CN105468462A - Inter-process communication authentication method and system as well as inter-application communication method and system - Google Patents
Inter-process communication authentication method and system as well as inter-application communication method and system Download PDFInfo
- Publication number
- CN105468462A CN105468462A CN201410400524.XA CN201410400524A CN105468462A CN 105468462 A CN105468462 A CN 105468462A CN 201410400524 A CN201410400524 A CN 201410400524A CN 105468462 A CN105468462 A CN 105468462A
- Authority
- CN
- China
- Prior art keywords
- message sink
- forms
- communication
- thread
- handle
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Stored Programmes (AREA)
Abstract
The invention provides an inter-process communication authentication method and system as well as an inter-application communication method and system. The inter-process communication authentication method comprises the following steps of: establishing a first message receiving window of a process, wherein the first message receiving window is used for communication between a second message receiving window of a communication object process; acquiring a communication connection request of the communication object process, wherein the communication connection request comprises a window handle of the second message receiving window ; acquiring a thread identification of the second message receiving window according to the window handle, and acquiring a thread module for establishing the second message receiving window from a system process according to the thread identification; and verifying the identity of the communication object process according to the thread module. Through adoption of the methods and the systems, the identity of the other party communicated with the process can be known accurately, the authentication safety and reliability during inter-process communication are improved, backstage access during communication is eliminated, the risk of being intercepted by a third party is avoided, and the communication security is improved.
Description
Technical field
The present invention relates to computer internet technical field, particularly relate to communication means and system between a kind of interprocess communication authentication and application software.
Background technology
Along with the development of computer internet technology, the application software of various function emerges in an endless stream, and applies experience greatly for user brings.
In actual applications, often can relate to the information communication between application software, communication between traditional application software, general is all realized alternately by backstage, when carrying out information communication between two methods, the interprocess communication authentication of two methods belongs to crucial technology point, is assumed to be application 1 and application 2, first the backstage of application 1 generates a token (authorization token), and generates a mandate token to the backstage of application 2; The backstage of application 1 issues token to application 1, and the mandate token of generation is passed to the backstage of application 2; The backstage of application 2 issues token to application 2; Token is passed to application 1 by application 2, and application 1 inspection token, by then carrying out information transmission with application 2.
There is obvious shortcoming in above-mentioned communications identities verification technique, mutual owing to being that process needs between backstage, token transmits the possibility existing and be blocked between application 2 and application 1, and connectivity verification is general only when connecting, so after connection establishment, what application 1 cannot be determined to dock with oneself by above-mentioned checking is application 2, as can be seen here, this technology exists easily by the danger that third party software utilizes, and security is low.
Summary of the invention
Based on this, be necessary for the problems referred to above, communication means and system between the interprocess communication auth method providing a kind of security higher and system and application software.
A kind of interprocess communication auth method, comprises the steps:
Create the first message sink forms of this process, wherein, described first message sink forms are used for communicating with the second message sink forms of communication object process;
The communication connection request of obtaining communication object process, wherein, described communication connection request comprises the forms handle of the second message sink forms;
According to the thread identification of described forms handle acquiring second message sink forms, and obtain the threading models creating the second message sink forms in system process according to described thread identification;
The identity of described communication object process is verified according to described threading models.
A kind of interprocess communication authentication system, comprising:
First forms creation module, for creating the first message sink forms of this process, wherein, described first message sink forms are used for communicating with the second message sink forms of communication object process;
First connection request acquisition module, for the communication connection request of obtaining communication object process, wherein, described communication connection request comprises the forms handle of the second message sink forms;
First threading models acquisition module, for the thread identification according to described forms handle acquiring second message sink forms, and obtains the threading models creating the second message sink forms in system process according to described thread identification;
First object identity authentication module, for verifying the identity of described communication object process according to described threading models.
Above-mentioned interprocess communication auth method and system, first process communication both sides create corresponding message sink forms, utilize the uniqueness that forms identify, by obtaining thread correlated identities information, and then get the true body creating communication object forms, checking creates the identity of the true body of forms, realize the safety verification to communication object process and identification, can guarantee accurately to know the identity with this process communication the other side, the safety and reliability of authentication when improve interprocess communication.
Communication means between a kind of application software, comprises the steps:
Create the first message sink forms of this application software, wherein, described first message sink forms are used for communicating with the second message sink forms of communication object software;
The communication connection request of obtaining communication project software, wherein, described communication connection request comprises the forms handle of the second message sink forms;
According to the thread identification of described forms handle acquiring second message sink forms, and obtain the threading models creating the second message sink forms in system process according to described thread identification;
The identity of described communication object software is verified according to described threading models;
Described first message sink forms and the second message sink forms are utilized to carry out information transmission after being verified.
Communication system between a kind of application software, comprising:
Second forms creation module, for creating the first message sink forms of this application software, wherein, described first message sink forms are used for communicating with the second message sink forms of communication object software;
Second connection request acquisition module, for the communication connection request of obtaining communication project software, wherein, described communication connection request comprises the forms handle of the second message sink forms;
Second threading models acquisition module, for the thread identification according to described forms handle acquiring second message sink forms, and obtains the threading models creating the second message sink forms in system process according to described thread identification;
Second object identity authentication module, for verifying the identity of described communication object software according to described threading models;
Information transfer module, utilizes described first message sink forms and the second message sink forms to carry out information transmission after being verified.
Communication means and system between above-mentioned application software, for application software communicating pair creates corresponding forms, utilize the uniqueness that forms identify, by obtaining thread correlated identities information, and then get the true body creating communication object forms, checking creates the identity of the true body of forms, realize the safety verification to communication object software and identification, can guarantee accurately to know the identity with this application software communication the other side, then utilize and carry out Message Transmission by the forms of checking, without the need to the access by backstage, avoid being intercepted and captured risk by third party, improve the security of communication.
