data are embedded in the installation kit of application program or application program, be similar to application issued person's signature of Symbian system, after only carrying out signature authentication through the application program of developer's signature, generate the application program installation kit with new signature.In an example of the present invention, for the Yi platform, this installation kit that regenerates can be the file of " * .bpk " type.
(2) stand alone type: audit description document and verify data be separate, stored respectively, does not change by application program or its installation kit of audit authentication.Wherein, freestanding audit description document is stored in the authentication description document, and the authentication description document is the product that the audit description document is carried out signature authentication.
In one embodiment of the invention, the authentication description document can be a compressed package.Comprise audit description document and signature authentication data in the compressed package of authentication description document, and comprise application program description document (app_des.txt).Wherein, in the application program description document, stored in order to sign by the data of the application program of audit authentication.
In an example of the present invention, authentication description document (* .ver) form is as follows:
Authentication description document App_verified.Ver, compressed package File bibliographic structure is:
|--app_des.txt application program description document
|--app_verified_info.sec examines description document
`--META-INF
|--CERT.RSA signature file (comprising certificate information, signature value)
`--CERT.SF summary info storage file (preserve the digest value of All Files in the compressed package, guarantee integrality).
Further, the authentication description document comprises following three parts:
First: application program description document (app_des.txt).The application program description document is examined the identification information of the application program of authentication.Wherein, the application program description document comprises application program packet format, bag name, application version number, original signing messages.Wherein, original signing messages comprises: summary info, certificate information, signature value.These data can application program of unique sign or the installation kit of application program, the object whether user examines in the installation kit of judging certain application program or application program proves that the content of examining in the description document is exactly the auditing result to that application program of appointment.
Second portion: audit description document (app_verified_info.sec).The audit description document comprises the information of each class behavior of application program and content legality, software compatibility, standardization information, and to the overall evaluation information of this application program.
Wherein, the information of each class behavior of application program comprises: suspicious actions, malicious act, credible behavior, potential suspicious actions information, the information content can be behavior model or rule ID numbers.
Evaluation information comprises and is subjected to trust, examine, do not examine, distrust.
Third part: signature file.Signature file is to use the qualification result of certificate application programs to sign.Be used for differentiating the integrality of authentication description document and the legitimacy in source, guarantee that the content of authentication description document can't be tampered, the authenticator can't be counterfeiting.
The authentication mode of separate, stored verify data has compatible good preferably, can not change existing application program and installation kit thereof, does not destroy the form of existing application and installation kit, the front compatibility with authenticating rear application program of maintenance authentication.No matter be that application program self changes, perhaps the result of Cloud Server changes, and the variation of audit description document and verify data all is separate, simultaneously can seamless level and smooth fusion.
Portable terminal 102 is downloaded the audit description document of specified application from Cloud Server 101.Because the audit description document comprises the security audit result of application program, the behavioural characteristic that in examination result, has comprised application program, so that a lot of application programs are when arriving portable terminal 102, had the relevant information of safety such as application behavior, be convenient to portable terminal 102 and make effective security control.
In one embodiment of the invention, the user utilizes portable terminal 102 to obtain auditing result from Cloud Server 101 by following dual mode.
(1) user is from using store (app store) when downloading and installing the authentication application program, but the embedded or freestanding audit description document of system's choice for use.If embedded audit description document, with " * .bpk " file after the download signed; If freestanding audit description document, then when down load application, download with the apk file and comprise the authentication description document of examining description document.
(2) user is by the system platform embedded software of portable terminal, and active request is known potential threat or the malicious act information of specified application, and then triggers download and the processing of the authentication description document of specified application.
In one embodiment of the invention, portable terminal 102 can obtain one or more classification corresponding to specified application according to the audit description document, and according to the management strategy of one or more classification setting to specified application.
Based on the audit authentication result, portable terminal 102 can be implemented many policy management mechanisms, implement targetedly the scheme of many tactical managements for current application program audit state, namely adopt rational many policy management mechanisms to bear when reducing the operation of terminal system, and be beneficial to the user and bring better experience.
In one embodiment of the invention, management strategy comprises right access control strategy, real-time behavior monitoring strategy, behavior acquisition strategies, isolated controlling strategy and information feedback strategy.
Specifically, application program Classification Management and management strategy is as shown in table 1 below targetedly.
Table 1
The application program of user installation generally can belong to one of above-mentioned Four types, yet which type is application program not necessarily can fixedly belong to, along with the audit continue carry out, type may change under for example being installed to application on the Yi platform, and this changes also to future development more accurately.In addition, user's operation also can affect Application Type, for example the user installs other application program of not approving the source voluntarily, just begun to belong to " unverified not audit application program ", when the user initiatively initiate the request after Cloud Server 101 obtains the application authentication description document, this application program may become other any type.
In one embodiment of the invention, Cloud Server 101 can be after detecting the suspicious actions Data Update of application program, audit description document after the renewal of generation correspondence, and obtain the user list that uses application program, and initiatively to portable terminal active push audit description document corresponding to user list.
Audit authentication administrating system according to the application program of the embodiment of the invention, so that portable terminal can adopt different targetedly processing policies to the application program that different behavioural characteristics and different credibilities are arranged, not only can bring better actual time safety protection effect, can also bring better user to experience.Simultaneously, the party system also can compatible existing application installation kit form, can be on the basis that does not change present application program or its installation kit form, seamless examines application program authentication application in the existing application standard, does not affect the life cycle management mechanism of application program.
