CN102195987B - Distributed credibility authentication method and system thereof based on software product library - Google Patents
Distributed credibility authentication method and system thereof based on software product library Download PDFInfo
- Publication number
- CN102195987B CN102195987B CN201110143788.8A CN201110143788A CN102195987B CN 102195987 B CN102195987 B CN 102195987B CN 201110143788 A CN201110143788 A CN 201110143788A CN 102195987 B CN102195987 B CN 102195987B
- Authority
- CN
- China
- Prior art keywords
- authentication
- user
- product
- storehouse
- software product
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the technical field of security authentication, particularly to a distributed credibility authentication method and a system thereof based on a software product library. An on-line user initiates an authentication request to an authentication server through an authentication terminal, and the authentication server provides credibility for performing software product authentication as required or authenticating the user software product in distributed form to the on-line user according to the authentication request, and finally returns back the authentication result; an off-line user directly authenticates the credibility of the software product through the authentication terminal, and protects data security and information security of the user by switching among different security levels according to the authentication result or the user choices. In the method and the system provided by the invention, a software credibility authentication mechanism created by two ways of on-line and off-line can implement the credibility authentication of a plurality of security levels for the user so as to ensure the application security and the information security of user computers, and the user is allowed to run any software product at different security levels without any trouble, even the product contains real virus codes, the data security and the system stability of the user computer cannot be destroyed.
Description
Technical field
The present invention relates to the safety certifying method of computer operating system, application software and running environment, particularly a kind of distributed authentic authentication method and system based on product library.
Background technology
Since being widely used from computer, the safety problem of computer system is just troubling whole computer industry and user always, attack and defense in the system always high chi in road, the high one zhang of ground of evil spirit is developing, because technology does not have revolutionary breakthrough, terminal user can only get used to downloading, installing and the huge antivirus software of upgrading, expending a large amount of time scans oneself computer, to guarantee the safety of the stable and operational environment of system.Even if but security firm follows the tracks of and upgrades virus base with all strength, research and develop various Initiative Defense technology, still comprehensive and accuracy that cannot ensuring coverage, virus producer also in the constantly various distortion of research and development, walk around, penetrate and destroy the technology of fail-safe software, along with the high speed development of information technology and deeply popularizing of Internet application, the load that fail-safe software bears is increasing (virus base is increasing, leak is more and more) also, once virus outbreak, the economic loss of bringing is also quite huge.And existing safety product is still also in the most original virus characteristic recognition technology of a large amount of employings, expend a large amount of manpower and materials, just catch up with as far as possible viral development, this technology mode itself has just been doomed to adopt the fail-safe software of this pattern in fact also dangerous, because its employing is the safe practice of curing the symptoms, not the disease.
For the secure authentication technology generally adopting now, column defects under main existence:
One, blacklist technology is widely used in (such as 360 antivirus softwares etc.) in safety product, but blacklist technology is a kind of hysteresis technology, can only realize relative safety, virus can adopt various distortion, walks around, technology stealthy or that seize system priority is resisted, and along with the accumulation of time, it is increasing that blacklist will become, efficiency is more and more lower, the more important thing is, if viral rapid growth, and fail-safe software can not be caught up with immediately, computer security will be subject to serious threat.
Although not above these disadvantages of two white list technology, there is the problem of three most criticals in white list technology: 1. how to build storehouse? 2. how to win the confidence? 3. how to apply? these three solutions are never good, and white list technology is difficult to practical.Reason is as follows: 1. the summation of trusted software product is far longer than the scale of bogusware in scale in the world, therefore the database that white list technology relies on, in theory far beyond the scale of blacklist, is realized the difficulty of an available white list safety product much larger than blacklist; 2. how to guarantee that the software in white list storehouse is truly safe and reliable? even also there is the possibility of cheating in the software product of some well-known manufacturer; 3. like this huge white list storehouse, how in user side application, particularly cannot interconnection network or subscriber computer cannot normally work in the situation that user.
Simple white list technology is identical with blacklist technology in itself, is all to realize by following steps: building database (trust or mistrustful), local authentication or network authentication, by authentication result, carry out subsequent operation (allow or forbid); The present invention is not this simple white list technology, and its key is: the 1. software product manufacturer installation kit based on online or off-line, create distributed product library, and solve source and build storehouse problem; 2. this product library is not simply black, white list, but the product image degree obtaining by technological means and product total data information, with the level of security of match user end, user's different software product of can independently winning the confidence on different level of securitys, solves the problem of winning the confidence; 3. based on this product library simultaneously with online and offline feature, allow user to carry out distributed offline authentication, even if user cannot interconnection network, even there is no software installation kit trusty, also can use basic product storehouse to authenticate the computer system of oneself, system is switched to high level security context, be engaged in some safety operations, or system is cut to low-level operational environment, continue to use the software product of some security attribute the unknowns.
That is to say, existing safety product mainly depends on blacklist technology (virus base), even also depend on white list technology, because being difficult to carry out of the hysteresis quality of blacklist technology and white list technology, is difficult to realize a safety product that has extensive adaptability (being adapted to all known and unknown virus) and have high degree of flexibility (can move all unknown software and guarantee subscriber computer and data security).For the above-mentioned defect of prior art, need to have a kind of brand-new distributed authentication method to realize the Prevention-Security that improves computer system so.
Summary of the invention
The present invention proposes a kind of distributed authentic authentication method and system based on product library, be different from black and white lists technology, the method has casted off blacklist technology once and for all, and thoroughly solved the difficult problem of software trust authentication in practicality, can be widely used in the fields such as the harmless reduction of Computer Data Security, network security and system, for computer application provides safely reference information, infrastructure service and basic function; The method is set up a set of feasible software trust authentication mechanism comprehensively by online and two kinds of approach of off-line, for user realizes the authentic authentication of multiple level of security, ensure application safety and the network security of subscriber computer, and allow user's any software product of smoothly operation on different level of securitys, even if comprise dangerous code in this product, data security and the system that also cannot destroy subscriber computer are firm.
Realize concrete technical scheme of the present invention as follows:
A distributed authentic authentication system based on product library, is characterized in that comprising:
Certificate server, for creating authentication required basic product storehouse and basic Sample Storehouse, and according to local authentication or the distributed remote authentication of executive software product as required of client online user's authentication request, last return authentication result;
Authentication terminal; online user for client initiates authentication request; or the offline user authentication software product confidence level for client; and select according to authentication result or user, by the switching of different level of securitys, protect user's data security, information security and ensure that user machine system is firm.
A distributed authentic authentication method based on product library, is characterized in that comprising:
For creating required basic product storehouse and the basic Sample Storehouse of authentication, and offer online user's confidence level of executive software product certification or distributed authentication user software product as required, the step of last return authentication result according to authentication request;
Online user for client initiates authentication request; the confidence level of authentication software product; or for offline user authentication software product confidence level, and select according to authentication result or user, by the switching of different level of securitys, protect user's data security and the step of information security.
Describedly refer to online: the authentication terminal operating on client user's computer is connected to certificate server by Internet.