Accompanying drawing explanation
Fig. 1 is the interprocess communication auth method process flow diagram of an embodiment;
Fig. 2 is the sequential chart of an interprocess communication auth method application example;
Fig. 3 is the interprocess communication authentication system structural representation of an embodiment;
Fig. 4 is the first threading models acquisition module structural representation of an embodiment;
Fig. 5 be an embodiment application software between communication means process flow diagram;
Fig. 6 is the sequential chart of an interprocess communication auth method application example;
Fig. 7 be an embodiment application software between communication system architecture schematic diagram;
Fig. 8 is the first threading models acquisition module structural representation of an embodiment;
Fig. 9 is the module map of a computer system that can realize the embodiment of the present invention.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
Shown in figure 1, Fig. 1 is the interprocess communication auth method process flow diagram of an embodiment, comprises the steps:
Step S101, creates the first message sink forms of this process, and wherein, described first message sink forms are used for communicating with the second message sink forms of communication object process.
In this step, the message sink forms that communicate are carried out for this process creation is used for communicating pair, here under can adopting windows system, WM_COPYDATA message is as the communication mode between message procedure, realizes this process and communicates with the message sink forms of communication object process.
Step S102, the communication connection request of obtaining communication object process, wherein, described communication connection request comprises the forms handle of the second message sink forms.
In this step, belong to the process of establishing a communications link, can be received the request of forms handle on the second message sink forms band by this process, forms handle is a kind of forms mark that operating system generates, and has uniqueness.The message sink forms that another has corresponding forms handle can not be created in operating system.
Step S103, according to the thread identification (i.e. Thread Id) of described forms handle acquiring second message sink forms, and obtains the threading models creating the second message sink forms in system process according to described thread identification.
In this step, the characteristic of the uniqueness utilizing forms to identify, by the thread identification of forms handle acquiring second message sink forms, by obtaining thread correlated identities information, and then get the corresponding threading models creating the message sink forms of communication object process in system process, namely create the true body carrying out the message sink forms communicated with this process.
For the thread identification according to forms handle acquiring message sink forms, the thread identification at message sink forms place can be obtained by the corresponding API of operating system (ApplicationProgrammingInterface, application programming interface).
Such as, in windows system, directly supported by system API, internal system safeguards one from handle to the mapping table of its thread identification and process identification (PID), and its API is as follows:
The thread identification at DWORDGetWindowThreadProcessId//return forms handle place
HWNDhWnd, // import forms handle into
The process identification (PID) at this handle place of LPDWORDlpdwProcessId//spread out of;
The thread identification at forms place just directly can be obtained by the above-mentioned API calling windows system.
In one embodiment, for the process obtaining the threading models of establishment second message sink forms according to thread identification of step S103, can comprise the steps:
A () is according to the thread handle of described thread identification inquiry thread information acquisition its respective thread.
Thread handle is the mark that a thread information is corresponding, can inquire relevant thread information or operation thread by thread handle.
In windows system, its API is as follows:
HANDLEOpenThread//return thread handle
_ _ inDWORDdwDesiredAccess, // (indicate the operating right obtaining thread handle, be THREAD_QUERY_INFORMATION herein, namely for inquiring about the relevant information of thread)
_ _ inBOOLbInheritHandle, // ignore, be logical value FALSE herein
_ _ inDWORDdwThreadId//import thread identification into;
Just can be inquired the thread handle of its respective thread by the above-mentioned API calling windows system, be the handle getting thread with search access right herein, because search access right is in an operating system a lower authority, therefore general all can not be failed.
B () corresponds to the start address of the threading models in process by thread described in described thread handle acquiring, and obtain the module handle of threading models according to described start address.
Here be the start address being carried out acquisition module by thread handle, then get module handle according to start address.
In windows system, for the method for the start address of acquisition module, realize at the function that can be provided by ntdll, the API that ntdll provides is " NtQueryInformationThread ", and its function prototype is as follows:
NTSTATUS(WINAPI*NTQUERYINFORMATIONTHREAD
HANDLEThreadHandle, // thread handle
ULONGThreadInformationClass, // (indicate the start address of inquiry thread, import ThreadQuerySetWin32StartAddress into)
PVOIDThreadInformation, // return the initial address message (IAM) of thread
ULONGThreadInformationLength, // the length of ThreadInfomation imported into
PULONGReturnLength, // the length that returns)
Thread handle can be got by above-mentioned API and correspond to module start address in windows system process.
After getting module start address, carried out the handle of acquisition module by the start address in the process of threading models place, module handle and unique identification threading models, threading models can be operated by module handle, obtain threading models information etc., in windows system, its API is as follows:
BOOLGetModuleHandleExW(
DWORDdwFlags,
// (value is GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, indicates by start address acquisition module handle)
LPCWSTRlpModuleName, // (importing start address into)
HMODULE*phModule) // module handle of returning
Just acquisition module handle can be carried out according to the start address of threading models by the above-mentioned API calling windows system.
C () determines the path at described threading models place according to described module handle, and obtain the threading models of establishment second message sink forms according to described path.
After taking module handle, just can be got the path at threading models place by module handle, in windows system, directly be supported by API, its API is as follows:
DWORDGetModuleFileNameW
HMODULEhModule, // afferent module handle
LPWSTRlpFilename, // return to the path at threading models place
The size in DWORDnSize//path;
Just according to the path at threading models place, the threading models of establishment second message sink forms can be determined by the above-mentioned API calling windows system.
Finally complete the acquisition from forms handle to threading models path, forms handle place by above-mentioned steps, determine the threading models of establishment second message sink forms.
Step S104, verifies the identity of described communication object process according to described threading models.
In this step, the identity of the true body creating message sink forms is verified according to the threading models got, realize the safety verification to communication object process and identification, can guarantee accurately to know the identity with this process communication the other side, the safety and reliability of authentication when improve interprocess communication.
In one embodiment, the proof procedure of step S104, can comprise the steps:
Digital signature check is carried out to described threading models, determines the identity of described communication object process according to the signing messages of inspection.
Above-described embodiment, carrys out the safety identification of identity between implementation process, further increases the safety and reliability of authentication in conjunction with digital signature technology.
The technical scheme of comprehensive the various embodiments described above, first process communication both sides create corresponding message sink forms, utilize the uniqueness that forms identify, from forms handle acquiring to thread identification, thread handle is got by thread identification, again by the path of thread handle acquiring to threading models, thus determine the threading models of establishment second message sink forms, find the true body creating communication object forms exactly, further can also in conjunction with digital signature verification technology, checking creates the identity of the true body of forms, realize the safety verification to communication object process and identification, can guarantee accurately to know the identity with this process communication the other side, the safety and reliability of authentication when improve interprocess communication.
In order to more clear technical scheme of the present invention, set forth interprocess communication auth method application example below in conjunction with accompanying drawing.
Shown in figure 2, Fig. 2 is the sequential chart of an interprocess communication auth method application example, be realize the authentication process itself between this process (in figure the first process) and communication object process (in figure the second process), comprise the steps:
(1) first process creation first message sink forms;
(2) second process creation second message sink forms;
In (3) second process transmit band, the request of forms handle connects message to the first process;
(4) first processes by forms handle acquiring thread identification, and determine the threading models of establishment second message sink forms by thread identification;
The digital signature of (5) first Process Checks threading models, verifies the identity of the second process.
Shown in figure 3, Fig. 3 is the interprocess communication authentication system structural representation of an embodiment, comprising: the first forms creation module 101, first connection request acquisition module 102, first threading models acquisition module 103 and the first object identity authentication module 104.
Described first forms creation module 101, for creating the first message sink forms of this process, wherein, described first message sink forms are used for communicating with the second message sink forms of communication object process.
Described first connection request acquisition module 102, for the communication connection request of obtaining communication object process, wherein, described communication connection request comprises the forms handle of the second message sink forms.
Described first threading models acquisition module 103, for the thread identification according to described forms handle acquiring second message sink forms, and obtains the threading models creating the second message sink forms in system process according to described thread identification.
In one embodiment, shown in figure 4, Fig. 4 is the first threading models acquisition module 103 structural representation of an embodiment, and described first threading models acquisition module 103 may further include:
First thread marks acquiring unit 1031, for the thread identification according to described forms handle acquiring second message sink forms;
First thread handle acquiring unit 1032, for the thread handle according to described thread identification inquiry thread information acquisition its respective thread;
First module handle acquiring unit 1033, for being corresponded to the start address of the threading models in process by thread described in described thread handle acquiring, and obtains the module handle of threading models according to described start address;
First threading models acquiring unit 1034, for determining the path at described threading models place according to described module handle, and obtains the threading models of establishment second message sink forms according to described path.
Described first object identity authentication module 104, for verifying the identity of described communication object process according to described threading models.
In one embodiment, described first object identity authentication module 104, is further used for carrying out digital signature check to described threading models, determines the identity of described communication object process according to the signing messages of inspection.
Interprocess communication authentication system of the present invention and interprocess communication auth method one_to_one corresponding of the present invention, the technical characteristic of setting forth in the embodiment of above-mentioned interprocess communication auth method and beneficial effect thereof are all applicable to, in the embodiment of interprocess communication authentication system, hereby state.
Shown in figure 5, Fig. 5 be an embodiment application software between communication means process flow diagram, comprise the steps:
Step S201, creates the first message sink forms of this application software, and wherein, described first message sink forms are used for communicating with the second message sink forms of communication object software.
In this step, the message sink forms that communicate are carried out for this application software creation is used for communicating pair, here under can adopting windows system, WM_COPYDATA message is as the communication mode between message procedure, realizes this application software and communicates with the message sink forms of communication object software.
In one embodiment, the process of step S201 can also comprise the steps:
In described communication object software, inject the process of this application software, and by the digital signature of described this communication object of communication object software test software, after upchecking, create the second message sink forms of communication object software.
The scheme of above-described embodiment, by injecting the process of this application software in communication object software, and in conjunction with digital signature verification technology, create the corresponding second message sink forms of communication object software after checking again, improve the safety and reliability of communicating pair authentication.
Step S202, the communication connection request of obtaining communication project software, wherein, described communication connection request comprises the forms handle of the second message sink forms.
In this step, belong to the process of establishing a communications link, can by the request of forms handle on this application software receipt second message sink forms band, forms handle is a kind of forms mark that operating system generates, and has uniqueness.The message sink forms that another has corresponding forms handle can not be created in operating system.
Step S203, according to the thread identification of described forms handle acquiring second message sink forms, and obtains the threading models creating the second message sink forms in system process according to described thread identification.
In this step, the characteristic of the uniqueness utilizing forms to identify, by the thread identification of forms handle acquiring second message sink forms, by obtaining thread correlated identities information, and then get the corresponding threading models creating the message sink forms of communication object software in system process, namely create the true body carrying out the message sink forms communicated with this process.
For the thread identification according to forms handle acquiring message sink forms, the thread identification at message sink forms place can be obtained by the corresponding API of operating system (ApplicationProgrammingInterface, application programming interface).
Such as, in windows system, directly supported by system API, internal system safeguards one from handle to the mapping table of its thread identification and process identification (PID), and its API is as follows:
The thread identification at DWORDGetWindowThreadProcessId//return forms handle place
HWNDhWnd, // import forms handle into
The process identification (PID) at this handle place of LPDWORDlpdwProcessId//spread out of;
The thread identification at forms place just directly can be obtained by the above-mentioned API calling windows system.
In one embodiment, for the process obtaining the threading models of establishment second message sink forms according to thread identification of step S103, can comprise the steps:
A () is according to the thread handle of described thread identification inquiry thread information acquisition its respective thread.
Thread handle is the mark that a thread information is corresponding, can inquire relevant thread information or operation thread by thread handle.
In windows system, its API is as follows:
HANDLEOpenThread//return thread handle
_ _ inDWORDdwDesiredAccess, // (indicate the operating right obtaining thread handle, be THREAD_QUERY_INFORMATION herein, namely for inquiring about the relevant information of thread)
_ _ inBOOLbInheritHandle, // ignore, be logical value FALSE herein
_ _ inDWORDdwThreadId//import thread identification into;
Just can be inquired the thread handle of its respective thread by the above-mentioned API calling windows system, be the handle getting thread with search access right herein, because search access right is in an operating system a lower authority, therefore general all can not be failed.
B () corresponds to the start address of the threading models in process by thread described in described thread handle acquiring, and obtain the module handle of threading models according to described start address.
Here be the start address being carried out acquisition module by thread handle, then get module handle according to start address.
In windows system, for the method for the start address of acquisition module, realize at the function that can be provided by ntdll, the API that ntdll provides is " NtQueryInformationThread ", and its function prototype is as follows:
NTSTATUS(WINAPI*NTQUERYINFORMATIONTHREAD
HANDLEThreadHandle, // thread handle
ULONGThreadInformationClass, // (indicate the start address of inquiry thread, import ThreadQuerySetWin32StartAddress into)
PVOIDThreadInformation, // return the initial address message (IAM) of thread
ULONGThreadInformationLength, // the length of ThreadInfomation imported into
PULONGReturnLength, // the length that returns)
Thread handle can be got by above-mentioned API and correspond to module start address in windows system process.
After getting module start address, carried out the handle of acquisition module by the start address in the process of threading models place, module handle and unique identification threading models, threading models can be operated by module handle, obtain threading models information etc., in windows system, its API is as follows:
BOOLGetModuleHandleExW(
DWORDdwFlags,
// (value is GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS, indicates by start address acquisition module handle)
LPCWSTRlpModuleName, // (importing start address into)
HMODULE*phModule) // module handle of returning
Just acquisition module handle can be carried out according to the start address of threading models by the above-mentioned API calling windows system.
C () determines the path at described threading models place according to described module handle, and obtain the threading models of establishment second message sink forms according to described path.
After taking module handle, just can be got the path at threading models place by module handle, in windows system, directly be supported by API, its API is as follows:
DWORDGetModuleFileNameW
HMODULEhModule, // afferent module handle
LPWSTRlpFilename, // return to the path at threading models place
The size in DWORDnSize//path;
Just according to the path at threading models place, the threading models of establishment second message sink forms can be determined by the above-mentioned API calling windows system.
Finally complete the acquisition from forms handle to threading models path, forms handle place by above-mentioned steps, determine the threading models of establishment second message sink forms.
Step S204, verifies the identity of described communication object software according to described threading models.
In this step, the identity of the true body creating message sink forms is verified according to the threading models got, realize the safety verification to communication object software and identification, can guarantee accurately to know the identity with this application software communication the other side, improve safety and reliability when communicating between application software.
In one embodiment, the proof procedure of step S104, can comprise the steps:
Digital signature check is carried out to described threading models, determines the identity of described communication object software according to the signing messages of inspection.
Above-described embodiment, when realizing communicating between application software in conjunction with digital signature technology, the safety identification of identity, further increases by the safety and reliability in process, avoids the risk that the communication information is intercepted and captured by third party.
Step S205, utilizes described first message sink forms and the second message sink forms to carry out information transmission after being verified.
In this step, mainly after being verified, the message sink forms of application software both sides are utilized mutually to transmit.
In one embodiment, step S205 information exchanging process, can comprise the steps:
Be verified the rear communication port set up between described first message sink forms and the second message sink forms; Utilize the first message sink forms and send message according to the forms handle of the second message sink forms, and receiving the information of the second message sink forms transmission.
For communication means between application software of the present invention, mentioned application software can comprise Instant Messenger (IM) software, input method software etc.
The communication plan of comprehensive the various embodiments described above, when communicating between two methods software, wireless backstage is carried out alternately, directly can set up the communication port of the safety between two methods software, the checking of communication object is carried out in conjunction with digital signature verification technology, improve communications security and reliability, also save the cost of background service simultaneously.
Such as, as the QQ Games Software of a dark popular gaming platform, when providing service for user, on QQ software, user can invite good friend to attend a game, and good friend clicks corresponding invitation pull-up game services, and the game progress of good friend can be shared between QQ software and QQ are played, adopt technical scheme of the present invention, when communicating between application software, can directly set up QQ software and QQ play between escape way, realize efficient quick, safe and reliable communication service.
And for example, in QQ software, QQ expression information is the chatting facial expression that user often uses, and has very high user's liveness, is a kind of usual way that user expresses oneself speech and emotion.The basic input tool that input method software is chatted as user, in actual use, if both need some information synchronous to be, QQ expression information described above, then can by technical scheme of the present invention, by setting up the escape way between QQ software and input method software, thus can efficient quick, safely and reliably the QQ expression information in QQ software is synchronized in input method software, thus better apply experience for user provides.
In order to more clear technical scheme of the present invention, below in conjunction with communication means application example between application software between accompanying drawing elaboration process.
Shown in figure 6, Fig. 6 is the sequential chart of an interprocess communication auth method application example, this application example be with QQ software with carry out synchronously illustrating of QQ expression information between input method software; Specifically comprise the steps:
(1) QQ software creation first message sink forms;
(2) input method software injects the process of QQ software;
(3) digital signature of input method software inspection QQ software, confirms the security of QQ software;
(4) input method software creates the second message sink forms;
(5) input method software transmits request link information to QQ, brings the forms handle of the second message sink forms;
(6) QQ software is by the thread identification at its place of forms handle acquiring, then obtains the threading models of establishment second message sink forms by thread identification;
(7) digital signature of QQ software test threading models;
(8) after QQ software test passes through, QQ software QQ expression information synchronous with the message sink forms of the forms handle of checking.
In above-mentioned application example, because forms handle has the title (generally with two character string identifications) of a mark, this title can be specified by client.Such as, the forms handle of QQ software can represent with " QQWnd " & & " ReceiverMsg ".Here QQ software and input method software first can appoint title, and namely the title of the forms handle of QQ software creation is fixing, and input method software just can find the forms handle of QQ software by this title.
Shown in figure 7, Fig. 7 be an embodiment application software between communication system architecture schematic diagram, comprising: the second forms creation module 201, second connection request acquisition module 202, second threading models acquisition module 203, second object identity authentication module 204 and information transfer module 205.
Described second forms creation module 201, for creating the first message sink forms of this application software, wherein, described first message sink forms are used for communicating with the second message sink forms of communication object software.
In one embodiment, described second forms creation module 201, also for injecting the process of this application software in described communication object software, and by the digital signature of described this communication object of communication object software test software, after upchecking, create the second message sink forms of communication object software.
Described second connection request acquisition module 202, for the communication connection request of obtaining communication project software, wherein, described communication connection request comprises the forms handle of the second message sink forms.
Described second threading models acquisition module 203, for the thread identification according to described forms handle acquiring second message sink forms, and obtains the threading models creating the second message sink forms in system process according to described thread identification.
In one embodiment, shown in figure 8, Fig. 8 is the second threading models acquisition module 203 structural representation of an embodiment, and described second threading models acquisition module 203 may further include:
Second thread marks acquiring unit 2031, for the thread identification according to described forms handle acquiring second message sink forms;
Second thread handle acquiring unit 2032, for the thread handle according to described thread identification inquiry thread information acquisition its respective thread;
Second module handle acquiring unit 2033, for being corresponded to the start address of the threading models in process by thread described in described thread handle acquiring, and obtains the module handle of threading models according to described start address;
Second threading models acquiring unit 2034, for determining the path at described threading models place according to described module handle, and obtains the threading models of establishment second message sink forms according to described path.
Described second object identity authentication module 204, for verifying the identity of described communication object software according to described threading models.
In one embodiment, described second object identity authentication module 204, is further used for carrying out digital signature check to described threading models, determines the identity of described communication object software according to the signing messages of inspection.
Described information transfer module 205, utilizes described first message sink forms and the second message sink forms to carry out information transmission after being verified.
In one embodiment, described information transfer module 205, is further used for being verified the rear communication port set up between described first message sink forms and the second message sink forms; Utilize the first message sink forms and send message according to the forms handle of the second message sink forms, and receiving the information of the second message sink forms transmission.
As an embodiment, the application software between application software of the present invention in communication system, can comprise Instant Messenger (IM) software (as QQ software), input method software (as search dog input method) etc.
Communication means one_to_one corresponding between communication system and application software of the present invention between application software of the present invention, the technical characteristic that the embodiment of communication means is set forth between above-mentioned application software and beneficial effect thereof are all applicable to, in the embodiment of communication system between application software, hereby state.
One of ordinary skill in the art will appreciate that all or part of flow process realized in above-described embodiment method, that the hardware that can carry out instruction relevant by computer program has come, described program can be stored in a computer read/write memory medium, this program, when performing, can comprise the flow process of the embodiment as above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-OnlyMemory, ROM) or random store-memory body (RandomAccessMemory, RAM) etc.
Fig. 9 is the module map of a computer system that can realize the embodiment of the present invention.This computer system 900 is an example being applicable to computer environment of the present invention, can not think to propose any restriction to usable range of the present invention.Computer system 900 can not be interpreted as the combination needing the one or more parts depending on or have in illustrated exemplary computer system 900.
Computer system 900 shown in Fig. 9 is the examples being suitable for computer system of the present invention.Other framework with different sub-systems configuration also can use.
As shown in Figure 9, computer system 900 comprises processor 910, storer 920 and system bus 922.The various system components comprising storer 920 and processor 910 are connected on system bus 922.Processor 910 is the hardware being used for being performed by arithmetic sum logical operation basic in computer system computer program instructions.Storer 920 be one for storing the physical equipment of calculation procedure or data (such as, program state information) temporarily or permanently.System bus 920 can be any one in the bus structure of following several types, comprises memory bus or memory controller, peripheral bus and local bus.Processor 910 and storer 920 can carry out data communication by system bus 922.Wherein storer 920 comprises ROM (read-only memory) (ROM) or flash memory (all not shown in figure), and random access memory (RAM), and RAM typically refers to the primary memory being loaded with operating system and application program.
Computer system 900 also comprises display interface 930 (such as, Graphics Processing Unit), display device 940 (such as, liquid crystal display), audio interface 950 (such as, sound card) and audio frequency apparatus 960 (such as, loudspeaker).Display device 940 and audio frequency apparatus 960 are the media devices for experiencing content of multimedia.
Computer system 900 generally comprises a memory device 970.Memory device 970 can be selected from multiple computer-readable medium, and computer-readable medium refers to any available medium can accessed by computer system 900, that comprise movement and fixing two media.Such as, computer-readable medium includes but not limited to, flash memory (miniature SD card), CD-ROM, digital versatile disc (DVD) or other optical disc storage, tape cassete, tape, disk storage or other magnetic storage apparatus, or can be used for storing information needed and other medium any can accessed by computer system 900.
Computer system 900 also comprises input media 980 and input interface 990 (such as, I/O controller).User can pass through input media 980, and as the touch panel equipment in keyboard, mouse, display device 940, input instruction and information are in computer system 900.Input media 980 is normally connected on system bus 922 by input interface 990, but also can be connected by other interface or bus structure, as USB (universal serial bus) (USB).
Computer system 900 can be carried out logic with one or more network equipment in a network environment and is connected.The network equipment can be PC, server, router, smart phone, panel computer or other common network node.Computer system 900 is connected with the network equipment by LAN (Local Area Network) (LAN) interface 1000 or mobile comm unit 1010.LAN (Local Area Network) (LAN) refers in limited area, such as family, school, computer laboratory or use the office building of the network media, the computer network of interconnected composition.WiFi and twisted-pair feeder wiring Ethernet are two kinds of technology of the most frequently used structure LAN (Local Area Network).WiFi is a kind of technology that can make computer system 900 swapping data or be connected to wireless network by radiowave.Mobile comm unit 1010 can be answered by radio communication diagram while movement and call in a wide geographic area.Except call, mobile comm unit 1010 is also supported in the 2G providing mobile data service, carries out internet access in 3G or 4G cellular communication system.
It should be pointed out that other computer system comprising the subsystem more more or less than computer system 900 also can be applicable to invention.
As described in detail above, being applicable to computer system 900 of the present invention can the assigned operation of communication means between communications identities verification method and application software between executive process.The form of the software instruction that computer system 900 is operated in computer-readable medium by processor 910 performs these operations.These software instructions can be read into storer 920 from memory device 970 or by lan interfaces 1000 from another equipment.The software instruction be stored in storer 920 makes processor 910 perform communication means between above-mentioned interprocess communication auth method and application software.In addition, also the present invention can be realized equally by hardware circuit or hardware circuit in conjunction with software instruction.Therefore, the combination that the present invention is not limited to any specific hardware circuit and software is realized.
The above embodiment only have expressed several embodiment of the present invention, and it describes comparatively concrete and detailed, but therefore can not be interpreted as the restriction to the scope of the claims of the present invention.It should be pointed out that for the person of ordinary skill of the art, without departing from the inventive concept of the premise, can also make some distortion and improvement, these all belong to protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be as the criterion with claims.
Claims (18)
1. an interprocess communication auth method, is characterized in that, comprises the steps:
Create the first message sink forms of this process, wherein, described first message sink forms are used for communicating with the second message sink forms of communication object process;
The communication connection request of obtaining communication object process, wherein, described communication connection request comprises the forms handle of the second message sink forms;
According to the thread identification of described forms handle acquiring second message sink forms, and obtain the threading models creating the second message sink forms in system process according to described thread identification;
The identity of described communication object process is verified according to described threading models.
2. interprocess communication auth method according to claim 1, is characterized in that, obtains the step creating the threading models of the second message sink forms in system process according to described thread identification:
According to the thread handle of described thread identification inquiry thread information acquisition its respective thread;
Corresponded to the start address of the threading models in process by thread described in described thread handle acquiring, and obtain the module handle of threading models according to described start address;
Determine the path at described threading models place according to described module handle, and obtain the threading models of establishment second message sink forms according to described path.
3. interprocess communication auth method according to claim 1, is characterized in that, verifies that the step of the identity of described communication object process comprises according to described threading models:
Digital signature check is carried out to described threading models, determines the identity of described communication object process according to the signing messages of inspection.
4. a communication means between application software, is characterized in that, comprises the steps:
Create the first message sink forms of this application software, wherein, described first message sink forms are used for communicating with the second message sink forms of communication object software;
The communication connection request of obtaining communication project software, wherein, described communication connection request comprises the forms handle of the second message sink forms;
According to the thread identification of described forms handle acquiring second message sink forms, and obtain the threading models creating the second message sink forms in system process according to described thread identification;
The identity of described communication object software is verified according to described threading models;
Described first message sink forms and the second message sink forms are utilized to carry out information transmission after being verified.
5. communication means between application software according to claim 4, is characterized in that, also comprise:
In described communication object software, inject the process of this application software, and by the digital signature of described this communication object of communication object software test software, after upchecking, create the second message sink forms of communication object software.
6. communication means between application software according to claim 4, is characterized in that, obtains the step creating the threading models of the second message sink forms in system process according to described thread identification:
According to the thread handle of described thread identification inquiry thread information acquisition its respective thread;
Corresponded to the start address of the threading models in process by thread described in described thread handle acquiring, and obtain the module handle of threading models according to described start address;
Determine the path at described threading models place according to described module handle, and obtain the threading models of establishment second message sink forms according to described path.
7. communication means between application software according to claim 4, is characterized in that, verifies that the step of the identity of described communication object software comprises according to described threading models:
Digital signature check is carried out to described threading models, determines the identity of described communication object software according to the signing messages of inspection.
8. communication means between application software according to claim 4, is characterized in that, is verified the rear step utilizing described first message sink forms and the second message sink forms to carry out information transmission and comprises:
Be verified the rear communication port set up between described first message sink forms and the second message sink forms;
Utilize the first message sink forms and send message according to the forms handle of the second message sink forms, and receiving the information of the second message sink forms transmission.
9. communication means between the application software according to any one of claim 4 to 8, is characterized in that, described application software comprises Instant Messenger (IM) software, input method software.
10. an interprocess communication authentication system, is characterized in that, comprising:
First forms creation module, for creating the first message sink forms of this process, wherein, described first message sink forms are used for communicating with the second message sink forms of communication object process;
First connection request acquisition module, for the communication connection request of obtaining communication object process, wherein, described communication connection request comprises the forms handle of the second message sink forms;
First threading models acquisition module, for the thread identification according to described forms handle acquiring second message sink forms, and obtains the threading models creating the second message sink forms in system process according to described thread identification;
First object identity authentication module, for verifying the identity of described communication object process according to described threading models.
11. interprocess communication authentication systems according to claim 10, is characterized in that, described first threading models acquisition module comprises:
First thread marks acquiring unit, for the thread identification according to described forms handle acquiring second message sink forms;
First thread handle acquiring unit, for the thread handle according to described thread identification inquiry thread information acquisition its respective thread;
First module handle acquiring unit, for being corresponded to the start address of the threading models in process by thread described in described thread handle acquiring, and obtains the module handle of threading models according to described start address;
First threading models acquiring unit, for determining the path at described threading models place according to described module handle, and obtains the threading models of establishment second message sink forms according to described path.
12. interprocess communication authentication systems according to claim 10, it is characterized in that, described first object identity authentication module, is further used for carrying out digital signature check to described threading models, determines the identity of described communication object process according to the signing messages of inspection.
Communication system between 13. 1 kinds of application software, is characterized in that, comprising:
Second forms creation module, for creating the first message sink forms of this application software, wherein, described first message sink forms are used for communicating with the second message sink forms of communication object software;
Second connection request acquisition module, for the communication connection request of obtaining communication project software, wherein, described communication connection request comprises the forms handle of the second message sink forms;
Second threading models acquisition module, for the thread identification according to described forms handle acquiring second message sink forms, and obtains the threading models creating the second message sink forms in system process according to described thread identification;
Second object identity authentication module, for verifying the identity of described communication object software according to described threading models;
Information transfer module, utilizes described first message sink forms and the second message sink forms to carry out information transmission after being verified.
Communication system between 14. application software according to claim 13, it is characterized in that, described second forms creation module, also for injecting the process of this application software in described communication object software, and by the digital signature of described this communication object of communication object software test software, after upchecking, create the second message sink forms of communication object software.
Communication system between 15. application software according to claim 13, is characterized in that, described second threading models acquisition module comprises:
Second thread marks acquiring unit, for the thread identification according to described forms handle acquiring second message sink forms;
Second thread handle acquiring unit, for the thread handle according to described thread identification inquiry thread information acquisition its respective thread;
Second module handle acquiring unit, for being corresponded to the start address of the threading models in process by thread described in described thread handle acquiring, and obtains the module handle of threading models according to described start address;
Second threading models acquiring unit, for determining the path at described threading models place according to described module handle, and obtains the threading models of establishment second message sink forms according to described path.
Communication system between 16. application software according to claim 13, it is characterized in that, described second object identity authentication module, is further used for carrying out digital signature check to described threading models, determines the identity of described communication object software according to the signing messages of inspection.
Communication system between 17. application software according to claim 13, is characterized in that, described information transfer module, is further used for being verified the rear communication port set up between described first message sink forms and the second message sink forms; Utilize the first message sink forms and send message according to the forms handle of the second message sink forms, and receiving the information of the second message sink forms transmission.
18. according to claim 13 to communication system between the application software described in 17 any one, and it is characterized in that, described application software comprises Instant Messenger (IM) software, input method software.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410400524.XA CN105468462B (en) | 2014-08-14 | 2014-08-14 | Method and system for interprocess communication identity verification and communication between application software |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410400524.XA CN105468462B (en) | 2014-08-14 | 2014-08-14 | Method and system for interprocess communication identity verification and communication between application software |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105468462A true CN105468462A (en) | 2016-04-06 |
| CN105468462B CN105468462B (en) | 2020-11-03 |
Family
ID=55606197
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410400524.XA Active CN105468462B (en) | 2014-08-14 | 2014-08-14 | Method and system for interprocess communication identity verification and communication between application software |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105468462B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107526972A (en) * | 2016-06-21 | 2017-12-29 | 福建省天奕网络科技有限公司 | Big data quantity parameter hides the method and its system transmitted between process |
| CN108347471A (en) * | 2018-01-02 | 2018-07-31 | 武汉斗鱼网络科技有限公司 | Obtain the method, apparatus and system of third party's user information |
| CN109493546A (en) * | 2018-10-30 | 2019-03-19 | 同程网络科技股份有限公司 | A kind of cash method, cash register system and cash device |
| CN110018911A (en) * | 2018-01-09 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Management of process and inter-process communication methods, calculate equipment and storage medium at device |
| CN111736898A (en) * | 2020-06-24 | 2020-10-02 | 广联达科技股份有限公司 | Software window embedding method, system and readable storage medium |
| CN112532561A (en) * | 2019-08-28 | 2021-03-19 | 斑马智行网络(香港)有限公司 | Method, device, system and storage medium for realizing access between devices |
| CN112631802A (en) * | 2019-04-29 | 2021-04-09 | 杭州涂鸦信息技术有限公司 | Inter-thread communication method and related device |
| CN112882886A (en) * | 2019-11-29 | 2021-06-01 | 北京沃东天骏信息技术有限公司 | Software use duration statistical method and device |
| CN114844672A (en) * | 2022-03-22 | 2022-08-02 | 华为技术有限公司 | Application trusted identity confirmation method, management unit and equipment |
| CN116320644A (en) * | 2022-12-23 | 2023-06-23 | 北京奇艺世纪科技有限公司 | Object recommendation method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101425027A (en) * | 2008-11-20 | 2009-05-06 | 上海交通大学 | Virtual machine safety protocol method and system based on TPM |
| US20110271087A1 (en) * | 2010-04-30 | 2011-11-03 | International Business Machines Corporation | Embedding process identification information in a pathname to indicate process status |
| CN103150505A (en) * | 2007-10-15 | 2013-06-12 | 北京瑞星信息技术有限公司 | Method for protecting target process |
| CN103631664A (en) * | 2013-12-09 | 2014-03-12 | 北京奇虎科技有限公司 | Inter-process communication method and device |
| CN103795684A (en) * | 2012-10-26 | 2014-05-14 | 珠海市君天电子科技有限公司 | Method and system for preventing transparent window virus from stealing account password of instant messaging tool |
-
2014
- 2014-08-14 CN CN201410400524.XA patent/CN105468462B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103150505A (en) * | 2007-10-15 | 2013-06-12 | 北京瑞星信息技术有限公司 | Method for protecting target process |
| CN101425027A (en) * | 2008-11-20 | 2009-05-06 | 上海交通大学 | Virtual machine safety protocol method and system based on TPM |
| US20110271087A1 (en) * | 2010-04-30 | 2011-11-03 | International Business Machines Corporation | Embedding process identification information in a pathname to indicate process status |
| CN103795684A (en) * | 2012-10-26 | 2014-05-14 | 珠海市君天电子科技有限公司 | Method and system for preventing transparent window virus from stealing account password of instant messaging tool |
| CN103631664A (en) * | 2013-12-09 | 2014-03-12 | 北京奇虎科技有限公司 | Inter-process communication method and device |
Non-Patent Citations (1)
| Title |
|---|
| 用户"僵哥": ""通过线程ID获得线程的模块名和线程起始地址,该如何做?"", 《CSDN论坛》 * |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107526972A (en) * | 2016-06-21 | 2017-12-29 | 福建省天奕网络科技有限公司 | Big data quantity parameter hides the method and its system transmitted between process |
| CN108347471A (en) * | 2018-01-02 | 2018-07-31 | 武汉斗鱼网络科技有限公司 | Obtain the method, apparatus and system of third party's user information |
| CN110018911A (en) * | 2018-01-09 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Management of process and inter-process communication methods, calculate equipment and storage medium at device |
| CN110018911B (en) * | 2018-01-09 | 2024-01-23 | 斑马智行网络(香港)有限公司 | Process management and inter-process communication method and device, computing equipment and storage medium |
| CN109493546A (en) * | 2018-10-30 | 2019-03-19 | 同程网络科技股份有限公司 | A kind of cash method, cash register system and cash device |
| CN112631802A (en) * | 2019-04-29 | 2021-04-09 | 杭州涂鸦信息技术有限公司 | Inter-thread communication method and related device |
| CN112631802B (en) * | 2019-04-29 | 2024-04-12 | 杭州涂鸦信息技术有限公司 | Inter-thread communication method and related device |
| CN112532561A (en) * | 2019-08-28 | 2021-03-19 | 斑马智行网络(香港)有限公司 | Method, device, system and storage medium for realizing access between devices |
| CN112882886A (en) * | 2019-11-29 | 2021-06-01 | 北京沃东天骏信息技术有限公司 | Software use duration statistical method and device |
| CN111736898A (en) * | 2020-06-24 | 2020-10-02 | 广联达科技股份有限公司 | Software window embedding method, system and readable storage medium |
| CN114844672A (en) * | 2022-03-22 | 2022-08-02 | 华为技术有限公司 | Application trusted identity confirmation method, management unit and equipment |
| CN114844672B (en) * | 2022-03-22 | 2023-08-22 | 华为技术有限公司 | Method, management unit and equipment for confirming application trusted identity |
| CN116320644A (en) * | 2022-12-23 | 2023-06-23 | 北京奇艺世纪科技有限公司 | Object recommendation method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105468462B (en) | 2020-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105468462A (en) | Inter-process communication authentication method and system as well as inter-application communication method and system | |
| US9979497B2 (en) | Audio playing method and apparatus based on Bluetooth connection | |
| CN110365491B (en) | Service processing method, device, equipment, storage medium and data sharing system | |
| CN109068179B (en) | Multi-platform live broadcast method, computer device and computer readable storage medium | |
| CN110351269B (en) | Method for logging in open platform through third-party server | |
| CN111066284B (en) | Service certificate management method, terminal and server | |
| CN108632253B (en) | Client data security access method and device based on mobile terminal | |
| KR101577920B1 (en) | Location-based group generation method, apparatus and system | |
| CN105282088A (en) | Method and system for controlling verification server and method and system for controlling verification | |
| CN104767713B (en) | Account binding method, server and system | |
| US11238148B2 (en) | Location-based, context-aware challenge-response authentication | |
| CN104753677A (en) | Password hierarchical control method and system | |
| US10673931B2 (en) | Synchronizing method, terminal, and server | |
| CN104735657B (en) | Security terminal verification method, wireless access point binding method, apparatus and system | |
| CN105022939B (en) | Information Authentication method and device | |
| CN104796391A (en) | Check-in verification method, check-in verification client, server, system and device | |
| CN109413096A (en) | A kind of login method and device more applied | |
| CN112822161B (en) | Method and equipment for realizing conference message synchronization | |
| CN111404695B (en) | Token request verification method and device | |
| EP3008876B1 (en) | Roaming internet-accessible application state across trusted and untrusted platforms | |
| CN106254328B (en) | A kind of access control method and device | |
| CN104866282B (en) | A kind of method and electronic equipment of control electronics | |
| CN108111374A (en) | Method, apparatus, equipment and the computer storage media of synchronizer list | |
| US20230063417A1 (en) | System and method for forwarding authentication requests to a nearby authenticator | |
| CN115801299B (en) | Meta universe identity authentication method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |