CN106599676A - Trusted process identification method and device - Google Patents
Trusted process identification method and device Download PDFInfo
- Publication number
- CN106599676A CN106599676A CN201611200774.4A CN201611200774A CN106599676A CN 106599676 A CN106599676 A CN 106599676A CN 201611200774 A CN201611200774 A CN 201611200774A CN 106599676 A CN106599676 A CN 106599676A
- Authority
- CN
- China
- Prior art keywords
- trusted
- default
- certificates
- checking
- program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 442
- 230000008569 process Effects 0.000 title claims abstract description 391
- 238000004886 process control Methods 0.000 claims description 26
- 230000005540 biological transmission Effects 0.000 claims description 2
- 238000012795 verification Methods 0.000 abstract 3
- 238000004891 communication Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 8
- 238000012369 In process control Methods 0.000 description 5
- 238000010965 in-process control Methods 0.000 description 5
- 230000005236 sound signal Effects 0.000 description 4
- 238000000429 assembly Methods 0.000 description 3
- 230000000712 assembly Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 230000001133 acceleration Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- KLDZYURQCUYZBL-UHFFFAOYSA-N 2-[3-[(2-hydroxyphenyl)methylideneamino]propyliminomethyl]phenol Chemical compound OC1=CC=CC=C1C=NCCCN=CC1=CC=CC=C1O KLDZYURQCUYZBL-UHFFFAOYSA-N 0.000 description 1
- 206010068052 Mosaicism Diseases 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000007795 chemical reaction product Substances 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 201000001098 delayed sleep phase syndrome Diseases 0.000 description 1
- 208000033921 delayed sleep phase type circadian rhythm sleep disease Diseases 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 230000008595 infiltration Effects 0.000 description 1
- 238000001764 infiltration Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000011900 installation process Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 210000003765 sex chromosome Anatomy 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Abstract
The disclosure relates to a trusted process identification method and a device, wherein the method comprises the steps of configuring a locked trusted certificate associated with a preset process in a certificate library; receiving a verification request for verifying whether a preset process is a trusted process, and responding to the verification request to inquire whether a trusted certificate associated with the preset process exists in the certificate bank; after inquiring that the creditable certificate associated with the preset process exists in the certificate bank, verifying the preset process according to the creditable certificate; and when the preset process passes the verification of the trusted certificate, determining that the preset process is a trusted process. The method can improve the safety and stability of the system.
Description
Technical field
It relates to Internet technical field, can in particular to a kind of trusted process recognition methods and one kind
Letter progress recognizing device.
Background technology
With developing rapidly for integrated circuit technique and communication network technology, mobile terminal gradually has powerful place
Reason ability and communication function.At present, mobile terminal is changed into an integrated information processing platform from simple call instrument, into
For infiltration extensively, popularization is rapid, it is huge to affect, deeply to the end product of human society life every aspect.
In above-mentioned mobile terminal, safety certification is also very important.For example, linux system binary signature technology is
A kind of means for preventing illegal program or code from running, its basic skills is exactly to operation program or code addend word label itself
Name, before this section of journey logic bomb of system operation, verifies that whether legal its signature is next through the calculating of certificate (public key)
Decide whether the chance for giving operation.
But, because operating system itself is all issued in advance, thus be not aware that will run within the system it is many
Few program.Because each program will have respective signature, therefore how operating system is that all of program is preset all of
Certificate can be verified in systems legitimacy just into problem so as to the program operation in the future.
It should be noted that information is only used for strengthening the reason of background of this disclosure disclosed in above-mentioned background section
Solution, therefore can include not constituting the information to prior art known to persons of ordinary skill in the art.
The content of the invention
The purpose of the disclosure is to provide a kind of trusted process recognition methods and a kind of trusted process identifying device, and then
Restriction and the defect due to correlation technique is at least overcome to a certain extent and caused one or more problem.
According to an aspect of this disclosure, there is provided a kind of trusted process recognition methods, including:
The locked trusted certificates with default process context are configured in certificate repository;
Whether receive the default process of a checking is the checking request of trusted process, and responds the checking request inquiry institute
State in certificate repository with the presence or absence of the trusted certificates with the default process context;
After there are the trusted certificates with the default process context in the certificate repository is inquired, according to the credible card
Book is verified to the default process;
When the default process is judged by the checking of the trusted certificates, determine the default process for it is credible enter
Journey.
In a kind of exemplary embodiment of the disclosure, checking of the default process by the trusted certificates is being judged
When also include:
In the process control block (PCB) of the default process by the default Processes Tag be trusted process.
In a kind of exemplary embodiment of the disclosure, the trusted process recognition methods also includes:
Receive process is preset described in the checking one of user side transmission be whether trusted process checking request;
Respond the checking request and inquire about in the process control block (PCB) with the presence or absence of with the default process context can
Letter Processes Tag;
When there is the trusted process mark with the default process context in inquiring the process control block (PCB), institute is determined
Default process is stated for trusted process.
According to an aspect of this disclosure, there is provided a kind of program installation method, including:
Trusted process recognition methods according to above-mentioned any one determines that the program associated with program to be installed is installed
Whether service processes are trusted process;
When it is determined that described program installation service processes are trusted process, service processes are installed by described program and continues to pacify
Fill the program to be installed.
According to an aspect of this disclosure, there is provided a kind of decryption method, including:
Trusted process recognition methods according to above-mentioned any one determines what is associated with non-security system to be decrypted
Whether private key is trusted process using service processes;
When it is determined that the private key is trusted process using service processes, service processes are used by private key by the private key
It is sent to the non-security system to decrypt the non-security system.
According to an aspect of this disclosure, there is provided a kind of trusted process identifying device, including:
Trusted certificates configuration module:For configuring the locked trusted certificates with default process context in certificate repository;
Trusted certificates enquiry module:For receive the default process of a checking be whether trusted process checking request, and
Respond the checking request to inquire about in the certificate repository with the presence or absence of the trusted certificates with the default process context;
Default process authentication module:It is credible with the default process context for existing in the certificate repository is inquired
After certificate, the default process is verified according to the trusted certificates;
First trusted process determining module:For when the default process is judged by the checking of the trusted certificates,
Determine that the default process is trusted process.
In a kind of exemplary embodiment of the disclosure, checking of the default process by the trusted certificates is being judged
When also include:
In the process control block (PCB) of the default process by the default Processes Tag be trusted process.
In a kind of exemplary embodiment of the disclosure, the trusted process identifying device also includes:
Checking request receiver module:Whether it is credible for receive default process described in the checking one that a user side sends
The checking request of process;
Trusted process tag query module:Whether deposit for responding the checking request and inquiring about in the process control block (PCB)
Mark in the trusted process with the default process context;
Second trusted process determining module:Close with the default process for existing in the process control block (PCB) is inquired
When the trusted process of connection is marked, determine that the default process is trusted process.
According to an aspect of this disclosure, there is provided a kind of program erecting device, including:
Program installation service progress recognizing module:It is true for the trusted process identifying device according to above-mentioned any one
Whether the fixed program installation service process associated with program to be installed is trusted process;
Program installs module:For when it is determined that described program installation service processes are trusted process, by described
Program installation service process continues to install the program to be installed.
According to an aspect of this disclosure, there is provided one kind decryption device, including:
Private key uses service processes identification module:It is true for the trusted process identifying device according to above-mentioned any one
Whether the fixed private key associated with non-security system to be decrypted is trusted process using service processes;
Non-security system deciphering module:For when it is determined that the private key is trusted process using service processes, by institute
State private key private key is sent to into the non-security system using service processes and decrypt the non-security system.
According to an aspect of this disclosure, there is provided a kind of mobile terminal, including:
Processor;And
Memory, for storing the executable instruction of the processor;
Wherein described processor is configured to perform following operation via the executable instruction is performed:
The locked trusted certificates with default process context are configured in certificate repository;
Whether receive the default process of a checking is the checking request of trusted process, and responds the checking request inquiry institute
State in certificate repository with the presence or absence of the trusted certificates with the default process context;
After there are the trusted certificates with the default process context in the certificate repository is inquired, according to the credible card
Book is verified to the default process;
When the default process is judged by the checking of the trusted certificates, determine the default process for it is credible enter
Journey.
A kind of trusted process recognition methods of the disclosure and device, by configuring the quilt with default process context in certificate repository
The trusted certificates of locking;Then default process is verified according to trusted certificates;Judging the default process by described
During the checking of trusted certificates, determine that the default process is trusted process;On the one hand, it is locked by the configuration one in certificate repository
Trusted certificates so that trusted certificates can not be illegally modified and delete, it is ensured that trusted certificates it is effective;The opposing party
Face, by the way that the trusted certificates of default process context are pre-configured in certificate repository so that default process upon execution, Ke Yixian
Verified, due to ensure that the security of default process, thus the security for relying on other processes of the default process is also obtained
Guarantee is arrived, and then ensure that the security of whole system, stablizing for system has been improve, while improving Consumer's Experience.
A kind of trusted process recognition methods of the disclosure and device, by presetting in the process control block (PCB) of default process
Processes Tag is trusted process so that when next time default process needs checking, and this mark is directly read in process control block (PCB)
Note, improves the efficiency of checking, saves time cost.
It should be appreciated that the general description of the above and detailed description hereinafter are only exemplary and explanatory, not
The disclosure can be limited.
Description of the drawings
Accompanying drawing herein is merged in specification and constitutes the part of this specification, shows the enforcement for meeting the disclosure
Example, and be used to explain the principle of the disclosure together with specification.It should be evident that drawings in the following description are only the disclosure
Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can be with basis
These accompanying drawings obtain other accompanying drawings.
Fig. 1 schematically shows a kind of flow chart of trusted process recognition methods.
Fig. 2 schematically shows the flow chart of another kind of trusted process recognition methods.
Fig. 3 schematically shows a kind of flow chart of program installation method.
Fig. 4 schematically shows a kind of flow chart of decryption method.
Fig. 5 schematically shows a kind of block diagram of trusted process identifying device.
Fig. 6 schematically shows a kind of using above-mentioned trusted process recognition methods or the mobile terminal of trusted process identifying device
Structured flowchart.
Specific embodiment
Example embodiment is described more fully with referring now to accompanying drawing.However, example embodiment can be with various shapes
Formula is implemented, and is not understood as limited to example set forth herein;Conversely, thesing embodiments are provided so that the disclosure will more
Fully and completely, and by the design of example embodiment those skilled in the art is comprehensively conveyed to.Described feature, knot
Structure or characteristic can be combined in any suitable manner in one or more embodiments.In the following description, there is provided perhaps
Many details are so as to providing fully understanding for embodiment of this disclosure.It will be appreciated, however, by one skilled in the art that can
Omit one or more in the specific detail to put into practice the technical scheme of the disclosure, or other sides can be adopted
Method, constituent element, device, step etc..In other cases, be not shown in detail or describe known solution a presumptuous guest usurps the role of the host avoiding and
So that each side of the disclosure thickens.
Additionally, accompanying drawing is only the schematic illustrations of the disclosure, it is not necessarily drawn to scale.Identical accompanying drawing mark in figure
Note represents same or similar part, thus will omit repetition thereof.Some block diagrams shown in accompanying drawing are work(
Energy entity, not necessarily must be corresponding with physically or logically independent entity.These work(can be realized using software form
Energy entity, or these functional entitys are realized in one or more hardware modules or integrated circuit, or at heterogeneous networks and/or place
These functional entitys are realized in reason device device and/or microcontroller device.
In a kind of technical scheme, solution operating system cannot be the preset all of certificate of all of program in the future should
Program operation can be verified in systems the method for legal sex chromosome mosaicism can include certificate preset in dynamic update system, work as journey
Sequence is added to the legal certificate of the program in the certificate repository of system again when installing, and can be had by system when program is really run
What is imitated is verified.
In program installation process, program installation service process is responsible for the installation of all programs, and checking in installation process is used
Whether the certificate of family program is legal, if legal, just user certificate is added dynamically in the certificate repository of inner nuclear layer;If user
Program is unloaded, and same program installation service also will be responsible for deleting the corresponding certificate in certificate repository.But, program installation service
Process is also User space program and can not be in the certificate update of oneself to certificate repository;Therefore, program installation service process sheet
How the operation of body verifies signature just into problem.
Based on provide firstly a kind of trusted process recognition methods in Similar Problems, this example embodiment.With reference to Fig. 1 institutes
Show, the trusted process recognition methods may comprise steps of:
Step S110. configures the locked trusted certificates with default process context in certificate repository.
Whether what step S120. received the default process of a checking is the checking request of trusted process, and responds the checking
With the presence or absence of the trusted certificates with the default process context in certificate repository described in requesting query.
Step S130. exists after the trusted certificates with the default process context in the certificate repository is inquired, according to
The trusted certificates are verified to the default process.
Step S140. determines the default process when the default process is judged by the checking of the trusted certificates
For trusted process.
Above-mentioned trusted process recognition methods, on the one hand, by the locked trusted certificates of the configuration one in certificate repository so that
Trusted certificates can not be illegally modified and delete, it is ensured that trusted certificates it is effective;On the other hand, by by default process
The trusted certificates of association are pre-configured in certificate repository so that default process upon execution, can be verified first, due to ensureing
The security of default process, thus the security for relying on other processes of the default process is also guaranteed, and then ensure
The security of whole system, improves stablizing for system, while improving Consumer's Experience.
Below, each step of trusted process recognition methods in this example embodiment will be described in detail.
In step s 110, the locked trusted certificates with default process context are configured in certificate repository.
In this example embodiment, trusted certificates for example can be the public key with default process context;Trusted certificates
Quantity can include one can also include it is multiple, can specifically adjust according to actual needs, this example embodiment to this not
Make specifically limited;Locked trusted certificates can for example be defined as the credible card that can not be tampered and can not be removed
Book;In this example, in advance in the certificate repository of inner nuclear layer configuration at least one can not be tampered simultaneously with default process context
And the trusted certificates that can not be removed (mode of configuration for example can be included trusted certificates by way of uploading or be newly-increased
In being stored in above-mentioned certificate repository), the accuracy rate of trusted certificates in system is increased, while improving the security of system and stablizing
Property.Above-mentioned default process can for example include the program installation service process of a certain software to be installed or a certain to be decrypted non-
The private key of security system association uses service processes etc., the process higher for level of security, by presetting in certificate repository
Trusted certificates, greatly increased the overall security performance of system.Additionally, in other exemplary embodiments of the disclosure,
Other definition can be done to above-mentioned trusted certificates according to actual conditions, particular determination is not done to this in this exemplary embodiment.
In the step s 120, whether receive the default process of a checking is the checking request of trusted process, and is responded described
Checking request is inquired about in the certificate repository with the presence or absence of the trusted certificates with the default process context.
In step s 130, after there are the trusted certificates with the default process context in the certificate repository is inquired,
The default process is verified according to the trusted certificates.
In this example embodiment, when user side needs to perform a process, it is necessary first to send one to inner nuclear layer and test
Demonstrate,prove the checking request whether pending process is trusted process;Inner nuclear layer responds the checking request and inquires about in certificate repository
With the presence or absence of the trusted certificates with the process context, when there are the trusted certificates with the process context in inquiring certificate repository,
The process the present is verified according to the trusted certificates;There are no the trusted certificates with the process context in certificate repository is inquired
When, prevent the process from continuing executing with.
In step S140, when the default process is judged by the checking of the trusted certificates, determine described default
Process is trusted process.
In this example embodiment, when judging that the process passes through the checking of trusted certificates, it is determined that the process is can
Letter process, and in the process control block (PCB) of the process by the Processes Tag be trusted process;By carrying out in process control block (PCB)
Mark so that when next time the default process needs to be verified, directly read the mark in process control block (PCB), be not used in carrying out
Checking can determine whether that the process is trusted process, save time cost, improve Consumer's Experience.Above-mentioned process control block (PCB)
(Processing Control Block) for example can be a kind of data structure in operating system kernel, main to represent process shape
State;Its effect can include making a program that independent operating is unable under multiprogramming environment (containing data), become one
The base unit of energy independent operating or the process concurrently performed with other processes;Can also include that the process to concurrently performing is carried out
Control and manage;Be typically in Installed System Memory used area one of process control block (PCB) continuously deposits area, and it deposits operating system
The full detail required for describing process situation and the operation of control process, including process identification (PID), process priority, process title
And process resource etc..Additionally, in other exemplary embodiments of the disclosure, it is also possible to according to actual conditions to it is above-mentioned enter
Program control clamp dog does other definition, and particular determination is not done to this in this exemplary embodiment.
This example embodiment additionally provides another kind of trusted process recognition methods.With reference to shown in Fig. 2, the trusted process is known
Other method can include step S210~S230.Wherein:
In step S210, whether receive default process described in the checking one that a user side sends is testing for trusted process
Card request;In step S220, respond the checking request and inquire about in the process control block (PCB) whether there is and preset with described
The trusted process mark of process context;In step S230, exist in the process control block (PCB) is inquired with it is described preset into
When the trusted process of Cheng Guanlian is marked, determine that the default process is trusted process.
In this example embodiment, whether the process of checking one that first receive user side sends is the request of trusted process,
Be then responding to this ask and inquire about in the process control block (PCB) of the process whether be related to the process trusted process mark, inquiry
When the trusted process that the process is related to in process control block (PCB) is marked, then can determine that the process is trusted process;In inquiry
When not having to be marked with regard to the trusted process of the process in process control block (PCB), can be by entering with the presence or absence of this in inquiry certificate repository
The trusted certificates of journey, and then determine whether the process is trusted process;For example:
When there is a program to be installed to need to install, the program for verifying the program to be installed that first receive user side sends is pacified
Whether whether dress service processes are the request of trusted process, be then responding to this and ask and inquire about in the process control block (PCB) of the process to have
Mark with regard to the trusted process of the process, have trusted process to mark in the process control block (PCB) for inquiring program installation service process
When, then can determine that program installation service process is trusted process, then continued to install above-mentioned according to program installation service process
Program to be installed;When marking without trusted process in the process control block (PCB) for inquiring program installation service process, then inquiry is demonstrate,proved
With the presence or absence of the trusted certificates of program installation service process in stack room, then again determining program installs whether service processes are credible
Process;If program installation service process is untrusted process, the program determination to be installed is installed.By the way, one
Aspect, by the trusted process mark in reading process control block (PCB), saves time cost;On the other hand, by prejudging
Whether program installation service process is trusted process, it is ensured that the security of whole system.Additionally, in other examples of the disclosure
Property embodiment in, it is also possible to judge whether the process is trusted process in other manners according to actual conditions, this exemplary reality
To be applied in example and this is not done particular determination.
This example embodiment also provides a kind of program installation method.With reference to shown in Fig. 3, the program installation method can be wrapped
Include step S310 and step S320.Wherein:
In step S310, determine that the program associated with program to be installed installs clothes according to above-mentioned trusted process recognition methods
Whether business process is trusted process;In step s 320, when it is determined that described program installation service processes are trusted process, pass through
Described program installs service processes and continues to install the program to be installed.Specifically:
When there is a program to be installed, determine that the program of the program installs clothes according to above-mentioned trusted process recognition methods first
Whether business process is trusted process;When the program installation service process is judged for trusted process, by the program installation service
Process continues to install the program;When the program installation service process is judged for untrusted process, terminate the installation of the program;It is logical
Cross proving program and install whether service processes are trusted process, it is to avoid program installation service process is illegally pretended to be and then modification
Trusted certificates in certificate repository, improve the stability and security of system, while also improving Consumer's Experience, greatly reduce
Risk.Additionally, in other exemplary embodiments of the disclosure, it is also possible to according to actual conditions in other manners judging
Whether above-mentioned program to be installed continues to install, and particular determination is not done to this in this exemplary embodiment.
This example embodiment also provides a kind of decryption method.With reference to shown in Fig. 4, the decryption method can include step
S410 and step S420.Wherein:
In step S410, the private associated with non-security system to be decrypted is determined according to above-mentioned trusted process recognition methods
Whether key is trusted process using service processes;In the step s 420, it is determined that the private key using service processes for it is credible enter
Cheng Shi, is sent to the non-security system and decrypts the non-security system using service processes by the private key by private key.
In this example embodiment, security system can run the higher program of comparatively safe rank, for example, can wrap
Mail, speech scrambling etc. are included, can specifically be adjusted according to actual needs, this example embodiment is not particularly limited to this;
Non-security system can run some relatively unessential softwares, for example, can include game, amusement etc., can be according to reality
Concrete adjustment, this example embodiment is needed to be not particularly limited this;Specifically:
The private key of entertainment software in non-security system can be stored in the security system, when entertainment software is needed using private
During key, first can send using the request of private key, the security system response request and according to above-mentioned trusted process to security system
Recognition methods judges whether the private key is trusted process using request, when judging the private key using request for trusted process, will
Private key is sent to non-security system;Non-security system is received after the private key, is decrypted using private key and is run.By by private
Key is stored in security system side, solves the problems, such as that private key itself can not encrypt storage;When a certain process in non-security system
When needing to use private key, send using request to security system first, then security system after checking again by private key
Non-security system is given, the safety and stability of system is improve.Additionally, in other exemplary embodiments of the disclosure,
Non-security system can also will be decrypted in other manners according to actual conditions, this will not be done in this exemplary embodiment
Particular determination.
Although additionally, describe each step of method in the disclosure with particular order in the accompanying drawings, this does not really want
Asking or imply must perform these steps according to the particular order, or the step having to carry out shown in whole could be realized
Desired result.It is additional or alternative, it is convenient to omit some steps, multiple steps are merged into into a step and is performed, and/
Or a step is decomposed into into execution of multiple steps etc..
This example embodiment additionally provides a kind of trusted process identifying device.With reference to shown in Fig. 5, the trusted process identification
Device can include:Trusted certificates configuration module 510, trusted certificates enquiry module 520, default process authentication module 530 and
First trusted process determining module 540.Wherein:
Trusted certificates configuration module 510 can be used for being configured in certificate repository locked credible with default process context
Certificate.
Whether what trusted certificates enquiry module 520 can be used for receiving the default process of a checking is that the checking of trusted process please
Ask, and respond the checking request and inquire about in the certificate repository with the presence or absence of the trusted certificates with the default process context.
Default process authentication module 530 can be used for existing in the certificate repository is inquired and the default process context
Trusted certificates after, the default process is verified according to the trusted certificates.
First trusted process determining module 540 can be used for judging default process the testing by the trusted certificates
During card, determine that the default process is trusted process.
In this example embodiment, also include when the default process is judged by the checking of the trusted certificates:
In the process control block (PCB) of the default process by the default Processes Tag be trusted process.
In this example embodiment, the trusted process identifying device also includes:
Checking request receiver module can be used for receiving preset process described in the checking one that a user side sends be whether
The checking request of trusted process.
Trusted process tag query module can be used for responding the checking request and inquiring about in the process control block (PCB)
No presence is marked with the trusted process of the default process context.
Second trusted process determining module can be used for existing in the process control block (PCB) is inquired with it is described preset into
When the trusted process of Cheng Guanlian is marked, determine that the default process is trusted process.
This example embodiment additionally provides a kind of program erecting device, and the program erecting device can include:
Program installation service progress recognizing module can be used for the trusted process identification dress according to above-mentioned any one
Put and determine whether the program installation service process associated with program to be installed is trusted process.
Program is installed module and be can be used for when it is determined that described program installation service processes are trusted process, by institute
State program installation service process to continue that the program to be installed is installed.
This example embodiment additionally provides a kind of decryption device, and the decryption device can include:
Private key can be used for the trusted process identification dress according to above-mentioned any one using service processes identification module
Put and determine whether the private key associated with non-security system to be decrypted is trusted process using service processes.
Non-security system deciphering module can be used for when it is determined that the private key is trusted process using service processes, pass through
Private key is sent to the non-security system and decrypts the non-security system by the private key using service processes.
The detail of each module is in corresponding trusted process recognition methods in above-mentioned trusted process identifying device
Carry out thinking description in detail, therefore here is omitted.
Although it should be noted that some modules or list of the equipment for action executing are referred in above-detailed
Unit, but this division is not enforceable.In fact, according to embodiment of the present disclosure, it is above-described two or more
The feature and function of module either unit can embody in a module or unit.Conversely, an above-described mould
The feature and function of block either unit can be to be embodied by multiple modules or unit with Further Division.
With reference to Fig. 6, the mobile terminal 600 recognized using above-mentioned trusted process can include following one or more assemblies:
Process assembly 602, memory 604, power supply module 606, multimedia groupware 608, audio-frequency assembly 610, input/output (I/O)
Interface 612, sensor cluster 614, and communication component 616.
The integrated operation of the generally control mobile terminal 600 of process assembly 602, such as with display, call, data are led to
Letter, the associated operation of camera operation and record operation.Process assembly 602 can include one or more processors 620 to hold
Row instruction, to complete all or part of step of above-mentioned method.Additionally, process assembly 602 can include one or more moulds
Block, the interaction being easy between process assembly 602 and other assemblies.For example, process assembly 602 can include multi-media module, with
Facilitate the interaction between multimedia groupware 604 and process assembly 602.
Memory 604 is configured to store various types of data to support the operation in equipment 600.These data are shown
Example includes the instruction of any application program for operating on mobile terminal 600 or method, contact data, telephone directory number
According to, message, picture, video etc..Memory 604 can by any kind of volatibility or non-volatile memory device or they
Combination realize that such as static RAM (SRAM), Electrically Erasable Read Only Memory (EEPROM) is erasable
Programmable read only memory (EPROM), programmable read only memory (PROM), read-only storage (ROM), magnetic memory, quick flashing
Memory, disk or CD.
Power supply module 606 provides electric power for the various assemblies of mobile terminal 600.Power supply module 606 can include power supply pipe
Reason system, one or more power supplys, and other generate, manage and distribute the component that electric power is associated with for mobile terminal 600.
Multimedia groupware 608 is included in the screen of one output interface of offer between the mobile terminal 600 and user.
In certain embodiments, screen can include liquid crystal display (LCD) and touch panel (TP).If screen includes touch surface
Plate, screen may be implemented as touch-screen, to receive the input signal from user.Touch panel is touched including one or more
Sensor is with the gesture on sensing touch, slip and touch panel.The touch sensor can not only sensing touch or slip
The border of action, but also the detection duration related to the touch or slide and pressure.In certain embodiments,
Multimedia groupware 608 includes a front-facing camera and/or post-positioned pick-up head.When equipment 600 is in operator scheme, mould is such as shot
When formula or video mode, front-facing camera and/or post-positioned pick-up head can receive outside multi-medium data.Each preposition shooting
Head and post-positioned pick-up head can be a fixed optical lens systems or with focusing and optical zoom capabilities.
Audio-frequency assembly 610 is configured to output and/or input audio signal.For example, audio-frequency assembly 610 includes a Mike
Wind (MIC), when mobile terminal 600 is in operator scheme, such as call model, logging mode and speech recognition mode, microphone
It is configured to receive external audio signal.The audio signal for being received can be further stored in memory 604 or via logical
Letter component 616 sends.In certain embodiments, audio-frequency assembly 610 also includes a loudspeaker, for exports audio signal.
, to provide interface between process assembly 602 and peripheral interface module, above-mentioned peripheral interface module can for I/O interfaces 612
To be keyboard, click wheel, button etc..These buttons may include but be not limited to:Home button, volume button, start button and lock
Determine button.
Sensor cluster 614 includes one or more sensors, for providing the state of various aspects for mobile terminal 600
Assessment.For example, sensor cluster 614 can detect the opening/closed mode of equipment 600, such as relative positioning of component, institute
Display and keypad that component is mobile terminal 600 are stated, sensor cluster 614 can also detect mobile terminal 600 or mobile
The position of 600 1 components of terminal changes, and user is presence or absence of with what mobile terminal 600 was contacted, the orientation of mobile terminal 600
Or the temperature change of acceleration/deceleration and mobile terminal 600.Sensor cluster 614 can include proximity transducer, be configured to
The presence of object near detecting when without any physical contact.Sensor cluster 614 can also include optical sensor, such as
CMOS or ccd image sensor, for used in imaging applications.In certain embodiments, the sensor cluster 614 can be with
Including acceleration transducer, gyro sensor, Magnetic Sensor, pressure sensor or temperature sensor.
Communication component 616 is configured to facilitate the communication of wired or wireless way between mobile terminal 600 and other equipment.
Mobile terminal 600 can be accessed based on the wireless network of communication standard, such as WiFi, 2G or 6G, or combinations thereof.Show at one
In example property embodiment, communication component 616 receives broadcast singal or the broadcast from external broadcasting management system via broadcast channel
Relevant information.In one exemplary embodiment, the communication component 616 also includes near-field communication (NFC) module, short to promote
Cheng Tongxin.For example, RF identification (RFID) technology, Infrared Data Association (IrDA) technology, ultra broadband can be based in NFC module
(UWB) technology, bluetooth (BT) technology and other technologies are realizing.
In the exemplary embodiment, mobile terminal 600 can be by one or more application specific integrated circuits (ASIC), number
Word signal processor (DSP), digital signal processing appts (DSPD), PLD (PLD), field programmable gate array
(FPGA), controller, microcontroller, microprocessor or other electronic components realizations, for performing said method.
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can be realized by software, it is also possible to be realized by way of software is with reference to necessary hardware.Therefore, according to the disclosure
The technical scheme of embodiment can be embodied in the form of software product, the software product can be stored in one it is non-volatile
Property storage medium (can be CD-ROM, USB flash disk, portable hard drive etc.) in or network on, including some instructions are so that a calculating
Equipment (can be personal computer, server, mobile terminal or network equipment etc.) is performed according to disclosure embodiment
Method.
Those skilled in the art will readily occur to its of the disclosure after considering specification and putting into practice invention disclosed herein
Its embodiment.The application is intended to any modification, purposes or the adaptations of the disclosure, these modifications, purposes or
Person's adaptations follow the general principle of the disclosure and including the undocumented common knowledge in the art of the disclosure
Or conventional techniques.Description and embodiments are considered only as exemplary, and the true scope of the disclosure and spirit are by appended
Claim is pointed out.
Claims (11)
1. a kind of trusted process recognition methods, it is characterised in that include:
The locked trusted certificates with default process context are configured in certificate repository;
Receive whether the default process of a checking is the checking request of trusted process, and respond the checking request and inquire about the certificate
With the presence or absence of the trusted certificates with the default process context in storehouse;
After there are the trusted certificates with the default process context in the certificate repository is inquired, according to the trusted certificates pair
The default process is verified;
When the default process is judged by the checking of the trusted certificates, determine that the default process is trusted process.
2. trusted process recognition methods according to claim 1, it is characterised in that judging the default process by institute
Also include during the checking for stating trusted certificates:
In the process control block (PCB) of the default process by the default Processes Tag be trusted process.
3. trusted process recognition methods according to claim 2, it is characterised in that the trusted process recognition methods is also wrapped
Include:
Receive process is preset described in the checking one of user side transmission be whether trusted process checking request;
Respond the checking request and inquire about in the process control block (PCB) with the presence or absence of with the default process context it is credible enter
Journey is marked;
When there is the trusted process mark with the default process context in inquiring the process control block (PCB), determine described pre-
If process is trusted process.
4. a kind of program installation method, it is characterised in that include:
Trusted process recognition methods according to claims 1 to 3 any one determines the program associated with program to be installed
Install whether service processes are trusted process;
When it is determined that described program installation service processes are trusted process, service processes are installed by described program and continues that institute is installed
State program to be installed.
5. a kind of decryption method, it is characterised in that include:
Trusted process recognition methods according to claims 1 to 3 any one determines closes with non-security system to be decrypted
Whether the private key of connection is trusted process using service processes;
When it is determined that the private key is trusted process using service processes, by the private key private key is sent using service processes
To the non-security system decrypting the non-security system.
6. a kind of trusted process identifying device, it is characterised in that include:
Trusted certificates configuration module:For configuring the locked trusted certificates with default process context in certificate repository;
Trusted certificates enquiry module:Whether it is the checking request of trusted process for receiving the default process of a checking, and responds institute
State checking request to inquire about in the certificate repository with the presence or absence of the trusted certificates with the default process context;
Default process authentication module:For there are the trusted certificates with the default process context in the certificate repository is inquired
Afterwards, the default process is verified according to the trusted certificates;
First trusted process determining module:For when the default process is judged by the checking of the trusted certificates, it is determined that
The default process is trusted process.
7. trusted process identifying device according to claim 6, it is characterised in that judging that the default process passes through institute
Also include during the checking for stating trusted certificates:
In the process control block (PCB) of the default process by the default Processes Tag be trusted process.
8. trusted process identifying device according to claim 7, it is characterised in that the trusted process identifying device is also wrapped
Include:
Checking request receiver module:Whether it is trusted process for receive default process described in the checking one that a user side sends
Checking request;
Trusted process tag query module:For respond the checking request and inquire about in the process control block (PCB) whether there is with
The trusted process mark of the default process context;
Second trusted process determining module:For existing in the process control block (PCB) is inquired and the default process context
When trusted process is marked, determine that the default process is trusted process.
9. a kind of program erecting device, it is characterised in that include:
Program installation service progress recognizing module:For the trusted process identification dress according to claim 6~8 any one
Put and determine whether the program installation service process associated with program to be installed is trusted process;
Program installs module:For when it is determined that described program installation service processes are trusted process, by described program
Service processes are installed to continue that the program to be installed is installed.
10. it is a kind of to decrypt device, it is characterised in that to include:
Private key uses service processes identification module:For the trusted process identification dress according to claim 6~8 any one
Put and determine whether the private key associated with non-security system to be decrypted is trusted process using service processes;
Non-security system deciphering module:For when it is determined that the private key is trusted process using service processes, by the private
Private key is sent to the non-security system and decrypts the non-security system by key using service processes.
11. a kind of mobile terminals, it is characterised in that include:
Processor;And
Memory, for storing the executable instruction of the processor;
Wherein described processor is configured to perform following operation via the executable instruction is performed:
The locked trusted certificates with default process context are configured in certificate repository;
Receive whether the default process of a checking is the checking request of trusted process, and respond the checking request and inquire about the certificate
With the presence or absence of the trusted certificates with the default process context in storehouse;
After there are the trusted certificates with the default process context in the certificate repository is inquired, according to the trusted certificates pair
The default process is verified;
When the default process is judged by the checking of the trusted certificates, determine that the default process is trusted process.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611200774.4A CN106599676A (en) | 2016-12-22 | 2016-12-22 | Trusted process identification method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611200774.4A CN106599676A (en) | 2016-12-22 | 2016-12-22 | Trusted process identification method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106599676A true CN106599676A (en) | 2017-04-26 |
Family
ID=58602795
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611200774.4A Pending CN106599676A (en) | 2016-12-22 | 2016-12-22 | Trusted process identification method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106599676A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107862202A (en) * | 2017-10-11 | 2018-03-30 | 北京金山安全管理系统技术有限公司 | Software disables treating method and apparatus |
CN110912704A (en) * | 2017-10-11 | 2020-03-24 | Oppo广东移动通信有限公司 | Certificate loading method and related product |
CN111400706A (en) * | 2020-03-10 | 2020-07-10 | 深信服科技股份有限公司 | Virus defense method, device, equipment and storage medium |
CN113946815A (en) * | 2021-10-21 | 2022-01-18 | 深圳致星科技有限公司 | Authorization method for federal learning and privacy calculations |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1713106A (en) * | 2004-06-23 | 2005-12-28 | 微软公司 | System and method for providing security to an application |
CN101226577A (en) * | 2008-01-28 | 2008-07-23 | 南京大学 | Method for protecting microkernel OS integrality based on reliable hardware and virtual machine |
CN103577206A (en) * | 2012-07-27 | 2014-02-12 | 北京三星通信技术研究有限公司 | Method and device for installing application software |
CN103778367A (en) * | 2013-12-30 | 2014-05-07 | 网秦(北京)科技有限公司 | Method and terminal for detecting safety of application installation package based on application certificate and auxiliary server |
CN104331658A (en) * | 2014-11-14 | 2015-02-04 | 北京视博数字电视科技有限公司 | Installing verification method for intelligent terminal application program and system |
CN104680061A (en) * | 2015-02-28 | 2015-06-03 | 国鼎网络空间安全技术有限公司 | Method and system for verifying code signing during startup of application in Android environment |
CN105631310A (en) * | 2014-10-30 | 2016-06-01 | 黄晓芳 | Efficient trusted process authentication scheme |
CN106230598A (en) * | 2016-07-29 | 2016-12-14 | 深圳兆日科技股份有限公司 | Mobile terminal third-party application safety certifying method and device |
-
2016
- 2016-12-22 CN CN201611200774.4A patent/CN106599676A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1713106A (en) * | 2004-06-23 | 2005-12-28 | 微软公司 | System and method for providing security to an application |
CN101226577A (en) * | 2008-01-28 | 2008-07-23 | 南京大学 | Method for protecting microkernel OS integrality based on reliable hardware and virtual machine |
CN103577206A (en) * | 2012-07-27 | 2014-02-12 | 北京三星通信技术研究有限公司 | Method and device for installing application software |
CN103778367A (en) * | 2013-12-30 | 2014-05-07 | 网秦(北京)科技有限公司 | Method and terminal for detecting safety of application installation package based on application certificate and auxiliary server |
CN105631310A (en) * | 2014-10-30 | 2016-06-01 | 黄晓芳 | Efficient trusted process authentication scheme |
CN104331658A (en) * | 2014-11-14 | 2015-02-04 | 北京视博数字电视科技有限公司 | Installing verification method for intelligent terminal application program and system |
CN104680061A (en) * | 2015-02-28 | 2015-06-03 | 国鼎网络空间安全技术有限公司 | Method and system for verifying code signing during startup of application in Android environment |
CN106230598A (en) * | 2016-07-29 | 2016-12-14 | 深圳兆日科技股份有限公司 | Mobile terminal third-party application safety certifying method and device |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107862202A (en) * | 2017-10-11 | 2018-03-30 | 北京金山安全管理系统技术有限公司 | Software disables treating method and apparatus |
CN110912704A (en) * | 2017-10-11 | 2020-03-24 | Oppo广东移动通信有限公司 | Certificate loading method and related product |
CN110912704B (en) * | 2017-10-11 | 2023-02-28 | Oppo广东移动通信有限公司 | Certificate loading method and related product |
CN111400706A (en) * | 2020-03-10 | 2020-07-10 | 深信服科技股份有限公司 | Virus defense method, device, equipment and storage medium |
CN113946815A (en) * | 2021-10-21 | 2022-01-18 | 深圳致星科技有限公司 | Authorization method for federal learning and privacy calculations |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105848134B (en) | Virtual SIM card management device, communication terminal, access control method and management method | |
CN108614878B (en) | Protocol data management method, device, storage medium and system | |
KR101239012B1 (en) | System and method of authorizing execution of software code based on at least one installed profile | |
CN102016864A (en) | Managing code entitlements for software developers in secure operating environments | |
KR101252921B1 (en) | System and method of authorizing execution of software code in a device based on entitlements granted to a carrier | |
CN107241688A (en) | Signature, verification method, device and the storage medium of application installation package | |
KR20100126478A (en) | System and method of authorizing execution of software code based on accessible entitlements | |
WO2020024929A1 (en) | Method for upgrading service application range of electronic identity card, and terminal device | |
CN106599676A (en) | Trusted process identification method and device | |
CN104052796A (en) | Plug-in processing method, device, system and terminal | |
KR20190105776A (en) | Electronic device and method for managing electronic key thereof | |
WO2015144066A1 (en) | Sensitive operation verification method, apparatus, and system | |
JP2014519674A (en) | Trusted platform based open ID authentication method, apparatus and system therefor | |
CN107169320A (en) | Method of calibration and device | |
CN106203125A (en) | Operating system and safety detection method, safety detection device and terminal | |
CN103914520A (en) | Data query method, terminal equipment and server | |
CN108460251B (en) | Method, device and system for running application program | |
KR20130082979A (en) | User personalized recommendation system based on fingerprint identification | |
KR102490395B1 (en) | Electronic device for sharing a key of external electronic device and method for the same | |
CN106775834A (en) | Brush machine verification method and device | |
CN104113588A (en) | Updating method and apparatus of internet yellow page | |
CN104021076B (en) | Application testing method and router | |
KR20140105681A (en) | Apparatus and method for encryption data in secure mode | |
CN105376399A (en) | A method and a device for controlling a smart device | |
CN107480076A (en) | Protection processing method, device and the terminal of system partitioning |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170426 |
|
RJ01 | Rejection of invention patent application after publication |