CN107688729A - Protection system of application program and method based on trusted host - Google Patents

Protection system of application program and method based on trusted host Download PDF

Info

Publication number
CN107688729A
CN107688729A CN201710622214.6A CN201710622214A CN107688729A CN 107688729 A CN107688729 A CN 107688729A CN 201710622214 A CN201710622214 A CN 201710622214A CN 107688729 A CN107688729 A CN 107688729A
Authority
CN
China
Prior art keywords
key
ciphertext
application program
state data
generation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710622214.6A
Other languages
Chinese (zh)
Other versions
CN107688729B (en
Inventor
郑驰
梁思谦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang High Hung Principal (zhejiang) Mdt Infotech Ltd
Original Assignee
Datang High Hung Principal (zhejiang) Mdt Infotech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang High Hung Principal (zhejiang) Mdt Infotech Ltd filed Critical Datang High Hung Principal (zhejiang) Mdt Infotech Ltd
Priority to CN201710622214.6A priority Critical patent/CN107688729B/en
Publication of CN107688729A publication Critical patent/CN107688729A/en
Application granted granted Critical
Publication of CN107688729B publication Critical patent/CN107688729B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/123Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention discloses a kind of protection system of application program and method based on trusted host; realized based on the trusted host for being provided with credible chip; shell adding processing is carried out for the executable file of application program, and is bound with trusted host, prevents executable file from illegally being solved shell;For the state data file of application program, encryption and decryption processing is carried out using the key of credible chip generation, and further conversion process is carried out to key, improves Information Security, prevent from obtaining the state data file of plaintext, or state data file is obtained by modes such as dis-assemblings;For the dynamic data of application program, dynamic data is stored in the particular safety area of space of memory headroom, is read from the region during use, prevents from illegally intercepting dynamic data from memory headroom.The present invention can improve the Information Security of application program comprehensively.

Description

Protection system of application program and method based on trusted host
Technical field
The present invention relates to a kind of protection system of application program and method based on trusted host, belongs to information security technology neck Domain
Background technology
Application program is the computer program that can be completed specific function and can run on operating system, its general bag Include some static data files, such as executable file (.exe files), resource file (picture file, audio-video document), Dynamic link library file etc., when performing application program, specific logical operation is performed by executable file, calls corresponding number According to file, particular result is obtained after processing, completes specific function, in the process of implementation, it is necessary to dynamic assigning memory space, Dynamic data, such as input data, intermediate data and output data are preserved in the memory headroom of distribution.
The Information Security of application program directly affects the interests of its owner, and the user of application program also wishes Application security is reliable used in prestige, and then ensures the security of user's private data.At present, the safety of application program Following deterrent be present in property:It is important using logical process acquisition of the decompiler of specialty by analyzing state data file Information;Using the state data file of plaintext version, critical data is directly obtained, and analyzed;Intercepted using professional tool Dynamic data in memory headroom, causes leaking data.
Current existing encryption lock product has software protection function, but its finite capacity, preserves inconvenient to carry, Wu Fajin Row hardware binding, it is possible to provide defencive function it is limited.
The content of the invention
In view of the foregoing, it is an object of the invention to provide a kind of protection system of application program based on trusted host and Method, realized based on trusted host, shell adding processing is carried out to executable file, state data file is encrypted, will Dynamic data is stored in particular safety space, can improve the security of application program comprehensively.
To achieve the above object, the present invention uses following technical scheme:
A kind of protection system of application program based on trusted host, application program include executable file, static data text Part, dynamic data, trusted host are provided with credible chip, and system includes:Key production module, encryption processing module, it is credible should With program generating module, trusted application decryption processing module,
Key production module, asymmetrical public key, private key, and symmetrical key K are generated based on credible chip, utilize the public affairs Key key K is encrypted generation ciphertext ciphering key;
Encryption processing module, using ciphertext ciphering key, state data file is encrypted generation ciphertext static data text Part;
Trusted application generation module, by ciphertext ciphering key, ciphertext state data file packing generation trusted application journey Sequence;
Trusted application decryption processing module, using ciphertext ciphering key, ciphertext state data file is decrypted, it is raw Into clear data be stored in internal memory, for trusted application call.
Protection system of application program based on trusted host, in addition to shell adding binding module, for the executable text Part carries out shell adding processing, generates the executable file of shell adding, by setting bound secret to bind application program and trusted host.
Protection system of application program based on trusted host, in addition to trusted application dynamic protection module, for inciting somebody to action The dynamic data is stored in the particular safety space in memory headroom, and reads the dynamic number out of this particular safety space According to.
It is described generation ciphertext state data file method be:The private key is obtained, it is close to the ciphertext using the private key The generation key K is decrypted in key C;Random string S is inputted, the designated word in the key K is replaced with random string S Symbol string S1, the key K` after generation conversion;It is quiet the state data file to be encrypted using key K` the generation ciphertext State data file.
The method that ciphertext state data file is decrypted is:The private key is obtained, using the private key to described The generation key K is decrypted in ciphertext ciphering key;The designated character string in the key K is replaced with the random string S S1, the key K` after generation conversion;The ciphertext state data file is decrypted using key K`, and by after decryption Data are read in internal memory and used for application program.
By the ciphertext ciphering key, ciphertext state data file, the executable file of shell adding, random string S packing generations Trusted application.
Application program guard method based on trusted host, application program include executable file, state data file, moved State data, trusted host are provided with credible chip, including:
Generate ciphertext ciphering key;
Using ciphertext ciphering key, state data file is encrypted, generates ciphertext state data file;
By ciphertext ciphering key, ciphertext state data file packing generation trusted application;
Using ciphertext ciphering key, ciphertext state data file is decrypted, the clear data of generation is stored in internal memory, supplies Trusted application uses.
Application program guard method based on trusted host, in addition to:Shell adding processing is carried out to the executable file, it is raw Into the executable file of shell adding, by setting bound secret to bind application program and trusted host.
Application program guard method based on trusted host, in addition to:The dynamic data is stored in memory headroom Particular safety space, and read the dynamic data out of this particular safety space.
It is described generation ciphertext state data file method be:The private key is obtained, it is close to the ciphertext using the private key The generation key K is decrypted in key C;Random string S is inputted, the designated word in the key K is replaced with random string S Symbol string S1, the key K` after generation conversion;It is quiet the state data file to be encrypted using key K` the generation ciphertext State data file.
It is described decryption generation state data file method be:The private key is obtained, it is close to the ciphertext using the private key The generation key K is decrypted in key C;The designated character string S1 in the key K, generation are replaced with the random string S Key K` after conversion;The ciphertext state data file is decrypted using key K`, the clear data of generation preserves Used in internal memory for application program.
By the ciphertext ciphering key, ciphertext state data file, the executable file of shell adding, random string S packing generations Trusted application.
It is an advantage of the invention that:
1st, system and method for the invention, shell adding protection, and and trusted host are carried out to the executable file of application program Binding, can prevent executable file from illegally being solved shell, prevent application program to be stolen;
2nd, system and method for the invention, the state data file of application program is encrypted, and key is entered Row encryption and conversion process, prevent from obtaining the state data file of plaintext, or obtain static data by modes such as dis-assemblings File, improve Information Security;
3rd, system and method for the invention, the dynamic data of application program is stored in the particular safety space of memory headroom Region, read from the region during use, prevent from illegally intercepting dynamic data from memory headroom.
4th, the present invention improves the number of application program from executable file, state data file, dynamic data etc. comprehensively According to security.
Brief description of the drawings
Fig. 1 is the block diagram of system of the present invention.
Fig. 2 is the method flow schematic diagram of the generation trusted application of the present invention.
Fig. 3 is the method flow schematic diagram of the load and execution trusted application of the present invention.
Embodiment
Below in conjunction with drawings and examples, the present invention is described in further detail.
As shown in figure 1, the protection system of application program disclosed by the invention based on trusted host, real based on trusted host Existing, the trusted host is the main frame for being provided with credible chip, and system includes shell adding binding module, key production module, at encryption Manage module, trusted application generation module, trusted application decryption processing module, trusted application dynamic protection mould Block.
Shell adding binding module, for carrying out shell adding processing to the executable file of application program, during shell adding, set binding close Code, bound secret is stored in the credible chip of main frame (in its NV space).Run on the trusted host of binding executable During file, without solving shell, without inputting bound secret, application program can normal operation.When being intended to carry out solution shell to executable file, Bound secret need to be inputted on the trusted host of binding, when the bound secret one preserved in the bound secret and credible chip of input During cause, shell just can be successfully solved, if the bound secret of input is incorrect, shell can not be solved, and is automatically deleted executable file, is prevented Executable file is illegally accessed.If application program is copied on unbundling main frame, application program can not be performed normally.
Key production module, for generating asymmetrical public key, private key pair using credible chip, generated using credible chip Symmetrical key K, the public key of generation, private key are to being stored in credible chip;Then, key K is encrypted using the public key Processing generation ciphertext ciphering key, to ensure key K security.
Encryption processing module, for the state data file of application program to be encrypted, specifically include:Reading can Believe the private key in chip, ciphertext ciphering key is decrypted using the private key key K of processing generation plaintext;Input random character String S, the designated character string S1 in key K, the key K` after generation conversion are replaced with random string S;It is corresponding using key K` It is encrypted with the state data file of program, generates ciphertext state data file.
Trusted application generation module, for by random string S, ciphertext ciphering key, ciphertext state data file, plus The packings such as the executable file of shell generate trusted application, are used for user installation.
Trusted application decryption processing module, for the ciphertext state data file of security application to be decrypted Processing, ensures the normal execution of application program.Specifically include:The private key in credible chip is read, it is close to ciphertext using the private key Processing is decrypted in key C, generates the key K of plaintext, replaces the designated character string S1 in key K with random string S, generation becomes Key K` after changing, ciphertext state data file is decrypted processing using key K`, the data generated after decryption preserve In internal memory, there is provided executable file calls.
Above-mentioned encryption processing module with random string S with trusted application decryption processing module, being replaced in key K Replacement position in key K of designated character string S1, random string S it is identical with Substitution Rules agreement, random string S's Length is less than key K string length.
Trusted application dynamic protection module, for by the crucial dynamic data in trusted application implementation procedure The particular safety space being stored in memory headroom, the dynamic data of key is read during use out of this particular safety space.Tool Body says that crucial dynamic data can include key K`, significant data (such as algorithm data), and pre-defined critical data connects Mouthful, in trusted application loading procedure, the dynamic data of key is stored in memory headroom by the critical data interface Particular safety space, when needing to call crucial dynamic data in trusted application implementation procedure, connect by joint data Mouth reads out the dynamic data of key from the particular safety space, and the data taken out are destroyed after having used.Said process is based on SGX Technology realizes that it is prior art, and the present invention does not illustrate deeply.
The application program guard method that protection system of application program based on above-mentioned trusted host is realized, including:
1st, trusted application is generated
Carry out shell adding processing to the executable file of application program, during shell adding, bound secret is set, bound secret is preserved In the credible chip of trusted host, trusted application and trusted host are bound.
Ciphertext key is generated, is specifically, asymmetrical public key, private key pair is generated using credible chip, generates symmetric key K, public key, private key pair and the key K of generation are stored in credible chip;Life is encrypted to key K using the public key Into ciphertext ciphering key;
The state data file of application program is encrypted, including:Private key is read from credible chip, utilizes this Private key ciphertext ciphering key is decrypted processing generation key K;Random string S is inputted, is replaced with random string S in key K Designated character string S1, generation conversion after key K`;The state data file of application program is encrypted using key K` Processing, generate ciphertext state data file.
By random string S, ciphertext ciphering key, ciphertext state data file, shell adding the packing such as executable file generation can Believe application program.
2nd, load and execution trusted application
On the trusted host of binding, the executable file of shell adding can normal operation, without inputting bound secret.
Pre-defined critical data interface, during loading trusted application, by the critical data interface by key Dynamic data be stored in particular safety space in memory headroom;Need to call key during execution trusted application During dynamic data, the dynamic data of key is read out from the particular safety space by critical data interface, destruction after having used The data of taking-up.
During execution trusted application, it is necessary to when calling state data file, read first from credible chip private Key, processing is decrypted to ciphertext ciphering key using the private key, generates key K, specifying in key K is replaced with random string S Character string S1, the key K` after generation conversion, processing is decrypted using key K` to ciphertext state data file, generation Clear data is stored in internal memory, there is provided executable file calls.
Protection system of application program and method disclosed by the invention based on trusted host, based on being provided with credible chip Trusted host is realized, shell adding processing is carried out for the executable file of application program, and is bound with trusted host, prevents from can perform File is illegally solved shell;For the state data file of application program, carried out using the key of credible chip generation at encryption and decryption Reason, and further conversion process is carried out to key, Information Security is improved, prevents from obtaining the state data file of plaintext, or State data file is obtained by modes such as dis-assemblings;For the dynamic data of application program, dynamic data is stored in internal memory The particular safety area of space in space, read from the region during use, prevent from illegally intercepting dynamic data from memory headroom.This Invention can improve the Information Security of application program comprehensively.
The technical principle described above for being presently preferred embodiments of the present invention and its being used, for those skilled in the art For, without departing from the spirit and scope of the present invention, any equivalent change based on the basis of technical solution of the present invention Change, the simply obvious change such as replacement, belong within the scope of the present invention.

Claims (12)

1. the protection system of application program based on trusted host, application program includes executable file, state data file, dynamic Data, trusted host are provided with credible chip, it is characterised in that system includes:Key production module, encryption processing module, can Believe application program generation module, trusted application decryption processing module,
Key production module, asymmetrical public key, private key, and symmetrical key K are generated based on credible chip, utilize the public key pair Generation ciphertext ciphering key is encrypted in key K;
Encryption processing module, using ciphertext ciphering key, state data file is encrypted generation ciphertext state data file;
Trusted application generation module, by ciphertext ciphering key, ciphertext state data file packing generation trusted application;
Trusted application decryption processing module, using ciphertext ciphering key, ciphertext state data file is decrypted, generation Clear data is stored in internal memory, is called for trusted application.
2. the protection system of application program according to claim 1 based on trusted host, it is characterised in that also including shell adding Binding module, for carrying out shell adding processing to the executable file, the executable file of shell adding is generated, by setting binding close Code binds application program and trusted host.
3. the protection system of application program according to claim 2 based on trusted host, it is characterised in that also including credible Application program dynamic protection module, for the particular safety space being stored in the dynamic data in memory headroom, and from this The dynamic data is read in particular safety space.
4. the protection system of application program according to claim 3 based on trusted host, it is characterised in that the generation is close The method of literary state data file is:The private key is obtained, the ciphertext ciphering key is decrypted described in generation using the private key Key K;Random string S is inputted, the designated character string S1 in the key K is replaced with random string S, after generation conversion Key K`;The state data file is encrypted using key K` the generation ciphertext state data file.
5. the protection system of application program according to claim 4 based on trusted host, it is characterised in that described to ciphertext The method that state data file is decrypted is:The private key is obtained, life is decrypted to the ciphertext ciphering key using the private key Into the key K;The designated character string S1 in the key K, the key K after generation conversion are replaced with the random string S `;The ciphertext state data file is decrypted using key K`, and the data after decryption are read in into internal memory supply journey Sequence uses.
6. the protection system of application program according to claim 5 based on trusted host, it is characterised in that by the ciphertext Ciphering key, ciphertext state data file, the executable file of shell adding, random string S packing generation trusted applications.
7. the application program guard method based on trusted host, application program includes executable file, state data file, dynamic Data, trusted host are provided with credible chip, it is characterised in that including:
Generate ciphertext ciphering key;
Using ciphertext ciphering key, state data file is encrypted, generates ciphertext state data file;
By ciphertext ciphering key, ciphertext state data file packing generation trusted application;
Using ciphertext ciphering key, ciphertext state data file is decrypted, the clear data of generation is stored in internal memory, and confession is credible Application program uses.
8. the application program guard method according to claim 7 based on trusted host, it is characterised in that also include:It is right The executable file carries out shell adding processing, generates the executable file of shell adding, by set bound secret by application program with Trusted host is bound.
9. the application program guard method according to claim 8 based on trusted host, it is characterised in that also include:Will The dynamic data is stored in the particular safety space in memory headroom, and reads the dynamic number out of this particular safety space According to.
10. the application program guard method according to claim 9 based on trusted host, it is characterised in that the generation The method of ciphertext state data file is:The private key is obtained, the ciphertext ciphering key is decrypted using the private key generation institute State key K;Random string S is inputted, the designated character string S1 in the key K is replaced with random string S, after generation conversion Key K,;Using key K, the state data file is encrypted the generation ciphertext state data file.
11. the application program guard method according to claim 10 based on trusted host, it is characterised in that the decryption Generating the method for state data file is:The private key is obtained, the ciphertext ciphering key is decrypted using the private key generation institute State key K;The designated character string S1 in the key K, the key K` after generation conversion are replaced with the random string S;Profit The ciphertext state data file is decrypted with key K`, the clear data of generation is stored in internal memory to be made for application program With.
12. the application program guard method according to claim 11 based on trusted host, it is characterised in that will be described close Literary ciphering key, ciphertext state data file, the executable file of shell adding, random string S packing generation trusted applications.
CN201710622214.6A 2017-07-27 2017-07-27 Application program protection system and method based on trusted host Active CN107688729B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710622214.6A CN107688729B (en) 2017-07-27 2017-07-27 Application program protection system and method based on trusted host

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710622214.6A CN107688729B (en) 2017-07-27 2017-07-27 Application program protection system and method based on trusted host

Publications (2)

Publication Number Publication Date
CN107688729A true CN107688729A (en) 2018-02-13
CN107688729B CN107688729B (en) 2020-11-27

Family

ID=61153090

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710622214.6A Active CN107688729B (en) 2017-07-27 2017-07-27 Application program protection system and method based on trusted host

Country Status (1)

Country Link
CN (1) CN107688729B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113553125A (en) * 2020-04-26 2021-10-26 中移(成都)信息通信科技有限公司 Calling method, device and equipment of trusted application program and computer storage medium

Citations (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7003111B2 (en) * 2001-10-11 2006-02-21 International Business Machines Corporation Method, system, and program, for encoding and decoding input data
CN1740940A (en) * 2005-09-09 2006-03-01 北京兆日科技有限责任公司 Method for realizing computer software intruder preventing edition based on confidence computation module chip
US7149783B2 (en) * 2001-04-12 2006-12-12 Hewlett-Packard Development Company, L.P. Delivery of sequential information
CN1987882A (en) * 2005-12-23 2007-06-27 联想(北京)有限公司 Software protecting method and system based on safety chip
CN101064595A (en) * 2006-04-27 2007-10-31 联想(北京)有限公司 Computer network safe input authentication system and method
CN101123506A (en) * 2007-09-24 2008-02-13 北京飞天诚信科技有限公司 Sensitive information monitoring and automatic recovery system and method
CN101150398A (en) * 2007-10-26 2008-03-26 宇龙计算机通信科技(深圳)有限公司 A method, system and communication terminal for updating communication secret key
CN101470789A (en) * 2007-12-28 2009-07-01 中国长城计算机深圳股份有限公司 Encryption and decryption method and device of computer
CN101789861A (en) * 2009-01-22 2010-07-28 深圳市文鼎创数据科技有限公司 Secure information transmission method
CN101833623A (en) * 2010-05-07 2010-09-15 华为终端有限公司 Digital rights management method and system
WO2010139258A1 (en) * 2009-06-01 2010-12-09 Xue Ming Device, method and system for software copyright protection
US20110246785A1 (en) * 2010-03-30 2011-10-06 Microsoft Corporation Hardware supported virtualized cryptographic service
WO2012071168A2 (en) * 2010-11-22 2012-05-31 Intel Corporation Secure software licensing and provisioning using hardware based security engine
CN102594842A (en) * 2012-03-21 2012-07-18 江苏新大诚信息技术有限公司 Device-fingerprint-based network management message authentication and encryption scheme
CN102624520A (en) * 2012-05-02 2012-08-01 西安电子科技大学 192 bit key expansion system and method based on AES (Advanced Encryption Standard)
US8271799B2 (en) * 2009-06-15 2012-09-18 Hon Hai Precision Industry Co., Ltd. System and method for generating a disguised password based on a real password
CN103152178A (en) * 2013-02-04 2013-06-12 浪潮(北京)电子信息产业有限公司 Cloud computing verification method and system
CN103714299A (en) * 2013-12-25 2014-04-09 北京握奇数据系统有限公司 Method and system for encryption and decryption of file of mobile terminal
CN104038336A (en) * 2014-06-20 2014-09-10 上海动联信息技术股份有限公司 Data encryption method based on 3DES
CN104539420A (en) * 2014-12-15 2015-04-22 南京中新赛克科技有限责任公司 General intelligent hardware safe secret key management method
CN104868996A (en) * 2014-02-25 2015-08-26 中兴通讯股份有限公司 Data encryption and decryption method, device thereof, and terminal
CN104991526A (en) * 2015-05-04 2015-10-21 中国科学院软件研究所 Industrial control system safe support framework and data safe transmission and storage method thereof
CN105306200A (en) * 2014-06-09 2016-02-03 腾讯科技(深圳)有限公司 Method and device for encrypting network account password
CN105653994A (en) * 2016-02-22 2016-06-08 浪潮通用软件有限公司 Method for preventing memory password from leakage
CN106534176A (en) * 2016-12-08 2017-03-22 西安交大捷普网络科技有限公司 Data safety storage method in cloud environment
CN106709375A (en) * 2016-11-11 2017-05-24 大唐高鸿信安(浙江)信息科技有限公司 File protection method based on credible chip
CN106934303A (en) * 2015-12-29 2017-07-07 大唐高鸿信安(浙江)信息科技有限公司 Trusted operating system based on credible chip creates the system and method for trusted process

Patent Citations (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7149783B2 (en) * 2001-04-12 2006-12-12 Hewlett-Packard Development Company, L.P. Delivery of sequential information
US7003111B2 (en) * 2001-10-11 2006-02-21 International Business Machines Corporation Method, system, and program, for encoding and decoding input data
CN1740940A (en) * 2005-09-09 2006-03-01 北京兆日科技有限责任公司 Method for realizing computer software intruder preventing edition based on confidence computation module chip
CN1987882A (en) * 2005-12-23 2007-06-27 联想(北京)有限公司 Software protecting method and system based on safety chip
CN101064595A (en) * 2006-04-27 2007-10-31 联想(北京)有限公司 Computer network safe input authentication system and method
CN101123506A (en) * 2007-09-24 2008-02-13 北京飞天诚信科技有限公司 Sensitive information monitoring and automatic recovery system and method
CN101150398A (en) * 2007-10-26 2008-03-26 宇龙计算机通信科技(深圳)有限公司 A method, system and communication terminal for updating communication secret key
CN101470789A (en) * 2007-12-28 2009-07-01 中国长城计算机深圳股份有限公司 Encryption and decryption method and device of computer
CN101789861A (en) * 2009-01-22 2010-07-28 深圳市文鼎创数据科技有限公司 Secure information transmission method
WO2010139258A1 (en) * 2009-06-01 2010-12-09 Xue Ming Device, method and system for software copyright protection
US8271799B2 (en) * 2009-06-15 2012-09-18 Hon Hai Precision Industry Co., Ltd. System and method for generating a disguised password based on a real password
US20110246785A1 (en) * 2010-03-30 2011-10-06 Microsoft Corporation Hardware supported virtualized cryptographic service
CN101833623A (en) * 2010-05-07 2010-09-15 华为终端有限公司 Digital rights management method and system
WO2012071168A2 (en) * 2010-11-22 2012-05-31 Intel Corporation Secure software licensing and provisioning using hardware based security engine
CN102594842A (en) * 2012-03-21 2012-07-18 江苏新大诚信息技术有限公司 Device-fingerprint-based network management message authentication and encryption scheme
CN102624520A (en) * 2012-05-02 2012-08-01 西安电子科技大学 192 bit key expansion system and method based on AES (Advanced Encryption Standard)
CN103152178A (en) * 2013-02-04 2013-06-12 浪潮(北京)电子信息产业有限公司 Cloud computing verification method and system
CN103714299A (en) * 2013-12-25 2014-04-09 北京握奇数据系统有限公司 Method and system for encryption and decryption of file of mobile terminal
CN104868996A (en) * 2014-02-25 2015-08-26 中兴通讯股份有限公司 Data encryption and decryption method, device thereof, and terminal
CN105306200A (en) * 2014-06-09 2016-02-03 腾讯科技(深圳)有限公司 Method and device for encrypting network account password
CN104038336A (en) * 2014-06-20 2014-09-10 上海动联信息技术股份有限公司 Data encryption method based on 3DES
CN104539420A (en) * 2014-12-15 2015-04-22 南京中新赛克科技有限责任公司 General intelligent hardware safe secret key management method
CN104991526A (en) * 2015-05-04 2015-10-21 中国科学院软件研究所 Industrial control system safe support framework and data safe transmission and storage method thereof
CN106934303A (en) * 2015-12-29 2017-07-07 大唐高鸿信安(浙江)信息科技有限公司 Trusted operating system based on credible chip creates the system and method for trusted process
CN105653994A (en) * 2016-02-22 2016-06-08 浪潮通用软件有限公司 Method for preventing memory password from leakage
CN106709375A (en) * 2016-11-11 2017-05-24 大唐高鸿信安(浙江)信息科技有限公司 File protection method based on credible chip
CN106534176A (en) * 2016-12-08 2017-03-22 西安交大捷普网络科技有限公司 Data safety storage method in cloud environment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113553125A (en) * 2020-04-26 2021-10-26 中移(成都)信息通信科技有限公司 Calling method, device and equipment of trusted application program and computer storage medium
CN113553125B (en) * 2020-04-26 2024-03-19 中移(成都)信息通信科技有限公司 Method, device and equipment for calling trusted application program and computer storage medium

Also Published As

Publication number Publication date
CN107688729B (en) 2020-11-27

Similar Documents

Publication Publication Date Title
CN102890758B (en) Method and system for protecting executable file
CN1276363C (en) Method of actualizing safety data storage and algorithm storage in virtue of semiconductor memory device
CN104794388B (en) application program access protection method and application program access protection device
CN106650327A (en) so file dynamic recovery-based Android application reinforcement method
CN101853363A (en) File protection method and system
CN105022936A (en) Class file encryption and decryption method and class file encryption and decryption device
CN103617401A (en) Method and device for protecting data files
CN109992987B (en) Script file protection method and device based on Nginx and terminal equipment
CN104834835A (en) Universal digital rights protection method under Windows platform
JP2004511031A (en) Digital data protection configuration
CN105303074A (en) Method for protecting security of Web application
CN114547558B (en) Authorization method, authorization control device, equipment and medium
CN104778954B (en) A kind of CD subregion encryption method and system
CN106326733A (en) Method and apparatus for managing applications in mobile terminal
WO2017181968A1 (en) Method for processing application file, method and device for accessing application file, and storage medium
CN107257282A (en) A kind of full bag encryption method of code based on RC4 algorithms
JP2005216027A (en) Encryption device, encryption system therewith, decryption device and semiconductor system therewith
WO2015154469A1 (en) Database operation method and device
CN1898623A (en) Software execution protection using an active entity
CN107688729A (en) Protection system of application program and method based on trusted host
CN109543433B (en) Software development kit encryption method, device, computer and storage medium
CN101266639A (en) Computer-aided design data encrypted protecting method based on hardware environment
CN106372464A (en) Anti-piracy encryption method for static library files in embedded system
CN113542303B (en) Software importing system and method for secret key in non-trusted environment
US20150039900A1 (en) Program execution method and decryption apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant