CN101369930A - Security examination method, system and equipment for network plug-in - Google Patents
Security examination method, system and equipment for network plug-in Download PDFInfo
- Publication number
- CN101369930A CN101369930A CNA2008101418071A CN200810141807A CN101369930A CN 101369930 A CN101369930 A CN 101369930A CN A2008101418071 A CNA2008101418071 A CN A2008101418071A CN 200810141807 A CN200810141807 A CN 200810141807A CN 101369930 A CN101369930 A CN 101369930A
- Authority
- CN
- China
- Prior art keywords
- digital signature
- network plug
- described network
- plug
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a safety-check method of a network pluggable unit and a safety-check equipment suitable for the network technique field. The method comprises the following steps: checking whether a user terminal has a pluggable unit download action; conducting a safety-check on a digital signature and a digital signature certificate of the network pluggable unit when the network pluggable unit download action of the user terminal is checked. The system of the invention checks whether the user terminal has the pluggable unit download action, when the download action is checked, the safety-check is done to the digital signature and the digital signature certificate of the network pluggable unit, the network pluggable unit passing the safety-check is permitted to install and download, at the same time a data pack corresponding to the network pluggable unit which does not pass the safety-check is discarded, thereby stopping the installation and download of the unsafe network pluggable unit, preventing the installation and use of the unsafe network pluggable unit from affecting the normal surfacing action of the user and facilitating users.
Description
Technical field
The invention belongs to networking technology area, relate in particular to a kind of safety detection method, system and safety inspection equipment of network plug-in.
Background technology
At present, most of user's computer, along with service time is more and more longer, it is more and more slower to become.One of them very big reason is that user's browser is in when online, the acquiescence installation a lot of plug-in units, this plug-in unit generally is that the form with com component exists, after registration is installed, plug-in unit has caused the response of computer slow along with shell explorer.exe or the IE browser of windows start and start.
Though whether most IE browser is provided with prompting and installs and unsign or unsafe plug-in unit, but most of users do not pay close attention to this information, for example visit HTML (Hypertext Markup Language) (Hypertext TransferProtocol, HTTP) during server site, eject the prompting of dialog box when anterior plug-in be fly-by-night certificate, but it is definite that a lot of users still click, and most of users have still clicked installation to pointing out unsafe plug-in unit to install, and have caused potential safety hazard.A lot of rogue softwares are exactly to propagate by this method, and certain areas are also intended legislation and hit illegal acts such as QQ steal-number and malicious plugins installation before this, malice and dangerous plug-in unit install and use the normal internet behavior that has influenced the user.
Summary of the invention
The purpose of the embodiment of the invention is to provide a kind of safety detection method of network plug-in, is intended to solve the problem of installing and using the normal internet behavior that influences the user of insecure network plug-in unit in the prior art.
The embodiment of the invention is achieved in that a kind of safety detection method of network plug-in, and described method comprises the steps:
Whether detect user terminal has the download action of network plug-in;
When detecting user terminal the download action of network plug-in is arranged, the digital signature and the digital signature of described network plug-in carried out safety inspection.
Another purpose of the embodiment of the invention is to provide a kind of safety check system of network plug-in, and described system comprises:
The download action detection module is used to detect the download action whether user terminal has network plug-in; And
Safety check module is used for when downloading the motion detection module and detect user terminal the download action of network plug-in is arranged, and the digital signature and the digital signature of described network plug-in carried out safety inspection.
Another purpose of the embodiment of the invention is to provide a kind of safety inspection equipment that comprises the safety check system of network plug-in.
In the present invention, whether detect user terminal has the download action of network plug-in, when detecting the download action of network plug-in, digital signature and digital signature to this network plug-in carry out safety inspection, allow user installation to download to network plug-in by this safety inspection, abandon simultaneously not by the pairing packet of the network plug-in of safety inspection, the installation and the download of insecure network plug-in unit have been realized stoping, avoid installing and using of insecure network plug-in unit to influence user's normal internet behavior, made things convenient for the user.
Description of drawings
Fig. 1 is the safety detection method realization flow figure of the network plug-in that provides of the embodiment of the invention;
Fig. 2 is the realization flow figure that digital signature and digital signature to network plug-in that the embodiment of the invention provides carry out safety inspection;
Fig. 3 is the safety check system block diagram of the network plug-in that provides of the embodiment of the invention.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, the present invention is further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Fig. 1 shows the safety detection method realization flow of the network plug-in that the embodiment of the invention provides, and its detailed step is as described below:
In step S101, behavior and content that the user browses web sites are monitored and analyzed.
In step S102, judge to detect the download action whether user terminal has network plug-in, be execution in step S103 then, continue monitoring and analyze otherwise return step S101.
In embodiments of the present invention, the user be forced to require to install download some network plug-in, otherwise the related content of this website or service is for unavailable when browsing some website, wherein the form of this network plug-in comprises cab and exe form, but is not limited to cab and exe form.
In step S103, to the parsing of recombinating of the pairing data flow of the packet of network plug-in.
In embodiments of the present invention, (TransmissionControl Protocol TCP) sends transmission to the packet of network plug-in, need recombinate to the data flow that receives, and reorganization just can be carried out the parsing of data flow after finishing with transmission control protocol.
In step S104, the digital signature and the digital signature of network plug-in carried out safety inspection.
In embodiments of the present invention, after parsing that the pairing data flow of the packet of network plug-in is recombinated, digital signature and the validity of digital signature, the fail safe of digital signature and the validity of digital signature signature date and signature addresses of items of mail etc. to network plug-in detect, confirm that for detecting the network plug-in that passes through user terminal can download and install, otherwise abandon the packet of network plug-in and finish connection.
As one embodiment of the present of invention, the realization flow that digital signature and the digital signature to network plug-in that Fig. 2 shows the embodiment of the invention to be provided carries out safety inspection, its detailed step is as described below:
In step S201, check whether network plug-in exists effective digital signature and digital signature, be execution in step S202 then, otherwise execution in step S205.
In step S202, whether the digital signature that detects this network plug-in has fail safe, is execution in step S203 then, otherwise execution in step S205.
In embodiments of the present invention, the fail safe of the digital signature of network plug-in comprises that specifically digital signature is that issuer trusty is issued, digital signature is present in the trust chain, digital signature meets the expired and digital signature of black and white lists requirement, digital signature to be revoked, and it is specifically carried out flow process and is:
1. digital signature whether issue by issuer trusty;
2. whether digital signature is present in the trust chain;
3. whether digital signature meets the black and white lists requirement;
4. whether digital signature is expired;
5. whether digital signature is revoked.
Certainly, in this embodiment, be not limited to above-mentioned several for the detection of digital signature fail safe, there is not sequencing in the testing process of above-mentioned 1 to 5 step, is not used in restriction the present invention yet.
In embodiments of the present invention, above-mentioned steps 1 to 5 step is to satisfy the steps necessary of network plug-in fail safe, and an arbitrary step wherein detects not by showing that promptly this network plug-in is unsafe network plug-in.
In step S203, detect whether digital signature exists the effective signature date and the addresses of items of mail of signing, be execution in step S204 then, otherwise execution in step S205.
In step S204, the digital signature of network plug-in and the safety inspection of digital signature are passed through, confirm that network plug-in is the secure network plug-in unit.
In step S205, the digital signature of network plug-in and the safety inspection of digital signature are not passed through, abandon the packet of network plug-in, and connect the information that finishes to the packet of user terminal and server transmission network plug-in.
Fig. 3 shows the safety check system block diagram of the network plug-in that the embodiment of the invention provides, for convenience of explanation, only provided the part relevant with the embodiment of the invention among the figure, the safety check system of network plug-in can be software unit, hardware cell or the software and hardware combining unit that is built in safety inspection equipment.
Download action detection module 11 detects the download action whether user terminal has network plug-in; When downloading motion detection module 11 and detect user terminal the download action of network plug-in is arranged, the parsing of recombinating of the pairing data flow of packet of 12 pairs of network plug-ins of data flow reorganization parsing module; The digital signature and the digital signature of 13 pairs of network plug-ins of safety check module carry out safety inspection; When the safety inspection of the digital signature of 13 pairs of network plug-ins of safety check module and digital signature by the time, confirm that module 14 confirms that described network plug-in is the secure network plug-in unit; When the safety inspection of the digital signature of 13 pairs of network plug-ins of safety check module and digital signature is not passed through, data packet discarding module 15 abandons the packet of network plug-in, and connects the information that finishes to the packet of user terminal and server transmission network plug-in.
As one embodiment of the present of invention, validity detection module 131 detects network plug-in and whether has effective digital signature and digital signature; When validity detection module 131 detection network plug-ins existed effective digital signature and digital signature, whether the digital signature that digital signature detection module 132 detects network plug-ins had fail safe; When validity detection module 131 detection network plug-ins existed effective digital signature and digital signature, digital signature detection module 133 detected digital signature and whether has effective signature date and signature addresses of items of mail.
In embodiments of the present invention, the fail safe of the digital signature of network plug-in comprises that specifically digital signature is that issuer trusty is issued, digital signature is present in the trust chain, and digital signature meets the expired and digital certificate signature of black and white lists requirement, digital signature and revoked.
In embodiments of the present invention, whether detect user terminal has the download action of network plug-in, when detecting the download action of network plug-in, digital signature and digital signature to this network plug-in carry out safety inspection, allow user installation to download to network plug-in by this safety inspection, abandon simultaneously not by the pairing packet of the network plug-in of safety inspection, the installation and the download of insecure network plug-in unit have been realized stoping, avoid installing and using of insecure network plug-in unit to influence user's normal internet behavior, made things convenient for the user.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method is to instruct relevant hardware to finish by program, described program can be in being stored in a computer read/write memory medium, described storage medium is as ROM/RAM, disk, CD etc.
The above only is preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the safety detection method of a network plug-in is characterized in that, described method comprises the steps:
Whether detect user terminal has the download action of network plug-in;
When detecting user terminal the download action of network plug-in is arranged, the digital signature and the digital signature of described network plug-in carried out safety inspection.
2. the method for claim 1 is characterized in that, the described step that the digital signature and the digital signature of described network plug-in are carried out safety inspection specifically comprises the steps:
Detect described network plug-in and whether have effective digital signature and digital signature;
When described network plug-in existed effective digital signature and digital signature, whether the digital signature that detects described network plug-in had fail safe;
When described network plug-in exists effective digital signature and digital signature, detect described digital signature and whether have effective signature date and signature addresses of items of mail.
3. method as claimed in claim 2, it is characterized in that, the fail safe of the digital signature of described network plug-in comprises that specifically described digital signature is that issuer trusty is issued, described digital signature is present in the trust chain, and described digital signature meets the black and white lists requirement, the expired and described digital signature of described digital signature is revoked.
4. the method for claim 1 is characterized in that, the described step that the digital signature and the digital signature of described network plug-in are carried out safety inspection also comprises the steps: before
To the parsing of recombinating of the pairing data flow of the packet of described network plug-in.
5. the method for claim 1 is characterized in that, and is described when detecting user terminal the download action of network plug-in is arranged, and the digital signature of described network plug-in and digital signature are carried out also comprising the steps: after the step of safety inspection
When to the safety inspection of the digital signature of described network plug-in and digital signature by the time, confirm that described network plug-in is the secure network plug-in unit;
When to the safety inspection of the digital signature of described network plug-in and digital signature by the time, abandon the packet of described network plug-in, and connect the information that finishes to the packet that user terminal and server send described network plug-in.
6. the safety check system of a network plug-in is characterized in that, described system comprises:
The download action detection module is used to detect the download action whether user terminal has network plug-in; And
Safety check module is used for when downloading the motion detection module and detect user terminal the download action of network plug-in is arranged, and the digital signature and the digital signature of described network plug-in carried out safety inspection.
7. system as claimed in claim 6 is characterized in that, described safety check module specifically comprises:
The validity detection module is used to detect described network plug-in and whether has effective digital signature and digital signature;
The digital signature detection module is used for when described validity detection module detects described network plug-in and has effective digital signature and digital signature, and whether the digital signature that detects described network plug-in has fail safe; And
The digital signature detection module is used for when described validity detection module detects described network plug-in and has effective digital signature and digital signature, detects described digital signature and whether has effective signature date and signature addresses of items of mail.
8. system as claimed in claim 6 is characterized in that, described system also comprises:
Data flow reorganization parsing module is used for when download motion detection module detects user terminal the download action of network plug-in is arranged, to the parsing of recombinating of the pairing data flow of the packet of described network plug-in.
9. system as claimed in claim 6 is characterized in that, described system also comprises:
Confirm module, be used for when described safety check module is passed through the safety inspection of the digital signature of described network plug-in and digital signature, confirming that described network plug-in is the secure network plug-in unit; And
The data packet discarding module, be used for when described safety check module is not passed through the safety inspection of the digital signature of described network plug-in and digital signature, abandon the packet of described network plug-in, and connect the information that finishes to the packet that user terminal and server send described network plug-in.
10. safety inspection equipment that comprises the safety check system of the arbitrary described network plug-in of claim 6 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101418071A CN101369930B (en) | 2008-09-01 | 2008-09-01 | Security examination method, system and equipment for network plug-in |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101418071A CN101369930B (en) | 2008-09-01 | 2008-09-01 | Security examination method, system and equipment for network plug-in |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101369930A true CN101369930A (en) | 2009-02-18 |
| CN101369930B CN101369930B (en) | 2011-10-26 |
Family
ID=40413568
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101418071A Active CN101369930B (en) | 2008-09-01 | 2008-09-01 | Security examination method, system and equipment for network plug-in |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101369930B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102419808A (en) * | 2011-09-28 | 2012-04-18 | 奇智软件(北京)有限公司 | Method, device and system for detecting safety of download link |
| CN102469092A (en) * | 2010-11-18 | 2012-05-23 | 卓望数码技术(深圳)有限公司 | Method and system for realizing safety protection mechanism in mobile phone application |
| CN102663298A (en) * | 2012-04-06 | 2012-09-12 | 北京空间飞行器总体设计部 | Safety online detecting system facing to terminal computers |
| CN102663299A (en) * | 2012-04-06 | 2012-09-12 | 北京空间飞行器总体设计部 | Hardware resource information security online detecting system facing to terminal computers |
| CN102883324A (en) * | 2012-10-19 | 2013-01-16 | 广州市动景计算机科技有限公司 | Security verification method, security verification device and mobile terminal for plugin call in mobile terminal |
| WO2014000652A1 (en) * | 2012-06-26 | 2014-01-03 | 腾讯科技(深圳)有限公司 | Browser plug-in installation method, device and terminal |
| WO2014000561A1 (en) * | 2012-06-28 | 2014-01-03 | 腾讯科技(深圳)有限公司 | Plug-in regeneration prevention method and system, and storage medium |
| CN103957234A (en) * | 2014-03-31 | 2014-07-30 | 北京奇虎科技有限公司 | Method for sending download files in browser and browser device |
| CN104200163A (en) * | 2014-08-27 | 2014-12-10 | 哈尔滨工业大学(威海) | Virus detection method and virus detection engine |
| CN108234519A (en) * | 2013-09-30 | 2018-06-29 | 瞻博网络公司 | Detect and prevent the man-in-the-middle attack on encryption connection |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040225877A1 (en) * | 2003-05-09 | 2004-11-11 | Zezhen Huang | Method and system for protecting computer system from malicious software operation |
| US20060236100A1 (en) * | 2005-04-19 | 2006-10-19 | Guruprasad Baskaran | System and method for enhanced layer of security to protect a file system from malicious programs |
| CN101042718A (en) * | 2006-03-21 | 2007-09-26 | 北京汉辰科技有限公司 | Network hand-hold multimedia terminals with security authentication and implementing method thereof |
-
2008
- 2008-09-01 CN CN2008101418071A patent/CN101369930B/en active Active
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102469092A (en) * | 2010-11-18 | 2012-05-23 | 卓望数码技术(深圳)有限公司 | Method and system for realizing safety protection mechanism in mobile phone application |
| CN102469092B (en) * | 2010-11-18 | 2016-04-06 | 卓望数码技术(深圳)有限公司 | A kind of method and system realizing the safety protecting mechanism of mobile phone application |
| CN102419808A (en) * | 2011-09-28 | 2012-04-18 | 奇智软件(北京)有限公司 | Method, device and system for detecting safety of download link |
| CN102419808B (en) * | 2011-09-28 | 2015-07-01 | 奇智软件(北京)有限公司 | Method, device and system for detecting safety of download link |
| CN102663299B (en) * | 2012-04-06 | 2014-10-08 | 北京空间飞行器总体设计部 | Hardware resource information security online detecting system facing to terminal computers |
| CN102663298B (en) * | 2012-04-06 | 2014-12-17 | 北京空间飞行器总体设计部 | Safety online detecting system facing to terminal computers |
| CN102663299A (en) * | 2012-04-06 | 2012-09-12 | 北京空间飞行器总体设计部 | Hardware resource information security online detecting system facing to terminal computers |
| CN102663298A (en) * | 2012-04-06 | 2012-09-12 | 北京空间飞行器总体设计部 | Safety online detecting system facing to terminal computers |
| WO2014000652A1 (en) * | 2012-06-26 | 2014-01-03 | 腾讯科技(深圳)有限公司 | Browser plug-in installation method, device and terminal |
| WO2014000561A1 (en) * | 2012-06-28 | 2014-01-03 | 腾讯科技(深圳)有限公司 | Plug-in regeneration prevention method and system, and storage medium |
| CN102883324A (en) * | 2012-10-19 | 2013-01-16 | 广州市动景计算机科技有限公司 | Security verification method, security verification device and mobile terminal for plugin call in mobile terminal |
| CN108234519A (en) * | 2013-09-30 | 2018-06-29 | 瞻博网络公司 | Detect and prevent the man-in-the-middle attack on encryption connection |
| CN108234519B (en) * | 2013-09-30 | 2020-11-24 | 瞻博网络公司 | Detecting and preventing man-in-the-middle attacks on encrypted connections |
| CN103957234A (en) * | 2014-03-31 | 2014-07-30 | 北京奇虎科技有限公司 | Method for sending download files in browser and browser device |
| CN103957234B (en) * | 2014-03-31 | 2018-05-04 | 北京奇虎科技有限公司 | The sending method and browser device of file are downloaded in browser |
| CN104200163A (en) * | 2014-08-27 | 2014-12-10 | 哈尔滨工业大学(威海) | Virus detection method and virus detection engine |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101369930B (en) | 2011-10-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101369930B (en) | Security examination method, system and equipment for network plug-in | |
| Wurzinger et al. | SWAP: Mitigating XSS attacks using a reverse proxy | |
| Stock et al. | Precise client-side protection against {DOM-based}{Cross-Site} scripting | |
| Jovanovic et al. | Preventing cross site request forgery attacks | |
| US8677481B1 (en) | Verification of web page integrity | |
| Egele et al. | Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks | |
| US7693835B2 (en) | Client apparatus, device verification apparatus, and verification method | |
| CN102301373B (en) | Health-based Access To Network Resources | |
| US9659175B2 (en) | Methods and apparatus for identifying and removing malicious applications | |
| CN102082780B (en) | Method and device for verifying security | |
| JP4405248B2 (en) | Communication relay device, communication relay method, and program | |
| KR101462311B1 (en) | Method for preventing malicious code | |
| US20070113282A1 (en) | Systems and methods for detecting and disabling malicious script code | |
| JP2009543163A (en) | Software vulnerability exploit prevention shield | |
| Nithya et al. | A survey on detection and prevention of cross-site scripting attack | |
| CN102043649A (en) | Plug-in downloading control method and plug-in downloading control system | |
| CN106998335B (en) | Vulnerability detection method, gateway equipment, browser and system | |
| WO2007125422A2 (en) | System and method for enforcing a security context on a downloadable | |
| US10771477B2 (en) | Mitigating communications and control attempts | |
| CN102664876A (en) | Method and system for detecting network security | |
| Li et al. | WebShield: Enabling Various Web Defense Techniques without Client Side Modifications. | |
| Continella et al. | Prometheus: Analyzing WebInject-based information stealers | |
| US8127033B1 (en) | Method and apparatus for accessing local computer system resources from a browser | |
| Skrupsky et al. | TamperProof: a server-agnostic defense for parameter tampering attacks on web applications | |
| CN107864677A (en) | Access to content verifies system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: Nanshan District Xueyuan Road in Shenzhen city of Guangdong province 518000 No. 1001 Nanshan Chi Park building A1 layer Patentee after: SINFOR Polytron Technologies Inc Address before: 518000, four floor, Pioneer Road, 1 Qilin Road, Shenzhen, Guangdong, Nanshan District Patentee before: Shenxinfu Electronics Science and Technology Co., Ltd., Shenzhen |
|
| CP03 | Change of name, title or address |