WO2007074992A1 - Method for detecting malicious code changes from hacking of program loaded and executed on memory through network - Google Patents

Method for detecting malicious code changes from hacking of program loaded and executed on memory through network Download PDF

Info

Publication number
WO2007074992A1
WO2007074992A1 PCT/KR2006/005582 KR2006005582W WO2007074992A1 WO 2007074992 A1 WO2007074992 A1 WO 2007074992A1 KR 2006005582 W KR2006005582 W KR 2006005582W WO 2007074992 A1 WO2007074992 A1 WO 2007074992A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
confirming
errors
confirming errors
server
Prior art date
Application number
PCT/KR2006/005582
Other languages
French (fr)
Inventor
Hee An Park
Original Assignee
Ahn Lab, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ahn Lab, Inc. filed Critical Ahn Lab, Inc.
Publication of WO2007074992A1 publication Critical patent/WO2007074992A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0766Error or fault reporting or storing
    • G06F11/0772Means for error signaling, e.g. using interrupts, exception flags, dedicated error registers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0727Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a storage system, e.g. in a DASD or network based storage system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1004Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's to protect a block of data words, e.g. CRC or checksum
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the present invention relates to a method for detecting malicious code changes from hacking of a program loaded and executed on the memory through a network.
  • the present invention relates to a method for detecting malicious code changes from hacking of a program loaded and executed on the memory under the client-server model in real time.
  • a program provided at a server in general under client-server model is often executed at a client terminal in real time. At this time, a hacking is tried to hinder from fulfilling the original objective of the program in execution.
  • a hacking method is divided into a method that prohibits from executing the intended original objective of a program by creating a crack in the code of executing the program that exists in a file type, and a method that makes changes in a program that is loaded on the memory for execution.
  • a method of the latter gets more problematic in recent days in that this method will bring about a fatal damage that is similar to the effect of the former, and the latter is more effective in hacking in real time, thus a preventative measure is necessary.
  • the present invention will provide a new method for detecting malicious code changes from hacking of a program loaded and executed on the memory through a network.
  • An objective of the present invention is to provide a method for detecting malicious code changes from hacking of a program loaded and executed on the memory through a network under client-server model.
  • a method for detecting malicious code changes from hacking of a program loaded and executed on the memory through a network comprises the following steps of: creating a first data for confirming errors with regard to the program code area that a server wishes to protect; transmitting a request message created based on the first data for confirming errors to a client; creating a second data for confirming errors with regard to the code area according to the request message at the client; transmitting an answer message created based on the second data for confirming errors to the server; and comparing the first data for confirming errors with the second data for confirming errors at the server.
  • Both the first data for confirming errors and the second data for confirming errors may be created with regard to the entire area of the program to be protected or with regard to a part of the code area by extracting the starting point and ending point of at least one function constituting a program.
  • At least one part of the code area exists, and both the first data for confirming errors and the second data for confirming errors may be created with regard to a part of each of the code area.
  • An ending point is the area where a return code is extracted in prearranged numbers by executing a disassembling step from a starting point, a point right before the starting point of a different function after the starting point of the different function is extracted by executing a disassembling step from the starting point of the different function, and the ending point is the point away from a starting point by a prefixed length.
  • the first data for confirming errors and the second data for confirming errors comprises an instruction constituting a function, or further comprises an operand constituting a function.
  • a CRC (Cyclic Redundancy Check) data, a Check Sum data, or a Hash data are used as a first data for confirming errors and a second data for confirming errors.
  • Both the request message and the answer message are encrypted and transmitted based on session key shared by a server and a client, both the request message and the answer message are decrypted based on the session key, and thereby security in data transmission is duly considered.
  • FIG. 1 is a flowchart of a method for detecting malicious code changes from hacking of a program loaded and executed on the memory through a network under client- server model according to the present invention.
  • the present invention will be described in detail in the following with reference to the drawing attached herein. [21]
  • the present invention relates to a method for detecting an outside attack that changes a program code is loaded on the memory when the program code that is executed through a network under client-server model.
  • the present invention communicates data by transmitting a request message and an answer message between a client and a server under client-server model. Further, a session key is shared for encrypting and decrypting of data in transmission for a security purpose.
  • Whether a program code is modified or not is detected in the present invention by the following steps of: creating a first data for confirming errors at a server with regard to the executing the program code, creating a second data for confirming errors corresponding to the first data for confirming errors, and comparing the first data for confirming errors and the second data for confirming errors.
  • the first data for confirming errors and the second data for confirming errors in accordance with the present invention are selected from the group consisting of a CRC (Cyclic Redundancy Check) data, a Check Sum data, and a Hash data that contain an instruction only or both an instruction and an operand.
  • CRC Cyclic Redundancy Check
  • FIG. 1 illustrates a method for detecting malicious code changes from hacking of a program loaded and executed on the memory through a network under client-server model according to the present invention.
  • a first data for confirming errors with regard to the program code area on the memory is firstly created when the program that a server wishes to protect is loaded and executed on the memory at step 101.
  • the first data for confirming errors may be created with regard to the entire program code to be protected or with regard to a part of the program code.
  • more than one part may be set up.
  • functions in a fixed number may be selected from the functions constituting the program for executing.
  • the number of functions are determined depending on the number of the functions that constitutes the code to be protected and thereby is set up particularly according to the program to be protected. In other words, if a part of the code to be protected is comprised of ten functions, the ten functions shall be selected. Further, it may be all right to select a part of the memory address at which executing code is loaded.
  • an ending point of a function is determined by executing a disassembling step from starting point.
  • ending point may be the point where a return code is extracted in a prescribed number during the process of disassembling.
  • a point right before the starting point may be set up as an ending point of the function.
  • a point which is away from the starting point of a function by a certain length may be the ending point. Not to mention, the length shall fall within the scope of the entire code area.
  • an instruction in charge of real calculation of a function is drawn out by executing a disassembling step from a starting point to an ending point, and a first d ata for confirming errors is created to include the instruction.
  • the first data for confirming errors including an instruction further comprises an operand which executes a function for calculation.
  • the first data for confirming errors may be created in consideration of the address which is relocated.
  • a request message corresponding to the first data for confirming errors is transmitted to a client.
  • the content of the request message is that a second data for confirming errors shall have a random order based on the first data for confirming errors.
  • the request message is preferably transmitted in an encrypted form based on a session key in consideration of security during data communication.
  • a client creates a second data for confirming errors corresponding to the first data for confirming errors according to the request message.
  • the request message is encrypted
  • the encrypted request message is decrypted based on the session key.
  • the second data for confirming errors creates a second data for confirming errors including an instruction that is detected at applicable area while executing the disassembling step requested by the server from starting point of the memory address to ending point.
  • a second data for confirming errors is created including not only an instruction but also an operand.
  • a second data for confirming errors with respect to each address is created, and the second data for confirming errors can be created by arranging in a random order according to the request of a request message.
  • the client creates an answer message at step 104, based on the second data for confirming errors created in that manner, and transmits the answer message to the server.
  • an answer message may be encrypted and transmitted in the same manner as in a request message.
  • step 105 after the server receives the answer message, the first data for confirming errors and the second data for confirming errors are compared, and thereafter it is determined whether both are identical or not. At this time, if an answer message is found out to be encrypted, the answer message is decrypted and thereafter the original second data for confirming error is restored.
  • a program may run continuously as in step 106, and thereafter whether a code on the memory is changed or not is periodically or randomly inspected from step 101 regarding the code area to be protected if there is a need for that.

Abstract

A method for detecting malicious code changes from hacking of a program loaded and executed on the memory through a network comprising the following steps of: creating a first data for confirming errors with regard to the program code area that a server wishes to protect; transmitting a request message created based on the first data for confirming errors to a client; creating a second data for confirming errors with regard to the code area according to the request message at the client; transmitting an answer message created based on the second data for confirming errors to the server; and comparing the first data for confirming errors with the second data for confirming errors at the server.

Description

Description
METHOD FOR DETECTING MALICIOUS CODE CHANGES
FROM HACKING OF PROGRAM LOADED AND EXECUTED
ON MEMORY THROUGH NETWORK
Technical Field
[1] The present invention relates to a method for detecting malicious code changes from hacking of a program loaded and executed on the memory through a network.
More particularly, the present invention relates to a method for detecting malicious code changes from hacking of a program loaded and executed on the memory under the client-server model in real time. [2]
Background Art [3] A program provided at a server in general under client-server model is often executed at a client terminal in real time. At this time, a hacking is tried to hinder from fulfilling the original objective of the program in execution. [4] A hacking method is divided into a method that prohibits from executing the intended original objective of a program by creating a crack in the code of executing the program that exists in a file type, and a method that makes changes in a program that is loaded on the memory for execution. [5] Among all the above, a method of the latter gets more problematic in recent days in that this method will bring about a fatal damage that is similar to the effect of the former, and the latter is more effective in hacking in real time, thus a preventative measure is necessary. [6] Accordingly, the present invention will provide a new method for detecting malicious code changes from hacking of a program loaded and executed on the memory through a network. [7]
Disclosure of Invention
Technical Problem [8] An objective of the present invention is to provide a method for detecting malicious code changes from hacking of a program loaded and executed on the memory through a network under client-server model. [9]
Technical Solution [10] For accomplishing the above and other objectives of the present invention, a method for detecting malicious code changes from hacking of a program loaded and executed on the memory through a network according to the present invention comprises the following steps of: creating a first data for confirming errors with regard to the program code area that a server wishes to protect; transmitting a request message created based on the first data for confirming errors to a client; creating a second data for confirming errors with regard to the code area according to the request message at the client; transmitting an answer message created based on the second data for confirming errors to the server; and comparing the first data for confirming errors with the second data for confirming errors at the server.
[11] Both the first data for confirming errors and the second data for confirming errors may be created with regard to the entire area of the program to be protected or with regard to a part of the code area by extracting the starting point and ending point of at least one function constituting a program.
[12] At least one part of the code area exists, and both the first data for confirming errors and the second data for confirming errors may be created with regard to a part of each of the code area.
[13] An ending point is the area where a return code is extracted in prearranged numbers by executing a disassembling step from a starting point, a point right before the starting point of a different function after the starting point of the different function is extracted by executing a disassembling step from the starting point of the different function, and the ending point is the point away from a starting point by a prefixed length.
[14] The first data for confirming errors and the second data for confirming errors comprises an instruction constituting a function, or further comprises an operand constituting a function.
[15] A CRC (Cyclic Redundancy Check) data, a Check Sum data, or a Hash data are used as a first data for confirming errors and a second data for confirming errors.
[16] Both the request message and the answer message are encrypted and transmitted based on session key shared by a server and a client, both the request message and the answer message are decrypted based on the session key, and thereby security in data transmission is duly considered.
[17] The present invention will be apparent with reference to the detailed description and the drawing attached herein.
[18]
Brief Description of the Drawings
[19] Fig. 1 is a flowchart of a method for detecting malicious code changes from hacking of a program loaded and executed on the memory through a network under client- server model according to the present invention. [20] The present invention will be described in detail in the following with reference to the drawing attached herein. [21]
Best Mode for Carrying Out the Invention
[22] The present invention relates to a method for detecting an outside attack that changes a program code is loaded on the memory when the program code that is executed through a network under client-server model.
[23] The present invention communicates data by transmitting a request message and an answer message between a client and a server under client-server model. Further, a session key is shared for encrypting and decrypting of data in transmission for a security purpose.
[24] Whether a program code is modified or not is detected in the present invention by the following steps of: creating a first data for confirming errors at a server with regard to the executing the program code, creating a second data for confirming errors corresponding to the first data for confirming errors, and comparing the first data for confirming errors and the second data for confirming errors.
[25] The first data for confirming errors and the second data for confirming errors in accordance with the present invention are selected from the group consisting of a CRC (Cyclic Redundancy Check) data, a Check Sum data, and a Hash data that contain an instruction only or both an instruction and an operand.
[26] Fig. 1 illustrates a method for detecting malicious code changes from hacking of a program loaded and executed on the memory through a network under client-server model according to the present invention.
[27] With reference to Fig. 1, a first data for confirming errors with regard to the program code area on the memory is firstly created when the program that a server wishes to protect is loaded and executed on the memory at step 101.
[28] At this time, the first data for confirming errors may be created with regard to the entire program code to be protected or with regard to a part of the program code. When creating for parts, more than one part may be set up.
[29] In case of setting up parts of the code area, functions in a fixed number may be selected from the functions constituting the program for executing. The number of functions are determined depending on the number of the functions that constitutes the code to be protected and thereby is set up particularly according to the program to be protected. In other words, if a part of the code to be protected is comprised of ten functions, the ten functions shall be selected. Further, it may be all right to select a part of the memory address at which executing code is loaded.
[30] In respect of a method of selecting a function, an ending point of a function is determined by executing a disassembling step from starting point. At this time, ending point may be the point where a return code is extracted in a prescribed number during the process of disassembling. Further, if a starting point of a different function is detected, a point right before the starting point may be set up as an ending point of the function. As far as a method of establishing an ending point is concerned, a point which is away from the starting point of a function by a certain length may be the ending point. Not to mention, the length shall fall within the scope of the entire code area.
[31] In this manner, an instruction in charge of real calculation of a function is drawn out by executing a disassembling step from a starting point to an ending point, and a first d ata for confirming errors is created to include the instruction. At this time, the first data for confirming errors including an instruction further comprises an operand which executes a function for calculation. In case that an address may be relocated when an operand is loaded on the memory, the first data for confirming errors may be created in consideration of the address which is relocated.
[32] Likewise, when a first data for confirming errors is created, a request message corresponding to the first data for confirming errors is transmitted to a client. At this time, when creating a request message at the server, the content of the request message is that a second data for confirming errors shall have a random order based on the first data for confirming errors. The request message is preferably transmitted in an encrypted form based on a session key in consideration of security during data communication.
[33] At step 103, a client creates a second data for confirming errors corresponding to the first data for confirming errors according to the request message. At this time, if the request message is encrypted, the encrypted request message is decrypted based on the session key. The second data for confirming errors creates a second data for confirming errors including an instruction that is detected at applicable area while executing the disassembling step requested by the server from starting point of the memory address to ending point. At this time, if there is a request message, a second data for confirming errors is created including not only an instruction but also an operand.
[34] With respect to a list of the memory address included in the request message, a second data for confirming errors with respect to each address is created, and the second data for confirming errors can be created by arranging in a random order according to the request of a request message.
[35] The client creates an answer message at step 104, based on the second data for confirming errors created in that manner, and transmits the answer message to the server. At this time, an answer message may be encrypted and transmitted in the same manner as in a request message.
[36] At the following step 105 after the server receives the answer message, the first data for confirming errors and the second data for confirming errors are compared, and thereafter it is determined whether both are identical or not. At this time, if an answer message is found out to be encrypted, the answer message is decrypted and thereafter the original second data for confirming error is restored.
[37] As a result of the comparison, if the first data for confirming errors and the second data for confirming errors are identical, a program may run continuously as in step 106, and thereafter whether a code on the memory is changed or not is periodically or randomly inspected from step 101 regarding the code area to be protected if there is a need for that.
[38] If the first data for confirming errors is different from the second data for confirming errors, an alert procedure is executed in the way that a warning message is transmitted to the client terminal or a connection with the server is lost at step 107, based on the detection of malicious code changes by an attack from outside.
[39] Simple changes and modifications of the present invention can be easily carried out by those who are ordinarily skilled in the art, and the changes and modifications are deemed to be with the scope of the present invention.

Claims

Claims
[1] A method for detecting malicious code changes from hacking of a program loaded and executed on the memory through a network comprising the steps of: creating a first data for confirming errors with regard to a program code area that a server wishes to protect; transmitting a request message created based on the first data for confirming errors to a client; creating a second data for confirming errors with regard to the code area according to the request message at the client; transmitting an answer message created based on the second data for confirming errors to the server; and comparing the first data for confirming errors with the second data for confirming errors at the server. [2] The method as defined in Claim 1, wherein both said first data for confirming errors and said second data for confirming errors are created with regard to the entire code area of the program to be protected. [3] The method as defined in Claim 1, wherein said first data for confirming errors and said second data for confirming errors are created with regard to the part of the code area by extracting a starting point and an ending point of at least one function constituting the program. [4] The method as defined in Claim 1, wherein at least one of said part of the code area exists, and wherein both said first data for confirming errors and said second data for confirming errors are created with regard to parts of each of the code area. [5] The method for as defined in Claim 3 or 4, wherein said ending point is the point where a return code is extracted in fixed numbers by executing disassembling from a starting point. [6] The method as defined in Claim 3 or 4, wherein said ending point is right before the starting point of a different function when the starting point of the different function is extracted by executing disassembling from the starting point. [7] The method as defined in Claim 3 or 4, wherein said ending point is the point away from the starting point by a prearranged length. [8] The method as defined in Claim 3 or 4, wherein said first data for confirming errors and said second data for confirming errors comprises an instruction constituting the function. [9] The method as defined in Claim 8, wherein said first data for confirming errors and said second data for confirming errors further comprise an operand con- stituting the function. [10] The method as defined in Claim 1, wherein said first data for confirming errors and said second data for confirming errors are a CRC (Cyclic Redundancy
Check) data. [11] The method as defined in Claim 1, wherein said first data for confirming errors and said second data from confirming errors are a Check Sum data. [12] The method as defined in Claim 1, wherein said first data for confirming errors and said second data for confirming errors are a Hash data. [13] The method as defined in Claim 1, wherein said request message is encrypted and transmitted based on the session key shared by the server and the client. [14] The method as defined in Claim 13, further comprising a step of decrypting the request message in an encrypted form at the client where the request message in an encrypted form is received. [15] The method as defined in Claim 14, wherein said answer message is encrypted and transmitted based on the session key shared by the server and the client. [16] The method defined in Claim 15, further comprising a step of decrypting said answer message in an encrypted form at the server where said answer message in an encrypted form is received.
PCT/KR2006/005582 2005-12-26 2006-12-19 Method for detecting malicious code changes from hacking of program loaded and executed on memory through network WO2007074992A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2005-0129616 2005-12-26
KR1020050129616A KR100663034B1 (en) 2005-12-26 2005-12-26 Method and system for detecting change of code in memory

Publications (1)

Publication Number Publication Date
WO2007074992A1 true WO2007074992A1 (en) 2007-07-05

Family

ID=37866488

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2006/005582 WO2007074992A1 (en) 2005-12-26 2006-12-19 Method for detecting malicious code changes from hacking of program loaded and executed on memory through network

Country Status (2)

Country Link
KR (1) KR100663034B1 (en)
WO (1) WO2007074992A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG161167A1 (en) * 2008-10-23 2010-05-27 Hung Chien Chou Real-time data protection method and data protection device for implementing the same

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101052735B1 (en) * 2009-03-06 2011-07-29 주식회사 안철수연구소 Method for detecting presence of memory operation and device using same
KR101335326B1 (en) * 2011-12-30 2013-12-02 (주)네오위즈게임즈 Client Apparatus, Watching Server, and Method for Preventing Falsification of Watching Area
KR101623266B1 (en) 2014-09-17 2016-05-20 (주)스마일게이트엔터테인먼트 Method and server for verification detection of memory protecting file using crc algorism
EP3772842A1 (en) * 2019-08-07 2021-02-10 Siemens Aktiengesellschaft Detection of manipulated clients of a factory control system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5919257A (en) * 1997-08-08 1999-07-06 Novell, Inc. Networked workstation intrusion detection system
US6195767B1 (en) * 1998-09-14 2001-02-27 Phillip M. Adams Data corruption detection apparatus and method
US6640317B1 (en) * 2000-04-20 2003-10-28 International Business Machines Corporation Mechanism for automated generic application damage detection and repair in strongly encapsulated application
US6889159B2 (en) * 2002-07-22 2005-05-03 Finisar Corporation Scalable multithreaded system testing tool

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5919257A (en) * 1997-08-08 1999-07-06 Novell, Inc. Networked workstation intrusion detection system
US6195767B1 (en) * 1998-09-14 2001-02-27 Phillip M. Adams Data corruption detection apparatus and method
US6640317B1 (en) * 2000-04-20 2003-10-28 International Business Machines Corporation Mechanism for automated generic application damage detection and repair in strongly encapsulated application
US6889159B2 (en) * 2002-07-22 2005-05-03 Finisar Corporation Scalable multithreaded system testing tool

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG161167A1 (en) * 2008-10-23 2010-05-27 Hung Chien Chou Real-time data protection method and data protection device for implementing the same

Also Published As

Publication number Publication date
KR100663034B1 (en) 2007-01-02

Similar Documents

Publication Publication Date Title
CN101783801B (en) Software protection method based on network, client side and server
EP3270318B1 (en) Dynamic security module terminal device and method for operating same
CN101136049B (en) Information processing system, information processing method, information processing program, computer readable medium and computer data signal
KR100919536B1 (en) System and method for using a dynamic credential to identify a cloned device
US20170034189A1 (en) Remediating ransomware
CN107483419B (en) Method, device and system for authenticating access terminal by server, server and computer readable storage medium
CN101473335A (en) Information processing terminal and status notifying method
CN108900479A (en) Short message verification code acquisition methods and device
CN111415161A (en) Block chain-based data verification method and device and computer-readable storage medium
KR101369251B1 (en) Apparatus, method, terminal and system for recovery protection of system files
CN104980449B (en) The safety certifying method and system of network request
CN112559005A (en) Internet of things equipment firmware updating method and system based on block chain and distributed storage
JP2019057167A (en) Computer program, device and determining method
CN112235321A (en) Short message verification code anti-brushing method and device
WO2007074992A1 (en) Method for detecting malicious code changes from hacking of program loaded and executed on memory through network
CN111585995A (en) Method and device for transmitting and processing safety wind control information, computer equipment and storage medium
CN114095228A (en) Safe access method, system and device for data of Internet of things based on block chain and edge calculation and storage medium
CN111224826B (en) Configuration updating method, device, system and medium based on distributed system
CN111597537B (en) Block chain network-based certificate issuing method, related equipment and medium
KR101436404B1 (en) User authenticating method and apparatus
CN105100030B (en) Access control method, system and device
CN112732676B (en) Block chain-based data migration method, device, equipment and storage medium
CN102262717B (en) Method, device and equipment for changing original installation information and detecting installation information
CN111786938B (en) Method, system and electronic equipment for preventing malicious resource acquisition
CN113259376A (en) Control method of Internet of things equipment based on block chain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06835289

Country of ref document: EP

Kind code of ref document: A1