The Cloud Server 101 that proposes according to second aspect present invention embodiment is described below in conjunction with Fig. 2.
As shown in Figure 2, Cloud Server 101 comprises acquisition module 201, auditing module 202, authentication module 203 and pushing module 204.Wherein, acquisition module 201 is used for the suspicious actions data of acquisition applications program.Auditing module 202 is used for the signature of verifying application programs to confirm the legitimacy of application program, and the essential information of verifying application programs is to confirm the software compatibility of application program, generate the legal and compatibility specification information of application program, and by the suspicious actions data analysis being classified with application programs and estimating, and classified information and the evaluation information of generation application program, again legal and compatibility specification information, classified information and evaluation information are merged, thereby obtain auditing result.Authentication module 203 certificates of utility carry out digital signature identification to generate verify data to audit description document and application program description document, and wherein verify data is used for the source of sign audit description document.Pushing module 204 generates the audit description document according to auditing result and verify data, and when receiving the request of data of portable terminal 102, will examine description document and push to portable terminal 102.The application program description document is used for the installation kit of identification application or application program.
In one embodiment of the invention, acquisition module 201 gathers the suspicious actions data by at least a following mode:
(1) utilize pseudo-terminal equipment to run application, the suspicious actions data in the acquisition module 201 acquisition applications program operation process of Cloud Server 101.
In an example of the present invention, pseudo-terminal equipment can be simulator or true terminal (for example mobile phone).Pseudo-terminal equipment can integrated suspicious actions monitoring scheme the terminal system platform, thereby application programs gathers automatically, and carries out statistical analysis.Also can carry out further manual analysis to special case, finally obtain comparatively accurately suspicious actions data.Above-mentioned suspicious actions information can provide basis for estimation for the potential threat information of the application program that newly comes into the market.
(2) acquisition module 201 of Cloud Server 101 gathers the suspicious actions data in user terminal (for example mobile phone) the use application program.
Particularly, the suspicious actions data in the user terminal application programs gather, statistics and analysis, and in time are synchronized to Cloud Server 101.For the terminal system of integrated suspicious actions monitoring scheme, can also use in the process of mobile phone the user, constantly gather and analyze the suspicious actions data.The judged result that the user uploads has very important effect for the data statistics of Cloud Server 101.Along with the increase of customer group, collection and the decision-making ability of each class behavior of user terminal application programs will be above the acquisition capacity of Cloud Server 101.
In one embodiment of the invention, acquisition module 201 also is used for gathering the user to the initial classification information of suspicious actions data.And classified information is used for classification and the behavioural information corresponding to every class of records application program, wherein, application program can be in the types such as malicious act of the suspicious actions of the potential suspicious actions of the credible behavior of application program, application program, application program and application program one or more.
In one embodiment of the invention, Cloud Server 101 also comprises detection module 205, whether the suspicious actions data for detection of application program are upgraded, and the audit description document after after the suspicious actions that detect application program occur to upgrade, generating corresponding renewal, and the user list of the application program of detect to use occur upgrading, and the audit description document of pushing module 204 after upgrading to portable terminal active push corresponding to user list.
According to the Cloud Server 101 of the embodiment of the invention, not only can gather preferably corresponding data by acquisition module 201, also have very strong decision-making ability, can examine, authenticate the data that gather, and in time process according to actual conditions.
As shown in Figure 3, the embodiment of third aspect present invention has proposed a kind of audit authentication and management method of application program, comprises the steps:
S301, Cloud Server nuclear application program and in review process the suspicious actions data of acquisition applications program, and described suspicious actions data are recorded to generate auditing result corresponding to described application program, and according to auditing result generation audit description document, wherein, described audit description document comprises verify data and the auditing result of described application program.
In one embodiment of the invention, Cloud Server gathers the suspicious actions data by at least a following mode:
(1) utilize pseudo-terminal equipment to run application, the suspicious actions data in the Cloud Server acquisition applications program operation process.In an example of the present invention, pseudo-terminal equipment can be simulator or true terminal (for example mobile phone).Pseudo-terminal equipment can integrated suspicious actions monitoring scheme the terminal system platform, thereby application programs gathers automatically, and carries out statistical analysis.Also can carry out further manual analysis to special case, finally obtain comparatively accurately suspicious actions data.Above-mentioned suspicious actions information can provide basis for estimation for the potential threat information of the application program that newly comes into the market.
(2) Cloud Server gathers the suspicious actions data in the user terminal use application program.That is to say, user terminal gathers, statistics and analysis, and in time data is synchronized to Cloud Server.Use portable terminal for example in the process of mobile phone the user, constantly gather and analyze suspicious actions information, the user is judged to be malicious act or credible behavior to suspicious actions simultaneously, the information that these users oneself judge, for Cloud Server, it also is the resource that is of great value.Especially after customer group is grown in strength, collection and the decision-making ability of each class behavior of user terminal application programs will be that Cloud Server is incomparable.
S302, portable terminal send the data request signal of specified application to Cloud Server, and the audit description document of downloading specified application from Cloud Server.
Particularly, in an example of the present invention, as shown in Figure 4, the checking method of application programs may further comprise the steps:
S401, the signature of checking AppName.apk, the signature of application programs verifies to confirm the legitimacy of application program.
Whether S402, inquiring about this application program has record of bad behavior.
S403, the essential information of checking AppName.apk checks the software compatibility, that is to say, the essential information of application programs verifies to confirm the software compatibility of application program, generates the legal and compatibility specification information of application program.
S404, File Infector Virus scanning is particularly to the lib storehouse.
S405, decompiling java code carries out API (Application Programming Interface, application programming interface) and calls inspection, for example calls hiding API.
S406, whether test safety and startup operation be successful.
S407, the software function automatic test.
S408 manually carries out the software function audit.
S409, the content legality examination.
S410, application behavior detect, analyze and judge, adopt automation detection and manual examination and verification to combine; That is to say, the suspicious actions data analysis is classified with application programs and estimated, and generate classified information and the evaluation information of application program.
S411, record statistical analysis and result of determination.
S412, as do not find malicious act, generate the audit scanning document of AppName.apk.That is to say, legal and compatibility specification information, classified information and evaluation information are merged to obtain auditing result, and auditing result is stored in the audit description document; Certificate of utility carries out digital signature identification with the generation verify data to the audit description document, and verify data is used for the source of sign audit description document.
In one embodiment of the invention, classified information is used for classification and the behavioural information corresponding to every class of records application program, wherein, application program can be one or more of following type: credible behavior, potential suspicious actions, suspicious actions and malicious act.
Specifically, application program can be divided into following a few class:
Suspicious actions: the suspicious actions of application program refer to that application program carries out might but not necessarily can be to the hurtful behavior of user benefit.Because the vital interests that each user is concerned about are different, whether an application behavior can damage user benefit really, also need the user to judge voluntarily according to the demand of oneself or in the situation that user license judged by the system help user, after judging, the behavior can be changed malicious act or credible behavior into.
Malicious act: the malicious act of application program refers to the behavior of the infringement user benefit that application program is carried out.Whether application behavior is malicious act, and needs are initiatively judged through the user or got by system help user judgement.
Credible behavior: the credible behavior of application program refers to can be to the hurtful behavior of user benefit in the application program suspicious actions capability set.Whether application behavior is credible behavior, and needs are initiatively judged through the user or got by system help user judgement.
Potential suspicious actions: though the potential suspicious actions of application program refer to not occur the suspicious actions that application program has the ability to carry out.In a single day potential suspicious actions of application program are proved and can be performed, and the behavior will become suspicious actions; Otherwise in a single day potential suspicious actions of application program are proved never and are performed, and the behavior also will no longer be potential suspicious actions.All potential suspicious actions of application program are not one and determine constant set, constantly clear and definite along with the real ability of application program, and it is more and more accurate that this set can become.
The suspicious actions capability set: the suspicious actions capability set of application program refers to the access ability to system resource that has according to application program, the set of inferring all suspicious actions that application program has the ability to carry out.The suspicious actions capability set is the union of suspicious actions and potential suspicious actions.The suspicious actions capability set of application program is not one and determines constant set, constantly clear and definite along with the real ability of application program, and it is more and more accurate that this set also can become.
Above-mentioned various types of application behavior has accurately model or rule definition.
Further, as shown in Figure 5, the application program audit is a clear and definite application behavior feature, distinguishes the process of the affiliated classification of each behavior.Before the audit, there is not application behavior information.In review process, accumulate gradually suspicious actions and the potential suspicious actions information of application program, and through monitoring, analysis with deepening continuously, made reasonably and judging, finally obtained more accurate application behavior information, as auditing result.After the audit, can application programs make authentication.The application program that can authenticate, its suspicious actions, potential suspicious actions, malicious act set all may be empty set, but credible behavior set is not empty usually.
Further, after the application programs audit is finished, can generate an audit description document, be used for the storage auditing result, and prove the source of this auditing result with digital signature.The information that audit description document (app_verified_info.sec) comprises each class behavior of application program (comprises suspicious actions, malicious act, credible behavior, potential suspicious actions information, the information content can be behavior model or rule ID number) and content legality, software compatibility standardization information, and to the overall evaluation information (being subjected to trust, examine, do not examine, distrust) of this application.The content of audit description document can be through encrypting, and prevents that auditing result from being stolen by others.Wherein, verify data comprises the certificate information of summary info, authentication signature and the signature value of authentication signature.
The audit description document comprises following two kinds of forms:
(1) embedded: audit description document and verify data are embedded in the installation kit of application program or application program, be similar to application issued person's signature of Symbian system, after only carrying out signature authentication through the application program of developer's signature, generate the application program installation kit with new signature.In an example of the present invention, for the Yi platform, this installation kit that regenerates can be the file of " * .bpk " type.
(2) stand alone type: audit description document and verify data be separate, stored respectively, does not change by application program or its installation kit of audit authentication.Wherein, freestanding audit description document is stored in the authentication description document, and the authentication description document is the product that the audit description document is carried out signature authentication.
In one embodiment of the invention, the authentication description document can be a compressed package.Comprise audit description document and signature authentication data in the compressed package of authentication description document, and comprise application program description document (app_des.txt).Wherein, in the application program description document, stored in order to sign by the data of the application program of audit authentication.
In an example of the present invention, authentication description document (* .ver) form is as follows:
Authentication description document App_verified.Ver, compressed package File bibliographic structure is:
|--.app_des.txt application program description document
|--app_verified_info.sec examines description document
`--META-INF
|--CERT.RSA signature file (comprising certificate information, signature value)
`--CERT.SF summary info storage file (preserve the digest value of All Files in the compressed package, guarantee integrality).
Further, the authentication description document comprises following three parts:
First: application program description document (app_des.txt).The application program description document is examined the identification information of the application program of authentication.Wherein, the application program description document comprises application program packet format, bag name, application version number, original signing messages.Wherein, original signing messages comprises: summary info, certificate information, signature value.These data can application program of unique sign or the installation kit of application program, the object whether user examines in the installation kit of judging certain application program or application program proves that the content of examining in the description document is exactly the auditing result to that application program of appointment.
Second portion: audit description document (app_verified_info.sec).The audit description document comprises the information of each class behavior of application program and content legality, software compatibility, standardization information, and to the overall evaluation information of this application program.
Wherein, the information of each class behavior of application program comprises: suspicious actions, malicious act, credible behavior, potential suspicious actions information, the information content can be behavior model or rule ID numbers.
Evaluation information comprises and is subjected to trust, examine, do not examine, distrust.
Third part: signature file.Signature file is to use the qualification result of certificate application programs to sign.Be used for differentiating the integrality of authentication description document and the legitimacy in source, guarantee that the content of authentication description document can't be tampered, the authenticator can't be counterfeiting.
The authentication mode of separate, stored verify data has compatible good preferably, can not change existing application program and installation kit thereof, does not destroy the form of existing application and installation kit, the front compatibility with authenticating rear application program of maintenance authentication.No matter be that application program self changes, perhaps the result of Cloud Server changes, and the variation of audit description document and verify data all is separate, simultaneously can seamless level and smooth fusion.
S303 adopts corresponding management strategy to carry out security control according to the audit description document to specified application.
In an example of the present invention, the audit description document is to be generated by the Yi of Baidu platform Cloud Server, and the mode that arrives Yi platform user terminal has following three kinds:
When (1) user downloads and installs a Baidu authentication application program from the app store of Baidu, but the embedded or freestanding audit description document of system's choice for use.If embedded audit description document, will download behind Baidu's signature " * .bpk " file; If freestanding audit description document, can be when down load application download with the apk file and comprise the authentication description document of examining description document.
(2) user by Yi platform embedded software (such as: user terminal security centre), active request is known potential threat or the malicious act information of specified application, so triggered download and the processing of the authentication description document of specified application.
(3) form that the suspicious actions information of Baidu's Cloud Server active push latest find and malicious act information, these information exchanges are crossed the authentication description document is pushed in the Yi platform terminal system and processes.Baidu's Cloud Server only can carry out selectivity for mounted application on the user terminal and push.That is to say, whether Cloud Server detects the suspicious actions data of application program and upgrades, and after the suspicious actions that detect application program are upgraded, audit description document after the renewal of generation correspondence, and detection is used the user list of the application program that renewal occurs, the audit description document after Cloud Server upgrades to portable terminal active push corresponding to user list.
In one embodiment of the invention, adopt corresponding management strategy to carry out security control according to the audit description document to specified application, namely obtain one or more classification corresponding to specified application according to the audit description document, then according to one or more classification specified application is arranged corresponding management strategy.Wherein, as shown in table 1, management strategy comprises right access control strategy, real-time behavior monitoring strategy, behavior acquisition strategies, isolated controlling strategy and information feedback strategy.
Audit authentication and management method according to the application program of the embodiment of the invention, what authenticate is not the source legitimacy of application program, but also authenticated the security audit result's of application program legitimacy, and the behavioral trait that has of provable application program and content legality, fail safe, standardization etc.Simultaneously, also adopt rational many policy management mechanisms.Based on the audit authentication result, can implement many policy management mechanisms in terminal system, implement targetedly the method for many tactical managements for current application program audit state, bear when reducing the operation of terminal system, and be beneficial to the user and bring better experience.In addition, compatible not bad, the authentication mode of separate, stored verify data (such as the audit description document of above-mentioned " stand alone type "), do not change existing application program and installation kit thereof, do not destroy the form of existing application and installation kit, the front compatibility with authenticating rear application program of maintenance authentication.No matter be that application program self changes, or what result of Cloud Server changes, and its variation all is separate, simultaneously can seamless level and smooth fusion.At last, the security audit result of application program has comprised the behavioural characteristic of application program, so that a lot of application programs have had the relevant information of safety such as some application behaviors when arriving client terminal system, be convenient to terminal system and make effectively security control.And in the follow-up use procedure of application programs, can constantly replenish these data the user, both can improve the safety control strategy of user terminal this locality, again can be with these information synchronization to Cloud Server, improve the application information of Cloud Server, and can generate new security audit result and authentication description document, forming a cover can be from perfect application safety system.
Describe and to be understood in the flow chart or in this any process of otherwise describing or method, expression comprises module, fragment or the part of code of the executable instruction of the step that one or more is used to realize specific logical function or process, and the scope of preferred implementation of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by opposite order, carry out function, this should be understood by the embodiments of the invention person of ordinary skill in the field.
In flow chart the expression or in this logic of otherwise describing and/or step, for example, can be considered to the sequencing tabulation for the executable instruction that realizes logic function, may be embodied in any computer-readable medium, use for instruction execution system, device or equipment (such as the computer based system, comprise that the system of processor or other can and carry out the system of instruction from instruction execution system, device or equipment instruction fetch), or use in conjunction with these instruction execution systems, device or equipment.With regard to this specification, " computer-readable medium " can be anyly can comprise, storage, communication, propagation or transmission procedure be for instruction execution system, device or equipment or the device that uses in conjunction with these instruction execution systems, device or equipment.The more specifically example of computer-readable medium (non-exhaustive list) comprises following: the electrical connection section (electronic installation) with one or more wirings, portable computer diskette box (magnetic device), random access memory (RAM), read-only memory (ROM), the erasable read-only memory (EPROM or flash memory) of editing, fiber device, and portable optic disk read-only memory (CDROM).In addition, computer-readable medium even can be paper or other the suitable media that to print described program thereon, because can be for example by paper or other media be carried out optical scanner, then edit, decipher or process to obtain described program in the electronics mode with other suitable methods in case of necessity, then it is stored in the computer storage.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, a plurality of steps or method can realize with being stored in the memory and by software or firmware that suitable instruction execution system is carried out.For example, if realize with hardware, the same in another embodiment, can realize with the combination of each or they in the following technology well known in the art: have for the discrete logic of data-signal being realized the logic gates of logic function, application-specific integrated circuit (ASIC) with suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that and realize that all or part of step that above-described embodiment method is carried is to come the relevant hardware of instruction to finish by program, described program can be stored in a kind of computer-readable recording medium, this program comprises step of embodiment of the method one or a combination set of when carrying out.
In addition, each functional unit in each embodiment of the present invention can be integrated in the processing module, also can be that the independent physics of unit exists, and also can be integrated in the module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, also can adopt the form of software function module to realize.If described integrated module realizes with the form of software function module and during as independently production marketing or use, also can be stored in the computer read/write memory medium.
The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or the example in conjunction with specific features, structure, material or the characteristics of this embodiment or example description.In this manual, the schematic statement of above-mentioned term not necessarily referred to identical embodiment or example.And the specific features of description, structure, material or characteristics can be with suitable mode combinations in any one or more embodiment or example.
Although illustrated and described embodiments of the invention, for the ordinary skill in the art, be appreciated that without departing from the principles and spirit of the present invention and can carry out multiple variation, modification, replacement and modification to these embodiment, scope of the present invention is by claims and be equal to and limit.
Claims (25)
1. the audit of application program authentication administrating system is characterized in that, comprising:
Cloud Server, the suspicious actions data that are used for examining application program and gather described application program at review process, described suspicious actions data are recorded to obtain auditing result corresponding to described application program, and according to described auditing result generation audit description document, wherein, described audit description document comprises verify data and the auditing result of described application program; And
Portable terminal is used for from the described audit description document of described Cloud Server download specified application, and adopts corresponding management strategy to carry out security control according to described audit description document to described specified application.
2. audit authentication administrating system as claimed in claim 1 is characterized in that, described Cloud Server gathers described suspicious actions data by at least a following mode:
(1) utilize pseudo-terminal equipment to move described application program, described Cloud Server gathers the suspicious actions data in the described application program running;
(2) described Cloud Server collection user terminal uses the suspicious actions data in the described application program.
3. audit authenticates administrating system as claimed in claim 2, it is characterized in that, described Cloud Server also is used for gathering described user to the initial classification information of described suspicious actions data.
4. audit as claimed in claim 1 authenticates administrating system, it is characterized in that, described Cloud Server verifies to generate the legal of described application program and compatibility specification information to signature and the essential information of described application program, and described application program is classified and estimate classified information and evaluation information to generate described application program according to described suspicious actions data, and according to described legal and compatibility specification information, described classified information and described evaluation information are merged to obtain described auditing result.
5. audit as claimed in claim 4 authenticates administrating system, it is characterized in that, described classified information is used for recording classification and the behavioural information corresponding to every class of described application program, wherein, described application program is with one or more of Types Below: credible behavior, potential suspicious actions, suspicious actions and malicious act.
6. audit authentication administrating system as claimed in claim 4 is characterized in that, described evaluation information comprises: be subjected to trust, examine, do not examine and distrust.
7. audit as claimed in claim 1 authenticates administrating system, it is characterized in that, described Cloud Server certificate of utility carries out digital signature identification to generate verify data to described audit description document, wherein, described verify data is used for identifying the source of described audit description document and application program description document, and described application program description document is used for identifying the installation kit of described application program or described application program.
8. audit authentication administrating system as claimed in claim 7 is characterized in that, described verify data comprises the certificate information of summary info, authentication signature and the signature value of authentication signature.
9. audit authentication administrating system as claimed in claim 8 is characterized in that, described audit description document comprises following two kinds of forms:
(1) described audit description document and described verify data are embedded in the installation kit of the program package of described application program or described application program;
(2) described audit description document and described verify data difference separate, stored, wherein, described audit description document is stored in the authentication description document.
10. audit as claimed in claim 1 authenticates administrating system, it is characterized in that, described portable terminal obtains one or more classification corresponding to described specified application according to described audit description document, and according to the management strategy of described one or more classification setting to described specified application.
11. audit authentication administrating system as claimed in claim 10 is characterized in that, described management strategy comprises: right access control strategy, real-time behavior monitoring strategy, behavior acquisition strategies, isolated controlling strategy and information feedback strategy.
12. such as each described audit authentication administrating system among the claim 1-11, it is characterized in that, described Cloud Server is after detecting the suspicious actions Data Update of described application program, audit description document after the renewal of generation correspondence, and obtain the user list that uses described application program, and to the described audit description document of portable terminal active push corresponding to described user list.
13. a Cloud Server is characterized in that, comprising:
Acquisition module is for the suspicious actions data of acquisition applications program;
Auditing module, be used for verifying that the signature of described application program is to confirm the legitimacy of described application program, and the essential information of verifying described application program is to confirm the software compatibility of described application program, generate the legal of described application program and compatibility specification information, and to described suspicious actions data analysis described application program is classified and estimates, and generate classified information and the evaluation information of described application program, with described legal and compatibility specification information, described classified information and described evaluation information merge to obtain described auditing result, and generate the audit description document according to described auditing result;
Authentication module, be used for certificate of utility described audit description document is carried out digital signature identification to generate verify data, wherein, described verify data is used for identifying the source of described audit description document and application program description document, and described application program description document is used for identifying the installation kit of described application program or described application program;
Pushing module is used for generating described audit description document according to described auditing result and described verify data, and when receiving the request of data of portable terminal, described audit description document is pushed to described portable terminal.
14. Cloud Server as claimed in claim 13 is characterized in that, described acquisition module gathers described suspicious actions data by at least a following mode:
(1) utilize pseudo-terminal equipment to move described application program, described Cloud Server gathers the suspicious actions data in the described application program running;
(2) described Cloud Server collection user terminal uses the suspicious actions data in the described application program.
15. Cloud Server as claimed in claim 14 is characterized in that, described acquisition module also is used for gathering described user to the initial classification information of described suspicious actions data.
16. Cloud Server as claimed in claim 13, it is characterized in that, described classified information is used for recording classification and the behavioural information corresponding to every class of described application program, wherein, described application program is with one or more of Types Below: credible behavior, potential suspicious actions, suspicious actions and malicious act.
17. Cloud Server as claimed in claim 13, it is characterized in that, also comprise detection module, whether the suspicious actions data for detection of described application program are upgraded, and the audit description document after after the suspicious actions that detect described application program occur to upgrade, generating corresponding renewal, and the user list of the application program of detect to use occur upgrading, the audit description document of described pushing module after the described renewal of portable terminal active push corresponding to described user list.
18. audit authentication and the management method of an application program is characterized in that, comprise the steps:
Cloud Server is examined application program and gather the suspicious actions data of described application program in review process, and described suspicious actions data are recorded to generate auditing result corresponding to described application program, and according to described auditing result generation audit description document, wherein, described audit description document comprises verify data and the auditing result of described application program;
Portable terminal sends the data request signal of specified application to described Cloud Server, and the audit description document of downloading described specified application from described Cloud Server, and adopt corresponding management strategy to carry out security control according to described audit description document to described specified application.
19. audit authentication as claimed in claim 18 and management method is characterized in that, described Cloud Server gathers described suspicious actions data by at least a following mode:
(1) utilize pseudo-terminal equipment to move described application program, described Cloud Server gathers the suspicious actions data in the described application program running;
(2) described Cloud Server collection user terminal uses the suspicious actions data in the described application program.
20. audit authentication as claimed in claim 18 and management method is characterized in that, described the suspicious actions data are examined, and comprise the steps:
The signature of described application program is verified to confirm the legitimacy of described application program, and the software compatibility of the essential information of described application program being verified to confirm described application program, generate the legal of described application program and compatibility specification information;
Described suspicious actions data analysis described application program being classified and estimate, and is generated classified information and the evaluation information of described application program;
Described legal and compatibility specification information, described classified information and described evaluation information are merged to obtain described auditing result, and described auditing result is stored in the described audit description document;
Certificate of utility carries out digital signature identification to generate verify data to described audit description document, and wherein, described verify data is used for identifying the source of described audit description document.
21. audit authentication as claimed in claim 20 and management method, it is characterized in that, described classified information is used for recording classification and the behavioural information corresponding to every class of described application program, wherein, described application program is with one or more of Types Below: credible behavior, potential suspicious actions, suspicious actions and malicious act.
22. audit authentication as claimed in claim 20 and management method is characterized in that, described verify data comprises the certificate information of summary info, authentication signature and the signature value of authentication signature.
23. audit authentication as claimed in claim 18 and management method is characterized in that, describedly adopt corresponding management strategy to carry out security control according to the audit description document to described specified application, comprise the steps:
Obtain one or more classification corresponding to described specified application according to described audit description document;
According to described one or more classification described specified application is arranged corresponding management strategy.
24. audit authentication as claimed in claim 23 and management method is characterized in that, described management strategy comprises: right access control strategy, real-time behavior monitoring strategy, behavior acquisition strategies, isolated controlling strategy and information feedback strategy.
25. such as each described audit authentication and management method among the claim 18-24, it is characterized in that, also comprise the steps:
Whether described Cloud Server detects the suspicious actions data of described application program and upgrades;
After the suspicious actions that detect described application program are upgraded, the audit description document after the renewal of generation correspondence, and detect the user list that uses the application program that renewal occurs;
The audit description document of described Cloud Server after the described renewal of portable terminal active push corresponding to described user list.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210084896.7A CN103368987B (en) | 2012-03-27 | 2012-03-27 | Cloud server, application program verification, certification and management system and application program verification, certification and management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210084896.7A CN103368987B (en) | 2012-03-27 | 2012-03-27 | Cloud server, application program verification, certification and management system and application program verification, certification and management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103368987A true CN103368987A (en) | 2013-10-23 |
| CN103368987B CN103368987B (en) | 2017-02-08 |
Family
ID=49369523
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210084896.7A Active CN103368987B (en) | 2012-03-27 | 2012-03-27 | Cloud server, application program verification, certification and management system and application program verification, certification and management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103368987B (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462295A (en) * | 2014-11-28 | 2015-03-25 | 步步高教育电子有限公司 | Method and device for adding labels to education applications |
| CN104753893A (en) * | 2013-12-31 | 2015-07-01 | 北龙中网(北京)科技有限责任公司 | Reliable verifying method and device for mobile application |
| CN104955043A (en) * | 2015-06-01 | 2015-09-30 | 成都中科创达软件有限公司 | Intelligent terminal safety protection system |
| CN105049447A (en) * | 2015-08-21 | 2015-11-11 | 北京洋浦伟业科技发展有限公司 | Security policy configuration system based on big data analysis |
| CN105447377A (en) * | 2014-08-22 | 2016-03-30 | 中国移动通信集团公司 | Method and apparatus for dynamically adjusting terminal enterprise domain applications |
| CN106775886A (en) * | 2016-12-26 | 2017-05-31 | 努比亚技术有限公司 | A kind of application management method and electronic equipment |
| CN106815518A (en) * | 2015-11-30 | 2017-06-09 | 华为技术有限公司 | One kind application installation method and electronic equipment |
| CN107147646A (en) * | 2017-05-11 | 2017-09-08 | 郑州信大捷安信息技术股份有限公司 | A kind of automobile function interface security mandate accesses system and security certificate access method |
| WO2017185574A1 (en) * | 2016-04-28 | 2017-11-02 | 北京小米移动软件有限公司 | Valid installation package acquisition method, device and system |
| CN107566177A (en) * | 2017-09-06 | 2018-01-09 | 合肥庆响网络科技有限公司 | Network acceleration system |
| CN108280346A (en) * | 2017-01-05 | 2018-07-13 | 腾讯科技(深圳)有限公司 | A kind of application protecting, monitoring method, apparatus and system |
| CN109918055A (en) * | 2019-01-28 | 2019-06-21 | 平安科技(深圳)有限公司 | A kind of generation method and equipment of application program |
| CN110046494A (en) * | 2019-04-24 | 2019-07-23 | 广州知弘科技有限公司 | Big data processing method and system based on terminal |
| CN110071924A (en) * | 2019-04-24 | 2019-07-30 | 广州知弘科技有限公司 | Big data analysis method and system based on terminal |
| CN110084064A (en) * | 2019-04-24 | 2019-08-02 | 广州知弘科技有限公司 | Big data analysis processing method and system based on terminal |
| CN110727945A (en) * | 2019-09-20 | 2020-01-24 | 上海连尚网络科技有限公司 | Virus scanning method, device and computer readable medium |
| CN111046376A (en) * | 2018-10-11 | 2020-04-21 | 中国人民解放军战略支援部队航天工程大学 | Distribution auditing method and device based on installation package |
| CN111597947A (en) * | 2020-05-11 | 2020-08-28 | 浙江大学 | Application program inference method for correcting noise based on power supply power factor |
| WO2021259015A1 (en) * | 2020-06-24 | 2021-12-30 | 广州汽车集团股份有限公司 | Method for connecting bluetooth key to vehicle, vehicle bluetooth system, and bluetooth key |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1618198A (en) * | 2003-05-17 | 2005-05-18 | 微软公司 | Mechanism for evaluating safety and risk |
| US20080274716A1 (en) * | 2007-05-01 | 2008-11-06 | Qualcomm Incorporated | Application logging interface for a mobile device |
| CN102160048A (en) * | 2008-09-22 | 2011-08-17 | 微软公司 | Collecting and analyzing malware data |
| US8056136B1 (en) * | 2010-11-01 | 2011-11-08 | Kaspersky Lab Zao | System and method for detection of malware and management of malware-related information |
-
2012
- 2012-03-27 CN CN201210084896.7A patent/CN103368987B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1618198A (en) * | 2003-05-17 | 2005-05-18 | 微软公司 | Mechanism for evaluating safety and risk |
| US20080274716A1 (en) * | 2007-05-01 | 2008-11-06 | Qualcomm Incorporated | Application logging interface for a mobile device |
| CN102160048A (en) * | 2008-09-22 | 2011-08-17 | 微软公司 | Collecting and analyzing malware data |
| US8056136B1 (en) * | 2010-11-01 | 2011-11-08 | Kaspersky Lab Zao | System and method for detection of malware and management of malware-related information |
| CN102332072A (en) * | 2010-11-01 | 2012-01-25 | 卡巴斯基实验室封闭式股份公司 | The system and method that is used for detection of malicious software and management Malware relevant information |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104753893A (en) * | 2013-12-31 | 2015-07-01 | 北龙中网(北京)科技有限责任公司 | Reliable verifying method and device for mobile application |
| CN105447377B (en) * | 2014-08-22 | 2018-07-27 | 中国移动通信集团公司 | A kind of method and device of dynamic adjustment terminal enterprise domain application program |
| CN105447377A (en) * | 2014-08-22 | 2016-03-30 | 中国移动通信集团公司 | Method and apparatus for dynamically adjusting terminal enterprise domain applications |
| CN104462295A (en) * | 2014-11-28 | 2015-03-25 | 步步高教育电子有限公司 | Method and device for adding labels to education applications |
| CN104955043A (en) * | 2015-06-01 | 2015-09-30 | 成都中科创达软件有限公司 | Intelligent terminal safety protection system |
| CN104955043B (en) * | 2015-06-01 | 2018-02-16 | 成都中科创达软件有限公司 | A kind of intelligent terminal security protection system |
| CN105049447A (en) * | 2015-08-21 | 2015-11-11 | 北京洋浦伟业科技发展有限公司 | Security policy configuration system based on big data analysis |
| CN106815518A (en) * | 2015-11-30 | 2017-06-09 | 华为技术有限公司 | One kind application installation method and electronic equipment |
| WO2017185574A1 (en) * | 2016-04-28 | 2017-11-02 | 北京小米移动软件有限公司 | Valid installation package acquisition method, device and system |
| US10091236B2 (en) | 2016-04-28 | 2018-10-02 | Beijing Xiaomi Mobile Software Co., Ltd. | Methods apparatuses, and storage mediums for acquiring legitimate installation packages |
| CN106775886A (en) * | 2016-12-26 | 2017-05-31 | 努比亚技术有限公司 | A kind of application management method and electronic equipment |
| CN108280346A (en) * | 2017-01-05 | 2018-07-13 | 腾讯科技(深圳)有限公司 | A kind of application protecting, monitoring method, apparatus and system |
| CN108280346B (en) * | 2017-01-05 | 2022-05-31 | 腾讯科技(深圳)有限公司 | Application protection monitoring method, device and system |
| CN107147646B (en) * | 2017-05-11 | 2019-09-13 | 郑州信大捷安信息技术股份有限公司 | A kind of automobile function interface security authorization access system and security certificate access method |
| CN107147646A (en) * | 2017-05-11 | 2017-09-08 | 郑州信大捷安信息技术股份有限公司 | A kind of automobile function interface security mandate accesses system and security certificate access method |
| CN107566177A (en) * | 2017-09-06 | 2018-01-09 | 合肥庆响网络科技有限公司 | Network acceleration system |
| CN111046376A (en) * | 2018-10-11 | 2020-04-21 | 中国人民解放军战略支援部队航天工程大学 | Distribution auditing method and device based on installation package |
| CN111046376B (en) * | 2018-10-11 | 2022-05-17 | 中国人民解放军战略支援部队航天工程大学 | Distribution auditing method and device based on installation package |
| CN109918055A (en) * | 2019-01-28 | 2019-06-21 | 平安科技(深圳)有限公司 | A kind of generation method and equipment of application program |
| CN109918055B (en) * | 2019-01-28 | 2023-10-31 | 平安科技(深圳)有限公司 | Application program generation method and device |
| CN110084064A (en) * | 2019-04-24 | 2019-08-02 | 广州知弘科技有限公司 | Big data analysis processing method and system based on terminal |
| CN110071924A (en) * | 2019-04-24 | 2019-07-30 | 广州知弘科技有限公司 | Big data analysis method and system based on terminal |
| CN110046494B (en) * | 2019-04-24 | 2019-11-19 | 天聚地合(苏州)数据股份有限公司 | Big data processing method and system based on terminal |
| CN110046494A (en) * | 2019-04-24 | 2019-07-23 | 广州知弘科技有限公司 | Big data processing method and system based on terminal |
| CN110084064B (en) * | 2019-04-24 | 2020-05-19 | 德萱(天津)科技发展有限公司 | Big data analysis processing method and system based on terminal |
| CN110727945A (en) * | 2019-09-20 | 2020-01-24 | 上海连尚网络科技有限公司 | Virus scanning method, device and computer readable medium |
| CN110727945B (en) * | 2019-09-20 | 2021-10-22 | 上海连尚网络科技有限公司 | Virus scanning method, device and computer readable medium |
| CN111597947A (en) * | 2020-05-11 | 2020-08-28 | 浙江大学 | Application program inference method for correcting noise based on power supply power factor |
| WO2021259015A1 (en) * | 2020-06-24 | 2021-12-30 | 广州汽车集团股份有限公司 | Method for connecting bluetooth key to vehicle, vehicle bluetooth system, and bluetooth key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103368987B (en) | 2017-02-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103368987A (en) | Cloud server, application program verification, certification and management system and application program verification, certification and management method | |
| JP6680840B2 (en) | Automatic detection of fraudulent digital certificates | |
| US11259183B2 (en) | Determining a security state designation for a computing device based on a source of software | |
| CN108337239B (en) | Event attestation of electronic devices | |
| US9940454B2 (en) | Determining source of side-loaded software using signature of authorship | |
| US10419222B2 (en) | Monitoring for fraudulent or harmful behavior in applications being installed on user devices | |
| CN104683409A (en) | Method for sharing applications between terminals and terminal | |
| US20140150096A1 (en) | Method for assuring integrity of mobile applications and apparatus using the method | |
| CN106355081A (en) | Android program start verification method and device | |
| CN102693379A (en) | Protecting operating system configuration values | |
| CN104573435A (en) | Method for terminal authority management and terminal | |
| CN104462965A (en) | Method for verifying integrity of application program and network device | |
| CN104715183A (en) | Trusted verifying method and equipment used in running process of virtual machine | |
| CN104123488A (en) | Method and device for verifying application program | |
| CN104104650B (en) | data file access method and terminal device | |
| Gallo et al. | Security and system architecture: Comparison of Android customizations | |
| Kadhirvelan et al. | Threat modelling and risk assessment within vehicular systems | |
| EP2873023B1 (en) | Technique for determining a malign or non-malign behavior of an executable file | |
| CN111159712B (en) | Detection method, device and storage medium | |
| Msgna et al. | Secure application execution in mobile devices | |
| KR101458929B1 (en) | A log black box device in online service provider server of log information authentication system using third party certification and its methods of operation. | |
| CN117040859A (en) | Activation authentication method and device, electronic equipment and storage medium | |
| CN117313077A (en) | Application verification method, application signature method, device, electronic equipment and medium | |
| CN114448643A (en) | Network slice data verification method and related equipment thereof | |
| CN116170808A (en) | Trusted security protection method and system for mobile terminal and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |