CN103368987B

CN103368987B - Cloud server, application program verification, certification and management system and application program verification, certification and management method

Info

Publication number: CN103368987B
Application number: CN201210084896.7A
Authority: CN
Inventors: 李厚辰
Original assignee: Beijing Baidu Netcom Science and Technology Co Ltd
Current assignee: Beijing Baidu Netcom Science and Technology Co Ltd
Priority date: 2012-03-27
Filing date: 2012-03-27
Publication date: 2017-02-08
Anticipated expiration: 2032-03-27
Also published as: CN103368987A

Abstract

The invention provides an application program verification, certification and management system comprising a cloud server and a mobile terminal; the cloud server is used for verifying an application program, acquiring suspicious behavior data of the application program in the verification process, recording the suspicious behavior data to obtain a verification result of the application program and generating a verification description file according to the verification result, wherein the verification description file includes certification data and the verification result of the application program; and the mobile terminal is used for downloading the verification description file of a specified application program from the cloud server and using a corresponding management strategy to carry out safety control on the specified application program according to the verification description file. The system has a reasonable multi-strategy management mechanism, can bring a better real-time safety protection effect and has good compatibility. The invention further provides a cloud server and an application program verification, certification and management method.

Description

Cloud Server, the examination ＆ verification certification of application program and management system and method

Technical field

The present invention relates to mobile communication technology field, particularly to a kind of Cloud Server, and the examining of a kind of application program Core certification and management system and method.

Background technology

With the development of software and mobile communication technology, the system of mobile communication equipment (such as mobile phone) is also constantly more Newly.At present, the system of most of mobile communication equipment is required for strict signature authentication for the installation of application program and use. Specifically, some of them system (for example, Symbian system) introduces strict signature authentication system, using to limited accass System capability application program, need through developer signature and publisher signature could unrestricted other any Install in the system of indicated release.Through the application installation package of developer's signature, then after publisher's signature, application installation package Change, only just can installation and operation in system through the application program of publisher's signature.The exploitation of this system application It was demonstrated that developer's identity of application program, publisher's Signature Proof issues publisher's identity of this application to person's signature, simultaneously Also indicate that publisher the legitimacy of application program, safety, effectiveness are approved that is to say, that the signature of this system only Can be shown that the identity oneself approving this application using oneself to issue, not signing is exactly not approve.Other systematic difference journeys Sequence (such as android system) only need to carry out signing and can install and use the signature it is believed that this system application Can be shown that the identity of developer, or even developer's identity not can be shown that sometimes, such as using SDK (Software Development Kit, software development kit) the debug certificate that carries or other not can be shown that developer's identity certificate when.

Prior art has the drawback that：(1) authentication result is single, only approves, does not approve two kinds of results, and is right The accreditation of the blanket information of all application programs, is not directed to the accreditation of application properties.(2) mobile phone terminal is to application journey The process strategy of sequence is single, no many policy management mechanisms, is not more directed to current application program examination ＆ verification state targetedly real Apply the scheme of many tactical managements.(3) poor compatibility, the result of certification is not independent, and the result of certification and signed data need to be saved in The file at certification object place in application program installation kit before certification, can be changed after authentication application program, generate new peace Dress APMB package.The form of the application program before certification and after certification substantially has occurred that change, and having defined two kinds should With Program Type, it is also easy to produce compatibility issue.

Content of the invention

The purpose of the present invention is intended at least solve one of above-mentioned technological deficiency.

For this reason, the first of the present invention purpose proposes a kind of examination ＆ verification certification and the management system of application program, this system There are reasonably many policy management mechanisms, more preferable actual time safety protection effect can not only be brought, and compatibility is good.This The second bright purpose proposes a kind of Cloud Server, has good collection and decision-making ability.Third object of the present invention is also Propose examination ＆ verification certification and the management method of a kind of application program, the method adopts many policy management mechanisms, is conducive to bringing more Good customer experience.

For reaching above-mentioned purpose, the embodiment of first aspect present invention proposes examination ＆ verification certification and the pipe of a kind of application program Reason system, including：Cloud Server, for auditing application program and gathering the questionable conduct of described application program in review process Data, is recorded to described questionable conduct data to obtain the corresponding auditing result of described application program, and according to described Auditing result generates examination ＆ verification description file, and wherein, described examination ＆ verification description file includes the authentication data of described application program and examines Core result；And mobile terminal, the described examination ＆ verification for downloading specified application from described Cloud Server describes file, and root According to described examination ＆ verification description file, using corresponding management strategy, security control is carried out to described specified application.

The examination ＆ verification certification of application program according to embodiments of the present invention and management system are so that mobile terminal can be to having not Application program with behavior characteristicss and different credibility adopts different targetedly process strategies, can not only bring more Good actual time safety protection effect is additionally it is possible to bring more preferable Consumer's Experience.Meanwhile, the also compatible existing application peace of party's system Dress bag form, can be on the basis of not changing present application program or its installation kit form, and seamless examines application program Core authentication application, in existing application specification, does not affect the life cycle management mechanism of application program.

The embodiment of second aspect present invention proposes a kind of Cloud Server, including：Acquisition module, for acquisition applications journey The questionable conduct data of sequence；Auditing module, for verifying the signature of described application program to confirm the legal of described application program Property, and verify the essential information of the described application program software compatibility to confirm described application program, generate described application journey The legal and compatibility specification information of sequence, and described questionable conduct data is analyzed to carry out to described application program point Class is simultaneously evaluated, and generates classification information and the evaluation information of described application program, by described legal and compatibility specification information, institute State classification information and described evaluation information merges to obtain described auditing result, and examination ＆ verification is generated according to described auditing result Description file；Authentication module, is digitally signed certification to generate certification number for certificate of utility to described examination ＆ verification description file According to wherein, described authentication data is used for identifying described examination ＆ verification description file and application program describes the source of file, wherein, institute State application program and describe file for identifying described application program or the installation kit of described application program；Pushing module, for root Generate described examination ＆ verification description file according to described auditing result and described authentication data, and receive the request of data of mobile terminal When, by described examination ＆ verification description file push to described mobile terminal.

Cloud Server according to embodiments of the present invention, can not only preferably gather corresponding data, also have very strong Decision-making ability, can carry out auditing to the data of collection, certification, and is processed in time according to practical situation.

The embodiment of third aspect present invention proposes a kind of examination ＆ verification certification and the management method of application program, including as follows Step：

Cloud Server is audited application program and is gathered the questionable conduct data of described application program in review process, and right Described questionable conduct data is recorded the auditing result to generate, and generates examination ＆ verification description literary composition according to described auditing result Part, wherein, described examination ＆ verification description file includes authentication data and the auditing result of described application program；

Mobile terminal sends the data request signal of specified application to described Cloud Server, and from described cloud service The examination ＆ verification that described specified application downloaded by device describes file, and according to described examination ＆ verification description file to described specified application Security control is carried out using corresponding management strategy.

The examination ＆ verification certification of application program proposing according to embodiments of the present invention and management method, the more than application journey of certification The source legitimacy of sequence, but also have authenticated the legitimacy of the security audit result of application program.Meanwhile, using reasonably many plans Slightly administrative mechanism, can bring more preferable actual time safety protection, and compatibility is good.Additionally, the security audit knot of application program Fruit contains the behavior characteristicss of application program so that a lot of application program has had some applications when reaching mobile terminal The safety-related information such as program behavior, is easy to mobile terminal and makes more effectively security control.

The aspect that the present invention adds and advantage will be set forth in part in the description, and partly will become from the following description Obtain substantially, or recognized by the practice of the present invention.

Brief description

The above-mentioned and/or additional aspect of the present invention and advantage will become from the following description of the accompanying drawings of embodiments Substantially and easy to understand, wherein：

Fig. 1 is the examination ＆ verification certification of the application program according to the embodiment of the present invention and the schematic diagram of management system；

Fig. 2 is the schematic diagram of the Cloud Server according to the embodiment of the present invention；

Fig. 3 is the examination ＆ verification certification of the application program according to one embodiment of the invention and the flow chart of management method；

Fig. 4 is the examination ＆ verification certification of the application program according to another embodiment of the present invention and the idiographic flow of management method Figure；With

Fig. 5 is application program before and after the examination ＆ verification certification of the application program according to the embodiment of the present invention and the examination ＆ verification of management method The schematic diagram of change is sorted out in behavior.

Specific embodiment

Embodiments of the invention are described below in detail, the example of described embodiment is shown in the drawings, wherein from start to finish The element that same or similar label represents same or similar element or has same or like function.Below with reference to attached The embodiment of figure description is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.

In describing the invention, it should be noted that unless otherwise prescribed and limit, term " installation ", " being connected ", " connection " should be interpreted broadly, for example, it may be the connection of mechanical connection or electrical connection or two element internals, can To be to be joined directly together it is also possible to be indirectly connected to by intermediary, for the ordinary skill in the art, can basis Concrete condition understands the concrete meaning of above-mentioned term.

With reference to explained below and accompanying drawing it will be clear that these and other aspects of embodiments of the invention.In these descriptions In accompanying drawing, specifically disclose some particular implementation in embodiments of the invention, to represent the enforcement implementing the present invention Some modes of the principle of example are but it is to be understood that the scope of embodiments of the invention is not limited.On the contrary, the present invention Embodiment includes falling into all changes in the range of the spirit of attached claims and intension, modification and equivalent.

The examination ＆ verification certification of a kind of application program proposing with reference to Fig. 1, first aspect present invention embodiment and management system, bag Include Cloud Server 101 and mobile terminal 1 02.Cloud Server 101 is used for auditing application program and gathering described in review process The questionable conduct data of application program, is recorded to described questionable conduct data to obtain the corresponding examination ＆ verification of described application program As a result, and according to described auditing result generate examination ＆ verification description file, wherein, described examination ＆ verification description file includes described application journey The authentication data of sequence and auditing result, wherein, examination ＆ verification description file includes authentication data and the auditing result of application program.Mobile The examination ＆ verification that terminal 102 is used for downloading specified application from Cloud Server 101 describes file, and according to examination ＆ verification description file to finger Determine application program and security control is carried out using corresponding management strategy.Wherein it is intended that application program can be downloaded first for user Application program or mobile terminal the built-in application program of operating system.Due to before user not using this specify application journey Sequence, does not understand to its safety it is therefore desirable to obtain the relevant information of this specified application from Cloud Server.

In one embodiment of the invention, Cloud Server 101 in the following manner at least one gather suspicious row For data：

(1) utilize pseudo-terminal equipment run application program, in Cloud Server 101 acquisition applications program operation process can Doubtful behavioral data.In an example of the present invention, pseudo-terminal equipment can be simulator or true terminal (such as mobile phone). Pseudo-terminal equipment can be with the terminal system platform of integrated questionable conduct monitoring scheme, such that it is able to automatically carry out to application program Collection, and carry out statistical analysiss.Also further manual analyses can be carried out to special case, it is more accurate to finally give Questionable conduct data.Above-mentioned questionable conduct information can provide for the potential threat information of application program newly coming into the market to be sentenced Disconnected foundation.

(2) Cloud Server 101 gathers user terminal (such as mobile phone) and uses the questionable conduct data in application program.Specifically Ground, user terminal is acquired to the questionable conduct data in application program, statistics and analysis, and is in time synchronized to cloud service Device 101.For the terminal system of integrated questionable conduct monitoring scheme, can also be during user uses mobile phone, constantly Collection and analysis questionable conduct data.

Meanwhile, Cloud Server 101 is additionally operable to gather the initial classification information to questionable conduct data for the user.Wherein, initially Classification information can include the result of determination to questionable conduct for the user, and whether such as questionable conduct are malicious act or credible row For.The judged result that user uploads has very important effect for the data statisticss of Cloud Server 101.With customer group Increase, user terminal, to the collection of each class behavior of application program and decision-making ability, will exceed the acquisition capacity of Cloud Server 101.

In one embodiment of the invention, Cloud Server 101 is verified to the signature of application program and essential information To generate the legal and compatibility specification information of application program, and according to questionable conduct data, application program is classified and commented Valency generating classification information and the evaluation information of application program, and according to by legal and compatibility specification information, classification information Merge with evaluation information to obtain auditing result.

Below Cloud Server 101 is specifically described to the review process of application program.

First, Cloud Server 101 verifies the signature of application program AppName.apk, and the signature of application program is tested Card is to confirm the legitimacy of application program.Then, inquire about whether this application program has record of bad behavior, checking AppName.apk's Essential information, checks the software compatibility.That is, being verified the essential information of application program to confirm application program The software compatibility, generates the legal and compatibility specification information of application program.After having checked compatibility, Cloud Server 101 enters Row file type virus scan, particularly to lib storehouse.Decompiling java code, carries out API (Application Programming Interface, application programming interface) call inspection, for example call hiding API.Subsequently, the safety of test application program With startup optimization whether success and the software function automatic test to application program.Manually carry out software function examination ＆ verification, and Content legitimacy is examined.Then, to application behavior detection, analysis and judgement.In this step, automatization can be adopted The mode that detection and manual examination and verification combine.That is, being analyzed to questionable conduct data to carry out to application program point Class is simultaneously evaluated, and generates classification information and the evaluation information of application program.Thereafter, Cloud Server 101 records statistical analysiss and sentences Determine result, such as do not find malicious act, generate the examination ＆ verification scanning file of AppName.apk.That is, by legal and compatible rule Plasticity information, classification information and evaluation information merge to obtain auditing result, and auditing result is stored in examination ＆ verification description In file；Certificate of utility is digitally signed certification to generate authentication data to examination ＆ verification description file, and authentication data is used for marking Know the source of examination ＆ verification description file.

After completing above-mentioned review process, Cloud Server 101 generates classification information and the evaluation information of application program.

Specifically, application program can be divided into following a few class：

Questionable conduct：What the questionable conduct of application program referred to that application program carried out be possible to but not necessarily can be to user The hurtful behavior of interests.Because each user vital interests of concern are different, whether an application behavior is true User benefit can be damaged in fact, also need user voluntarily to be judged according to the demand of oneself or helped by system in the case of user's license User is helped to judge, after judging, the behavior can be changed into malicious act or credible behavior.

Malicious act：The malicious act of application program refers to the behavior of the infringement user benefit that application program is carried out.Should Whether it is malicious act with program behavior, need actively to judge through user or judged and got by system help user.

Credible behavior：The credible behavior of application program refers to will not be to user benefit in application program questionable conduct capability set Hurtful behavior.Whether application behavior is credible behavior, needs actively to judge or by system help through user User judges and gets.

Potential questionable conduct：Though the potential questionable conduct of application program refer to not occur but application program has the ability to hold The questionable conduct of row.One potential questionable conduct of application program are once proved to be performed, and the behavior will become suspicious row For；Conversely, application program potential questionable conduct is once proved never to be performed, the behavior will be also no longer latent In questionable conduct.The all of potential questionable conduct of one application program are not one and determine constant set, with application journey The real ability of sequence constantly clear and definite, this collection credit union becomes more and more accurate.

Questionable conduct capability set：The questionable conduct capability set of application program refer to according to application program have to system The access ability of resource, is inferred to the set of all questionable conduct that application program has the ability to execute.Questionable conduct capability set It is questionable conduct and the union of potential questionable conduct.The questionable conduct capability set of application program is not one and determines constant collection Close, with application program real ability constantly clear and definite, this set also can become more and more accurate.

Above-mentioned various types of application behavior has accurate model or rule definition.

Cloud Server 101 is classified with the classification information obtaining to application program according to questionable conduct data.Wherein, divide Category information is used for classification and the corresponding behavioural information of every class of records application program.From the foregoing, it will be observed that the classification letter of application program Breath can be following kind of one or more：Credible behavior, potential questionable conduct, questionable conduct and malicious act.

Cloud Server 101 is evaluated to application program according to above-mentioned classification information, the evaluation information of the program that is applied. Wherein, evaluation information includes trust, audits, do not audit and distrust.

In one embodiment of the invention, Cloud Server 101 certificate of utility is digitally signed to examination ＆ verification description file To generate authentication data, wherein, authentication data is used for mark examination ＆ verification description file and application program describes the source of file for certification. By examination ＆ verification description file and application program are described file and be digitally signed, may certify that the source of application program is legal Property, and also with the legitimacy of the security audit result of authentication application program, and then can prove that the behavior that application program has is special Property and content legality, safety, standardization etc..

Wherein, authentication data includes the signature value of summary info, the certificate information of authentication signature and authentication signature.

Examination ＆ verification description file includes following two forms：

(1) embedded：Examination ＆ verification description file and authentication data are embedded in application program or the installation kit of application program, Similar to application issued person's signature of Symbian system, signature is carried out to the application program only signed through developer and recognizes After card, generate the application program installation kit with new signature.In an example of the present invention, for Yi platform, this is again The installation kit generating can be the file of " * .bpk " type.

(2) stand alone type：Examination ＆ verification description file and authentication data independently store, and do not change the application journey being reviewed certification Sequence or its installation kit.Wherein, freestanding examination ＆ verification description file is stored in certification and describes in file, and certification describes file is Examination ＆ verification description file is carried out with the product of signature authentication.

In one embodiment of the invention, certification describes file can be a compressed package.Certification describes the pressure of file Contract and include examination ＆ verification description file and signature authentication data, and comprise application program and describe file (app_des.txt).Its In, in application program, the data storing to identify the application program being reviewed certification in file is described.

In an example of the present invention, it is as follows that certification describes file (* .ver) form：

Certification describes file App_verified.Ver, and in compressed package, document directory structure is：

| -- app_des.txt application program describes file

| -- app_verified_info.sec examination ＆ verification description file

`--META-INF

| -- CERT.RSA signature file (comprises certificate information, signature value)

`--CERT.SF summary info storage file (digest value preserving All Files in compressed package is it is ensured that integrity).

Further, certification describes file and includes three below part：

Part I：Application program describes file (app_des.txt).Application program describes file and is reviewed certification The identification information of application program.Wherein, application program describes file and comprises application package form, bag name, application version Number, original signing messages.Wherein, original signing messages includes：Summary info, certificate information, signature value.These data can be only One installation kit indicating an application program or application program, user is in the installation kit judging certain application program or application program Whether it is audited object it was demonstrated that the content in examination ＆ verification description file is exactly the examination ＆ verification knot to that specified application program Really.

Part II：Examination ＆ verification description file (app_verified_info.sec).Examination ＆ verification description file comprises application program The information of each class behavior and content legality, software compatibility, standardization information, and the overall evaluation to this application program Information.

Wherein, the information of each class behavior of application program includes：Questionable conduct, malicious act, credible behavior, potential suspicious row For information, information content can be No. ID of behavior model or rule.

Evaluation information includes trust, audits, do not audit, distrusting.

Part III：Signature file.Signature file is to be signed with the qualification result of program using certificate correspondence.For Differentiate that certification describes the integrity of file and the legitimacy in source it is ensured that the content that certification describes file cannot be tampered, certification Person cannot be counterfeiting.

It is preferably compatible good that the authentication mode of separate storage authentication data has, will not change existing application program and Its installation kit, does not destroy the form of existing application and installation kit, the compatibility of application program before keeping certification and after certification. No matter being that application program itself changes, or the result of Cloud Server changing, examination ＆ verification describes file and authentication data Change be all separate, simultaneously can be with seamless smooth blend.

The examination ＆ verification that mobile terminal 1 02 downloads specified application from Cloud Server 101 describes file.Due to examination ＆ verification description literary composition Part includes the security audit result of application program, contains the behavior characteristicss of application program so that much should in examination result When reaching mobile terminal 1 02 with program, there is the safety-related information such as application behavior, be easy to mobile terminal 102 make effective security control.

In one embodiment of the invention, user utilizes mobile terminal 1 02 can take from cloud by following two modes Business device 101 obtains auditing result.

(1) user when applying store (app store) to download to install authentication application program, system may be selected using embedded Formula or freestanding examination ＆ verification describe file.If embedded examination ＆ verification description file, by " * .bpk " literary composition after download signed Part；If freestanding examination ＆ verification description file, then contain examination ＆ verification description file when downloading application with apk file download package Certification file is described.

(2) user passes through the system platform embedded software of mobile terminal, and active request knows the potential of specified application Threaten or malicious act information, and then trigger download and the process that the certification of specified application describes file.

In one embodiment of the invention, mobile terminal 1 02 can obtain according to examination ＆ verification description file and specify application journey The corresponding one or more classification of sequence, and the management strategy to specified application according to one or more classification setting.

Based on examination ＆ verification authentication result, mobile terminal 1 02 can implement many policy management mechanisms, for current application program Examination ＆ verification state targetedly implements the scheme of many tactical managements, that is, adopt reasonably many policy management mechanisms to reduce terminal system Operation when burden, and bring more preferable experience beneficial to user.

In one embodiment of the invention, management strategy include right access control strategy, real-time behavior monitoring strategy, Behavior acquisition strategies, isolation control strategy and information feedback strategy.

Specifically, application program Classification Management and targetedly management strategy as shown in table 1 below.

Table 1

The application program of user installation typically can belong to one of above-mentioned four types, but application program not necessarily can be fixed Belonged to which type, with persistently carrying out of examination ＆ verification, be for example installed to type belonging to application on Yi platform it may happen that Change, this change is also to develop to more accurately direction.Additionally, user operation also can affect Application Type, such as User voluntarily installs other and does not approve the application programs in source, just starts to belong to " unverified does not audit application program ", when with Householder moves after initiating to ask to describe file to Cloud Server 101 acquisition application authentication, and this application program may become Other any one types.

In one embodiment of the invention, Cloud Server 101 can detect the questionable conduct data of application program After renewal, generate the examination ＆ verification after corresponding renewal and describe file, and obtain the user list using application program, and actively to User list corresponding mobile terminal active push examination ＆ verification description file.

With reference to Fig. 2 description Cloud Server 101 that embodiment proposes according to a second aspect of the present invention.

As shown in Fig. 2 Cloud Server 101 includes acquisition module 201, auditing module 202, authentication module 203 and pushes mould Block 204.Wherein, acquisition module 201 is used for the questionable conduct data of acquisition applications program.Auditing module 202 is used for checking application The legitimacy to confirm application program for the signature of program, and verify the essential information of the application program software to confirm application program Compatibility, generates the legal and compatibility specification information of application program, and by being analyzed questionable conduct data with right Application program is classified and is evaluated, and generates classification information and the evaluation information of application program, then by legal and compatibility specification Property information, classification information and evaluation information merge, thus obtaining auditing result.Authentication module 203 certificate of utility is to examination ＆ verification Description file and application program describe file and are digitally signed certification and be used for identifying to generate authentication data, wherein authentication data The source of examination ＆ verification description file.Pushing module 204 generates examination ＆ verification description file according to auditing result and authentication data, and is receiving To mobile terminal 1 02 request of data when, will examination ＆ verification description file push to mobile terminal 1 02.Application program describes file and uses Installation kit in identification application or application program.

In one embodiment of the invention, acquisition module 201 passes through at least one in the following manner collection questionable conduct number According to：

(1) pseudo-terminal equipment is utilized to run application program, the acquisition module 201 acquisition applications program of Cloud Server 101 Questionable conduct data in running.

In an example of the present invention, pseudo-terminal equipment can be simulator or true terminal (such as mobile phone).Mould Intending terminal unit can be with the terminal system platform of integrated questionable conduct monitoring scheme, such that it is able to automatically adopt to application program Collection, and carry out statistical analysiss.Also further manual analyses can be carried out to special case, finally give accurately Questionable conduct data.Above-mentioned questionable conduct information can provide for the potential threat information of application program newly coming into the market and judge Foundation.

(2) acquisition module 201 of Cloud Server 101 gathers user terminal (such as mobile phone) using suspicious in application program Behavioral data.

Specifically, user terminal the questionable conduct data in application program is acquired, statistics and analysis, and in time It is synchronized to Cloud Server 101.For the terminal system of integrated questionable conduct monitoring scheme, the mistake of mobile phone can also be used in user Cheng Zhong, constantly gathers and analysis questionable conduct data.The judged result that user uploads is for the data statisticss of Cloud Server 101 There is very important effect.With the increase of customer group, user terminal to the collection of each class behavior of application program and judges energy Power, will exceed the acquisition capacity of Cloud Server 101.

In one embodiment of the invention, acquisition module 201 be additionally operable to gather user initial to questionable conduct data Classification information.And classification information is used for classification and the corresponding behavioural information of every class of records application program, wherein, application program Can be credible behavior, the potential questionable conduct of application program, the questionable conduct of application program and the application program of application program One or more of the type such as malicious act.

In one embodiment of the invention, Cloud Server 101 also includes detection module 205, for detecting application program Questionable conduct data whether update, and generate after questionable conduct application program is detected update corresponding more Examination ＆ verification after new describes file, and detects the user list using the application program occurring to update, and pushing module 204 is to user Examination ＆ verification after list corresponding mobile terminal active push updates describes file.

Cloud Server 101 according to embodiments of the present invention, can not only preferably be gathered by acquisition module 201 accordingly Data, also has very strong decision-making ability, can the data of collection be carried out auditing, certification, and is located in time according to practical situation Reason.

As shown in figure 3, the embodiment of third aspect present invention proposes a kind of examination ＆ verification certification and the manager of application program Method, comprises the steps：

S301, Cloud Server core application program and in review process acquisition applications program questionable conduct data, and right Described questionable conduct data is recorded to generate the corresponding auditing result of described application program, and is generated according to auditing result Examination ＆ verification description file, wherein, described examination ＆ verification description file includes authentication data and the auditing result of described application program.

In one embodiment of the invention, Cloud Server passes through at least one in the following manner collection questionable conduct data：

(1) pseudo-terminal equipment is utilized to run application program, suspicious in Cloud Server acquisition applications program operation process Behavioral data.In an example of the present invention, pseudo-terminal equipment can be simulator or true terminal (such as mobile phone).Mould Intending terminal unit can be with the terminal system platform of integrated questionable conduct monitoring scheme, such that it is able to automatically adopt to application program Collection, and carry out statistical analysiss.Also further manual analyses can be carried out to special case, finally give accurately Questionable conduct data.Above-mentioned questionable conduct information can provide for the potential threat information of application program newly coming into the market and judge Foundation.

(2) Cloud Server gathers user terminal and uses the questionable conduct data in application program.That is, user terminal Be acquired, statistics and analysis, and in time data syn-chronization to Cloud Server.Use mobile terminal such as mobile phone in user During, constantly gather and analysis questionable conduct information, user is judged to malicious act or credible questionable conduct simultaneously Behavior, the information that these users oneself judge, for Cloud Server, is also the resource being of great value.Especially customer group is strengthened After becoming heavy, user terminal, to the collection of each class behavior of application program and decision-making ability, will be that Cloud Server is incomparable.

S302, mobile terminal sends the data request signal of specified application to Cloud Server, and from Cloud Server The examination ＆ verification downloading specified application describes file.

Specifically, in an example of the present invention, as shown in figure 4, following step is included to the checking method of application program Suddenly：

S401, the signature of checking AppName.apk, the signature of application program is verified to confirm the conjunction of application program Method.

S402, inquires about whether this application program has record of bad behavior.

S403, the essential information of checking AppName.apk, check the software compatibility that is to say, that base to application program This information is verified to confirm the software compatibility of application program, generates the legal and compatibility specification information of application program.

S404, File Infector Virus scan, particularly to lib storehouse.

S405, decompiling java code, (Application Programming Interface applies journey to carry out API Sequence DLL) call inspection, for example call hiding API.

Whether S406, test safety and startup optimization are successful.

S407, software function automatic test.

S408, manually carries out software function examination ＆ verification.

S409, content legality examines.

S410, application behavior detection, analysis and judgement, combined using Aulomatizeted Detect and manual examination and verification；Also It is to say, questionable conduct data is analyzed to be classified to application program and to evaluate, and generate the classification letter of application program Breath and evaluation information.

S411, record statistical analysiss and result of determination.

S412, does not such as find malicious act, generates the examination ＆ verification scanning file of AppName.apk.That is, by legal and Compatibility specification information, classification information and evaluation information merge to obtain auditing result, and auditing result are stored in careful Core describes in file；Certificate of utility is digitally signed certification to generate authentication data to examination ＆ verification description file, and authentication data Source for mark examination ＆ verification description file.

In one embodiment of the invention, classification information is used for classification and the corresponding row of every class of records application program For information, wherein, application program can be following kind of one or more：Credible behavior, potential questionable conduct, questionable conduct And malicious act.

Specifically, application program can be divided into following a few class：

Further, as shown in figure 5, application program examination ＆ verification is a clear and definite application behavior feature, distinguish each row Process for generic.Before examination ＆ verification, there is no application behavior information.Application program is gradually have accumulated in review process Questionable conduct and potential questionable conduct information, and through monitoring with deepening continuously, analyzing, make and reasonably judging, final To more accurate application behavior information, as auditing result.After examination ＆ verification, you can certification is made to application program.Can carry out The application program of certification, its questionable conduct, potential questionable conduct, malicious act set may be all empty set, but credible behavior collection It is not generally empty for closing.

Further, after application program audit being completed, an examination ＆ verification description file can be generated, for storage examination ＆ verification As a result, and with digital signature prove the source of this auditing result.Examination ＆ verification description file (app_verified_info.sec) bag Information containing each class behavior of application program (includes questionable conduct, malicious act, credible behavior, potential questionable conduct information, information Content can be No. ID of behavior model or rule) and content legality, software compatibility standardization information, and to this The overall evaluation information (trust, audit, do not audit, distrusting) of application.Examination ＆ verification description file content can be through Encryption, prevent auditing result from being stolen by others.Wherein, authentication data include summary info, authentication signature certificate information with And the signature value of authentication signature.

Examination ＆ verification description file includes following two forms：

| -- .app_des.txt application program describes file

| -- app_verified_info.sec examination ＆ verification description file

`--META-INF

Further, certification describes file and includes three below part：

Evaluation information includes trust, audits, do not audit, distrusting.

S303, carries out security control to specified application using corresponding management strategy according to examination ＆ verification description file.

In an example of the present invention, examination ＆ verification description file is to be generated by Baidu Yi platform Cloud Server, reaches Yi and puts down The mode of platform user terminal has following three kinds：

(1) user when Baidu app store downloads and installs Baidu's authentication application program, system may be selected using embedding Enter formula or freestanding examination ＆ verification describes file.If embedded examination ＆ verification description file, will download after Baidu's signature " * .bpk " file；If freestanding examination ＆ verification description file, examination ＆ verification can be contained when downloading application with apk file download package The certification of description file describes file.

(2) user passes through Yi platform embedded software (such as：User terminal security centre), active request knows specified application The potential threat of program or malicious act information, the certification then triggering specified application describes download and the place of file Reason.

(3) the questionable conduct information of Baidu's Cloud Server active push latest find and malicious act information, these information It is pushed in Yi platform terminal system by the form that certification describes file and processed.Baidu's Cloud Server only can be directed to user In terminal, mounted application carries out selectivity push.That is, Cloud Server detects the questionable conduct data of application program Whether update, and after questionable conduct application program is detected update, generate the examination ＆ verification after corresponding renewal and retouch State file, and detect the user list using the application program occurring to update, Cloud Server is corresponding mobile whole to user list Examination ＆ verification after end active push updates describes file.

In one embodiment of the invention, corresponding management plan is adopted to specified application according to examination ＆ verification description file Slightly carry out security control, the corresponding one or more classification of specified application, Ran Hougen are obtained according to examination ＆ verification description file According to one or more classification, corresponding management strategy is arranged to specified application.Wherein, as shown in table 1, management strategy includes Right access control strategy, real-time behavior monitoring strategy, behavior acquisition strategies, isolation control strategy and information feedback strategy.

The examination ＆ verification certification of application program according to embodiments of the present invention and management method, the more than application program of certification Source legitimacy, but also have authenticated the legitimacy of the security audit result of application program, and provable application program has Behavioral trait and content legality, safety, standardization etc..Meanwhile, reasonably many policy management mechanisms are also adopted.Based on examination ＆ verification Authentication result, can implement many policy management mechanisms in terminal system, targetedly real for current application program examination ＆ verification state The method applying many tactical managements, with reduce terminal system operation when burden, and bring more preferable experience beneficial to user.This Outward, compatibility is not bad, and the authentication mode (examination ＆ verification as above-mentioned " free-standing " describes file) of separate storage authentication data does not change Become existing application program and its installation kit, do not destroy the form of existing application and installation kit, before keeping certification and certification The compatibility of application program afterwards.No matter being that application program itself changes, or what result of Cloud Server changes, it Change be all separate, simultaneously can be with seamless smooth blend.Finally, the security audit result of application program contains and answers With the behavior characteristicss of program so that having had some application program row when a lot of application program reaches client terminal system For etc. safety-related information, be easy to terminal system and make security control effectively.And in user follow-up to application program Use during can constantly supplement these data, both can improve the local safety control strategy of user terminal, might be used again By these synchronizing information to Cloud Server, to improve the application information of Cloud Server, and new security audit knot can be generated Fruit and certification describe file, and formation is a set of can be from perfect application security system.

In flow chart or here any process described otherwise above or method description are construed as, represent and include The module of the code of executable instruction of one or more steps for realizing specific logical function or process, fragment or portion Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discuss suitable Sequence, including according to involved function by substantially simultaneously in the way of or in the opposite order, carry out perform function, this should be by the present invention Embodiment person of ordinary skill in the field understood.

Represent in flow charts or here logic described otherwise above and/or step, for example, it is possible to be considered as to use In the order list of the executable instruction realizing logic function, may be embodied in any computer-readable medium, for Instruction execution system, device or equipment (system as computer based system, including processor or other can hold from instruction Row system, device or equipment instruction fetch the system of execute instruction) use, or with reference to these instruction execution systems, device or set Standby and use.For the purpose of this specification, " computer-readable medium " can any can be comprised, store, communicate, propagate or pass Defeated program is for instruction execution system, device or equipment or the dress using with reference to these instruction execution systems, device or equipment Put.The more specifically example (non-exhaustive list) of computer-readable medium includes following：There is the electricity of one or more wirings Connecting portion (electronic installation), portable computer diskette box (magnetic device), random access memory (RAM), read only memory (ROM), erasable edit read-only storage (EPROM or flash memory), fiber device, and portable optic disk is read-only deposits Reservoir (CDROM).In addition, computer-readable medium can even is that the paper that can print described program thereon or other are suitable Medium, because edlin, interpretation or if necessary with it can then be entered for example by carrying out optical scanning to paper or other media His suitable method is processed to electronically obtain described program, is then stored in computer storage.

It should be appreciated that each several part of the present invention can be realized with hardware, software, firmware or combinations thereof.Above-mentioned In embodiment, the software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage Or firmware is realizing.For example, if realized with hardware, and the same in another embodiment, can use well known in the art under Any one of row technology or their combination are realizing：There is the logic gates for data signal is realized with logic function Discrete logic, there is the special IC of suitable combinational logic gate circuit, programmable gate array (PGA), scene Programmable gate array (FPGA) etc..

Those skilled in the art are appreciated that to realize all or part step that above-described embodiment method carries Suddenly the program that can be by completes come the hardware to instruct correlation, and described program can be stored in a kind of computer-readable storage medium In matter, this program upon execution, including one or a combination set of the step of embodiment of the method.

Additionally, can be integrated in a processing module in each functional unit in each embodiment of the present invention it is also possible to It is that unit is individually physically present it is also possible to two or more units are integrated in a module.Above-mentioned integrated mould Block both can be to be realized in the form of hardware, it would however also be possible to employ the form of software function module is realized.Described integrated module is such as Fruit using in the form of software function module realize and as independent production marketing or use when it is also possible to be stored in a computer In read/write memory medium.

Storage medium mentioned above can be read only memory, disk or CD etc..

In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " specifically show The description of example " or " some examples " etc. means specific features, structure, material or the spy describing with reference to this embodiment or example Point is contained at least one embodiment or the example of the present invention.In this manual, to the schematic representation of above-mentioned term not Necessarily refer to identical embodiment or example.And, the specific features of description, structure, material or feature can be any One or more embodiments or example in combine in an appropriate manner.

Although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, permissible Understand and can carry out multiple changes, modification, replacement to these embodiments without departing from the principles and spirit of the present invention And modification, the scope of the present invention by claims and its equivalent limits.

Claims

1. a kind of examination ＆ verification certification of application program and management system are it is characterised in that include：

Cloud Server, for auditing application program and gathering the questionable conduct data of described application program in review process, right Described questionable conduct data is recorded to obtain the corresponding auditing result of described application program, and according to described auditing result Generate examination ＆ verification description file, wherein, described examination ＆ verification description file includes authentication data and the auditing result of described application program, institute State Cloud Server the signature of described application program and essential information are verified with generate the legal of described application program and and Content regulation plasticity information, and according to described questionable conduct data, described application program is classified and evaluated to generate described application The classification information of program and evaluation information, and according to by described legal and compatibility specification information, described classification information and institute State evaluation information to merge to obtain described auditing result；And

Mobile terminal, the described examination ＆ verification for downloading specified application from described Cloud Server describes file, and according to described Examination ＆ verification description file carries out security control to described specified application using corresponding management strategy.

2. examination ＆ verification certification as claimed in claim 1 and management system are it is characterised in that described Cloud Server passes through at least one In the following manner gathers described questionable conduct data：

(1) pseudo-terminal equipment is utilized to run described application program, described Cloud Server gathers described application program running In questionable conduct data；

(2) described Cloud Server gathers user terminal and uses the questionable conduct data in described application program.

3. examination ＆ verification certification as claimed in claim 2 and management system are it is characterised in that described Cloud Server is additionally operable to described in collection The initial classification information to described questionable conduct data for the user.

4. examination ＆ verification certification as claimed in claim 1 and management system it is characterised in that described classification information be used for recording described The classification of application program and the corresponding behavioural information of every class, wherein, described application program is following kind of one or more： Credible behavior, potential questionable conduct, questionable conduct and malicious act.

5. examination ＆ verification certification as claimed in claim 1 and management system are it is characterised in that described evaluation information includes：Trust, Audit, do not audit and distrust.

6. examination ＆ verification certification as claimed in claim 1 and management system are it is characterised in that described Cloud Server certificate of utility is to institute State examination ＆ verification description file and be digitally signed certification to generate authentication data, wherein, described authentication data is used for identifying described examining Core describes file and application program describes the source of file, described application program describe file be used for identifying described application program or The installation kit of described application program.

7. examination ＆ verification certification as claimed in claim 6 and management system are it is characterised in that described authentication data includes summary letter The signature value of breath, the certificate information of authentication signature and authentication signature.

8. as claimed in claim 7 examination ＆ verification certification and management system it is characterised in that described examination ＆ verification describe file include following Two kinds of forms：

(1) described examination ＆ verification description file and described authentication data are embedded in the program bag of described application program or described application journey In the installation kit of sequence；

(2) described examination ＆ verification description file and described authentication data independently store, and wherein, described examination ＆ verification description file is stored in Certification describes in file.

9. examination ＆ verification certification as claimed in claim 1 and management system are it is characterised in that described mobile terminal is according to described examination ＆ verification Description file obtains the corresponding one or more classification of described specified application, and according to one or more of classification setting Management strategy to described specified application.

10. examination ＆ verification certification as claimed in claim 9 and management system are it is characterised in that described management strategy includes：Authority is visited Ask control strategy, real-time behavior monitoring strategy, behavior acquisition strategies, isolation control strategy and information feedback strategy.

11. examination ＆ verification certifications as any one of claim 1-10 and management system are it is characterised in that described Cloud Server After the questionable conduct data described application program is detected updates, generate the examination ＆ verification after corresponding renewal and describe file, and Obtain the user list using described application program, and audit to described in described user list corresponding mobile terminal active push Description file.

A kind of 12. Cloud Servers are it is characterised in that include：

Acquisition module, for the questionable conduct data of acquisition applications program；

Auditing module, for verifying the legitimacy signed to confirm described application program of described application program, and verifies described The essential information of application program, to confirm the software compatibility of described application program, generates the legal and compatible of described application program Standardization information, and described questionable conduct data is analyzed to be classified to described application program and to evaluate, and raw Become classification information and the evaluation information of described application program, by described legal and compatibility specification information, described classification information and Described evaluation information merges to obtain described auditing result, and generates examination ＆ verification description file according to described auditing result；

Authentication module, is digitally signed certification to generate authentication data for certificate of utility to described examination ＆ verification description file, its In, described authentication data is used for identifying described examination ＆ verification description file and application program describes the source of file, described application program Description file is used for identifying described application program or the installation kit of described application program；

Pushing module, for generating described examination ＆ verification description file according to described auditing result and described authentication data, and is receiving To mobile terminal request of data when, by described examination ＆ verification description file push to described mobile terminal.

13. Cloud Servers as claimed in claim 12 are it is characterised in that described acquisition module passes through at least one in the following manner Gather described questionable conduct data：

14. Cloud Servers as claimed in claim 13 are it is characterised in that described acquisition module is additionally operable to gather described user couple The initial classification information of described questionable conduct data.

15. Cloud Servers as claimed in claim 12 are it is characterised in that described classification information is used for recording described application program Classification and the corresponding behavioural information of every class, wherein, described application program be following kind of one or more：Credible row For, potential questionable conduct, questionable conduct and malicious act.

16. Cloud Servers as claimed in claim 12 it is characterised in that also including detection module, for detecting described application Whether the questionable conduct data of program updates, and generates after the questionable conduct described application program is detected update Examination ＆ verification after corresponding renewal describes file, and detects the user list using the application program occurring to update, described push mould The examination ＆ verification to after update described in described user list corresponding mobile terminal active push for the block describes file.

A kind of examination ＆ verification certification of 17. application programs and management method are it is characterised in that comprise the steps：

Cloud Server is audited application program and is gathered the questionable conduct data of described application program in review process, and to described Questionable conduct data is recorded to generate the corresponding auditing result of described application program, and is generated according to described auditing result Examination ＆ verification description file, wherein, described examination ＆ verification description file includes authentication data and the auditing result of described application program, wherein, Described questionable conduct data is audited, comprises the steps：

The signature of described application program is verified to confirm the legitimacy of described application program, and to described application program Essential information verified to confirm the software compatibility of described application program, generate the legal and compatible of described application program Standardization information；

Described questionable conduct data is analyzed to be classified to described application program and to evaluate, and generates described application journey The classification information of sequence and evaluation information；

Described legal and compatibility specification information, described classification information and described evaluation information are merged to obtain described examining Core result, and described auditing result is stored in described examination ＆ verification description file；

Certificate of utility is digitally signed certification to generate authentication data to described examination ＆ verification description file, wherein, described certification number According to the source for identifying described examination ＆ verification description file；

Mobile terminal sends the data request signal of specified application to described Cloud Server, and from described Cloud Server The examination ＆ verification carrying described specified application describes file, and according to described examination ＆ verification description file, described specified application is adopted Corresponding management strategy carries out security control.

18. examination ＆ verification certifications as claimed in claim 17 and management method are it is characterised in that described Cloud Server passes through at least one Plant in the following manner and gather described questionable conduct data：

19. examination ＆ verification certifications as claimed in claim 17 and management method are it is characterised in that described classification information is used for recording institute State classification and the corresponding behavioural information of every class of application program, wherein, described application program is following kind of a kind of or many Kind：Credible behavior, potential questionable conduct, questionable conduct and malicious act.

20. examination ＆ verification certifications as claimed in claim 17 and management method are it is characterised in that described authentication data includes summary letter The signature value of breath, the certificate information of authentication signature and authentication signature.

21. examination ＆ verification certifications as claimed in claim 17 and management method are it is characterised in that described describe file pair according to examination ＆ verification Described specified application carries out security control using corresponding management strategy, comprises the steps：

The corresponding one or more classification of described specified application are obtained according to described examination ＆ verification description file；

According to one or more of classification, corresponding management strategy is arranged to described specified application.

22. examination ＆ verification certifications as claimed in claim 21 and management method are it is characterised in that described management strategy includes：Authority Access control policy, real-time behavior monitoring strategy, behavior acquisition strategies, isolation control strategy and information feedback strategy.

23. examination ＆ verification certifications as any one of claim 17-22 and management method are it is characterised in that also include as follows Step：

Described Cloud Server detects whether the questionable conduct data of described application program updates；

After the questionable conduct described application program is detected update, generate the examination ＆ verification after corresponding renewal and describe file, And detect the user list using the application program occurring to update；

The examination ＆ verification to after update described in described user list corresponding mobile terminal active push for the described Cloud Server describes file.