CN101888623B - Safety service-based mobile network safety protection method - Google Patents
Safety service-based mobile network safety protection method Download PDFInfo
- Publication number
- CN101888623B CN101888623B CN2010101732329A CN201010173232A CN101888623B CN 101888623 B CN101888623 B CN 101888623B CN 2010101732329 A CN2010101732329 A CN 2010101732329A CN 201010173232 A CN201010173232 A CN 201010173232A CN 101888623 B CN101888623 B CN 101888623B
- Authority
- CN
- China
- Prior art keywords
- software
- ssp
- terminal
- mtm
- mobile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a safety service-based mobile network safety protection system, which comprises a mobile terminal (MT), a mobile trusted calculation module (MTM), a mobile network safety server (SSP) and a safety software supplier (SWP). The structure of the system is shown by a figure 9. The mobile trusted calculation module is connected with the mobile terminal through a USB interface, and a terminal safety environment is realized by trusted start-up and access control. The mobile network safety server provides safety services for the whole network, and the behavior of the mobile terminal is controlled through a network safety protocol. The safety software supplier provides applications for the terminals and makes a signature on the software to ensure the safety of the software.
Description
Technical field
The present invention is a kind of system and its implementation in the realization security service function that has mobile network basis upper framework now.This system can effectively solve the portable terminal safety problem, for whole mobile network provides security service, can be applicable to mobile radio communication, the technical technical field that belongs to mobile network's safety.
Background technology
Mobile network's safety is a technical field with high content of technology, that attention rate is high.It involves system's operation of portable terminal, the structure of network, a plurality of links such as strick precaution of virus.Along with the development of mobile communication technology, mobile phone terminal loaded service kind is more and more, and mobile network's safety also more and more receives people's attention.Existing up to now multiple solution is invented and is come into operation.
Yet the method for present various solution mobile network safety problems mainly is based on mobile phone terminal and makes up the virus killing environment, does not consider from whole mobile network environment.Mobile phone terminal is owing to the restriction of conditions such as storage, computing, power consumption, and single virus killing mode can not well be applied to the mobile network, the very big restriction that in application, receives.
Among this paper, portable terminal (MT) is meant user mobile phone terminal; Move trusted module (MTM) and be meant the module that safety function is provided based on Trusted Computing; Security service supplier (SSP) is meant and is structured in the core net, the part of security service function is provided; Software supplier (SWP) is meant the company that operating system and application software are provided for the user.
Summary of the invention
Technical problem: to the deficiency of above-mentioned existing solution mobile network safety problem method; The target of the present invention's design is: from whole mobile network environment characteristics, design a kind of mobile network's safety protecting method based on security service, this method is fit to move the characteristics at networking; On the basis at existing networking, make up; It is convenient to realize, can effectively protect portable terminal safety, for the user provides security service efficiently.
Technical scheme: a kind of mobile network's safety protecting method based on security service of the present invention has increased mobile trusted module MTM, security service supplier SSP and three roles of software supplier on existing mobile network basis; Move trusted module MTM and be connected through USB interface, make up the secure and trusted environment with portable terminal with portable terminal MT; Security service supplier SSP is that terminal security provides support through the break-make and the verification terminal integrality of control mobile terminal network; Access system resources provided foundation when software supplier was running software through software certificate is provided; This means of defence step is specific as follows:
Whole system makes up on existing mobile network basis.Mobile trustable computation module links to each other with portable terminal through USB interface, realizes the terminal security environment through credible startup and access control.Mobile network's security server is that whole network provides security service, through the behavior of network security protocol control portable terminal.The SWP of fail-safe software provider is that the terminal provides application software, and software signed guarantees the safety of software.
1) portable terminal starts:
1a. the terminal powers on, the credible start-up code from MTM begins to start,
1b. credible start-up code check system initial work and operating system loading program,
1c.MTM search the software certificate that is stored among the MTM according to check results, if normal, then jump to next step, if undesired, then remind user's existing systems to have potential safety hazard, and in ensuing use, limited function is provided,
1d. the executive system load module, and operating system nucleus carried out completeness check,
1e. seek and the verification software certificate, if normal, then start the operating system, if undesired, remind the user, and limited function is provided in ensuing use,
1f. the operating system check system starts the back process of operation automatically, searches software certificate, if normal, then allows to carry out, if undesired, reminds the user not allow the execution of this process;
2) connection of mobile terminal into network:
After 2a. portable terminal starts, generate an integrity report and supply access authentication to call,
2b.MT to SSP the access request is proposed,
2c.SSP according to integrity report verification terminal integrality, as imperfect, refusal inserts and sends and feeds back to the terminal, as complete, the request of then will inserting is transmitted to authentication, authorization and accounting server AAA,
2d.AAA authentication MT generates session key, and key packet is dressed up message sends to SSP,
2e.SSP send comprise key and authentication information message to MT, mobile terminal authentication AAA, and check session key uses when supplying next session;
3) mobile terminal downloads software:
3a.MT to SSP the downloaded software request is proposed,
3b.SSP judge MT whether the download authority is arranged,, then sends the refusal download message and give MT if do not have,
3c. if the download authority is arranged, SSP transmits the corresponding SWP that downloads request to of MT,
3d.SWP with own private key signature, and the software that will have a SWP signature sends SSP to downloaded software, and has the software certificate corresponding with software,
3e.SSP the SWP signature of inspection software, the verification software data, and with oneself private key software is signed, the software that will have the SSP signature sends MT to, the integrity report at this terminal of while SSP renewal,
3f.SSP produce charge information to AAA;
4) portable terminal install software:
4a.MT the operation installation procedure,
4b.MT the SSP signature of inspection installation procedure, as it is illegal to sign, and does not give installation license, as it is legal to sign, and then allows to install,
4c.MT the software certificate that software is corresponding stores among the MTM;
5) terminal operating software:
5a. executive utility, system kernel loader code,
5b. the hashed value of computing application program binary code writes the descriptor of process with it,
5c. program process is the calling system resource if desired, first invoke system call visits again resource,
5d. the credible verification service of kernel calls MTM,
5e.MTM whether the software certificate of corresponding stored determines it by the authority of access resources, and the result is returned to operating system,
5f. operating system is according to Control Software process access resources as a result;
The groundwork process of system is: the portable terminal back that powers on starts from trusted root, and chain-of-trust is extended to the whole terminal system, and generates when an integrity report supplies access network and call; In the time of accessing terminal to network, SSP inspection terminal integrality is carried out access authentication; In the time of terminal downloads software, SSP need check the qualification of download; The terminal install software needs relevant SSP of inspection and the signing certificate of SWP; Terminal operating software need be to the software control that conducts interviews.
Beneficial effect: (1) security protection system provides unified security service from whole mobile network by operator, most of safety problem is transferred to operator handle, and has alleviated the burden of portable terminal to a certain extent, on the whole maintaining system safety; (2) make up the terminal system platform based on Trusted Computing, viral propagation has fundamentally been stopped in the transmission of chain-of-trust; (3) trusted root of portable terminal from trusted module starts, and chain-of-trust is passed to operating system, guaranteed the safety of system; (4) in the running of mobile terminal process, thread is carried out the access control based on the role, effectively protection system safety the time, the postrun chain-of-trust transmission of the system that realized efficiently; (5) trusted module of USB interface has been realized and communications of Mobile Terminals easily, and the design of trusted module simultaneously meets the needs of whole system; (6) in the existing network framework, add this role of security server,, focus on safe matters for the terminal use provides security service; (7) design of security protocol guarantees the message transfer of safety between each role.
This system makes up on existing mobile network basis, realizes more conveniently, only needs in carrier network, to add security service supplier (SSP), in portable terminal, adds and moves trusted module (MTM).System provides security service for the user on the whole, and access control is combined with Trusted Computing, for the terminal has made up trusted context efficiently, has fundamentally stopped viral propagation.This system is fit to operator and uses very much: operator need not the existing network facility is carried out big transformation; Only need to add security server; Trusted module is provided, and associating software supplier provides security service for the user, has both helped controlling the propagation realization terminal security of virus; The interests that also help maintenance software provider, the protection software copyright.
Description of drawings
Fig. 1 is mobile network's security protection system structure abstract graph;
Fig. 2 is the structure chart of credible start-up code;
Fig. 3 is the credible start-up course figure of portable terminal;
Fig. 4 is fine granularity access control figure;
Fig. 5 is role's hierarchical design figure;
Fig. 6 is mobile terminal software implementation structure figure;
Fig. 7 is fine granularity access control software realization flow figure;
Fig. 8 is that the terminal integrality is collected illustraton of model.
Embodiment
Mobile network's security protection system structure:
The abstract structure of mobile network's security protection system is as shown in Figure 1.Relevant with security service mainly comprise four parts: 1) portable terminal MT; 2) move trusted module MTM; 3) security service supplier SSP; 4) SWP of fail-safe software provider.
Portable terminal MT: the mobile phone that the user uses, be connected through wireless mode with WAP, be connected through USB interface with mobile trusted module MTM.Abilities such as conversation, data access, down loading mounting software are arranged.Behind the mobile terminal-opening, through the integrality of the credible startup check system of trusted module, the checking integrality makes up the secure and trusted environment through the access control that combines with trusted certificates during access network.
Move trusted module MTM: realize the nucleus module of Trusted Computing function, be connected with portable terminal through USB interface.In randomizer, public key algorithm RSA engine, SHA SHA-1 engine, credible start-up code section, these several modules of memory are arranged.For system provides credible startup root, produce various keys and generate and the required random number of signing, generate association key, accomplish the encryption and decryption operation, functions such as storage related credentials.
Security service supplier SSP: for the user in the network provides security service, come the supervisory user behavior, prevent the virus propagation through the Control Network break-make.Guarantee the fail safe of user's download software, for the structure of portable terminal security context provides support service.
The SWP of software supplier: mobile phone terminal software supplier, like Microsoft, Macfee etc. are for portable terminal systems soft ware and application software person to be provided.Fail-safe software provider comes the source of certifying software through the signature to software, makes up the secure and trusted environment through providing software certificate to help portable terminal.
At first need define the legitimacy of user's integrality and software:
User's integrality is defined as: the hardware configuration of portable terminal and operating system is not by illegal, and installed software all has the SWP signature in the system.Do not meet the integrality that all is regarded as having destroyed the user of afore mentioned rules.The acquisition of terminal software has two approach: the software that the software of the support customized service that is provided by operator when user mobile phone is opened an account and user upgrade voluntarily and obtain through legal procedure.If these softwares have been destroyed, user terminal does not just satisfy the integrality requirement so.
The well-formed definition of software is: the software of terminal downloads must be that software must have the signature of SWP and SSP when installing through SSP audit approval.Should there be identity and safety to wait attribute in the legal software.Identity attribute is the digital certificate that SWP signs and issues for this software, and security attribute then is summary info and the SWP of these software source codes ciphering signature to this summary info, also has the related credentials of softward interview access authorization for resource.
Under above-mentioned definition, the running of whole security protection system is following:
(1) MTM of portable terminal checks the integrality of user terminal when handset starting, and the legitimacy of detecting process and thread forms report with imperfect or illegal security incident and sends to SSP in the process of implementation;
(2) SSP deals with through predefined safety regulation.If software imperfection problem explains that cell phone software suffers virus attack or artificial deletion, SSP will in time remind the terminal to recover original installation; If process or thread illegal operation, explain that also the process of software or thread subprogram revised by virus, SSP in time notifies portable terminal, and recovers original installation;
(3) if portable terminal need be downloaded new software, will file an application to SSP, SSP tests to the legitimacy that it is about to downloaded software, after the qualification of inspection SWP, reaches the purpose of control mobile terminal downloads behavior through the Control Network break-make;
(4) SSP forms charging report with the security service of being done, and charges to portable terminal in authentication, authentication and charging (AAA) center of notice operator.
Portable terminal secure and trusted environment construction:
The structure of terminal trusted context mainly is divided into system start-up and two states of system's operation.
After system powered on, at first the credible start-up code from trusted module began to start.The structure of credible start-up code is as shown in Figure 2.System initialization code is that platform is relevant, and its initialize routine of different platforms is different, and generally realizes with the assembler language of particular platform.The code of this part is the least possible, because consider the transplantability of platform, short as far as possible bottom code can reduce the workload when transplanting.And the completeness check code of back generally has versatility, generally uses the C language to realize.
The completeness check code will carry out completeness check to following code segment; And in fact this section code is exactly the load module of some sophisticated system initial work and operating system, and check results is saved in the platform configuration register of MTM, searches relevant certificate then; And if system is normal; The certificate of this code segment should be kept in the memory of MTM, then carries out the checking of certificate, and is correspondingly processed.Equally, also have a checking routine later on, be responsible for the kernel of operating system is carried out completeness check, thereby accomplish the chain-of-trust transmission in system starting process at this section code.The credible start-up course of portable terminal is as shown in Figure 3.
During the code segment of an entity, its can be saved in its hashed value in the specific platform configuration register after previous trusted entity checks, seeks the certificate relevant with verification then, if certificate is not inconsistent, and two kinds of processing modes later at this moment.(1) directly stop to start, virus possibly distorted or infected to the present embedded system of prompting user, waits for that customer contact production firm deals with problems; (2) continue to start, but point out the present system of user that potential safety hazard is arranged, and in the follow-up running of system, limited function only is provided.
After system's operation, realize the efficient transfer of chain-of-trust through the fine granularity access control.The fine granularity access control comes down to a kind of access control based on the role, and " role " here is " process " of operating system and software.Fine granularity access control principle is as shown in Figure 4.In this design; Each process all can have one or more certificates, and their can be stored in the memory of mobile trustable computation module MTM when installation system software, and need verify when becoming certain role in the functional block of certain process; Operating system nucleus will be visited MTM; And the hashed value and the Role Information of application software binary file be provided, by the MTM credibility of portion's authentication function piece within it, and then provide the result of checking; Return to operating system nucleus, kernel is handled accordingly again then.The benefit of this verification mode is to have guaranteed to the full extent the flexibility of system, and for former application program, the developer only need apply for that corresponding certificate just can move on new portable terminal; On the other hand, all in the inner completion of MTM, this helps the safety problem centralization process of whole checking, as long as the fail safe of reinforcing module itself just can improve the security performance of whole system.
After the system start-up, chain-of-trust is delivered to operating system, and operating system is the object that can trust, is safe.The safety problem of system is exactly in fact the unauthorized access to resource.The visit main body in the operating system---process is divided into littler part.Be that process is divided into functional block one by one according to its function this cutting apart, and needs accesses network such as process, and this part just can be split so becomes an independently functional block; If process is wanted the access file system, this part also will independently be treated so.If these functions need really be had an effect, so must be through the access control of operating system, just so-called access control based on the role.If the functional block of process can be through credible checking, it just can obtain specific " role " so, and " authority " of acquisition visit particular system resource.Simultaneously, this credible checking is that session is relevant, that is to say, if process also will be visited same system resource next time, also will pass through so credible checking.
Then adopt the mode of hierarchical design for the role, as shown in Figure 5.At first confirm five types of middle level roles: direct address visitor, file system access person, interprocess communication person, module loading person, web visitor.Then these five types of roles are segmented again, just can segment such as file system access person becomes: superblock visitor, index node inode visitor and file access person.Simultaneously, these five types of roles can also make up, and become the new role of higher level, and each role have two copies of read and write.
Just be to simplify the distribution of authority for the purpose of role's detailed design; Through such hierarchical design; The role of every bottom has the access rights (each role has two copies of read and write) to certain system resource, and the role of a high level then has the access rights to a series of related resources.
Mobile terminal software is realized:
The mobile terminal software implementation structure is as shown in Figure 6.The part that needs to realize mainly is kernel service layer and MTM driver.
The MTM driver mainly is responsible for directly communicating with mobile trusted module, just carries out alternately through the USB interface at terminal and the processor of MTM, uses functions such as its credible verification that provides, encryption and decryption.
The kernel service layer in fact also is a kernel thread, and in fact so-called kernel thread is exactly to move at kernel state always, memory-resident, the Lightweight Process of completion assigned work.Because can not be to the MTM concurrent access; So mainly being responsible for the credible checking request of application programs functional block or the initiation of other kernel thread, the kernel service layer carries out uniform dispatching; Simultaneously; It encapsulates the service that provides again with many bottom operations that the MTM driver is provided, and has also guaranteed the fail safe of system.
Software flow is as shown in Figure 7.At first, if in system, moved an application program, kernel can at first be reference program storage allocation space and initialization; At this moment the loader code, should call the hashed value of the hash service compute application binaries code of kernel service layer then; The hash service then can be called the MTM driver, calls the SHA-1 engine in the chip, calculates hashed value; And it is returned, then this hashed value is write in the descriptor of process, and other parts of initialize process descriptor.Process is normally carried out then; And if process needs the calling system resource; It at first can invoke system call so; Prepare access system resources then, at this moment kernel will process be indicated, application binary hashed value and need accessed resources to indicate as parameter, call the credible verification service in the kernel service layer.Credible verification service access MTM driver, MTM can indicate according to process, in self memory, searches related credentials, and with the hashed value contrast of binary file, whether comparison has the authority of visit particular system resource then, and the result is returned.According to the structure of verification, kernel can control process continuation access system resources return user's attitude then, or directly returns user's attitude, and reports an error.
Portable terminal integrality gathering method:
Behind the starting up of terminal, the terminal integrality is collected statistics, terminal integrality collection work is accomplished by MTM.After system powers on,, integrality is added up according to Fig. 8 model along with the transmission of chain-of-trust.
In this model, the hardware integrality is meant the state of start back system hardware; The operating system integrality is meant the state of system kernel; The application software integrality refers to installed software state in the system; Process integrity refers to the state of system's running process.The integrality state in each step of system start-up all can be reported among the MTM.
After system start-up is accomplished, generates an integrity report, and call when being kept among the MTM confession access authentication.
The software certificate structure that SWP provides:
During mobile terminal downloads software, SWP also has a software certificate corresponding with downloaded software except software is provided.During the terminal install software, software certificate also can store among the MTM.Software needs access system resources at terminal operating, and operating system will be searched the certificate among the MTM, and decision changes the authority whether software process has access resources.
The structure of software certificate is as follows:
● software certificate
■ certificate version information
The ■ certificate serial number
The signature algorithm that the ■ certificate uses
■ certificate issue person title
The ■ validity period of certificate
◆ before so-and-so on date
◆ after so-and-so on date
The sign of the corresponding software of ■ certificate number
The hashed value of the corresponding software binary code of ■ certificate
■ software allows the access system resources parameter
◆ network equipment visit
◆ file system access
◆ internal storage access
◆......
■ certificate issue person SWP identification number
■ certificate issue person SWP signature.
This method has increased mobile trusted module MTM, security service supplier SSP and three roles of software supplier on existing mobile network basis; Move trusted module MTM and be connected through USB interface, make up the secure and trusted environment with portable terminal with portable terminal MT; Security service supplier SSP is that terminal security provides support through the break-make and the verification terminal integrality of control mobile terminal network; Access system resources provided foundation when software supplier was running software through software certificate is provided; This means of defence step is specific as follows:
Portable terminal is credible, and the startup flow process is:
A. the terminal powers on, and the credible start-up code from MTM begins to start;
B. credible start-up code check system initial work and operating system loading program;
C.MTM searches the software certificate that is stored among the MTM according to check results, if normal, then jumps to next step, if undesired, then remind user's existing systems to have potential safety hazard, and in ensuing use, limited function is provided;
D. executive system load module, and operating system nucleus carried out completeness check;
E. seek and the verification software certificate,, then start the operating system,, remind the user, and limited function is provided in ensuing use if undesired if normal;
F operating system check system starts the back process of operation automatically, searches software certificate, if normal, then allows to carry out, if undesired, reminds the user not allow the execution of this process.
The connection of mobile terminal into network flow process is:
A. after portable terminal starts, generate an integrity report and supply access authentication to call;
B.MT proposes the access request to SSP;
C.SSP is according to integrity report verification terminal integrality, and as imperfect, refusal inserts and sends and feeds back to the terminal, and as complete, the request of then will inserting is transmitted to authentication, authorization and accounting server AAA;
D.AAA authentication MT generates session key, and key packet is dressed up message sends to SSP;
E.SSP send comprise key and authentication information message to MT, mobile terminal authentication AAA, and check session key uses when supplying next session.
The mobile terminal downloads software flow is:
A.MT proposes the downloaded software request to SSP;
B.SSP judges whether MT has the download authority, if do not have, then sends the refusal download message and gives MT;
If c. the download authority is arranged, SSP transmits the corresponding SWP that downloads request to of MT;
With own private key signature, and the software that will have a SWP signature sends SSP to d.SWP with downloaded software, and has the software certificate corresponding with software;
The SWP signature of e.SSP inspection software, the verification software data, and with oneself private key software is signed, the software that will have the SSP signature sends MT to, the integrity report at this terminal of while SSP renewal;
F.SSP produces charge information to AAA.
Portable terminal install software flow process is:
A.MT moves installation procedure;
The SSP signature of b.MT inspection installation procedure, as it is illegal to sign, and does not give installation license, as it is legal to sign, and then allows to install;
The software certificate that c.MT is corresponding with software stores among the MTM.
The running of mobile terminal software flow is:
A. executive utility, system kernel loader code;
B. the hashed value of computing application program binary code writes the descriptor of process with it;
C. program process calling system resource if desired, first invoke system call visits again resource;
D. the credible verification service of kernel calls MTM;
Whether the software certificate of e.MTM corresponding stored determines it by the authority of access resources, and the result is returned to operating system;
F. operating system is according to Control Software process access resources as a result.
Claims (5)
1. the mobile network's safety protecting method based on security service is characterized in that this method has increased mobile trusted module MTM, security service supplier SSP and three roles of the SWP of software supplier on existing mobile network basis; Move trusted module MTM and be connected through USB interface, make up the secure and trusted environment with portable terminal with portable terminal MT; The break-make of security service supplier SSP through the control mobile terminal network and hardware configuration that verification terminal integrality is portable terminal and operating system is by illegal, and installed software all has SWP and signs in the system, for terminal security provides support; Access system resources provided foundation when software supplier was running software through software certificate is provided;
This means of defence step is specific as follows:
1). the credible startup of portable terminal;
A. the terminal powers on, and the credible start-up code from MTM begins to start;
B. credible start-up code check system initial work and operating system loading program;
C. MTM searches the software certificate that is stored among the MTM according to check results, if normal, then jumps to next step, if undesired, then remind user's existing systems to have potential safety hazard, and in ensuing use, limited function is provided;
D. executive system load module, and operating system nucleus carried out completeness check;
E. seek and the verification software certificate,, then start the operating system,, remind the user, and limited function is provided in ensuing use if undesired if normal;
F. the operating system check system starts the back process of operation automatically, searches software certificate, if normal, then allows to carry out, if undesired, reminds the user not allow the execution of this process;
2). connection of mobile terminal into network;
3). mobile terminal downloads software;
4). the portable terminal install software;
5). running of mobile terminal software.
2. a kind of mobile network's safety protecting method based on security service as claimed in claim 1 is characterized in that described step 2) the connection of mobile terminal into network flow process is:
A. after portable terminal starts, generate an integrity report and supply access authentication to call;
B. MT proposes the access request to SSP;
C. SSP is according to integrity report verification terminal integrality, and as imperfect, refusal inserts and send anti-
The terminal of feeding, as complete, the request of then will inserting is transmitted to authentication, authorization and accounting server AAA;
D. aaa authentication MT generates session key, and key packet is dressed up message sends to SSP;
E. SSP sends the message that comprises key and authentication information and gives MT, mobile terminal authentication AAA, and
Check session key, use when supplying next session.
3. a kind of mobile network's safety protecting method based on security service as claimed in claim 1 is characterized in that described step 3) mobile terminal downloads software flow is:
A. MT proposes the downloaded software request to SSP;
B. SSP judges whether MT has the download authority, if do not have, then sends the refusal download message and gives MT;
If c. the download authority is arranged, SSP transmits the corresponding SWP that downloads request to of MT;
D. with own private key signature, and the software that will have a SWP signature sends SSP to SWP with downloaded software, and has the software certificate corresponding with software;
E. the SWP of SSP inspection software signature, the verification software data, and with oneself private key software is signed, the software that will have the SSP signature sends MT to, the integrity report at this terminal of while SSP renewal;
F. SSP produces charge information to AAA.
4. a kind of mobile network's safety protecting method based on security service as claimed in claim 1 is characterized in that described step 4) portable terminal install software flow process is:
A. MT moves installation procedure;
B. the SSP of MT inspection installation procedure signs, as it is illegal to sign, and does not give installation license, as it is legal to sign, and then allows to install;
C. the software certificate that MT is corresponding with software stores among the MTM.
5. a kind of mobile network's safety protecting method based on security service as claimed in claim 1 is characterized in that described step 5) running of mobile terminal software flow is:
A. executive utility, system kernel loader code;
B. the hashed value of computing application program binary code writes the descriptor of process with it;
C. program process calling system resource if desired, first invoke system call visits again resource;
D. the credible verification service of kernel calls MTM;
Whether the software certificate of MTM corresponding stored e. determines it by the authority of access resources, and will tie
Fruit returns to operating system;
F. operating system is according to Control Software process access resources as a result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101732329A CN101888623B (en) | 2010-05-14 | 2010-05-14 | Safety service-based mobile network safety protection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101732329A CN101888623B (en) | 2010-05-14 | 2010-05-14 | Safety service-based mobile network safety protection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101888623A CN101888623A (en) | 2010-11-17 |
| CN101888623B true CN101888623B (en) | 2012-08-22 |
Family
ID=43074295
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010101732329A Expired - Fee Related CN101888623B (en) | 2010-05-14 | 2010-05-14 | Safety service-based mobile network safety protection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101888623B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU2495487C1 (en) * | 2012-08-10 | 2013-10-10 | Закрытое акционерное общество "Лаборатория Касперского" | System and method of determining trust when updating licensed software |
| CN103023922B (en) * | 2012-12-05 | 2014-07-02 | 清华大学 | Control flow model behavior based dynamic remote attestation method |
| CN107360165B (en) * | 2017-07-13 | 2021-02-12 | 北京元心科技有限公司 | Terminal device, cloud server and method and device for managing and controlling operating system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1841998A (en) * | 2005-03-30 | 2006-10-04 | 中兴通讯股份有限公司 | Method for terminal user safety access soft handoff network |
| CN101355368A (en) * | 2007-07-26 | 2009-01-28 | 英华达(上海)电子有限公司 | Mobile equipment and use method thereof |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| BRPI0412724A (en) * | 2003-07-29 | 2006-09-26 | Thomson Licensing | controlling access to a network using redirection |
| US7950045B2 (en) * | 2006-12-13 | 2011-05-24 | Cellco Partnership | Techniques for managing security in next generation communication networks |
-
2010
- 2010-05-14 CN CN2010101732329A patent/CN101888623B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1841998A (en) * | 2005-03-30 | 2006-10-04 | 中兴通讯股份有限公司 | Method for terminal user safety access soft handoff network |
| CN101355368A (en) * | 2007-07-26 | 2009-01-28 | 英华达(上海)电子有限公司 | Mobile equipment and use method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101888623A (en) | 2010-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10790965B1 (en) | Tiered distributed ledger technology (DLT) in a network function virtualization (NFV) core network | |
| EP3121752B1 (en) | Mobile payment device and method | |
| US8856544B2 (en) | System and method for providing secure virtual machines | |
| US8171295B2 (en) | Information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable process | |
| CN102804194B (en) | For providing method and the device of application security | |
| US8627086B2 (en) | Secure loading and storing of data in a data processing device | |
| CN101300583B (en) | Simple scalable and configurable secure boot for trusted mobile phones | |
| CN112583802B (en) | Data sharing platform system and equipment based on block chain and data sharing method | |
| US20050137889A1 (en) | Remotely binding data to a user device | |
| CN104298916A (en) | Application management method, application management system and user device | |
| US20110238402A1 (en) | System and methods for remote maintenance in an electronic network with multiple clients | |
| US20090138699A1 (en) | Software module management device and program | |
| CN106471768A (en) | Method and apparatus for setting up secure communication channel | |
| CN101005699A (en) | Method and system for managing terminal open platform power information | |
| CN105656860A (en) | Safety management and control method, apparatus and system for Android system | |
| CN109634619A (en) | Credible performing environment implementation method and device, terminal device, readable storage medium storing program for executing | |
| CN102165457A (en) | Ticket authorized secure installation and boot | |
| EP1645931A1 (en) | Secure loading and storing of data in a data processing device | |
| CN104408371A (en) | Implementation method of high security application system based on trusted execution environment | |
| US10687216B2 (en) | Antitheft method for mobile terminal and apparatus | |
| CN114448648B (en) | Sensitive credential management method and system based on RPA | |
| CN101888623B (en) | Safety service-based mobile network safety protection method | |
| CN107332817A (en) | Support the mobile device and corresponding method of multiple access control clients | |
| RU2408071C2 (en) | Protected data loading and storage in data processing device | |
| CN110493008B (en) | Block chain authentication method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120822 Termination date: 20160514 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |