CN110457870A - Processing method and processing device, embedded device and the storage medium of executable file - Google Patents
Processing method and processing device, embedded device and the storage medium of executable file Download PDFInfo
- Publication number
- CN110457870A CN110457870A CN201910708539.5A CN201910708539A CN110457870A CN 110457870 A CN110457870 A CN 110457870A CN 201910708539 A CN201910708539 A CN 201910708539A CN 110457870 A CN110457870 A CN 110457870A
- Authority
- CN
- China
- Prior art keywords
- target
- object module
- encrypted packet
- executable file
- kernel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003860 storage Methods 0.000 title claims abstract description 23
- 238000012545 processing Methods 0.000 title claims abstract description 17
- 238000003672 processing method Methods 0.000 title claims abstract description 17
- 238000000034 method Methods 0.000 claims abstract description 180
- 230000008569 process Effects 0.000 claims abstract description 155
- 230000004044 response Effects 0.000 claims abstract description 13
- 230000006870 function Effects 0.000 claims description 86
- 230000015654 memory Effects 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 14
- 230000006399 behavior Effects 0.000 claims description 4
- 238000001514 detection method Methods 0.000 claims description 4
- 238000013475 authorization Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 5
- 238000011112 process operation Methods 0.000 description 5
- 230000003993 interaction Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000003780 insertion Methods 0.000 description 3
- 230000037431 insertion Effects 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012856 packing Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 230000033001 locomotion Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000010076 replication Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000005303 weighing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Remote Sensing (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Radar, Positioning & Navigation (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of processing method and processing device of executable file, embedded device and storage mediums.Wherein, this method comprises: detecting target process to the first operation performed by target encrypted packet by the system kernel of embedded device, wherein, target encrypted packet is the APMB package obtained after being encrypted using encryption key to target executable file, and the first operation executes the second operation to target executable file for triggering;In response to the first operation, judge whether target process is to be authorized to the process that the first operation is executed to target encrypted packet by object module, wherein object module is for simulating operation performed by kernel;In the case where target process is to be authorized to execute the process of the first operation to target encrypted packet, target encrypted packet is decrypted by object module use decruption key corresponding with encryption key, obtains target executable file;The second operation is executed to target executable file by target process.
Description
Technical field
The present invention relates to computer fields, processing method and processing device, insertion in particular to a kind of executable file
Formula equipment and storage medium.
Background technique
Currently, the safety of the vital document (such as program, dynamic link library) for guarantee company's publication, embedded device
A kind of processing mode be: encryption, program run when decrypt, file is deleted after end of run.Another way is: shell adding.It is right
In the former, in program load, what is saved on disk is in plain text, to be easy to be captured by invader.For the latter, because Linux editions
This is more, causes compatibility bad, and management is inconvenient, also, the operation of cryptor depends on the decryption of itself, is easy to be tracked
It cracks.For common shell adding algorithm, corresponding solution shell algorithm is usually disclosed, and safety is not high.
Therefore, exist to have the protected mode of file destination in the related technology and be easy to be decrypted, safety is lower to ask
Topic.
Summary of the invention
The embodiment of the invention provides a kind of processing method and processing device of executable file, embedded device and storages to be situated between
Matter is easy to be decrypted, the lower skill of safety at least to solve to exist in the related technology to have the protected mode of file destination
Art problem.
According to an aspect of an embodiment of the present invention, a kind of processing method of executable file is provided, comprising: by embedding
The system kernel for entering formula equipment detects target process to the first operation performed by target encrypted packet, wherein target encrypted packet
For the APMB package obtained after using encryption key to encrypt target executable file, the first operation can to target for triggering
It executes file and executes the second operation;In response to the first operation, judge whether target process is to be authorized to mesh by object module
Mark the process that encrypted packet executes the first operation, wherein object module is the area being stored in embedded device other than kernel
Program module in domain, object module is for simulating operation performed by kernel;It is to be authorized to encrypt target in target process
In the case that packet executes the process of the first operation, target is added by object module use decruption key corresponding with encryption key
Mi Bao is decrypted, and obtains target executable file;The second operation is executed to target executable file by target process.
According to another aspect of an embodiment of the present invention, a kind of processing unit of executable file is additionally provided, comprising: detection
Unit detects that target process is operated to performed by target encrypted packet first for the system kernel by embedded device,
Wherein, target encrypted packet is the APMB package obtained after being encrypted using encryption key to target executable file, the first operation
The second operation is executed to target executable file for triggering;Judging unit, for passing through object module in response to the first operation
Judge whether target process is to be authorized to the process that the first operation is executed to target encrypted packet, wherein object module is to be stored in
The program module in region in embedded device other than kernel, object module is for simulating operation performed by kernel;
Decryption unit, for passing through mesh in the case where target process is to be authorized to execute the process of the first operation to target encrypted packet
Target encrypted packet is decrypted in mark module use decruption key corresponding with encryption key, obtains target executable file;It holds
Row unit, for executing the second operation to target executable file by target process.
Another aspect according to an embodiment of the present invention, additionally provides a kind of embedded device, comprising: system kernel, target
Module, first area, second area, wherein operation has target process in system kernel, and object module is to be stored in first area
In program module, object module is stored with target encrypted packet, target for simulating operation performed by kernel in second area
Encrypted packet is the APMB package obtained after being encrypted using encryption key to target executable file, wherein kernel, for passing through
System kernel detects target process to the first operation performed by target encrypted packet, wherein the first operation is for triggering to mesh
It marks executable file and executes the second operation;Object module, for judging whether target process is authorized in response to the first operation
The process of the first operation is executed to target encrypted packet;Target process be authorized to target encrypted packet execute first operation into
In the case where journey, target encrypted packet is decrypted using decruption key corresponding with encryption key, obtains the executable text of target
Part;Kernel, for executing the second operation to target executable file by target process.
Another aspect according to an embodiment of the present invention, additionally provides a kind of storage medium, and above-mentioned storage medium is stored with meter
Calculation machine program, above-mentioned computer program are arranged to execute above-mentioned method when operation.
According to another aspect of an embodiment of the present invention, a kind of electronic device, including memory, processor are additionally provided, on
It states and is stored with computer program in memory, above-mentioned processor is arranged to execute above-mentioned side by the computer program
Method.
In embodiments of the present invention, important packet is decrypted and protected using the operation of important packet is simulated with kernel program
Mode, by the system kernel (operating system nucleus of embedded device) of embedded device detect target process to using plus
First operation (for example, load) performed by the target encrypted packet that close key pair target executable file obtains after being encrypted,
Wherein, the first operation executes the second operation to target executable file for triggering, and kernel, which is executed, jumps to use by system kernel
Whether the object module (for example, independent ko) of the operation performed by simulation kernel judges target process by object module execution
For the operation of trusted process (the authorized process for executing the first operation to target encrypted packet), moved to decide whether to execute to decrypt
Make, since credible judgement and decryption are executed by object module, avoids the leakage of source code caused by increasing income due to kernel and lead
The decrypting process of cause is tracked and cracks, to realize the technical effect for improving file security, and then solves in the related technology
Exist in the presence of the protected mode to file destination and is easy to be decrypted, the lower technical problem of safety.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is a kind of hardware knot of the embedded device of the processing method of optional executable file of the embodiment of the present invention
Structure block diagram;
Fig. 2 is a kind of schematic diagram of the network architecture of the processing method of optional executable file of the embodiment of the present invention;
Fig. 3 is a kind of flow diagram of the processing method of optional executable file of the embodiment of the present invention;
Fig. 4 is a kind of schematic diagram of the processing method of optional executable file of the embodiment of the present invention;
Fig. 5 is the schematic diagram of the processing method of the optional executable file of another kind of the embodiment of the present invention;
Fig. 6 is a kind of structural block diagram of the processing unit of optional executable file according to an embodiment of the present invention.
Specific embodiment
Hereinafter, the present invention will be described in detail with reference to the accompanying drawings and in combination with Examples.It should be noted that not conflicting
In the case of, the features in the embodiments and the embodiments of the present application can be combined with each other.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.
Initialism involved in this embodiment carries out description below explanation: (1) ko, kernel object, kernel mould
Block;(2) so, shared object, shared library;(3) elf, Executable and Link Format can be performed and links
Format.
According to an aspect of an embodiment of the present invention, a kind of processing method of executable file is provided.The above method can
To be executed in embedded device, terminal or similar arithmetic unit.For operating in embedded device, Fig. 1
It is a kind of hardware block diagram of the embedded device of the processing method of executable file of the embodiment of the present invention.As shown in Figure 1,
Embedded device 10 may include one or more (one is only shown in Fig. 1) processors 102 (processor 102 may include but
It is not limited to the processing unit of Micro-processor MCV or programmable logic device FPGA etc.) and memory 104 for storing data,
Optionally, above-mentioned embedded device can also include the transmission device 106 and input-output equipment 108 for communication function.
It will appreciated by the skilled person that structure shown in FIG. 1 is only to illustrate, not to the structure of above-mentioned embedded device
It causes to limit.For example, embedded device 10 may also include the more perhaps less component than shown in Fig. 1 or have and Fig. 1
Shown different configuration.
Memory 104 can be used for storing computer program, for example, the software program and module of application software, such as this hair
The corresponding computer program of the processing method of executable file in bright embodiment, processor 102 are stored in storage by operation
Computer program in device 104 realizes above-mentioned method thereby executing various function application and data processing.Memory
104 may include high speed random access memory, may also include nonvolatile memory, and such as one or more magnetic storage device dodges
It deposits or other non-volatile solid state memories.In some instances, memory 104 can further comprise relative to processor
102 remotely located memories, these remote memories can pass through network connection to embedded device 10.The reality of above-mentioned network
Example includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
Transmitting device 106 is used to that data to be received or sent via a network.Above-mentioned network specific example may include
The wireless network that the communication providers of embedded device 10 provide.In an example, transmitting device 106 includes a NIC
(Network Interface Controller, network adapter), can be connected by base station with other network equipments to
It can be communicated with internet.In an example, transmitting device 106 can for radio frequency (Radio Frequency, referred to as
RF) module is used to wirelessly be communicated with internet.
The embodiment of the present application can be run in the network architecture shown in Fig. 2, as shown in Fig. 2, the network architecture includes: to add
Close server, the control equipment of embedded device, multiple embedded devices, wherein control equipment can with encryption server into
Row interaction controls equipment for executable file and passes to encryption server;Encryption server (can be symmetrical add using encryption key
Close, it is also possible to asymmetric encryption) encryption packing is carried out to executable file, obtain target encrypted packet, and by target encrypted packet
It is transmitted to control equipment;Equipment is controlled to multiple embedded device release products, the product of publication includes at least: target encrypted packet,
For upgrading the upgrading journey of kernel uImage (private core image file, upgrading the image file can be with upgrade-system kernel)
Sequence, object module (for completing the reading and decryption of executable file).
Above-mentioned interactive process is explained below with reference to optional example.
For controlling equipment, equipment end vital document (for example, executable file) passes to encryption server before publication,
Encryption packing, which is carried out, using server end key (encryption key) and calculates cryptographic Hash (cryptographic Hash for calculating encrypted packet) being attached to
Bao Zhong, while an allocation list (important packet allocation list, preserve the corresponding relationship between encrypted packet and authorization process) is generated, it uses
Document to be protected is identified when loading packet in equipment.Company is in release product, after the product of publication may include: encryption
APMB package, the kernel uImage after upgrading, important packet allocation list, (object module is read independent ko for completing vital document
With decryption).
For each embedded device, embedded device system kernel can be modified, is increased from the incoming point decryption letter of independent ko
Several pointers.Upgrade kernel after recompilating kernel source code.
According to embodiments of the present invention, a kind of processing method of executable file is provided, as shown in figure 3, this method comprises:
Step S302 detects target process to performed by target encrypted packet by the system kernel of embedded device
One operation, wherein target encrypted packet is the APMB package obtained after being encrypted using encryption key to target executable file, the
One operation executes the second operation to target executable file for triggering;
Step S304 judges whether target process is to be authorized to add target by object module in response to the first operation
Mi Bao executes the process of the first operation, wherein object module is to be stored in embedded device in the region other than kernel
Program module, object module is for simulating operation performed by kernel;
Step S306 leads in the case where target process is to be authorized to execute the process of the first operation to target encrypted packet
It crosses object module use decruption key corresponding with encryption key target encrypted packet is decrypted, obtains the executable text of target
Part;
Step S308 executes the second operation to target executable file by target process.
Through the above steps, the side of important packet is decrypted and protected using the operation of important packet is simulated with kernel program
Formula detects target process to using encryption key to add target executable file by the system kernel of embedded device
First operation performed by the target encrypted packet obtained after close, the first operation execute second to target executable file for triggering
Operation, kernel execute and by system kernel jump to object module, by object module execution judge target process whether be it is credible into
The operation of journey is solved to exist in the related technology and be deposited to the protected mode of file destination to decide whether to execute decryption acts
It is being easy to be decrypted, the lower technical problem of safety avoids decryption caused by the leakage of source code caused by increasing income due to kernel
Process is tracked and cracks, and improves the safety of file.
Optionally, the executing subject of above-mentioned steps can be embedded device etc., but not limited to this.Above-mentioned embedded device
Upper operation can be Linux system, and kernel can be based on linux kernel.
What is run in the kernel of embedded device can be the kernel uImage after upgrading, the mode of kernel uImage upgrading
It may is that modification embedded device system kernel, increase the pointer from the incoming point decryption function of independent ko.
Above-mentioned object module can be stored in the program module in the region in embedded device other than kernel, on
Stating object module can be used for simulating all or part of operation performed by kernel, and above-mentioned all or part of operation can wrap
Include but be not limited to: judge target process whether be authorized to target encrypted packet execute first operation process, using with encryption
Target encrypted packet is decrypted in the corresponding decruption key of key, obtains target executable file.
For example, object module can simulate the operation of important packet by kernel program to decrypt and protect important packet.It uses
Kernel transparent technology, but only the process of authorization load is used, so being some transparent technologies.Object module can be used as independence
Ko is configured in embedded device.
In an alternative embodiment, before step S202, by executable file, (including target can be held control equipment
Style of writing part) it is transmitted to encryption server, and cryptographic Hash (cryptographic Hash of calculated encrypted packet) is attached with from encryption server reception
Encrypted packet (including target encrypted packet) and configuration file, above-mentioned configuration file can be allocation list (important packet allocation list),
The allocation list is used to preserve encrypted packet (the corresponding encrypted packet of executable file) and (authorized pair of authorization process of the encrypted packet
The process that the encrypted packet of executable file is operated) between corresponding relationship, encryption is indicated by encrypted packet name in allocation list
Packet, indicates process by process name.Target executable file may is that the type files such as ko, so and executable program, after encryption
Target executable file can exist with non-executable format.One example of allocation list can be as shown in table 1.
Table 1
In order to cooperate the configuration of object module, the kernel uImage on embedded device is upgraded, the side of upgrading
Formula may is that modification embedded device system kernel, increase the pointer from object module (independent ko) incoming point decryption function, weight
Newly compiled kernel source code completes the upgrading of kernel.Kernel uImage and target mould after upgrading can be generated in control equipment
Block.
After getting target encrypted packet and configuration file, control equipment can carry out the hair of target executable file
Cloth, the data of publication may include: target encrypted packet and configuration file, can also include: the kernel uImage after upgrading, target
Module (independent ko).
The data corresponding with target executable file of the available control equipment publication of embedded device, and carry out target
The configuration of module.
In an alternative embodiment, before step S202, pass through kernel loads object module;Pass through object module
The power function pointer gauge of object module is transferred to kernel, wherein power function pointer gauge includes to be directed toward in object module
The pointer of power function;Target information is obtained from kernel by object module, wherein target information includes at least one of:
Decruption key, Profile Path name, the system function pointer gauge of kernel, Profile Path name is for indicating storage configuration text
The pathname of the position of part.
Embedded device at work, can load object module (independent ko), and object module can be by object module
Power function pointer gauge is transferred to kernel, wherein power function pointer gauge includes the finger for the power function being directed toward in object module
Needle, above-mentioned power function, which can be, executes arbitration functions function, decrypts power function, above-mentioned arbitration functions function can be used for sentencing
Whether disconnected process, which is authorized to, executes operation to encrypted packet, and above-mentioned decryption power function is used for decruption key to encrypted packet
It is decrypted, obtains executable file.
Target information can be transmitted to object module by kernel, and above-mentioned target information may include at least one of: decryption
Key, Profile Path name, the system function pointer gauge of kernel, Profile Path name is for indicating storage configuration file
The pathname of position.Above-mentioned decruption key can be decrypted encrypted packet, and above-mentioned Profile Path name can be used for reading
Configuration file, the system function pointer gauge of kernel can be used for object module calling system function, to simulate the behaviour of kernel execution
Make.
For example, independent ko can be loaded when equipment works.Intrinsic function interface is transmitted to kernel by independent ko, and is obtained from kernel
Take decruption key and Profile Path name and system function pointer gauge.Kernel module needs the function of completing to have: by key, again
Will packet allocation list path (Profile Path name) be transmitted to independent ko;Decryption and progress recognizing index table are obtained from independent ko and are incited somebody to action
Power function in table is mounted in kernel module.Independent ko obtains system function pointer gauge from kernel, to facilitate calling system
Function.An export function can be defined in "/fs/file.c " and " file.h " to realize interaction by completing above-mentioned function.It is interior
The interactive operation of the interactive interface of core module and independent ko can indicate are as follows:
Step 1, the power function pointer gauge of independent ko is initialized;
Step 2, kernel obtains power function pointer gauge from standalone module;
Step 3, standalone module obtains system function pointer gauge from kernel;
Step 4, by phase-key replication to key;
Step 5, the path of packet allocation list is copied at path.
Independent ko power function pointer can be needed to be inserted into the following files of kernel source code, the mode of insertion can be with
As shown in Figure 4.
Above-mentioned technical proposal through the embodiment of the present invention, is interacted by kernel and object module, completes target mould
The configuration of block, it is ensured that object module can be successfully configured in embedded device, improve the accurate of object module configuration
Property and success rate.
In an alternative embodiment, through object module after kernel acquisition target information, in target information packet
In the case where including Profile Path name, configuration file is read according to Profile Path name by object module;Pass through target
Module stores configuration file into object module.
Object module is after kernel acquisition target information, in the case where target information includes Profile Path name,
Object module can read configuration file from the storage location of configuration file according to Profile Path name, and by configuration file
It is saved in object module, to be used when executive process authorization judges.
Above-mentioned technical proposal through the embodiment of the present invention reads configuration file by object module and is saved, can
To guarantee that object module independently carries out the judgement of encrypted packet and authorization process, the safety of executable file is improved.
Optionally, in step s 302, detect that target process encrypts target by the system kernel of embedded device
The first performed operation of packet, wherein target encrypted packet is to obtain after being encrypted using encryption key to target executable file
The APMB package arrived, the first operation execute the second operation to target executable file for triggering.
It, can be by kernel uImage (that is, insertion in target process operation (the first operation, for example, load) target encrypted packet
The system kernel of formula equipment) execute kernel processes.Kernel uImage can detecte target process to performed by target encrypted packet
First operation.First operation, which can be triggered, executes the second operation (for example, map operation, read-write operation are held to executable file
Row operation etc.), before triggering to the second operation of executable file execution, need that target encrypted packet is decrypted, thus
To target executable file.
Optionally, in step s 304, in response to the first operation, judge whether target process is to be awarded by object module
Weigh to target encrypted packet execute first operation process, wherein object module be stored in embedded device in addition to kernel with
Program module in outer region, object module is for simulating operation performed by kernel.
In an alternative embodiment, judging whether target process is to be authorized to encrypt target by object module
Before packet executes the process of the first operation, objective function function pointer can be got by system kernel, wherein objective function
Function pointer is the pointer for the objective function function that object module includes, and objective function function is the function letter for responding the first operation
Number;By objective function function pointer, object module is jumped to.
When process operation file, kernel execution can jump to object module from uImage.It is patrolled according to the processing of system
Volume, due to the target encrypted packet be non-executable file format, can to target process whether be target encrypted packet authorization into
Cheng Jinhang judgement uses power function to can be progress recognizing power function (power function of the first operation of response).It is interior
Corresponding with the progress recognizing power function in core uImage is progress recognizing power function pointer, can be called by the pointer
Progress recognizing power function in object module jumps to object module to simulate kernel and execute.
For example, kernel execution can jump to independent ko from uImage, by independent ko according to configuration when process operation file
Whether table carries out process name, filename matching, be trusted process with judge operation vital document, to decide whether to execute solution
Close movement.The packet that can be defined as follows two structures to describe the process of operation and be loaded:
In structure 1, following information is defined respectively: the program filename and process of the file, Authorized operation that are operated
id。
In structure 2, define following information respectively: whether file pointer and the packet after protected packet opening need
Decryption.
Above-mentioned technical proposal through the embodiment of the present invention is executed kernel from system by objective function function pointer
Kernel jumps to independent ko, and kernel execution jumps simple, it is ensured that the efficiency that program executes.
In an alternative embodiment, judge whether target process is to be authorized to target encrypted packet by object module
The process for executing the first operation includes: to carry out process name and the target encryption of target process according to configuration file by object module
The matching of the encrypted packet name of packet, to judge whether target process is to be authorized to the process for executing the first operation to target encrypted packet,
Wherein, configuration file be used to indicate encrypted packet name corresponding with executable file and the authorized encrypted packet to executable file into
Corresponding relationship between the process name of row operation.
Object module can be used the configuration file (important packet allocation list) in object module and carry out progress recognizing, identify mesh
Whether mark process is to be authorized to the process that the first operation is executed to target encrypted packet.It may include having encrypted packet in configuration file
(being identified by encrypted packet indicates, for example, encrypted packet name) and authorization process (indicate, for example, process name) it by process identification (PID)
Between corresponding relationship, alternatively, encrypted packet, authorization process, authorization process allow to encrypted packet execute operation (pass through operation mark
Indicate, for example, operation name) between corresponding relationship.
The encrypted packet that target encrypted packet can be used in object module identifies, the process identification (PID) of target process is in configuration file
Process matching, or use the encrypted packet mark of target encrypted packet, the process identification (PID) of target process and the operation of the first operation
Mark in configuration file process match, determine target process whether be target encrypted packet authorization process.
Above-mentioned technical proposal through the embodiment of the present invention, by using configuration file carry out target encrypted packet and target into
The matching of journey, can quickly determine bid process whether be target encrypted packet authorization process, improve authorization process determine effect
Rate.
It optionally, is to be authorized to the process that the first operation is executed to target encrypted packet in target process in step S306
In the case where, target encrypted packet is decrypted by object module use decruption key corresponding with encryption key, obtains mesh
Mark executable file.
The judging result of object module can there are two types of, target process be authorized to target encrypted packet execute first operation
Process, target process be not be authorized to target encrypted packet execute first operation process.It is authorized pair in target process
In the case that target encrypted packet executes the process of the first operation, target encrypted packet is decrypted, is not to be awarded in target process
In the case where weighing the process for executing the first operation to target encrypted packet, target encrypted packet is not decrypted.
For example, independent ko reads configuration file.When some process, which is authorized to, calls vital document in encrypted packet, independent ko
It can be decrypted for it, what process obtained is in plain text.If it is unauthorized process, will not be decrypted for it.Because only being used in certain point
Transparent technology, it is all to be referred to as point transparent technology.
Embedded device can be read with adaptive document.For low side devices, encryption will affect performance, therefore only to part
File is encrypted;For high-end devices, encryption file percentage can be increased.Only object module can automatic identification file whether need
It is decrypted in kernel.
In an alternative embodiment, target is added by object module use decruption key corresponding with encryption key
Mi Bao is decrypted, and obtaining target executable file may include: first determined in target encrypted packet by object module
Encryption data, wherein the first encryption data is to be added using first part data of the encryption key to target executable file
Close obtained data, the data in target encrypted packet other than the first encryption data are in target executable file in addition to first
Data other than partial data;The first encryption data is decrypted using decruption key by object module, obtains first
Divided data;By object module using the data in first part's data and target encrypted packet in addition to the first encryption data, really
Make target executable file.
For different encrypted packets, object module can know that (the first encryption data, makes the encryption data in the encrypted packet
With the data of encryption keys) and non-encrypted data.For encryption data, can be used decruption key to the encryption data into
Row decryption, obtains first part's data corresponding in executable file, and by first part's data and non-encrypted data into
Row combination, obtains executable file.
It should be noted that the decruption key that uses of decryption can (symmetric cryptography) identical as encryption key, can also be with
Encryption key difference (asymmetric encryption), specific encryption and decryption mode, which can according to need, to be set, to this in the present embodiment
It is not especially limited.
Above-mentioned technical proposal through the embodiment of the present invention, by using encryption key to the partial document of executable file
It is encrypted, and the partial data in encrypted packet is decrypted using decruption key, obtain executable file, it is ensured that embedding
The runnability for entering formula equipment improves the operational efficiency of embedded device.
Optionally, in step S308, the second operation is executed to target executable file by target process.
After decrypting target executable file, the second behaviour can be executed to target executable file by target process
Make, second operation can be related with the type of executable file and the first operation, can include but is not limited to it is following at least it
One: map operation, read-write operation execute operation.
It should be noted that target encrypted packet (protected packet) can store the non-core, non-targeted in embedded device
The region of module, what object module executed can be the processing logic of progress recognizing and encrypted packet decryption, and what uImage was executed can
To be the processing logic other than progress recognizing and encrypted packet are decrypted.For low side devices, key can be encrypted in kernel,
For high-end devices, key be can store in safety chip.
Through this embodiment, vital document is decrypted and is protected using independent ko mode, several pointers are only passed to kernel, it is interior
Core change amount is small, without the risk of the kernel open source important source code of leakage company.
It is illustrated below with reference to processing method of the optional example to the executable file in the present embodiment.In this example
In, object module is independent ko.The interaction of kernel uImage and independent ko can be as shown in Figure 5 with implementation procedure.
Independent ko can establish a customized power function definition and uImage interaction, obtain key, protected packet
Allocation list (MY_FILE_INFO) reads allocation list.Since all executable modules have specific file header, with this file
Head can recognize the need for decrypt.
In the protected packet of process operation, kernel uImage determines the operation executed: vm_map (virtual memory mappings),
Read_write (read-write operation), do_execve (execute operation), execute kernel by power function pointer and are jumped by uImage
Go to independent ko.
Independent ko can simulate ko program process, complete the load and decryption to important ko file by independent kernel program;
So file loading procedure can be simulated, important so file is loaded and decrypted by the completion of independent kernel program;It can be with mould
Quasi- elf program loading procedure is loaded and is decrypted to important elf program by the completion of independent kernel program.By the above-mentioned means,
Independent ko can load ko packet procedures with adapter system, and the important ko packet of company is loaded and decrypted;Adapter system loads so
Packet procedures are loaded and are decrypted to important so packet of company;Adapter system loads elf packet procedures, to the important elf packet of company
It is loaded and is decrypted.
By this example, it can be designed for embedded device, meet its feature demand, good compatibility, can ensure that will not
Because invasion or internal malicious act cause vital document to be revealed.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation
The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much
In the case of the former be more preferably embodiment.Based on this understanding, technical solution of the present invention is substantially in other words to existing
The part that technology contributes can be embodied in the form of software products, which is stored in a storage
In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate
Machine, server or network equipment etc.) execute method described in each embodiment of the present invention.
A kind of processing unit of executable file is additionally provided in the present embodiment, and the device is for realizing above-described embodiment
And preferred embodiment, the descriptions that have already been made will not be repeated.As used below, term " module " may be implemented to make a reservation for
The combination of the software and/or hardware of function.It is hard although device described in following embodiment is preferably realized with software
The realization of the combination of part or software and hardware is also that may and be contemplated.
Fig. 6 is a kind of structural block diagram of the processing unit of optional executable file according to an embodiment of the present invention, such as Fig. 6
Shown, which includes:
(1) detection unit 62 detect target process to target encrypted packet for the system kernel by embedded device
The first performed operation, wherein target encrypted packet is to obtain after being encrypted using encryption key to target executable file
APMB package, first operation for trigger to target executable file execute second operation;
(2) judging unit 64 are connected with detection unit 62, for judging mesh by object module in response to the first operation
Whether mark process is to be authorized to the process that the first operation is executed to target encrypted packet, wherein object module is embedded to be stored in
The program module in region in equipment other than kernel, object module is for simulating operation performed by kernel;
(3) decryption unit 66 are connected with judging unit 64, for being to be authorized to execute target encrypted packet in target process
First operation process in the case where, by object module use decruption key corresponding with encryption key to target encrypted packet into
Row decryption, obtains target executable file;
(4) execution unit 68 are connected with decryption unit 66, for executing the to target executable file by target process
Two operations.
In an alternative embodiment, above-mentioned apparatus further include:
(1) first acquisition unit, for judging whether target process is to be authorized to encrypt target by object module
Before packet executes the process of the first operation, objective function function pointer is got by system kernel, wherein objective function function
Pointer is the pointer for the objective function function that object module includes, and objective function function is the power function for responding the first operation;
(2) jump-transfer unit is connected with first acquisition unit, for jumping to target mould by objective function function pointer
Block.
In an alternative embodiment, above-mentioned apparatus further include:
(1) loading unit detects target process to target encrypted packet institute for the system kernel by embedded device
Before the first operation executed, pass through kernel loads object module;
(2) transmission unit is connected with loading unit, for passing through object module for the power function pointer gauge of object module
It is transferred to kernel, wherein power function pointer gauge includes the pointer for the power function being directed toward in object module;
(3) second acquisition unit is connected with transmission unit, for obtaining target information from kernel by object module,
In, target information includes at least one of: decruption key, Profile Path name, the system function pointer gauge of kernel, configuration
File path name is used to indicate the pathname of the position of storage configuration file, and configuration file is for indicating corresponding with executable file
Encrypted packet encrypted packet name and be authorized to the process operated to the encrypted packet of executable file process name between pair
It should be related to.
In an alternative embodiment, above-mentioned apparatus further include:
(1) reading unit, for after kernel acquisition target information, including configuration in target information by object module
In the case where file path name, configuration file is read according to Profile Path name by object module;
(2) storage unit is connected with reading unit, for being stored configuration file to object module by object module
In.
In an alternative embodiment, judging unit 64 includes:
(1) matching module, for being added according to the process name that configuration file carries out target process with target by object module
The matching of the encrypted packet name of Mi Bao, with judge target process whether be authorized to target encrypted packet execute first operation into
Journey, wherein configuration file is used to indicate encrypted packet name corresponding with executable file and is authorized to the encryption to executable file
Wrap the corresponding relationship between the process name operated.
In an alternative embodiment, decryption unit 66 includes:
(1) first determining module, for determining the first encryption data in target encrypted packet by object module,
In, the first encryption data is the number encrypted using first part data of the encryption key to target executable file
According to, data in target encrypted packet other than the first encryption data be in target executable file in addition to first part's data with
Outer data;
(2) deciphering module is connected with the first determining module, for being encrypted using decruption key to first by object module
Data are decrypted, and obtain first part's data;
(3) second determining modules, are connected with deciphering module, for using first part's data and target by object module
Data in encrypted packet in addition to the first encryption data determine target executable file.
A kind of embedded device is additionally provided in the present embodiment, which may include any of the above-described embodiment
The processing unit of the executable file.
In an alternative embodiment, above-mentioned embedded device may include: system kernel, object module, the firstth area
Domain, second area, wherein operation has target process in system kernel, and object module is the program mould of storage in the first region
Block, object module are stored with target encrypted packet, target encrypted packet is to make for simulating operation performed by kernel in second area
The APMB package obtained after being encrypted with encryption key to target executable file, wherein
(1) system kernel, for detecting target process to the first operation performed by target encrypted packet, wherein first
Operation executes the second operation to target executable file for triggering;Second is executed to target executable file by target process
Operation;
(2) object module, for judging whether target process is to be authorized to hold target encrypted packet in response to the first operation
The process that row first operates;In the case where target process is to be authorized to execute the process of the first operation to target encrypted packet, make
Target encrypted packet is decrypted with decruption key corresponding with encryption key, obtains target executable file.
It should be noted that above-mentioned modules can be realized by software or hardware, for the latter, Ke Yitong
Following manner realization is crossed, but not limited to this: above-mentioned module is respectively positioned in same processor;Alternatively, above-mentioned modules are with any
Combined form is located in different processors.
The embodiments of the present invention also provide a kind of storage medium, computer program is stored in the storage medium, wherein
The computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to: USB flash disk, read-only memory (Read-
Only Memory, referred to as ROM), it is random access memory (Random Access Memory, referred to as RAM), mobile hard
The various media that can store computer program such as disk, magnetic or disk.
The embodiments of the present invention also provide a kind of electronic device, including memory and processor, stored in the memory
There is computer program, which is arranged to run computer program to execute the step in any of the above-described embodiment of the method
Suddenly.
Optionally, above-mentioned electronic device can also include transmission device and input-output equipment, wherein the transmission device
It is connected with above-mentioned processor, which connects with above-mentioned processor.
Optionally, the specific example in the present embodiment can be with reference to described in above-described embodiment and optional embodiment
Example, details are not described herein for the present embodiment.
Obviously, those skilled in the art should be understood that each module of the above invention or each step can be with general
Computing device realize that they can be concentrated on a single computing device, or be distributed in multiple computing devices and formed
Network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored
It is performed by computing device in the storage device, and in some cases, it can be to be different from shown in sequence execution herein
Out or description the step of, perhaps they are fabricated to each integrated circuit modules or by them multiple modules or
Step is fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific hardware and softwares to combine.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.It is all within principle of the invention, it is made it is any modification, etc.
With replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (11)
1. a kind of processing method of executable file characterized by comprising
Detect target process to the first operation performed by target encrypted packet by the system kernel of embedded device, wherein
The target encrypted packet is the APMB package obtained after being encrypted using encryption key to target executable file, first behaviour
It acts on triggering and the second operation is executed to the target executable file;
In response to first operation, judge whether the target process is to be authorized to encrypt the target by object module
Packet executes the process of first operation, wherein the object module is to be stored in the embedded device in addition to described interior
The program module in region other than core, the object module is for simulating operation performed by the kernel;
In the case where the target process is to be authorized to execute the process of first operation to the target encrypted packet, pass through
The target encrypted packet is decrypted in object module use decruption key corresponding with the encryption key, obtains described
Target executable file;
Second operation is executed to the target executable file by the target process.
2. the method according to claim 1, wherein judging that the target process is by the object module
It is no for be authorized to the target encrypted packet execute it is described first operation process before, the method also includes:
Objective function function pointer is got by the system kernel, wherein the objective function function pointer is the mesh
The pointer for the objective function function that mark module includes, the objective function function are the power function of response first operation;
By the objective function function pointer, the object module is jumped to.
3. the method according to claim 1, wherein being run in the kernel by the embedded device
The system kernel detect the target process to performed by the target encrypted packet it is described first operation before, it is described
Method further include:
Pass through object module described in the kernel loads;
The power function pointer gauge of the object module is transferred to the kernel by the object module, wherein the function
It can pointer of the function pointer gauge comprising the power function in the direction object module;
Target information is obtained from the kernel by the object module, wherein the target information includes at least one of:
The decruption key, Profile Path name, the system function pointer gauge of the kernel, the Profile Path name are used for table
Show that the pathname of the position of storage configuration file, the configuration file are used to indicate adding for encrypted packet corresponding with executable file
Close Bao Mingyu is authorized to the corresponding relationship between the process name of the process operated to the encrypted packet of executable file.
4. according to the method described in claim 3, it is characterized in that, obtaining the mesh from the kernel by the object module
After marking information, the method also includes:
In the case where the target information includes the Profile Path name, by the object module according to the configuration
File path name reads the configuration file;
The configuration file is stored into the object module by the object module.
5. the method according to claim 1, wherein whether judging the target process by the object module
Include: to be authorized to the process for executing first operation to the target encrypted packet
The process name of the target process and adding for the target encrypted packet are carried out according to configuration file by the object module
The matching of close packet name, to judge whether the target process is to be authorized to execute first operation to the target encrypted packet
Process, wherein the configuration file is for indicating encrypted packet name corresponding with executable file and being authorized to executable file
The process name that is operated of encrypted packet between corresponding relationship.
6. the method according to claim 1, wherein passing through the object module use and the encryption key pair
The target encrypted packet is decrypted in the decruption key answered, and obtains the target executable file and includes:
The first encryption data in the target encrypted packet is determined by the object module, wherein the first encryption number
It is described according to the data to be encrypted using first part data of the encryption key to the target executable file
Data in target encrypted packet other than first encryption data are in the target executable file in addition to described first
Data other than partial data;
First encryption data is decrypted using the decruption key by the object module, obtains described first
Divided data;
It is used by the object module and removes first encryption data in first part's data and the target encrypted packet
Data in addition determine the target executable file.
7. method according to any one of claim 1 to 6, which is characterized in that the target executable file is following
One of: target kernel module file, target share library file, target executable program, first operation are as follows: load, it is described
Second operation is one of the following: map operation, read-write operation execute operation.
8. a kind of processing unit of executable file characterized by comprising
Detection unit detects target process to performed by target encrypted packet for the system kernel by embedded device
One operation, wherein the target encrypted packet is the Bao Wen obtained after being encrypted using encryption key to target executable file
Part, first operation execute the second operation to the target executable file for triggering;
Judging unit, for judging whether the target process is authorized by object module in response to first operation
The process of first operation is executed to the target encrypted packet, wherein the object module is to be stored in described embedded set
The program module in region in standby other than the kernel, the object module is for simulating behaviour performed by the kernel
Make;
Decryption unit, for being to be authorized to the process for executing first operation to the target encrypted packet in the target process
In the case where, the target encrypted packet is carried out by object module use decruption key corresponding with the encryption key
Decryption, obtains the target executable file;
Execution unit, for executing second operation to the target executable file by the target process.
9. a kind of embedded device characterized by comprising system kernel, object module, first area, second area,
In, operational objective process in the system kernel, the object module is the program module being stored in the first area, institute
Object module is stated for simulating operation performed by the kernel, target encrypted packet, the mesh are stored in the second area
Marking encrypted packet is the APMB package obtained after being encrypted using encryption key to target executable file, wherein
The kernel, for detecting the target process to performed by the target encrypted packet by the system kernel
One operation, wherein first operation executes the second operation to the target executable file for triggering;
The object module, for judging whether the target process is to be authorized to the mesh in response to first operation
Mark encrypted packet executes the process of first operation;It is to be authorized to described in target encrypted packet execution in the target process
In the case where the process of first operation, the target encrypted packet is solved using decruption key corresponding with the encryption key
It is close, obtain the target executable file;
The kernel, for executing second operation to the target executable file by the target process.
10. a kind of storage medium, which is characterized in that be stored with computer program in the storage medium, wherein the computer
Program is arranged to execute method described in any one of claim 1 to 7 when operation.
11. a kind of electronic device, including memory and processor, which is characterized in that be stored with computer journey in the memory
Sequence, the processor are arranged to execute side described in any one of claim 1 to 7 by the computer program
Method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910708539.5A CN110457870A (en) | 2019-08-01 | 2019-08-01 | Processing method and processing device, embedded device and the storage medium of executable file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910708539.5A CN110457870A (en) | 2019-08-01 | 2019-08-01 | Processing method and processing device, embedded device and the storage medium of executable file |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110457870A true CN110457870A (en) | 2019-11-15 |
Family
ID=68484541
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910708539.5A Pending CN110457870A (en) | 2019-08-01 | 2019-08-01 | Processing method and processing device, embedded device and the storage medium of executable file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110457870A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111209059A (en) * | 2020-01-14 | 2020-05-29 | 中国北方车辆研究所 | Embedded software multi-version control system and method |
| CN111737660A (en) * | 2020-06-28 | 2020-10-02 | 浙江大华技术股份有限公司 | Method, system and storage medium for realizing software authorization |
| CN113064668A (en) * | 2021-03-26 | 2021-07-02 | 中国航空无线电电子研究所 | Embedded platform executable file data online loading control system |
| CN113407434A (en) * | 2020-03-16 | 2021-09-17 | 腾讯科技(深圳)有限公司 | Processing method and device for debugging file |
| CN113821273A (en) * | 2021-09-23 | 2021-12-21 | 武汉深之度科技有限公司 | Application program running method, computing device and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101901313A (en) * | 2010-06-10 | 2010-12-01 | 中科方德软件有限公司 | Linux file protection system and method |
| CN102902914A (en) * | 2012-09-05 | 2013-01-30 | 福建伊时代信息科技股份有限公司 | Method and device for achieving terminal tracelessness |
| CN104331644A (en) * | 2014-11-24 | 2015-02-04 | 北京邮电大学 | Transparent encryption and decryption method for intelligent terminal file |
| CN105760779A (en) * | 2016-02-18 | 2016-07-13 | 武汉理工大学 | Bidirectional file encryption system based on FUSE |
| CN106570395A (en) * | 2016-10-31 | 2017-04-19 | 大唐高鸿信安(浙江)信息科技有限公司 | Security protection method for operation system command |
| US20180102902A1 (en) * | 2016-10-11 | 2018-04-12 | BicDroid Inc. | Methods, systems and computer program products for data protection by policing processes accessing encrypted data |
| CN109033824A (en) * | 2018-09-05 | 2018-12-18 | 郑州信大壹密科技有限公司 | Cloud disk safety access method based on virtual isolation mech isolation test |
-
2019
- 2019-08-01 CN CN201910708539.5A patent/CN110457870A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101901313A (en) * | 2010-06-10 | 2010-12-01 | 中科方德软件有限公司 | Linux file protection system and method |
| CN102902914A (en) * | 2012-09-05 | 2013-01-30 | 福建伊时代信息科技股份有限公司 | Method and device for achieving terminal tracelessness |
| CN104331644A (en) * | 2014-11-24 | 2015-02-04 | 北京邮电大学 | Transparent encryption and decryption method for intelligent terminal file |
| CN105760779A (en) * | 2016-02-18 | 2016-07-13 | 武汉理工大学 | Bidirectional file encryption system based on FUSE |
| US20180102902A1 (en) * | 2016-10-11 | 2018-04-12 | BicDroid Inc. | Methods, systems and computer program products for data protection by policing processes accessing encrypted data |
| CN106570395A (en) * | 2016-10-31 | 2017-04-19 | 大唐高鸿信安(浙江)信息科技有限公司 | Security protection method for operation system command |
| CN109033824A (en) * | 2018-09-05 | 2018-12-18 | 郑州信大壹密科技有限公司 | Cloud disk safety access method based on virtual isolation mech isolation test |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111209059A (en) * | 2020-01-14 | 2020-05-29 | 中国北方车辆研究所 | Embedded software multi-version control system and method |
| CN111209059B (en) * | 2020-01-14 | 2023-03-03 | 中国北方车辆研究所 | Embedded software multi-version control system and method |
| CN113407434A (en) * | 2020-03-16 | 2021-09-17 | 腾讯科技(深圳)有限公司 | Processing method and device for debugging file |
| CN111737660A (en) * | 2020-06-28 | 2020-10-02 | 浙江大华技术股份有限公司 | Method, system and storage medium for realizing software authorization |
| CN111737660B (en) * | 2020-06-28 | 2023-11-17 | 浙江大华技术股份有限公司 | Method, system and storage medium for realizing software authorization |
| CN113064668A (en) * | 2021-03-26 | 2021-07-02 | 中国航空无线电电子研究所 | Embedded platform executable file data online loading control system |
| CN113064668B (en) * | 2021-03-26 | 2024-03-15 | 中国航空无线电电子研究所 | On-line loading control system for executable file data of embedded platform |
| CN113821273A (en) * | 2021-09-23 | 2021-12-21 | 武汉深之度科技有限公司 | Application program running method, computing device and storage medium |
| CN113821273B (en) * | 2021-09-23 | 2023-10-13 | 武汉深之度科技有限公司 | Application program running method, computing device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110457870A (en) | Processing method and processing device, embedded device and the storage medium of executable file | |
| EP3479282B1 (en) | Targeted secure software deployment | |
| JP6437433B2 (en) | Protected communication between a medical device and its remote device | |
| CN108781210A (en) | Mobile device with credible performing environment | |
| CN100365650C (en) | Noncontact IC card communication system and communication method | |
| US20110060915A1 (en) | Managing Encryption of Data | |
| EP3780484B1 (en) | Cryptographic operation and working key creation method and cryptographic service platform and device | |
| CN106055936B (en) | Executable program data packet encrypting/decrypting method and device | |
| CN101228531A (en) | Execution device | |
| CN106055341A (en) | Application installation package checking method and device | |
| KR20190039603A (en) | Security processor chip and terminal device | |
| CN106855926A (en) | Malicious code detecting method, system and a kind of mobile terminal under Android system | |
| FR2996328A1 (en) | METHOD FOR PROTECTING SENSITIVE DATA TRANSMITTED IN AN NFC SYSTEM | |
| CN109447651A (en) | Business air control detection method, system, server and storage medium | |
| CN109086578A (en) | A kind of method that soft ware authorization uses, equipment and storage medium | |
| CN107667376A (en) | For data monitoring with mitigate in object-oriented situation transmission sex chromosome mosaicism technology | |
| CN106020868B (en) | A kind of smart card firmware update and system | |
| CN106384042A (en) | Electronic device and security system | |
| EP3241143B1 (en) | Secure element | |
| EP1950680A1 (en) | Communication terminal device, server terminal device, and communication system using the same | |
| CN111404706B (en) | Application downloading method, secure element, client device and service management device | |
| CN102770869B (en) | The Secure execution of computational resource | |
| JP6318868B2 (en) | Authentication system and portable communication terminal | |
| CN107995230A (en) | A kind of method for down loading and terminal | |
| CN110232261A (en) | Operating method, document handling apparatus and the equipment with store function of APMB package |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191115 |
|
| RJ01 | Rejection of invention patent application after publication |