Described off-line refers to: operate in authentication terminal on client user's computer and fail the situation that is connected to or cannot be connected with certificate server.
Described establishment authenticates required basic product storehouse and the process of basic Sample Storehouse is: by the distributed certificate server being present in all over the world, according to the country of this region, the software product registration inventory national and application matches, automatically download and collect all kinds of software vendor's issue and the software product installation kit of version, on backstage, extract the product information of this software product installation kit and join basic product storehouse and basic Sample Storehouse, when extracting, intellectual analysis software product credit worthiness, and coordinate certificate server latest edition antivirus engine local or networking to scan the executable file extracting in software product installation kit and script file, to obtain file credible degree and the comprehensive credit worthiness index of this software product.
Described software product refers to: by the set of software vendor or various profit, nonprofit organization and personal development's the executable file that can be applicable to specific area, run time version and data.
Described software product installation kit refers to: the set of all documents, data and the code of this software product original release, and as installation procedure, the All Files under installation kit, compressed package or directory tree.
Described basic Sample Storehouse comprises: all compressions of software product installation kit or incompressible file data, mount message and index information; For, replacement destroyed at client file or deleted in the situation that, to client, send original file data and be used for recovering destroyed, replacement or deleted client file.
Described basic product storehouse comprises: from static nature information, behavior characteristic information, core data and the authentication information of the extraction of software product installation kit, the resulting all documents of intellectual analysis and code, basic product storehouse is distributed on certificate server all over the world, and the software product that local domain is relevant is only included in the basic product storehouse of every certificate server.Software product in basic product storehouse comprises product trusty, also comprises incredible product.During authentication, use the data in basic product storehouse to authenticate coupling to the authentication request of user's submission, and return authentication result, authentication result comprises confidence level and the comprehensive credit worthiness of each file of software product of user's request authentication, if user file is infected, the restoration information (static nature information and core data) that also comprises this document, for repairing the file of infection.
Described product library, comprise the basic product storehouse that creates for distributed on-line authentication on all certificate servers and basic Sample Storehouse, with the basic product storehouse of authentication terminal issue, and the interim product library of setting up on all subscriber computers and consumer products storehouse.
Described basic product storehouse refers to and is included in compact version and the complete believable software product authentication database of issuing and installing in authentication terminal, with authentication terminal, extract from basic product storehouse in basic product storehouse, include authentication terminal distribution district and the most often use and product information and the authentication information of complete believable software product, for authenticating terminal offline authentication.
Described consumer products storehouse refer to by authentication terminal, generated, comprise operating system and the product information of all other software products and the subscriber's local authentication database of authentication information on subscriber computer, installed; The product information of the operating system product of installing on described subscriber computer specifically comprises: magnetic disc main boot record, partition boot record, partition table, file system core data, registration table, registration table backup, all system files, above information is for repairing or reduction user machine system.
Basic product storehouse and basic Sample Storehouse are included authentication information and the data message (comprising believable and incredible) of all registered software products; Basic product storehouse is a trusted subset in basic product storehouse, is used to offline user that authentic authentication is provided; Interim product library is expanded basic product storehouse for offline user temporarily, and its effect is identical with basic product storehouse, but comprises the software product that user wins the confidence voluntarily, if user is online, product library is by certified and move to consumer products storehouse temporarily; Consumer products storehouse comprises all software products (comprising believable and incredible) that authenticate (on-line authentication or offline authentication) on subscriber computer, consumer products storehouse can comprise the unregistered software product in basic product storehouse, the unexposed distribution of this software product or source are unknown, its authentication information is generated automatically by the analysis of authentication terminal intelligent, and user can adjust the credit worthiness of all software products in consumer products storehouse voluntarily.
Described intellectual analysis base region comprises: source credit worthiness, code information standard degree, code structure standard degree, code behavior risk factor, wherein, source credit worthiness, code behavior risk factor may coordinate certain manual analysis.
Described backstage is extracted to adopt and is directly resolved installation kit file structure, installation kit file data or resource data decompress in internal memory, then extract the effective information of each file, described effective information comprises: manufacturer's information, version information, temporal information, digital signature, file data check value, code structure information, module dependence, function call information, code adds shell, enciphered message, core data, these information are for the credit worthiness of intellectual analysis executable file, the code static nature information that formation base product library is relevant, behavior characteristic information, core data, and authentication information, also for repairing infected file on subscriber computer,
Or in the situation that cannot resolving installation kit file structure, backstage is extracted and can also or be started redirect services operation installation procedure by virtual machine, restores all installation files, then extracts; Under redirection mechanism, the All Files operation that installation procedure is performed and registry operations all will be mapped to and be redirected disk or redirected catalogue, therefore on current operation system, can not produce any impact.
The described online user who offers client according to the authentication request as required process of executive software product certification is as follows: if client online user installs or move unknown software product, authentication terminal (download by network by this authentication terminal, or by program release medium, be arranged on subscriber computer) by the authentication request that sends described unknown software products to certificate server, if unknown software products to be certified does not add authentication service network (set in all certificate server basic products storehouse), according to the product information of unknown software products to be certified, (product information comprises certificate server: software product title, manufacturer, version, digital signature, listed files, and the size of each file, timestamp, version, code static nature and file data check value), automatically or by artificial mode, this product is added to certificate server software product registration inventory (described software product registration inventory comprises the list information of registered all software products, and at the index information of certificate server basic product storehouse and basic Sample Storehouse, software product registration inventory comprises two types: local registration inventory and remote login inventory, software product in software product registration inventory comprises four kinds of states: put in storage, put in storage, wait for warehouse-in, fail to put in storage), this software product registration inventory is safeguarded by automatic and artificial mode, for example, if the product information of unknown software products and manufacturer's information and certain software product of having put in storage match, the source of the software product that use has been put in storage automatically and source credit worthiness are as the source-information of unknown software products, if fail to find the software product of coupling, by manual type, search for its official website and Download Server, and definite its source credit worthiness, then certificate server is downloaded software product installation kit to be certified from optimum source, by intellectual analysis, obtain product information and the reputation information of software, and coordinate third party's antivirus engine finally to determine file credible degree and the comprehensive credit worthiness of software product to be certified, thereby complete authentication, for certificate server, cannot find the unknown software products to be certified in source, adopt authentication terminal offline authentication, the mode that user wins the confidence voluntarily completes authentication.Client online user decides subsequent operation in its sole discretion according to the authentication result of returning, for example, if the prestige of this product is very poor, and user determines to install or move this software, authenticate terminal and move this software by automatically switching on lower level of security, to ensure the safety of user data and information.Authentication has higher priority as required, makes certificate server can respond fast user's Real time request.
Described certificate server execution comprises two kinds of situations while authenticating as required: (one) carries out inclusive authentication to the software product of authentication terminal request, inclusive authentication result comprises the confidence level of each file in software product to be certified, and the comprehensive credit worthiness of this software product, authentication result returns to authentication terminal, and comprehensive credit worthiness is corresponding with certain level of security on subscriber computer; (2) Single document or the run time version of authentication terminal request are authenticated, authentication result is only returned to the confidence level of institute's authentication document; The authentication result that these two kinds of situations are returned to authentication terminal all may comprise following additional information: the file restoration information comprising when client file is tampered (infection), the file initial data comprising when client file is replaced.(basic product storehouse, basic product storehouse, interim product library and consumer products storehouse include the file restoration information of software product, and the software installation kit of user's appointment when basic Sample Storehouse and offline authentication comprises the original file data of software product.)
The process of described distributed authentication software product confidence level is as follows: first certificate server adopts distributed mode to be deployed on network node all over the world, authentication server stores has the up-to-date and the most perfect basic product storehouse of local domain and basic Sample Storehouse, once there is renewal in the basic product storehouse of certain certificate server, this certificate server issues up-to-date remote software equipment registration inventory to the certificate server of other network node; When the certificate server of certain network node receives after user authentication request, first search certificate server local software equipment registration inventory and local basis product library, if there is software product to be certified, mate the credit worthiness of software product to be certified and authentication result is returned to authentication terminal, the online user of client carries out subsequent operation according to the authentication result of returning; If local authentication server does not record software product to be certified, search remote software equipment registration inventory, if found, to corresponding network node remote authentication server, initiate remote authentication request, now, the certificate server of initiating remote authentication request is equivalent to Relay Server, after remote authentication completes, directly to subscriber computer authentication terminal, returns to remote authentication result; If also do not find software product to be certified in remote software equipment registration inventory, certificate server is carried out the constructive process in basic product storehouse, and software product to be certified is registered in basic product storehouse and basic Sample Storehouse.
The authentication information that authentication terminal utilizes certificate server to return, not only can be to the comprehensive credit worthiness of user report software and the reliability information of each file, can also be directly repair or reduce the apocrypha of user side, thus user without again again download software product installation kit, reinstall operating system or application software.
The process of the offline user authentication software product confidence level of described client is as follows:
When client user is off-line state, authentication terminal carries a basic product storehouse consistent with user region (always issue with authentication terminal in basic product storehouse), if the operating system that user installs and application software are all covered by basic product storehouse, user need not can authenticate the running environment of oneself online so, if there is the software product of basic product storehouse the unknown in the subscriber computer of off-line, and possesses this software product installation kit, user can start authentication terminal and authenticate temporarily, interim authentication is by the confidence level of this software product installation kit All Files of intellectual analysis and comprehensive credit worthiness, if installation kit is insincere, to point out user, user can abandon also can manually accepting and believing this software product, if installation kit is credible or manually accepted and believed by user, authentication terminal will be extracted this software product installation kit product information automatically, join interim product library, interim product library has the credit worthiness identical with basic product storehouse (completely credible under off-line state), authentication terminal is used basic product storehouse, interim product library and consumer products storehouse to scan subscriber computer, and the interim product library that off-line state produces and all softwares that add consumer products storehouse to will keep interim authentication state, until offline user becomes presence, authentication terminal authenticates the software product that interim product library is interim authentication state with consumer products storehouse state (identical with the process of executive software product certification as required) again by request authentication server, interim product library through authentication is automatically converted to consumer products storehouse, user can manually specify the credit worthiness of consumer products library software, or specifies prestige state to turn back to standard prestige state from user.That is to say, it is complete trusted that user can specify a software product voluntarily, even if this product comprises real viral code, it also can move on higher level of security, but, if user turns back to standard prestige state, these codes all will clear up away from internal memory, and unloaded, and all disk files of this product all will be isolated.If user can not be online, also cannot provide the installation kit of software product, so, authentication terminal can only be used basic product storehouse to authenticate user machine system, and corresponding level of security only has two kinds, the one, safety, the one, unknown, user can be switched between these two kinds of ranks, certainly, if user is switched on level of security, all application software of prestige the unknown all cannot be moved.
Described consumer products library software product comprises three kinds of states: 1. standard prestige state, and 2. interim prestige state, 3. user specifies prestige state.
Described standard prestige state refers to: the software product credit worthiness that authentication is returned through certificate server, for user specifies prestige state, this state is accurately with reliably.
Described interim prestige state refers to: the software product credit worthiness that the authentication terminal intelligent analysis of process off-line obtains, for standard prestige state, may there is certain risk in this state, can not be trusted for a long time, once user is online, this state will be automatically upgraded to standard prestige state.
Described user specifies prestige state to refer to: user ignores the prestige state that certificate server returns, or the prestige state that while ignoring authentication terminal off-line, intellectual analysis obtains, artificial credit worthiness of specifying consumer products library software product, makes some software can be in higher security level not or can only on compared with lower security rank, move.User specifies the prestige state can fast return standard prestige state or interim prestige state.
Described virus refers to executable file, script file, module, process, thread and the kernel run time version that comprises the full spectrum of threats computer security such as wooden horse.
Described switch protecting user's the data security by different level of securitys and the process of information security are as follows: user selects the level of security that will be switched to, then start the switching of level of security, authentication terminal thoroughly scans the running environment of subscriber computer and disk file automatically, and according to the level of security of user's selection, scanning result is authenticated, stop, unload and isolate all not by process, thread, module, run time version (comprising kernel-driven), executable file and the registry key of authentication; If be switched to lower level of security from higher level of security; encrypt other user profile of all higher security level and critical data (as the security catalog of user account information, cookie information, user's appointment); and start user data real-time guard; otherwise decrypted user information and critical data; if there is the code that cannot remove, may require user to restart.
The scanning of described authentication terminal to subscriber computer, comprise: all process, thread, module, run time versions (comprising kernel-driven) that operate in calculator memory, all disk files, leader record, registry key and registry data, user profile and critical data.
Authentication terminal when not switching to higher security level compared with lower security rank, comprises the processing of user machine system: (1) stops all processes of not crossing authentication; (2) stop all threads of not crossing authentication; (3) unload all modules of not crossing authentication; (4) unload all run time versions (comprising kernel-driven) of not crossing authentication; (5) isolate all executable files (comprising script file) of not crossing authentication; (6) derive and delete registry key and the registry data that all and above-mentioned executable file, process image, module file, the kernel-driven of not crossing authentication is associated; (7) scanning disk system and file system, repair and reduce all infected, executable files of replacing, comprises system core file, as MBR (MBR), partition table, partition boot record; (8) encrypted user profile and the critical data of all level of securitys under deciphering targeted security rank; (9) if there is the executable code that can not thoroughly remove and unload, may require user to restart; (10) preserve above-mentioned switching daily record.
Authentication terminal from higher security level not when switching compared with lower security rank, processing to user machine system comprises: (1) is according to rudimentary high-level switching daily record, executable file, process image file, module file and the kernel-driven file that reduction all (segregate) and targeted security rank match of being clipped to of correspondence; (2) import registry key and the registry data that all (be exported and delete) and targeted security rank match; (3) load all unloaded kernel-drivens that match with targeted security rank; (4) encrypt user profile and the critical data of all level of securitys on targeted security rank.
Even if described authentication terminal is not carried out the switching between level of security, also possesses the mechanism that current safety rank operational environment is authenticated again, to check the suspect code of dynamic intrusion computer system and the apocrypha of intrusion computer file system, the firm and safety of safeguards system.For operating system, exist leak or Active Defending System Against to have the subscriber computer of leak, this authentication mechanism is the safety of safeguards system thoroughly, and point out user to repair the leak that operating system or Initiative Defense may exist.
Described authentication terminal works, may be because certain Malware of operation or dangerous program cause operating system destroyed, or running environment be destroyed when lower level of security; But authentication terminal possesses the ability of repairing operating system and running environment, and implementation is as follows: 1) by small-scale operating system vectoring computers such as DOS, LINUX on CD, movable storage medium or WINDOWS PE; (2) after guiding successfully, operation authentication terminal program in above-mentioned small-scale operating system, select higher level of security, user machine system and disk file are scanned, subscriber computer is switched to other operational environment of higher security level fast, isolate all failing simultaneously and, by executable file and the script file of authentication, delete its shortcut; (3) repair and reduce all infected, replace or destroyed executable file (comprise infected, replace or system file deleted, that destroy); (4), if there is other consumer products storehouse of targeted security level, reduce MBR, partition table, partition boot record, the file system and registry of subscriber computer operating system; (5) if there is no other consumer products storehouse of targeted security level, repair MBR, partition boot record and the file system of subscriber computer operating system, derive and delete relevant registry key and the registry data of all executable file, script files to not passing through authentication.
The running environment of the safety classification that the present invention realizes can allow user at utmost move without barrier all software, it is no longer concerned about whether software or run time version are virus in itself, or which kind of virus, therefore also need not carry out qualitative analysis to suspect code, because user's real concern is not viral title, but the result of safety.
Described certificate server also can coordinate third party's antivirus engine to carry out confidence level authentication, is in the situation that software product installation kit source credit worthiness is known, for guaranteeing that the software product released version obtaining is perfectly safe reliably, and a kind of authentication strengthening measure of taking.
Based on technology of the present invention, can provide the fail-safe software product with following characteristics for user:
One, at client Main Basis or complete foundation authentic authentication technology of the present invention, scan, adopt this technology to analyze user machine system, can: 1) thoroughly detect all online (being loaded in internal memory) that in subscriber computer, exist and unauthenticated or the authentication of off-line (being kept on the storage mediums such as disk) and do not meet other executable file of current safety level and executable code, 2) stop, unload and isolate all 1) in the suspicious process of not crossing authentication that detects, thread, module, run time version and kernel-driven, 3) directly repair the file of all being tampered (infection), 3) reduce all being replaced, destroy or deleted file, 4) reparation or reduction magnetic disc main boot record, partition boot record, partition table, file system, registration table.
Two, be supported in and in the small-scale operating system of exterior guiding, carry out above-mentioned scanning and repair operation, exterior guiding comprises: floppy disk guiding, CD guiding, USB (FDD, HDD, CDROM) guiding, netboot, small-scale operating system comprises: DOS, LINUX, WINDOWS PE etc.
Three, no matter user is off-line state or presence in described scanning, can guarantee user machine system to be switched on authentic, an intrinsically safe state, for user provides the applied environment of a safety; Off-line scan based on small-scale operating system, the system of being mainly used in cannot start or the situation of cisco unity malfunction under, allow the user just can be by system fast restore without refitting system, the system reducing of realizing based on the present invention is a kind of real harmless reduction, can not cover any user file or cause the loss of user data.
Four, the operational environment of different level of securitys is provided for user.The operational environment of this different level of securitys has following characteristics: 1) real safety, can not cannot slip in subscriber computer and move by the code of authentication, 2) really isolation, compared with the program of low level security and code, cannot enter the operational environment of higher security level, simultaneously compared with seeing other privacy of user of higher security level and sensitive data under the operational environment of low level security, 3) switching of level of security and the user account of operating system switch not identical, same computer, user can only be operated on a kind of clear and definite level of security at synchronization, can not create the operational environment of multiple level of security simultaneously.
When five, providing intrinsically safe system environments and applied environment for user, also allow user to use without barrier and experience any software product, even if this product comprises malicious code or dangerous program.For example, user installs or moves the not yet software product of authentication on a level of security, can be prompted to authenticate, if the credit worthiness of authentication is lower, this product will be prohibited, but user can select to be switched to normal this software that uses on lower level of security; Or user can ignore the standard prestige state of certificate server in current safety rank, for wanting the software designated user prestige of operation to use it, when user returns to standard prestige state, the user of this software product specifies prestige to cancel.
Six, possesses user data real-time guard ability.Even if move incredible software or do not go up in higher security level the software that run user is specified prestige on lower level of security; also can protect user data not to be destroyed; it is characterized in that: 1) if above-mentioned software does not pass through user's manual operation; on backstage, automatically open, revise, delete any data file in computer; all will be blocked and report to user; 2), if above-mentioned software carries out physical disk operation, also will be blocked and report to user.
Seven, in the situation of off-line, allow user the installation kit of software product to be considered as to benchmark temporarily and not exclusively authenticate that (user can ignore the result of credit worthiness intellectual analysis, manually accept and believe this software product), authentication terminal is extracted the software installation kit from user's appointment product information and result is kept to interim product library, has the highest credit worthiness.Therefore,, as long as user has believable priginal soft installation kit or installation procedure, can obtain equally the authentication effect identical with on-line authentication.
Eight,, in online situation, interim product library will the submitted authentication on backstage, if authentication is passed through, is automatically converted to consumer products storehouse, if can not be by authentication, and return authentication result point out user.
In sum, the safety product of realizing based on the present invention has following essential characteristic:
One, mainly based on or based on the distributed authentic authentication technology based on product library of the present invention, user machine system is authenticated completely.
Two, possess the offline authentication technology breaking the whole up into parts, make user under the state of off-line, also can guarantee the safety of own computer system.
Once three users are online, offline authentication can be automatically upgraded to on-line authentication, and interim product library is converted to consumer products storehouse, and interim authentication software production interchange is standard authentication software product.
Four,, by the authentic authentication technology based on product library of the present invention, can farthest protect the firm of user machine system.Even if system is destroyed, also can in other small-scale operating system, move authentication terminal based on this technology and be repaired and reduce computer system, system is turned back to the state of safety and stability.
Five, allow user to enter the operational environment of different level of securitys, these level of securitys are isolation completely in application.The operational environment of high level of security has authentication, feature protected and trusty completely, and user can complete some important work in this rank, as network trading.At lower level of security, user can attempt experiencing any software product, and does not worry that safety is on the hazard.
Accompanying drawing explanation
Fig. 1 is Organization Chart of the present invention
Fig. 2 is the flow chart that certificate server of the present invention creates basic product storehouse
Fig. 3 is that the present invention authenticates whole server executive software product certification flow chart as required
Fig. 4 is that the present invention authenticates terminal offline authentication flow chart
Fig. 5 is that the present invention authenticates other switching flow of terminal security level figure
Embodiment
Below in conjunction with accompanying drawing, 1-5 further illustrates embodiments of the present invention.
The invention provides a kind of distributed authentic authentication method and system based on product library, file system that can be to any computer user, application software and running environment are carried out rapid scanning, the level of security requiring according to user, stop and unload all other executable codes of current safety level that do not meet, isolate all other executable files of current safety level that do not meet, protection other user profile of higher security level and critical data, forbid moving all other executable codes of current safety level that do not meet, coordinate Initiative Defense and Network Firewall Technology, just can eliminate all potential safety hazards on subscriber computer, for user realizes isolation mutually between different level of securitys, real safe and reliable, operating system environment that can any software product of smoothly operation.
This system comprises:
Certificate server, for creating authentication required basic product storehouse and basic Sample Storehouse, and according to local authentication or the distributed remote authentication of executive software product as required of client online user's authentication request, last return authentication result;
Authentication terminal; online user for client initiates authentication request; or the offline user authentication software product confidence level for client; and select according to authentication result or user, by the switching of different level of securitys, protect user's data security, information security and ensure that user machine system is firm.
The method comprises:
For creating required basic product storehouse and the basic Sample Storehouse of authentication, and offer online user's confidence level of executive software product certification or distributed authentication user software product as required, the step of last return authentication result according to authentication request;
For online user, initiate authentication request; the confidence level of authentication software product; or for offline user authentication software product confidence level, and select according to authentication result or user, by the switching of different level of securitys, protect user's data security and the step of information security.
As shown in Figure 2, certificate server creates the process in basic product storehouse: this process is for creating authentication required basic product storehouse and basic Sample Storehouse, basic product storehouse authenticates for the user's request to client, basis Sample Storehouse is for therefrom extracting original document, and reduction client is replaced, destruction or deleted file.Basic product storehouse has comprised for authenticating, repair all information of client file, and the confidence level of this each file of software product and comprehensive credit worthiness.
As shown in Figure 3, certificate server is the process of the local authentication of executive software product and distributed authentication as required: the software product of user's request authentication may comprise following several situation: 1. software product to be certified has added local authentication server basis product library, the authentication request that certificate server only need be submitted to user is carried out exact matching authentication, and generate the online user that authentication result returns to client and authenticate terminal, if the software product infected (distorting) that user is to be certified, replace, destruction or deleted, authentication result comprises for repairing, reduce restoration information or the original document packed data of this software product files, 2. software product to be certified does not add local authentication server basis product library, but added remote authentication server basic product storehouse, now, local authentication server is equivalent to Relay Server, simply user's request is forwarded to the remote authentication server of coupling, and etc. to be certified completing, the online user who finally authentication result is returned to client authenticates terminal, 3. software product to be certified does not add authentication service network (local with set all long-range certificate server basic product storehouses), start the visioning procedure of local authentication server basis product library, this process may coordinate certain manual search to determine the optimum source of this software product installation kit, if fail to find this software product source, return to failure, at this moment, online user authenticates terminal and starts software product credit worthiness intellectual analysis, using the result of intellectual analysis as interim authentication result, and point out user to decide how to accept and believe software product to be certified in its sole discretion according to this interim result, once this software product adds authentication service network, certificate server will initiatively require this client online user step-up authentication result.
As shown in Figure 4, the process of authentication terminal offline authentication: the offline authentication of authentication terminal can start from current operation system, also can start from other small-scale operating system.Object is to remove and isolate run time version, image file and the registry key that all level of securitys require lower than user, guarantees the current certain satisfactory level of security of operational environment of user.Offline authentication has the ability of repairing and reducing user machine system.
As shown in Figure 5, other handoff procedure of authentication terminal security level: the process that authentication terminal is not switched from lower level of security to higher security level is identical with offline authentication process, after having switched, all executable codes that can authenticate by higher security level all will be terminated, and clear up away from internal memory, all can not being all isolated by the executable file of authentication, all registry key that are associated with these executable files all will be exported and be deleted, after having switched, coordinate third party's Initiative Defense module and FWSM, (as that download or that start by web browser in network or invade by leak) any executable code or the file in other source also will be examined, if can not pass through other authentication of current safety level, also can not move, therefore, on higher level of security, user's data security and application safety will be protected.
The present invention is by interconnecting with the software product manufacturer server, trusted Download Server and the antivirus scan server that are distributed in all over the world, set up authentication service network, realize full-automatic and distributed software trust authentication, particularly, by safety certification of the present invention, on subscriber computer, realize operational environment minute level of security, can any software product of smoothly operation.
This product library with online and offline feature proposing based on the present invention, subscriber computer is carried out to distributed authentic authentication, for user sets up the operational environment of different level of securitys, allow user's any software product of independently winning the confidence, just without software being strictly divided into safety with dangerous, but move different software with different level of securitys, even if this software kit is containing viral code, also may operate in compared with in other operational environment of low level security, because the level of security that the present invention creates, there is isolation completely mutually, the characteristic of user data real-time guard.
Why the present invention can set up this product library with online and offline feature, and be applied on the subscriber computer of the online also possibility of possibility off-line, because specific to any terminal in the world, operating system and the application software of operation are all very limited thereon, therefore the method for this distributed authentication based on product library proposed by the invention, can solve safety identification of computer at Jian Ku, win the confidence and all problems of application aspect.
The operational environment of different level of securitys proposed by the invention, user can move any software product in these environment and the not fail safe of destruction of computer systems exists fundamental difference with virtual machine technique.The virtual machine technique that is applied in security fields comprises: 1. in current operation system; by software virtual machine, build a virtual hardware environment; in this environment, load a complete or small-sized operating system; then the software of run user in this operating system; no matter this software has been carried out any operation; all cannot affect real operating system; 2. take over current operation system bottom; the all operations of system is all directed to an interim region; therefore system is restarted rear every operation and all will be cancelled, to protect real operating system.Technology proposed by the invention is all that on-line operation is in current operation system environment, user's all operations and operating result all can be saved, if switched level of security, low-level operation result can thoroughly disappear, but while switching back, low-level operating result will be returned again.For example: software A is completely credible, and software B is the Virus under a kind of conventional meaning, user is operating software A in the operational environment of the highest level of security, software A is because can normally move by other authentic authentication of this level, under this level of security, if user's operating software B (or software B successfully requires operation because invade), authentication terminal will be carried out real-time online or offline authentication to software B, because software B cannot pass through other authentic authentication of this level, authentication terminal is abandoned operating software B by prompting user, if user selects to continue operating software B, authenticate terminal will automatically switch to the corresponding level of security of software B on, at this moment, the user profile that all level of securitys on software B level of security are corresponding and critical data are all by encrypted, user data real time protection is opened, All Files operation and registry operations in software B running all will be recorded, when user is switched back the highest level of security again, authentication terminal will rescan system and disk file, all processes, thread, module, driving that software B is relevant all will be terminated and unload, all executable files that software B creates are isolated, the All Files that software B distorts is repaired or reduces, the registry key that the registry key that software B revises is reduced, adds is exported and deletes, and at this moment, software B is equivalent to thoroughly from system, thoroughly disappear, in addition, user profile and critical data that all level of securitys on software B level of security are corresponding are decrypted, and system is returned to the operational environment that the highest level of security is corresponding again.
Claims (10)
1. the distributed authentic authentication method based on product library, is characterized in that comprising:
For creating required basic product storehouse and the basic Sample Storehouse of authentication, and offer online user's confidence level of executive software product certification or distributed authentication user software product as required, the step of last return authentication result according to authentication request;
For online user, initiate authentication request, the confidence level of authentication software product, or for offline user authentication software product confidence level, and select according to authentication result or user, by the switching of different level of securitys, protect user's data security and the step of information security;
Described establishment authenticates required basic product storehouse and the process of basic Sample Storehouse is: by the distributed certificate server being present in all over the world, according to this region country, the software product registration inventory national and application matches, automatically download and collect all kinds of software vendor's issue and the software product installation kit of version, on backstage, extract the product information of this software product installation kit and join basic product storehouse and basic Sample Storehouse, when extracting, intellectual analysis software product credit worthiness, and coordinate antivirus engine certificate server this locality or networking to scan the executable file extracting in software product installation kit and script file, to obtain file credible degree and the comprehensive credit worthiness index of this software product,
The base region of described software product credit worthiness intellectual analysis comprises; Source credit worthiness, code information standard degree, code structure standard degree, code behavior risk factor;
Described basic Sample Storehouse comprises all compressions or incompressible file data, mount message and the index information of software product installation kit; For, replacement destroyed at client file or deleted in the situation that, to client, send original file data and be used for recovering destroyed, replacement or deleted client file;
Described basic product storehouse comprises from static nature information, behavior characteristic information, core data and the authentication information of the extraction of software product installation kit, the resulting all documents of intellectual analysis and code, basic product storehouse is distributed on certificate server all over the world, and the software product that local domain is relevant is only included in the basic product storehouse of every certificate server;
Described product library, comprise the basic product storehouse that creates for distributed on-line authentication on all certificate servers and basic Sample Storehouse, with the basic product storehouse of authentication terminal issue, and the interim product library of setting up on all subscriber computers and consumer products storehouse;
Described basic product storehouse refers to and is included in compact version and the complete believable software product authentication database of issuing and installing in authentication terminal, with authentication terminal, extract from basic product storehouse in basic product storehouse, include authentication terminal distribution district and the most often use and product information and the authentication information of complete believable software product, for authenticating terminal offline authentication;
Described consumer products storehouse refer to by authentication terminal, generated, comprise operating system and the product information of all other software products and the subscriber's local authentication database of authentication information on subscriber computer, installed; The product information of the operating system product of installing on described subscriber computer specifically comprises: magnetic disc main boot record, partition boot record, partition table, file system core data, registration table, registration table backup, all system files, and above information is for repairing or reduction user machine system;
Basic product storehouse and basic Sample Storehouse are included authentication information and the data message of all registered software products; Basic product storehouse is a trusted subset in basic product storehouse, is used to offline user that authentic authentication is provided; Interim product library is expanded basic product storehouse for offline user temporarily, is also used to offline user that authentic authentication is provided, and comprises the software product that user wins the confidence voluntarily, if user is online, interim product library is by certified and move to consumer products storehouse; Consumer products storehouse comprises all software products that authenticated on subscriber computer; If the unregistered software product of existence foundation product library in consumer products storehouse, when the unexposed distribution of this software product or source are unknown, authentication information is generated automatically by the analysis of authentication terminal intelligent, and user can adjust the credit worthiness of all software products in consumer products storehouse voluntarily.
2. method according to claim 1, it is characterized in that: software product installation kit product information is extracted on described backstage, adopt and directly resolve installation kit file structure, installation kit file data or resource data decompress in internal memory, then extract the effective information of each file, comprise: manufacturer's information, version information, temporal information, digital signature, file data check value, code structure information, module dependence, function call information, code adds shell, enciphered message, core data, these information are for the credit worthiness of automatic analysis executable file, also for repairing infected file on subscriber computer,
In the situation that cannot resolving installation kit file structure, described software product installation kit product information, by virtual machine or redirect services operation installation procedure, restores all installation files, then extracts; Under redirection mechanism, the All Files operation that installation procedure is performed and registry operations all will be mapped to and be redirected disk or redirected catalogue, therefore on current operation system, can not produce any impact.
3. method according to claim 1, it is characterized in that: describedly according to authentication request, offer client online user the process of executive software product certification is as follows as required: if client online user installs or operation unknown software products, authentication terminal by the authentication request that sends a unknown software products to certificate server, if unknown software products to be certified does not add the set of all certificate server basic products storehouse, certificate server is according to the product information of unknown software to be certified, the software product registration inventory of having set up from certificate server is searched the optimum source of this software product, certificate server is downloaded this software product installation kit from optimum source, by credit worthiness Intellectual Analysis Technology, and coordinate third party's antivirus engine finally to determine file credible degree and the comprehensive credit worthiness of this software product, for certificate server, cannot find the software product in source, adopt authentication terminal offline authentication, the mode that user wins the confidence voluntarily completes authentication,
Described product information comprises: software product title, manufacturer, version, digital signature, listed files, and the size of each file, timestamp, version, code static nature and file data check value.
4. method according to claim 3, it is characterized in that: described certificate server execution comprises two kinds of situations while authenticating as required: the first, software product installation kit to be certified to authentication terminal request carries out inclusive authentication, inclusive authentication authenticates the All Files of the software product installation kit of request authentication, authentication result comprises confidence level and the comprehensive credit worthiness of each file, and comprehensive credit worthiness is corresponding with certain level of security on subscriber computer; The second, authenticates Single document or the run time version of authentication terminal request, and authentication result only comprises the confidence level of institute's authentication document; When client file is tampered or is replaced, destroys and deletes, no matter be on-line authentication or authentication terminal offline authentication, the authentication result of generation all comprises: the restoration information of file, the packed data of original document.
5. the distributed authentic authentication system based on product library, is characterized in that comprising:
Certificate server, for creating authentication required basic product storehouse and basic Sample Storehouse, and according to authentication or the distributed remote authentication of executive software product as required of client online user's authentication request, last return authentication result;
Authentication terminal, online user for client initiates authentication request, or the offline user authentication software product confidence level for client, and select according to authentication result or user, by the switching of different level of securitys, protect user's data security, information security and ensure that user machine system is firm;
First certificate server adopts distributed mode to be deployed on network node all over the world, authentication server stores has the up-to-date and the most perfect basic product storehouse of local domain and basic Sample Storehouse, once there is renewal in the basic product storehouse of certain certificate server, this certificate server issues up-to-date remote software equipment registration inventory to the certificate server of other network node; When the certificate server of certain network node receives after user authentication request, first search certificate server native product registration inventory and local basis product library, if there is software product to be certified, mate product information and the credit worthiness of this software product and authentication result is returned to authentication terminal, the online user of client carries out subsequent operation according to the authentication result of returning; If local authentication server does not record software product to be certified, search remote software equipment registration inventory, if found, to corresponding network node remote authentication server, initiate remote authentication request, after remote authentication completes, directly to subscriber computer authentication terminal, return to remote authentication result; If also do not find software product to be certified at long-range equipment registration inventory, certificate server is carried out the constructive process in basic product storehouse, and software product to be certified is registered in basic product storehouse and basic Sample Storehouse;
When client user is off-line state, authentication terminal carries a basic product storehouse consistent with user region, if the operating system that user installs and application software are all covered by basic product storehouse, user need not can authenticate the running environment of oneself online so, if there is the software product of basic product storehouse the unknown in the subscriber computer of off-line, and possesses this software product installation kit, user starts authentication terminal and authenticates temporarily, interim authentication is by the confidence level of this software product installation kit All Files of intellectual analysis and comprehensive credit worthiness, if installation kit is insincere, to point out user, user selects to abandon or manually accept and believe this software product voluntarily, if installation kit is credible or manually accepted and believed by user, authentication terminal will be extracted the product information of this software product installation kit automatically, join interim product library, interim product library has the credit worthiness identical with basic product storehouse, authentication terminal is used basic product storehouse, interim product library and consumer products storehouse to scan subscriber computer, and the interim product library that off-line state produces and all softwares that add consumer products storehouse to will keep interim authentication state, until offline user becomes presence, authentication terminal authenticates by request authentication server the software product that interim product library and consumer products storehouse state are interim authentication state again, interim product library through authentication is automatically converted to consumer products storehouse, user is the credit worthiness of designated user product library software product voluntarily, or from user, specifies prestige state to turn back to standard prestige state its prestige state.
6. system according to claim 5, is characterized in that: the prestige state of described consumer products library software product comprises three kinds of states: standard prestige state, and interim prestige state and user specify prestige state;
Described standard prestige state refers to: the software product credit worthiness that authentication is returned through certificate server, and for user specifies prestige state, this state is accurately with reliably;
Described interim prestige state refers to: the software product credit worthiness that the authentication terminal intelligent analysis of process off-line obtains, for standard prestige state, there is certain risk in this state, can not be trusted for a long time, once user is online, this state will be automatically upgraded to standard prestige state;
Described user specifies prestige state to refer to: user ignores the prestige state that certificate server returns, or the prestige state that while ignoring authentication terminal off-line, intellectual analysis obtains, artificial credit worthiness of specifying consumer products library software product, makes some software in higher security level not or can only on compared with lower security rank, move.
7. system according to claim 5, it is characterized in that: user selects the level of security that will be switched to, while starting the switching of level of security, authentication terminal thoroughly scans the running environment of subscriber computer and disk file automatically, and according to the level of security of user's selection, scanning result is authenticated, stop, unload and isolate all by process, thread, module, run time version, executable file and the registry key of authentication; If be switched to lower level of security from higher level of security, encrypt other user profile of all higher security level and critical data, and start user data real-time guard; If be switched to higher level of security from lower level of security, decipher user profile and the critical data of all level of securitys under targeted security rank; When there is the code that cannot remove, prompting user restarts;
Described authentication terminal is to the scanning with producing computer, comprise following content: all process, thread, module, run time versions that operate in calculator memory, all disk files, leader record, registry key and registry data, user profile and critical data.
8. system according to claim 7, is characterized in that: authentication terminal when not switching to higher security level compared with lower security rank, comprises the processing of user machine system: stop all processes of not crossing authentication; Stop all threads of not crossing authentication; Unload all modules of not crossing authentication; Unload all run time versions of not crossing authentication; Isolate all executable files of not crossing authentication; Derive and delete registry key and registry data that all and above-mentioned executable file, process image, module file, the kernel-driven of not crossing authentication is associated; Scanning disk system and file system, repair and reduce all infected, executable files of being replaced, comprises system core file; Encrypted user profile and the critical data of all level of securitys under deciphering targeted security rank; If there is the executable code that can not thoroughly remove and unload, require user to restart; Preserve above-mentioned switching daily record;
Authentication terminal does not comprise the processing of user machine system when switching compared with lower security rank from higher security level: according to correspondence rudimentary, be clipped to high-level switching daily record, reduce executable file, process image file, module file and kernel-driven files all and that targeted security rank matches; Import all registry key and registry datas that match with targeted security rank; Load all unloaded kernel-drivens that match with targeted security rank; Encrypt user profile and the critical data of all level of securitys on targeted security rank.
9. system according to claim 5, it is characterized in that: described authentication terminal operating is under other small-scale operating system, repair destroyed user machine system, its process is as follows: A, by DOS, LINUX or WINDOWS PE small-scale operating system vectoring computer on CD, movable storage medium; B, guide successfully after, operation authentication terminal program in the small-scale operating system described in steps A, select higher level of security, user machine system and disk file are scanned, subscriber computer is switched to other operational environment of higher security level fast, isolate all failing simultaneously and, by executable file and the script file of authentication, delete its shortcut; C, reparation and reduction all infected, replace or destroyed executable file; If D exists other consumer products storehouse of targeted security level, reduce MBR, partition table, partition boot record, the file system and registry of subscriber computer operating system; E, if there is no other consumer products storehouse of targeted security level, repair MBR, partition boot record and the file system of subscriber computer operating system, derive and delete relevant registry key and the registry data of all executable file, script files to not passing through authentication.
10. system according to claim 5, is characterized in that: described certificate server also coordinates third party's antivirus engine to carry out confidence level authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110143788.8A CN102195987B (en) | 2011-05-31 | 2011-05-31 | Distributed credibility authentication method and system thereof based on software product library |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110143788.8A CN102195987B (en) | 2011-05-31 | 2011-05-31 | Distributed credibility authentication method and system thereof based on software product library |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102195987A CN102195987A (en) | 2011-09-21 |
| CN102195987B true CN102195987B (en) | 2014-04-30 |
Family
ID=44603374
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110143788.8A Active CN102195987B (en) | 2011-05-31 | 2011-05-31 | Distributed credibility authentication method and system thereof based on software product library |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102195987B (en) |
Families Citing this family (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102750491B (en) * | 2012-06-05 | 2016-03-09 | 宇龙计算机通信科技(深圳)有限公司 | The method and system of a kind of limiting terminal installation or upgrading third party application |
| CN102779257B (en) * | 2012-06-28 | 2015-10-07 | 北京奇虎科技有限公司 | A kind of safety detection method of Android application program and system |
| CN103546436B (en) * | 2012-07-13 | 2018-10-23 | 南京中兴软件有限责任公司 | A kind of method of controlling security and terminal, Cloud Server |
| CN103577751B (en) * | 2012-07-25 | 2015-06-10 | 腾讯科技(深圳)有限公司 | File scanning method and device |
| CN102831010A (en) * | 2012-08-30 | 2012-12-19 | 腾讯科技(深圳)有限公司 | Method and device for opening unknown file |
| CN102982276A (en) * | 2012-11-14 | 2013-03-20 | 北京奇虎科技有限公司 | Method and device for application control |
| CN102982275A (en) * | 2012-11-14 | 2013-03-20 | 北京奇虎科技有限公司 | Security control method and device for running applications |
| CN104426861B (en) * | 2013-08-27 | 2017-12-26 | 中国银联股份有限公司 | Page detection method and system |
| CN103617388B (en) * | 2013-12-11 | 2016-04-06 | 长城信息产业股份有限公司 | A kind of implementation method with the secure operating system of process authentic authentication |
| CN105279019B (en) * | 2014-06-10 | 2018-11-23 | 中国移动通信集团公司 | A kind of dispatching method of application program, device and terminal device |
| US9305155B1 (en) * | 2015-02-12 | 2016-04-05 | United Services Automobile Association (Usaa) | Toggling biometric authentication |
| KR101718987B1 (en) * | 2015-07-21 | 2017-03-22 | 김택진 | Terminal having security function |
| CN106815518B (en) * | 2015-11-30 | 2020-08-25 | 华为技术有限公司 | Application installation method and electronic equipment |
| CN105825440A (en) * | 2016-06-07 | 2016-08-03 | 国网辽宁省电力有限公司电力科学研究院 | Network source coordination management system and method based on J2EE platform |
| CN110362406B (en) * | 2017-01-20 | 2020-12-25 | 腾讯科技(深圳)有限公司 | Event processing method and device |
| TWI625642B (en) * | 2017-03-08 | 2018-06-01 | 廣達電腦股份有限公司 | Software risk evaluation system and method thereof |
| US10230527B2 (en) * | 2017-04-19 | 2019-03-12 | Continental Automotive Systems, Inc. | Method and apparatus to quickly authenticate program using a security element |
| EP3402152B1 (en) * | 2017-05-08 | 2019-10-16 | Siemens Aktiengesellschaft | System-specific automated certificate management |
| CN108255644B (en) * | 2017-12-29 | 2021-12-31 | 北京元心科技有限公司 | File system recovery method and device |
| CN108881198B (en) * | 2018-06-07 | 2021-03-30 | 深圳市亿联智能有限公司 | Intelligent terminal safety control method |
| CN112654987A (en) * | 2018-09-12 | 2021-04-13 | 华为技术有限公司 | Method and apparatus for certifying distributed services |
| CN109445804A (en) * | 2018-10-25 | 2019-03-08 | 麒麟合盛网络技术股份有限公司 | A kind of starting method and apparatus of application program |
| CN109918173B (en) * | 2019-03-06 | 2021-11-19 | 苏州浪潮智能科技有限公司 | Openstack-based virtual machine health check method and system |
| CN111611014B (en) * | 2020-05-12 | 2023-03-24 | 中电科航空电子有限公司 | Multi-security-level software simultaneous operation method meeting DO178C standard |
| CN112580017B (en) * | 2020-12-25 | 2023-12-29 | 深信服科技股份有限公司 | Authentication method and device, electronic equipment and storage medium |
| CN113138806B (en) * | 2021-03-25 | 2023-11-07 | 车智互联(北京)科技有限公司 | Processing method and device for mobile application running environment |
| CN113282921A (en) * | 2021-06-11 | 2021-08-20 | 深信服科技股份有限公司 | File detection method, device, equipment and storage medium |
| CN113961292B (en) * | 2021-10-21 | 2024-03-26 | 安天科技集团股份有限公司 | Security product generation method and device, electronic equipment and storage medium |
| CN116599777B (en) * | 2023-07-18 | 2023-09-26 | 北京睿芯高通量科技有限公司 | Multi-terminal multi-stage authentication method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1900941A (en) * | 2006-04-28 | 2007-01-24 | 傅玉生 | Computer safety protective method based on software identity identifying technology |
| CN1940805A (en) * | 2005-09-30 | 2007-04-04 | 联想(北京)有限公司 | Computer system and its safety encryption |
| CN101276387A (en) * | 2008-05-15 | 2008-10-01 | 金魁 | Network computer anti-virus system based on predefined health operating environment |
| CN101436234A (en) * | 2008-04-30 | 2009-05-20 | 北京飞天诚信科技有限公司 | System and method for ensuring operation environment safety |
-
2011
- 2011-05-31 CN CN201110143788.8A patent/CN102195987B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1940805A (en) * | 2005-09-30 | 2007-04-04 | 联想(北京)有限公司 | Computer system and its safety encryption |
| CN1900941A (en) * | 2006-04-28 | 2007-01-24 | 傅玉生 | Computer safety protective method based on software identity identifying technology |
| CN101436234A (en) * | 2008-04-30 | 2009-05-20 | 北京飞天诚信科技有限公司 | System and method for ensuring operation environment safety |
| CN101276387A (en) * | 2008-05-15 | 2008-10-01 | 金魁 | Network computer anti-virus system based on predefined health operating environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102195987A (en) | 2011-09-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102195987B (en) | Distributed credibility authentication method and system thereof based on software product library | |
| US11379582B2 (en) | Methods and apparatus for malware threat research | |
| CN109583193B (en) | System and method for cloud detection, investigation and elimination of target attacks | |
| Seo et al. | Detecting mobile malware threats to homeland security through static analysis | |
| Yang et al. | Automated detection and analysis for android ransomware | |
| US7743260B2 (en) | Firewall+storage apparatus, method and system | |
| US8474032B2 (en) | Firewall+ storage apparatus, method and system | |
| AU2019246773B2 (en) | Systems and methods of risk based rules for application control | |
| US9467465B2 (en) | Systems and methods of risk based rules for application control | |
| US9092823B2 (en) | Internet fraud prevention | |
| RU2723665C1 (en) | Dynamic reputation indicator for optimization of computer security operations | |
| CN104392176A (en) | Mobile terminal and method for intercepting device manager authority thereof | |
| EP2946327A1 (en) | Systems and methods for identifying and reporting application and file vulnerabilities | |
| CN102855274A (en) | Method and device for detecting suspicious progresses | |
| CN103827881A (en) | Method and system for dynamic platform security in a device operating system | |
| CN103473501A (en) | Malware tracking method based on cloud safety | |
| Eriksson et al. | Hardening the security analysis of browser extensions | |
| US20230418933A1 (en) | Systems and methods for folder and file sequestration | |
| Guo et al. | Research on risk analysis and security testing technology of mobile application in power system | |
| Smit | Towards Understanding and Mitigating Attacks Leveraging Zero-Day Exploits | |
| Major | A Taxonomic Evaluation of Rootkit Deployment, Behavior and Detection | |
| CN117972676A (en) | Application detection method and device, electronic equipment and storage medium | |
| Boulanger et al. | Malicious Code | |
| Decloedt et al. | Rootkits, Trojans, backdoors and new developments | |
| Wittkotter et al. | No-Go for Malware using Independent Executable Watchdog |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Zhang Ningjun Inventor after: He Peilin Inventor after: Long Xiangling Inventor before: Zhang Ningjun Inventor before: Long Xiangling |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: ZHANG NINGJUN LONG XIANGLING TO: ZHANG NINGJUN HE PEILIN LONG XIANGLING |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |